A few weeks back I posted some vague instructions about the issues I encountered with the Shaw provided DPC3825 Modem/Router. Since then, a few people have commented in various forums that linked to my article that they didn’t quite understand how to follow my instructions, all experiencing either similar issues or wanting to use their own router.
If you’re not aware, there are some issues with the router-functionality in the DPC3825 and the firmware that ships when Shaw has deployed these Modem/Routers up till this point. Basically, the Stateful Packet Inspection firewall (the software built into the router hardware that protects your computer(s) from certain attacks directly against the router from the internet also blocks certain media websites (such as the cue to me that something was wrong, videos on http://tv.adobe.com wouldn’t load).
On top of that, any traffic involving a media sharing format (i.e. Bonjour, DLNA, Windows Media) do not work. So those trying to share media via iTunes, Windows Media Sharing to Xbox 360 or DLNA to PS3 or DLNA-compatible TVs or devices will end up stonewalled with no way to access their media servers over the network.
So, I thought I’d follow up with some more information I saw in those threads from helpful Shaw employees and clear up my instructions.
If you’re about to upgrade or start your service with Shaw and want to sign up for one of their new Broadband plans, when contacting Shaw to place your order ensure that you let them know that you would like the Modem configured in “bridge-mode”. Alternatively, if you call in to Shaw technical support, they can push the firmware update within 30 minutes.
If you would prefer the Do-it-Yourself solution using both the Cisco DPC3825 and your third party router after already having received your unit, here are the details (note: do this from a hard-wired ethernet cable connection directly to the Cisco DPC3825 gateway and ensure that your previous router is not connected yet):
Step 1: Login to the Cisco DPC3825 router interface. In my situation, it uses “cusadmin” as the user name. Click “Save Settings” and when prompted to restart, click “Restart Later”.
Logon Screen of the DPC3825
Step 2: The first screen that you are taken to is the “Setup” page’s”Quick Setup” tab. From here, you can disable the wireless on the router under “WLAN”. You should do this to prevent any possible confusion or difficulties later in the process. Click “Save Settings” and when prompted to restart, click “Restart Later”.
Quick Setup screen from the DPC3825 Gateway
Step 3: Click on “Lan Setup” and set the last two boxes of “Starting IP Address” to 10 and 10. What this step does is set the IP address for the DPC3825 and devices on the network managed by it. This makes things easier when setting up an additional router behind the Cisco box as well. Click “Save Settings” and when prompted to restart, Click the appropriate button presented (Sorry, I should have got a screen shot of this part!). If you are NOT presented with a reboot/restart option you can either unplug the power from the DPC3825 or tap the Reset button on it.
LAN Setup Screen
Step 4: Click on “Security” from the top menu. Disable “SPI Firewall Protection” by selecting the “disable” button and un-check all of the options. Click “Save Settings” and when prompted to restart, click “Restart Later”.
DPC Firewall Screen
Step 5: Click on “Applications & Gaming” from the top menu then click on the “DMZ” tab. Click on “Enable” by “DMZ Hosting” and set the DMZ Host IP Address to 192.168.10.15 which will be the address you will need to set your other router’s Wide Area Network (WAN)/Internet port to (for instructions on this, please see the manual for your router). Click “Save Settings” and when prompted to restart, click “Restart”.
Screenshot of the DPC3825 DMZ screen
Step 6: You may lose your connection at this point, just wait for the DPC3825 to reboot and your connection should come back. From here, you will need to log back into the DPC3825′s router interface and click on the “Status” link at the top of the interface. Once there, write down the DNS addresses listed as you will need them when configuring your own router in Step 7.
Step 7: You need to consult the manual for your router to configure it for a Static DHCP address (which you need to set to set to the previously mentioned 192.168.10.15 which we set the DMZ to in Step 5. For the DNS entries (DNS 1, DNS 2) you will need to enter those ones that you wrote down from the DPC3825.
See your own router’s manual for screenshots or examples.
Please feel free to share any questions in the comments!
