Which is the best way to install this harware?

M

mcf57

New Member
Reaction score
0
I am helping set up an office. They have a full network closet for the whole office. In there, we have a Comcast modem, NETGEAR wireless router and a 16 port LAN switch. Here is the equipment we currently have:

  • About 5 (and maybe more in the future) VoIP business phones
  • 2 desktop PC
  • 3 wireless (or possibly wired) laptops (that are also on docking stations with LAN ports)
  • 1 Brother network printer/copier/scanner


I am running into some issues and won’t go into a lengthy explanation. Mainly the various PCs being able to FULLY use the Brother printer/scanner over the network. Each office then also has TWO network jacks that go back to the network closet. Basically, which of these 3 setups is probably the best way to get ALL of this networked together properly:

  1. Comcast business Modem (w/ 4 LAN ports)---> NETGEAR wireless router (w/ 4 LAN ports)---> 16 port switch ---> LAN ports to each office room (where there are then laptops on docking stations and VoIP phones)
  2. Comcast modem ---> 16 port switch ---> NETGEAR wireless router.
  3. Config 3 involves two pieces connected directly to Comcast gateway (w/ 4 LAN ports)
    - Comcast modem ---> 16 port switch ---> office LAN ports.
    - Comcast modem ---> NETGEAR wireless router

Any thoughts/suggestions?
 
Last edited:
I'm curious what kind of switch you have?

Personally, if I had to pick from your setup, I would go with Modem---Switch-----Lan, and turn the Router to a Access Point.

If it were up to me, I would add an Untangle at the Edge, so Modem ---- Untangle -----Switch, and add a WAP for business use and the router as an AP for the guest network.

I'm curious about the other suggestions.
 
Comcast business modem is a gateway/router. My configuration would be as follows.

Comcast - Switch - Netgear Router in AP Mode

The rest of your devices off the switch. Netgear must be in AP mode. Do not use the UPLINK port to connect to the switch. DHCP must be off on the Netgear router.

In all honesty. When a client has Comcast internet, I always try talk them in to buying their own cable modem.
 
BrentfromZulu said:
I'm curious what kind of switch you have?
Click to expand...

The switch is a Buffalo BS-G2116U business switch.


Here is some of the back story though & the reason for this post. I actually originally had it as config #1. We had an issue with the Comcast modem and it needed to be replaced. I wasn't at the site when they replaced it, but talked to the tech on the phone. Since the Comcast modem can hand out IP addresses as well, he suggested option #3 and then just using the NETGEAR for wireless only. This way there would be one less piece of hardware for failure in the mix for the wired devices. I just agreed and told him to do it. After he left, we started having problems with this way with the network printer.

In config #3, I forgot that the laptops were connected to the Netgear router (via wireless). The network printer was connected to the 16 port switch so I am assuming this is why they couldn't see each other. Basically on different IP ranges/subnets. I switched it to #2 thinking that Anything connected to the wireless router would also see the network printer on the 16 port switch, but maybe it doesn't work that way & its backward. Should be back to #1.

I wasn't able to do this at the time as people were on the VoIP phones & I would have to take EVERYTHING down (even for a only a few mins). I didn't want to disturb people. Therefore, this is why I then just connected the wireless router to the 16 port switch (config #2). I then also made all the laptops hardwired through the 16 port switch as well (since their docking stations had LAN ports).

Even though all the equipment appears to be connected to the 16 port switch and all laptop/PCs can print, the scan function isn't working with one of the laptops. Uninstalled and resinstalled the software, but still no luck.

Basically, I am thinking I should just go to config #3. Then also have all the laptops back on wireless and also connect the Brother network and two desktop PCs to one of 4 available LAN ports on the NETGEAR wireless router. This way, all PC equipment is going through the NETGEAR. Then have ALL the VoIP phones simply connected to the 16 port switch.

Even though the Comcast tech seem to feel having less hardware in the line is better & basically only the Comcast modem dole out IP addresses to devices connected on the 16 port switch, this is probably not the ideal way to do it.
 
I'm not saying Comcast techs are idiots. But the majority of them a cable installers not networking wizards.

Option 3 is the correct method if you are going without an edge device (which is recommended).

You should have DHCP running on the Comcast cable modem. Turn off DHCP on the Netgear router and make sure you connect it to the Comcast router using a LAN port on the Netgear. It will then become a WAP broadcasting the IP scope that the wired devices have.

As far as the one laptop not scanning but printing. Go to the manufacturer's website to see if they have a removal tool. Some times just an uninstall does not really remove everything.
 
