Problems with Cisco DPQ3212 Cable Modem and NAT
Todd Cole
toddc at azloco.com
Sat Feb 28 22:04:55 MST 2015
More useless cable modem info as noted from several recent projects
There are several models of this cable modem, this one has VOIP. VOIP needs
a IP address so you cannot by default turn off NAT or do a Transparent
Bridge because the VOIP would need to be set up externally, not inside the
modem. VOIP models usually have a battery to run the phone/modem during
power outages/emergency, but if you edit the config and pull the power to
reboot as I did, it kept running on battery and never changed till I
removed the battery---live & learn. You can do some port forwarding but I
have not tried it. If you need/whine they will provide a two piece VOIP and
standard non VOIP modem but I have not seen what they are using for that
yet, but that is what was done to get a public IP address for a camera
system.
Non-VOIP models can usually be bridged and port forwarded simular to
Century Link DSL modems.
For business accounts they generally run two cables, one for phone only,
and one for internet but with a multiple static IP addresses modem.
On Sat, Feb 28, 2015 at 8:28 PM, Michael Butash <michael at butash.net> wrote:
> Those boxes only give you access to view, not write the config - it's
> part of the docsis standard to disallow client-side mucking with the cable
> interface or addressing, and probably subsequently the internal addressing
> as well via nat unless the gui lets you somehow.
>
> It shouldn't nat you to the 10.x interfaces, those are just for the modem
> to register on, and also the 172.x as Todd said for the modem or some such.
>
> I think with those you can make them a dumb bridge, setting them to become
> nothing more than a modem, which case just use your own router behind it,
> like a nice dd-wrt|tomato run unit. You're much better off this way than
> using it, I've never anything but bad about the integrated modem/routers.
>
> -mb
>
>
>
> On 02/28/2015 07:37 PM, David Demland wrote:
>
> Todd,
>
>
>
> Thank you for the information, the Level 2 support guy never mention that
> I could do that. I will check on it.
>
>
>
> David
>
>
>
> *From:* plug-discuss-bounces at lists.phxlinux.org [
> mailto:plug-discuss-bounces at lists.phxlinux.org
> <plug-discuss-bounces at lists.phxlinux.org>] *On Behalf Of *Todd Cole
> *Sent:* Saturday, February 28, 2015 6:21 PM
> *To:* Main PLUG discussion list
> *Subject:* Re: Problems with Cisco DPQ3212 Cable Modem and NAT
>
>
>
> I tried to do that a while ago and failed due to it had a voip that needed
> NAT internal for the phone part I also learned that it would not reboot to
> apply new settings till the battery was removed for a while. I called Cox
> and they swapped it for a separate phone and separate modem. no problem:)
>
>
>
> On Sat, Feb 28, 2015 at 5:33 PM, David Demland <demland at cox.net> wrote:
>
> Does anyone know much about a Cisco DPQ3212 Cable Modem? Cox put it in a
> few months ago and I did not think much about it since every was working on
> my network. However recently I had to log onto a VPN for a customer and I
> could not. I started doing some checking and here is what I have found:
>
>
>
> Doing a traceroute from my PC shows the following:
>
> 1 <1 ms <1 ms <1 ms 881WRouter.42.168.192.in-addr.arpa
> [192.168.42.254]
>
> 2 8 ms 8 ms 7 ms 10.32.4.1
>
> 3 7 ms 7 ms 7 ms 172.21.1.224
>
> 4 18 ms 19 ms 29 ms 70.169.74.52
>
> 5 21 ms 21 ms 22 ms langbprj02-ae14.0.rd.la.cox.net
> [68.1.0.151]
>
> 6 20 ms 21 ms 21 ms 72.14.215.221
>
> 7 20 ms 21 ms 21 ms 209.85.248.185
>
> 8 111 ms 32 ms 22 ms 209.85.142.91
>
> 9 21 ms 21 ms 21 ms lax02s21-in-f4.1e100.net [216.58.216.4]
>
>
>
> Trace complete.