I recently had a new Shaw DPC3825 installed and now have lost my Itunes/AppleTV home share. I am following your procedure but problem in step 5: entering the DMZ Host IP Address indicated, 192.168.10.15 and clicking on “Save Setting” caused error box to pop up “Invalid IP Address”. Checked the numbers typed in ok still no joy. Any suggests? Also at what point in the procedure do you connect and power up the other router?
Hi Biglar, thanks for commenting!
The reason you will receive such an error is because you need to reboot your DPC3825 before attempting to set the DMZ step (sorry, I am editing the post to reflect that step, I forgot that you needed to reboot it for the change in IP range setting to stick.)
Once you reboot, then you can then set the DMZ to the 192.168.10.15 IP address.
Please try that and let me know how it works for you!
if i do this..will it drop my internet speed?
As long as your Router has a 100 megabit internet/wan port, you should not have a speed decrease (also assuming the Router you’re using isn’t severely crippled by the manufacturer).
Research into the internal hardware and capabilities of your true Router is important when using broadband plans Shaw. Are you experiencing any issues?
Thank you for fast reply. I will admit not too computer knowledgeable and I was once told by a wise old man ‘the only stupid question is the one not asked’. As a photographer I used AppleTV/iTunes to display for clients processed photographs on my 60″ LED TV (better then crowding around a computer screen) but Shaw DPC3825 gateway ended that. So have dug my WRT54G out again as I know AppleTV/iTunes home share worked. So my first question: how does one reboot the DPC3825? And at what point do I finally connect the two together? Thank you again.
Hi Biglar,
When I was configuring it, it would prompt me to reboot… Going through the manual at http://www.cisco.com/web/consumer/support/userguides2/4021196_B.pdf doesn’t seem to indicate the familiar and normally standard “Restart” or “Reboot” button inside the web interface. So the solution, in this case after selecting to restart later, is to simply unplug the power from the DPC3825. That should powercycle (Reboot/Restart) the router built-in and then you should be in business to set the DMZ. You can actually connect the secondary router (your WRT54G) to the DPC3825 at any time as long as you keep the computer you’re using to set up the DPC3825 directly connected to it. Once you’ve got the DMZ set up then you can go ahead and plug directly into your WRT54G.
Just a heads up though, the WRT54G may limit your speed. Some of the testing I’ve seen shows that it maxes out at around 20-30 Mbit/sec while if you’re using Broadband 50 or Broadband 100, you won’t receive the full connection speed.
Since you do use your AppleTV and iTunes, I would recommend looking into an Apple AirPort Express, Apple AirPort, D-Link DIR-655 or D-Link DIR-825. If you’re not using Broadband 100, the Gigabit WAN (Internet) port on the D-Link units is overkill and you could go with a lower cost D-Link DIR model.
Sorry mate, perhaps on the latest installs, Shaw has gotten wise. I have followed your latest instructions to a ‘T’ but still will not allow me to change Step 3 and Step 5, no joy. Looking at three options now, unless any more suggestion:
1) Have Shaw to upload to bridge mode;
2) shelving Shaw unit and re-connecting my WRT54G;
3) Going to http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&docid=785463d9ecaf4cac84aed245b08d615f_3733.xml&pid=96&slnid=4
Hi Biglar,
Okay, try repeating changing the DHCP range and hit save settings. What happens at that point?
In any case though, try calling Shaw to see if they will kindly switch you to bridge mode. It will likely save you any further hassle. If you want to switch back to your old modem and WRT54G, you will have to call them anyways to change your broadband plan.
Well tryed your suggestion and my only conclusion is you and everyone else must have a total different Cisco DPC3825, which by the way is made by Atlantic Scientific. No matter what I enter in Step 3 and step 5 will not be accepted, error box indicating invalid. Shaw will be more than happy to ‘bridge-mode’ but will not help me setup my WRT54G afterward. So this weekend the WRT54G and the AppleTV I guess will be packed away into a storage box and into the crawl space.
Thank you for trying.
P.S. sure wish that 15 year old kid was still living up the street.