I think he's referring to a firewall, etc. something that would sit on the edge of your network between the modem and your network to filter things as they come in.
 
mcf57 said:
Sorry for (probably) the newbie question here, but what is an "edge device"?
Click to expand...

New fangled term for a modern router that does a lot more than just NAT, firewall and DHCP. It's called an edge device because it sits on the edge of a network. Also known as a UTM device.

http://en.wikipedia.org/wiki/Unified_threat_management

Edit: Technically the comcast modem is an edge device. But it's features and functions are extremely limited compared to other devices. So that is why many times it is configured in bridge mode sending the public IP to a real router/UTM.
 
Last edited:
Yea, I tried to put EVERYTHING hard wire and through the 16 port switch, but that doesn't seem to be working the way we want. Mainly, issues being able to scan from Network printer to one of the laptops.


This laptop in question was working fine with the printer before when it was connected wirelessly and the Brother network printer was connected to one of the LAN ports on the NETEGAR wireless router. Hence the reason I want to maybe go back to that.

Another problem with how I have it now is most rooms only have two LAN jacks except one. For some reason it was wired for only one LAN port. Therefore, I ran their laptop THROUGH the VoIP phone since it had a PC jack as well. Internet works fine, but once again, trying to scan from the network printer back to this laptop is not working right. I am suspecting because its behind the VoIP phone.

I had to do something similar in another room since it has only two LAN jacks, but there are two desktops and the VoIP phone in there. One PC had to go through the phone. Both will print fine, but can't scan from network printer.


Therefore, I think I am better off going back to & having config #3.
 
Last edited:
So right now you've got comcast's device handing out addresses through dhcp as well as the router you have doing dhcp? Sounds like what you need to do is either make your router an access point(turn off dhcp and plug it into the comcast box through one of the LAN ports, not the WAN), or try to put the comcast device into bridge mode and let the netgear router handle it all. For example, on my ATT DSL service at home, they allow me to do an IP passthrough to pass all traffic to another device, so I set dhcp on their device to only give out 1 IP address, and turned off the wireless functions. I hardwired my own router in and am basically having their modem/router pass everything into my router so that it does all the routing and hands out all the network addresses.

Wondering if the reason you are having problems is that you might be having network address collisions because the comcast part may be handing out addresses and the netgear is as well and one hand basically does not know what the other is doing?
 
mcf57 said:
Sorry for (probably) the newbie question here, but what is an "edge device"?
Click to expand...

Edge Device is a generic term for the last bit of hardware (the most outside part) on a network before you hit the public side (the internet).

Typically a "router"...or a "gateway"...(which most routers run in gateway mode). Some use the blanket term "firewall"...which itself is rather broad.

It's not limited to UTMs...a UTM is simply a higher form of firewall. Not all UTMs are edge devices either. Often networks will have a UTM sit between their router, and their switch....in a "passive" in line mode. It defintely includes basic NAT routers. If you have a basic cable modem providing internet for your home network, and you have a little Linksys wrt54g router in your house...and all your home computers behind that, your networks edge device is your Linksys router.
 
Last edited:
Anyways, to answer your question...

As noted above, the Comcast modem is really a combo modem/router. The Comcast Gateways are usually SMC units, or lately they've been using Netgears...with their own special firmware on them. They default to a LAN IP of 10.1.10.1, they run DHCP by default. The username/password defaults to cusadmin/highspeed

Log into the web admin and you have many of the features you're used to seeing on typical home grade routers.

We always put our own higher end firewalls in place for our business clients, so we configure the Comcast modem to pass the public IP to the WAN IP of our own firewalls. (actually they pass the next usable IP of the block of IPs the client gets). But I see you mention a "netgear wireless router" which I'll assume is a home grade router, so I'd say it's in your clients best interest to leave the Comcast modem doing the routing...it's pretty powerful and I'm sure many times better than the Nutgear home router.

So assuming default Comcast modem setup, you'd have
Comcast gateway ==> single uplink to the 16 port switch. And into that switch, you'll plug in everything on the network.

Typically for wireless we place access points around the office. You can do a poor mans approach and reconfigure the little Netgear wireless router to run as an access point, to do that...reconfigure the Netgears LAN IP to be in the range of the Comcast modem...pick a standard higher up IP for APs like 10.1.10.245. Apply those settings. Now log into it at the new IP...and disable DHCP on it. Since you don't want the Netgears DHCP running on the network with the Comcast modems. Now...uplink that Netgear to the switch using a LAN port of the Netgear wireless router...you will not use the WAN port of it.
 
