• 0

Bridge Mode on Cisco DPQ3925?


Go to solution Solved by JJ_,

Question

Yorak

So I recently moved into a new apartment, and the modem we received from Cox Communications was a Cisco DPQ3925. Unfortunately, I was not here when they set it up. It probably would not have mattered either way, but I would have at least requested a standard modem rather than a modem/router combination. I have my own router that I have configured with Tomato, tons of scripts and configured just the way I want. I thought it would be no problem to put their device in bridge mode. Yikes... I was certainly wrong. I went searching and found this post which explains that the option is there but hidden. The firmware version I have on mine must have corrected that, because it is no longer available. Sure, I can go pay for a new modem, but I would rather not. I called Cox and they said they only offer the combination boxes and of those there were only two models. I looked up the other one they mentioned and it also has no way to change the mode.

 

I would prefer not to double NAT. Could I just place the router in the combo's DMZ? Would that work fine? Thanks in advance. :)

Link to post
Share on other sites

10 answers to this question

Recommended Posts

  • 0
JJ_

The problem is your router and gateways IPs are in a different subnet. Without making drastic changes to your routers settings, getting your gateway in the same subnet as your router should do the trick and changing the routers IP so it doesn't clash with the gateway. Change to below then if your Cisco gateway doesn't cycle power on saving settings, manually cycle it's power.

 

post-121192-0-37044500-1389743148.jpg

post-121192-0-36454600-1389743185.jpg

 

Finally change the DMZ host IP in Cisco gateway to 192.168.1.2

  • Like 1
Link to post
Share on other sites
  • 0
JJ_

You could DMZ your router but you would have to disable DHCP on the Cisco gateway, increment the IP of your router and set its IP address range to avoid any clashes.

 

I can't really understand why any ISP would patch out the option for bridge mode because we all know how great combo gateways are... not! Double check your Cisco gateway though and see if there is a way to bridge. Try the below using Firefox

  1. Login to your gateway (usually at http://192.168.0.1)
  2. Click on the Wireless tab
  3. Set Wireless Network to disabled
  4. Click Save Settings at the bottom
  5. Click on the Administration tab
  6. Press Alt + V -> Page Style -> No Style (page may now look weird but continue on)
  7. Next to Working Mode select the option for Bridged Only
  8. Click on Save Settings at the bottom
  9. Once your gateway has cycled power, turn it off and wire your router to it.
  10. Win (hopefully)

 Instructions courtesy this blog

Link to post
Share on other sites
  • 0
Yorak

You could DMZ your router but you would have to disable DHCP on the Cisco gateway, increment the IP of your router and set its IP address range to avoid any clashes.

 

I can't really understand why any ISP would patch out the option for bridge mode because we all know how great combo gateways are... not! Double check your Cisco gateway though and see if there is a way to bridge. Try the below using Firefox

  1. Login to your gateway (usually at http://192.168.0.1)
  2. Click on the Wireless tab
  3. Set Wireless Network to disabled
  4. Click Save Settings at the bottom
  5. Click on the Administration tab
  6. Press Alt + V -> Page Style -> No Style (page may now look weird but continue on)
  7. Next to Working Mode select the option for Bridged Only
  8. Click on Save Settings at the bottom
  9. Once your gateway has cycled power, turn it off and wire your router to it.
  10. Win (hopefully)

 Instructions courtesy this blog

Yeah I tried those instructions too. :( The option must definitely be gone now. So ridiculous.

 

When I disable DHCP on the combo, how do I set the IP it is giving my router? It defaults to 192.168.0.13 and I have that in the DMZ, but ports are still being blocked.

Link to post
Share on other sites
  • 0
JJ_

In the Cisco gateway settings, set the LAN IP range between 192.168.0.1/2

 

On your Tomato router, go to Basic -> Network and set the LAN settings to something similar to this

 

post-121192-0-38023900-1389740559.jpg

 

Just read your ports are still blocked with DMZ :s As the Cisco is still doing the routing, try creating a port forward rule for ports 1-65535 to your routers IP 192.168.0.2

Link to post
Share on other sites
  • 0
Yorak

Thanks. :)

 

Here is what I have on the Tomato router:

 

RDyT35i.png

 

And on the Cisco POS:

 

WezMfO3.png

 

CgTYhOZ.png

 

I am probably missing something simple here, but it still is not working correctly.