Troy, since my last comment, I have sent a letter to Shaw CEO regarding the DPC3825 broadband wifi/modem now installed by Shaw. Guess what, he had a senior csm contacted me to discuss the problem. After we chatted, she had Shaw’s senior wifi expect contact me.
Firstly the bridging issue, Shaw did not send anything ‘up’ to bridge the DPC3825; just went to the setup page of the DPC3825 and disabled the wifi. He then had me start my Linksys WRT54G to check IP address. That was the only item to check to make sure both did not have same IP address, which they did not, thus now my WRT54G is up and operating and my entire wifi network is working and secure. No other setting on the DPC3825 had to be touched.
Secondly we attemptted to get my AppleTV, itunes, homeshare working using only the Shaw DPC3825. I turned my computer over to Shaw who for about 3 hours changed setting in the DPC3825, McAfee firewall settings, etc., but to no joy would DPC3825 and AppleTV homesharing talk to each other. He wanted to do some research.
He called back the other day to say if one was to purchase the DPC3825 off the shelf (not via Shaw) there is a disable/enable function for homesharing in the firmware, but the Shaw firmware version does not. He has sent the issue to Shaw engineers as to why and promise would get back to me.
My thoughts? I asked both the tech and csm if it was due to Shaw do not want customers to access itunes movies, netflicks (however my Netflicks still works), etc and use only Shaws, VOD, PPV. They both would not answer the question.
Interested to hear your thoughts, cheers.
Hi Biglar,
I’m very pleased to hear that they went above and beyond to assist you (by that I mean invest time to actually try and help you, I’m used to hearing people get foisted off by a lot of companies).
The “bridge” mode (and software switch to enable it) was mentioned on another forum (which I thought I had seen a Shaw support rep on…) which is where I got that from (it also seems like a solid concept from a technical perspective since it can be necessary to remove a router from a situation to troubleshoot some issues). I’m glad they were able to help you to get your WRT54G working.
It’s interesting though that the router would include a software toggle for media sharing that they selectively removed. At first glance, I’d say that’s anti-trust worthy since it could be assumed to have been removed to prevent sharing. I’m not sure really if it was actually put in maliciously since an over-zealous technician who was customizing the firmware may have removed that among other features to keep things more simple but didn’t realize that it would knock out all media sharing technologies when disabled from view (this can happen in firmware updates, they hide something and it’s default setting breaks functionality). I would have expected more out of them from a Quality Assurance perspective to say the least.
In the end though, I’d wait a little longer to hear back from the tech. If they have to push a firmware update or offer a firmware update to that unit I can see it being a rather massive headache for support personnel. I’d really like to see how they handle that!
Thank you for posting back with your experiences!
Has anyone tried this with an Apple Time Capsule as the router behind the DPC3825? When I followed these instructions and restarted my Time Capsule with the static IP, it came up complaining about “double NAT”. Do I need to disable DHCP on the DPC3825 to address this?
I tried putting the Time Capsule in bridge mode and that seems to work in that all devices connected to it can see each other via Bonjour (i.e. their traffic does not go through the DPC3825). However, I’m worried that this disables the firewall in the Time Capsule, and we have disabled the firewall in the DPC3825 in these instructions.
Also, another thing I have seen with the DPC3825 I do not like: it is timing out TCP connections after 26 minutes and taking them out of its NAT table! This is a big issue for me as I am a dev doing some work which requires persistent TCP connections. Usually only corporate firewalls aggressively timeout connections this way.
Doug
Hi Doug,
You should disable DHCP on the DPC3825. Did you place your time capsule’s IP in the DMZ of the DPC3825? It may report Double NAT, but everything should still work.
Please let me know if you have any other questions!
I did put the TC address in the DMZ. Turns out my mistake was thinking the Double NAT “warning” was a show stopper. You are right: it can be ignored and all is working fine now. Thank you!
Couple of interesting points: 1- Bonjour is also needed to find the Time Capsule for Time Machine backups. Introducing the DPC3825 broke all my backups until I followed the advice in this blog.