YeOldeStonecat said:
reconfigure the Netgears LAN IP to be in the range of the Comcast modem...pick a standard higher up IP for APs like 10.1.10.245. Apply those settings.
Click to expand...

Why not limit the DHCP Scope to something like 10.1.10.2-10.1.10.200 then put it outside the scope, like at 10.1.10.201?


YeOldeStonecat said:
Since you don't want the Netgears DHCP running on the network with the Comcast modems. Now...uplink that Netgear to the switch using a LAN port of the Netgear wireless router...you will not use the WAN port of it.
Click to expand...

I'm curious on why the WAN port wouldn't be used on the Netgear Wireless Router? Might be a n00b question.
 
Last edited:
If you use the WAN port, that's the same as plugging it in as you would in a home environment to where it wants to do dhcp, etc etc. You want to disable dhcp, possibly it's firewall. But you want to plug it into the lan side to where it's acting more like a switch than a router. What you essentially want to do is disable the routing functions and make the router work as an access point so that you are extending the existing network.

In effect if you have the ISP's equipment running dhcp etc, doing routing functions basically, and you have the netgear router doing the same thing, you essentially are running 2 seperate networks. So basically on the netgear you are disabling the routing functions to make it an access point. I'm guessing once those things are done though, your printing etc will work a lot better.
 
here is what wound up working

OK, I was able to finally solve this, but wound up going with configuration #3. I would have liked to maybe use config #1 or #2. I tried to put everything on the same subnet and go through the 16 port (Buffalo) LAN switch (with and without the NETGEAR wireless router in the mix), but I was having problems. basically, some PCs were not able to see the network Brother printer/scanner while others saw it fine.

Therefore, I basically just connected the 16 port switch to the Comcast modem/gateway on one of its LAN ports. Then connected all the VoIP phones to this switch. The phones then worked great.

I then connected the NETGEAR wireless router to another LAN port on the Comcast modem/gateway. The Brother network printer, desktop PCs and wireless laptops then connected to this NETGEAR wireless router. All worked fine and ALL PCs were then able to fully see and interact with the Brother printer as needed. Scanning and printing functions could be done to ALL PCs.

Yea, I realize I now have two devices being the DHCP and handing out different IP addresses. Again, maybe not the most ideal situation since I essentially created two independent networks; Computers/printer are on a 192.168.1.X subnet while the VoIP phones are on a 10.0.10.X subnet. Since the VoiP phones don't need to talk to the PCs/printer and vice versa, I figured this will work for now & can't see any real conflicts occurring for now. Everything is working great so as they say "if it ain't broke, don't fix it"
 
Last edited:
Having the phones on a seperate set of IP's might be a better solution as long as your printers and PC's can all talk to one another, as you don't want the phones interfering.
 
BrentfromZulu said:
Why not limit the DHCP Scope to something like 10.1.10.2-10.1.10.200 then put it outside the scope, like at 10.1.10.201?




I'm curious on why the WAN port wouldn't be used on the Netgear Wireless Router? Might be a n00b question.
Click to expand...

Re: IP...if you have a large network where you'd use up the 198 leases, yes limiting the handout range would also work. His network is smaller, and I chose a higher IP for the AP, .245...it's way way up the handout range and will likely never be handed out in a small network. The DHCP pool of leases will probably never get past .50 so .245 would be quite safe. Larger networks yes it would be safe to exclude .245 from being handed out. I often choose the .24x range for APs because it's a rather standard 4th octet to use for access points and other network hardware.

The WAN port is for the "public side of NAT". Since you're reconfiguring the wireless router to run just as an access point on the local network, you do not want to use the WAN port, you will not be routing with the wireless router, it will not be a gateway. It will be running just as an access point, a wireless bridge...functions only of the LAN side.
 
You must log in or register to reply here.

Similar threads

HCHTech
New+old Unifi setup struggles
Replies
8
Views
1K
HCHTech
HCHTech
timeshifter
Need help with a network that's gone through major growth spurt recently
2
Replies
38
Views
5K
YeOldeStonecat
YeOldeStonecat
HCHTech
VLAN options - when to use what
Replies
4
Views
2K
VISA MC
V
Velvis
Ubiquiti Network Recommendations
Replies
8
Views
1K
YeOldeStonecat
YeOldeStonecat
nlinecomputers
[REQUEST] Do the make this kind of POE injector?
Replies
16
Views
1K
Mercenary Roadie
Mercenary Roadie
Back
Top