Inadvertently Blocked Access to Cable Modem Web Interface
Table of Contents
A few months ago, I switched to using my own cable modem instead of using the ISP provided modem/router, and I wanted to access the web interface for the cable modem status. Another reason was to change the default password if it had one since default passwords are not secure.
The default web address for cable modems is typically http://192.168.100.1. Perhaps that is used as a common default IP address to avoid potential IP address conflicts with standard consumer grade routers which often default to 192.168.0.1 or 192.168.1.1.
I have several VLANs in my network including a dedicated VLAN for my home security system. The security system VLAN was set to use the IP address range of 192.168.100.0-192.168.100.255. Since the interface for the VLAN is 192.168.100.1, it conflicted with my modem’s IP address so I was unable to access the modem interface.
To fix the issue, I changed the VLAN to use a different IP address range. Then I created a firewall rule to allow only my PC to access my cable modem’s web interface since access to it is blocked from all my VLANs due to how I have my firewall rules configured. The cable modem does not exist in any VLAN including the management/default VLAN. It is just sort of out there on its own, which is fine since it rarely needs to be accessed. The access to the web interface is limited to just one device and the HTTP port 80. I was able to login with the default password and change it to something else.
So lesson learned… do not create a network in the same IP range as the cable modem unless you somehow want to try to include it into one of your VLANs/subnets (you may need to change the interface IP since cable modems usually do not allow their IP address to be changed). To be honest, when I originally established my VLAN configuration, I was not thinking about accessing the modem web interface especially since at the time I did not have a customer owned modem. I had Comcast’s modem/router set up in bridge mode so that it only acts like a modem because I had my own router/wireless APs I wanted to use.
I thought I would share this little tip of what not to do in case anyone has encountered a similar issue.