Link to post
Share on other sites
  • 0
Yorak

The problem is your router and gateways IPs are in a different subnet. Without making drastic changes to your routers settings, getting your gateway in the same subnet as your router should do the trick and changing the routers IP so it doesn't clash with the gateway. Change to below then if your Cisco gateway doesn't cycle power on saving settings, manually cycle it's power.

 

Finally change the DMZ host IP in Cisco gateway to 192.168.1.2

Doh! I completely missed the fact that they are in a different subnet. Finally I can get some rest. :P Thank you very much for the help!

Link to post
Share on other sites
  • 0
JJ_

Great. Double NAT isn't ideal but because you've DMZ'd your router, it shouldn't cause problems with port forwarding. Now hassle Cox for a standalone modem :D

Link to post
Share on other sites
  • 0
The_Decryptor

That won't work, well it'll work but only because you aren't using the Tomato router as an actual router, you're using the Cisco one.

The Tomato should go between the Cisco and your network, by putting the Tomato router on the same subnet as the Cisco router it's more like a server on the network, you'll have 2 DHCP boxes, etc.

Link to post
Share on other sites
  • 0
JJ_

DHCP/wireless are turned off on the Cisco so all it is doing is passing WAN traffic to the Tomato router which will be handling everything else LAN side so I don't anticipate there will be any issues.

Link to post
Share on other sites
  • 0
+BudMan

If your going to use tomato as nat, gateway for the network behind it.. You can not have its wan same as its lan network..

As mentioned even if you dmz your tomato behind your cisco - its still a double nat, you just don't have to worry about port forwarding on the cisco since all unsolicited traffic to your public IP would just be sent to your DMZ IP.

you would want something like this.

publicIP -- cisco 192.168.0.1/24 -- 192.168.0.2/24 (static) tomato 192.168.1.1/24 --- 192.168.1.x (dhcp from tomato) PC

Does not matter if you turn off dhcp on the cisco to be honest, only reason you want tomato wan to be static is that so it doesn't change, you could also just use a dhcp reservation on cisco so it always gives tomato wan the same IP. Since you need your tomato wan IP to be the IP that you set for dmz on your cisco.

Again this is still double nat.. And you could still run into problems with things that have issues with nat, like hosting a ftp server might be a bit of PITA. You would be still limited by the cisco nat table for one, its possible there might be a small performance hit on your overall wan to lan bandwidth since you have 2 boxes having to process the packets with NAT. Its normally not best option to double nat like what seems your forced to have to do if you want to use your tomato as the control for port forwarding, etc. But it generally will work - but it can have some issues, but as long as your aware that there is a double nat you should be able to work through most of them.

Normally where you see problems is the user is actually unaware that a double or even triple nat is going on, and they can not figure out why port forwarding doesn't work when they do it on the nat router their PCs are connected too - when they didn't open/forward the ports on the nat device in front of it.

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By News Staff
      Get the Premium CompTIA & Cisco Networking Certification Prep Bundle for only $29.99
      by Steven Parker

      Today's highlighted deal comes via our Online Courses section of the Neowin Deals store, where you can save 98% off the Premium CompTIA & Cisco Networking Certification Prep Bundle. This 75-hour preparatory training on CompTIA Security, CSA, CCNA. CCNP and more helps you to become a top-notch, in-demand tech professional.



      This bundle consists of the following courses, including certification of completion:

      CompTIA Security+ (SY0-601)
      Perform Core Security Functions & Pursue an IT Security Career CompTIA CSA+ & Certified Cyber Security Analyst
      Pass One of CompTIA's Most Coveted Certification Exams Cisco CCNA 200-301: Full Course for Networking Basics
      Learn Network Basics & Cisco CCNA Topics and Pass the Exam Easily Cisco CCNP Enterprise (ENARSI + ENCOR) Training
      Learn Routing at Professional Level & Ace the CCNP Enterprise Certification Exams Cisco CCNA 200-301 Full Certification Prep Course
      Be 100% Prepared for the CCNA 200-301 Certification Exam Cisco CCNA 200-301 Configuration Mega Labs
      Take Your Configuration Skills to the Next Level & Pass the CCNA Cisco Troubleshooting Simulation Labs
      Become a Troubleshooting Expert by learning Technical Skills for Network Professionals TOTAL: Cloud Computing / CompTIA Cloud+ Cert. (CV0-002)
      Learn the Basics of Cloud Computing & Prepare for the CompTIA Cloud+ Certification Exam This Premium CompTIA & Cisco Networking Certification Prep Bundle normally costs $1,600, but you can pick it up for just $29.99 for a limited time, that represents a saving of $1,570.01 (98%) off! For a full description, specs, and instructor info, click the link below.