>
>
>
> Doing a traceroute from the router show:
>
>
>
> DemlandRouter#traceroute 216.58.216.4
>
> Type escape sequence to abort.
>
> Tracing the route to 216.58.216.4
>
> VRF info: (vrf in name/id, vrf out name/id)
>
> 1 10.32.4.1 12 msec 8 msec 8 msec
>
> 2 172.21.1.224 8 msec 8 msec 8 msec
>
> 3 70.169.74.52 32 msec 24 msec 32 msec
>
> 4 68.1.1.19 20 msec
>
> 68.1.5.139 20 msec 20 msec
>
> 5 72.14.215.221 24 msec 24 msec 20 msec
>
> 6 209.85.248.185 24 msec 24 msec 24 msec
>
> 7 209.85.142.91 24 msec 20 msec 24 msec
>
> 8 216.58.216.4 24 msec 20 msec 24 msec
>
>
>
> The router’s routing table looks like:
>
>
>
> DemlandRouter#show route
>
> route-map COX_NAT, permit, sequence 10
>
> Match clauses:
>
> ip address (access-lists): 110
>
> interface FastEthernet4
>
> Set clauses:
>
> Policy routing matches: 0 packets, 0 bytes
>
> DemlandRouter#show ip route
>
> Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
>
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>
> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>
> E1 - OSPF external type 1, E2 - OSPF external type 2
>
> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> level-2
>
> ia - IS-IS inter area, * - candidate default, U - per-user static
> route
>
> o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
>
> + - replicated route, % - next hop override
>
>
>
> Gateway of last resort is 98.165.177.1 to network 0.0.0.0
>
>
>
> S* 0.0.0.0/0 [1/0] via 98.165.177.1
>
> 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
>
> C 10.0.42.0/24 is directly connected, Vlan20
>
> L 10.0.42.254/32 is directly connected, Vlan20
>
> C 10.42.0.0/24 is directly connected, Vlan1
>
> L 10.42.0.1/32 is directly connected, Vlan1
>
> 98.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
>
> C 98.165.177.0/24 is directly connected, FastEthernet4
>
> L 98.165.177.11/32 is directly connected, FastEthernet4
>
> 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
>
> C 172.16.42.0/24 is directly connected, Vlan30
>
> L 172.16.42.254/32 is directly connected, Vlan30
>
> 172.19.0.0/32 is subnetted, 1 subnets
>
> S 172.19.73.61 [254/0] via 98.165.177.1, FastEthernet4
>
> 192.168.42.0/24 is variably subnetted, 2 subnets, 2 masks
>
> C 192.168.42.0/24 is directly connected, Vlan10
>
> L 192.168.42.254/32 is directly connected, Vlan10
>
>
>
> The modem’s IP is 192.168.100.1, seems rather standard, and I can http to
> the modem but all I get a status screen when I login. There is no username
> and password to get to the status screen; but the I cannot find an
> administrator login for the modem.
>
>
>
> Looking at all the output it seems clear that the modem is doing a NAT,
> of private IP space 10.32.4.1, which would be a problem. I need to turn
> off the NAT so that everything works. That is the issue, I can find nothing
> on line about this and I have talk to Cox level two support and they have
> no idea.
>
>
>
> The think that confuses me most is that I am getting a valid public IP on
> my Router (I can even VPN in into my home network), but the traceroute
> never shows my packets going through the public IP. Does any know how to
> login into this modem and turn off NAT?
>
>
>
> Thank You,
>
>
>
> David
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
>
> --
>
> Todd Cole
> Ubuntu Arizona Team
> 4605 S PRIEST DR LOT 3
> TEMPE AZ 85282-6507
> toddc at azloco.com
> 602-677-9402
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
--
Todd Cole
Ubuntu Arizona Team
4605 S PRIEST DR LOT 3
TEMPE AZ 85282-6507
toddc at azloco.com
602-677-9402
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20150228/1b4e7970/attachment.html>
More information about the PLUG-discuss
mailing list