2- The 26 minute timeout of TCP connections is still there. This won’t affect any other users but us developers who need to maintain persistent-inactive connections. Not sure how I’m going to address this one.
Doug
Has anyone tried to open ports suggested by Apple?
Specifically,
UDP port 5353
TCP port 3689
TCP port 123
TCP port 80 & 443
I got my Cisco 3825 switched over to bridge mode &hooked up an old Linksys WRT110
I still had no luck on the Apple TV library sharing issue until I went into the Linksys Cisco setup ,
Specifically in the Qos section and manually added these ports and Voila!!! It works.
Could you configure the Cisco 3825 like this as well?
Hi Awesley1 and welcome!
QoS shouldn’t completely block media sharing. If anything, by default it should actually receive priority over other traffic since media sharing is time sensitive.
Opening ports shouldn’t come into play though since that is traffic between the router and the Internet, not between Apple devices and software on your network if it was working before switching to the DPC3825.
What we are seeing is full on blocking. Even the Shaw engineer that was consulted by a previous poster said that a setting that would cause this was missing which could have forced that setting on by default.
I’ll check though and see if I can modify QoS on it.
The Apple support guy told me that your computer or device has to communicate with Itunes over the Internet so it does have to go outside of our network.
Link from Apple to the ports issue is here
http://support.apple.com/kb/HT2463?viewlocale=en_US
Hi Awesley1,
He was confusing things. That is general firewall port information. All devices can still access the Internet, but the type(s) of data only used within your home network is blocked (the DPC3825 is intercepting data of a particular set of types and not sending it out to the rest of the computers/devices in your home) it can do this because it is at the central point where all data flows through.
When you install iTunes, it sets the firewall ports it needs in Windows and as you can see opening iTunes still works just fine. It is data being blocked by the router rather than a firewall you can adjust to let it through.
Ok I just received the DPC3825 Dec 30th 2011
Wifi Sucked for whole house coverage.
Took my old Dlink 615 Put it upstairs
Changed address to 192.168.0.2
Plugged in C5 cable from DPC3825 to Lan 1 Port
Plugged in my Xbox 360 to port 2
Turned off wifi on DPC3825
All access no problems.
Found Wifi Not 100% so turned on DPC downstairs
All works. 2 Wifi in house
Twonky media server works from my WD Live drive.
Full access to both routers via computer.
Hi Brad,
Thanks for posting! Is the WD box on wifi connected to the DPC or the D-Link router?
WD is connected to the DPC box.
But what I can see it should work on both.
Brad
DCP and USb Port.
What does the usb port do.
When I plug in my printer I get a orange light not green.
Printer lights up but no apparent way to access it through the network?
I have a Canon 4350D that I want to network between me and my wife.
She usually uses her computer when I am out and I use mine before she gets up. Or is there another option. I have a couple of spare lan ports on my switch it that helps.
Thank you
Brad
Emailed Shaw to see if I can have my modem switched to bridge mode. They agreed and just did the update! Everything working great so far. Looks like Shaw does have access to the firmware for bridge mode and will apply it upon request.
Doug
Hi Bradmarsh,
The USB port is to be used as an alternative connection method instead of an Ethernet connection or WiFi connection. It cannot be used to share a printer. The supporting documentation says that it is only for that purpose. You should consider a router with a USB port (D-Link DIR-655 is an example) which you can disable some of the features on to let you just use the printer sharing. Another alternative is a dedicated printer server device.
I hope that helps!
Thanks Doug for posting! That’s great to hear and have confirmed.
Great thank you for clearing that up.
Shaw told me on the phone it was for sharing a printer.
Wow.
As someone who has worked with some Shaw front-line reps, they aren’t always trained as good as they need to be or provided proper documentation. It “looks” (physically) like it could be used for sharing a printer, but no where in the documentation does it say it can, nor does the firmware provide any options for it (D-Link’s implementation which I’m familiar with requires software installed on the computer), so there isn’t much chance that it can be currently used for a USB drive or printer.