      Get this deal, or learn more about it
      Not for you?
      That's OK, there are other deals on offer you can check out here.

      Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Giveaways: Polycade Home Arcade | $5K in cash | $10K in Crypto | Gaming Bundle Neowin Deals · Free eBooks · Neowin Store

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • By Usama Jawad96
      MediaTek joins the 5G mmWave race against Qualcomm and Samsung
      by Usama Jawad

      Almost one year ago, Qualcomm unveiled its third-gen 5G Modem-RF System, the Snapdragon X60. One of its major features included mmWave-sub6 aggregation, which would allow a maximum throughput of 5.5Gbps. Then in May, Samsung also announced Link Cell, an integrated 5G mmWave small cell for indoor use. Today, MediaTek has announced that it is joining the 5G mmWave race as well.

      Image via Allthingsd MediaTek's M80 is a 5G modem that supports mmWave, an advancement from the first generation M70 5G modem for smartphones. Support for mmWave is important in the everchanging technology landscape because 5G is a combination of mmWave - which are high-frequency bands that are super-fast, but can be obstructed by the tiniest thing - and sub6, lower-frequency bands that can penetrate buildings, but aren't as fast. Aggregation of these two segments of 5G on a single chip should allow them to work more seamlessly together, providing optimal speeds.

      The M80 features support for both standalone and non-standalone architectures and boasts peak rates of 7.67Gbps and 3.76Gbps for downlink and uplink respectively. JC Hsu, Corporate Vice President and General Manager of MediaTek's Wireless Communications Business Unit, had the following to say about the advancement:

      MediaTek has also touted better power management and efficiency thanks to the company's proprietary technologies, saying that the modem also meets major industry standards. The M80 should be available for customers to try out later this year.

    • By News Staff
      Save 97% off the Cybersecurity & IT Career Certification Pathway Bundle
      by Steven Parker

      Today's highlighted deal comes via our Online Courses section of the Neowin Deals store, where you can save 97% off the Ultimate Cybersecurity & IT Career Certification Pathway Training Bundle. Further your it career with 169 hours of prep content on the most in-demand Cisco and CompTIA certifications — from experts David Bombal and Total Seminars.



      This deal consists of the following courses:

      Cisco CCNA 200-301 Exam: Complete Course with Practical Labs
      Ace the Newest CCNA 200-301 Exam & Be a Cisco Certified Network Associate CompTIA IT Fundamentals ITF+ FC0-U61
      Iron Out Your IT Foundation Skills on Computer & Mobile Devices, Software, Networks, Security, and Basic Troubleshooting CompTIA A+ Certification Core 1 (220-1001)
      Kickstart Your IT Career by Acing the Industry-Standard Certification for Security to Cloud, Data Management & More CompTIA A+ Certification Core 2 (220-1002)
      Expanded Skills on Configurations, Security Software Troubleshooting & Operational Procedures CompTIA Network+ Certification N10-007
      Address the Current & Changing Networking Technologies As a CompTIA Network+ Professional CompTIA Security+ Certification SY0-501
      Ace the Globally-Recognized Exam on Network Threats & Risks Identification, Management, and Mitigation CompTIA CySA+ Cybersecurity Analyst CS0-001
      7-Hour Guide on the High-Stakes Security Analyst Certification CompTIA PenTest+ (PT0-001): Ethical Hacking
      Be Proficient in Penetration Testing & Vulnerability Management and Land a Career in One of the Fastest-Growing Job Markets Good to know
      Length of access: lifetime Certification of completion included Updates included Redemption deadline: redeem your code within 30 days of purchase For full descriptions, terms, and instructor info please click here.

      Here's the deal:
      This Ultimate Cybersecurity & IT Career Certification Pathway Training Bundle normally costs $1,592 but it can be yours for just $34.99 for a limited time, that's a saving of $1,557.01 (97%) off!

      >> Get this deal, or learn more about it <<
      See all Online Courses on offer, This is a time-limited deal, ending soon!
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      If this offer doesn't interest you, why not check out the following offers:



      The Win Your Dream 2020 Tesla Model 3 Giveaway Ivacy VPN - 5 year subscription for just $0.99 per month NordVPN - 2 year subscription at up to 68% off +3 months for free! Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • By Usama Jawad96
      Microsoft declares war on Israeli surveillance company NSO Group
      by Usama Jawad

      Back in 2019, Israeli technology company NSO Group found itself embroiled in controversy when it was alleged that its Pegasus program was used to hack WhatsApp. The sophisticated attack technique allowed attackers to inject spyware into Android and iOS devices by simply calling them. The victim is not even required to attend the call in order for the attack to be successful.

      While WhatsApp plugged the vulnerability, it later took NSO Group to court for its malicious actions. The surveillance company has denied wrongdoing multiple times using the defense of immunity since it claims that Pegasus is used on behalf of governments. Following recent reports of Al Jazeera journalists being hacked using software developed by NSO Group, Microsoft and various other corporations have now joined the fight against the Israeli firm.

      Group of anonymous hackers in black costumes working with computers in office image via ShutterstockIn a sternly worded blog post, Corporate Vice President of Customer Security & Trust at Microsoft, Tom Burt has described NSO Group as the cyber mercenaries of the 21st century and stated that they should get no immunity. Together with Cisco, GitHub, Google, LinkedIn, VMWare, and the Internet Association, Microsoft has filed an amicus brief in WhatsApp's legal case against NSO Group. Simply stated, this means that the firms will be providing assistance to the court by offering technical expertise.

      Microsoft has highlighted that Pegasus infected WhatsApp on 1,400 devices last year, including those of journalists and prominent figures fighting against human rights violations. It emphasized that NSO Group's business model is very dangerous for a number of reasons. Primarily, there is no guarantee that the cyber-weapons won't fall into the wrong hands. Even if NSO Group sells Pegasus only to governments, it could be handed over to customers who lack proper defenses, resulting in highly dangerous software being stolen. Microsoft also stated that:

      Lastly, the Redmond tech giant emphasized that such tools developed by private security firms are a threat to human rights and privacy. It stated that NSO Group's clients are spread throughout the world, and they utilize cyber weapons to track journalists and other opposing groups. Microsoft indicated that even if NSO Group's own intention is not to violate human rights, its tools certainly allow its clients to do so.

      Moving forward, Microsoft has urged that private security firms such as NSO Group should be liable for any laws that are broken by using their tools, and they should not be granted immunity in any circumstances. The coalition hopes that the amicus brief will enable it to protect the rights and privacy of all its global customers.

    • By News Staff
      Black Friday lets you save an additional 70% off eLearning deals and more
      by Steven Parker

      Today's highlighted deals comes via our Online Courses section of the Neowin Deals store, where you can save an extra 70% off eLearning deals. That's not all we also have a promo code for 40% off all Apps + Software deals, and a site wide coupon for 20% off everything else.



      The Premium Learn to Code 2021 Certification Bundle
      Use code BFSAVE70 for additional 70% The All-In-One AWS, Cisco & CompTIA Super Certification Bundle 2021
      Use code BFSAVE70 for additional 70% The Premium DJing & Music Production Bootcamp Ft. Ableton + Logic Pro X
      Use code BFSAVE70 for additional 70% off The 2020 Adobe Graphic Design Certification School
      Use code BFSAVE70 for additional 70% off The Wall Street Survival & Stock Trading Guide Bundle
      Use code BFSAVE70 for additional 70% off Good to know
      Length of time users can access the courses: lifetime Redemption deadline: redeem your code within 30 days of purchase For terms, certification and instructor info, please click on the course title.

      Black Friday Coupons:
      Use code BFSAVE20 for an additional 20% off site wide with what's not covered below. Use code BFSAVE40 for an additional 40% off all Apps + Software Use code BFSAVE70 for an additional 70% off all Online Courses Apply any one of the above coupons when checking out to save!

      >> Shop now at Neowin Deals <<
      See all Online Courses on offer. This is a time limited deal.
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      That's OK, there are other deals on offer you can check out here, but be aware that these are all time-limited offers. If you are uncomfortable sharing your details with a third-party sponsor, we understand. Check out the Neowin Store for our preferred partners.



      The Win Your Dream 2020 Tesla Model 3 Giveaway Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.