Time Warner Arris TG862G Setup


As an InfoSec professional I have been interested in the free wifi hotspot debacle Comcast is involved in. So I’ve called Time Warner multiple times to get  an answer to the TWC WiFi Hotspot question. I’ve gotten wildly varying answers each time. I figured the only way to know for sure is to get one.

Fringe benefit # 1: I get the Digital Phone service for no extra cost.
Fringe benefit # 2: My bill monthly actually went down substantially.
Fringe benefit # 3: This device has 2 Ethernet ports & my service plan comes with 2 Class C IPs
Fringe benefit # 4: My current cable modem is DOCSIS 2.0, the new one is DOCSIS 3.0
("DOCSIS” is an acronym that stands for “Data Over Cable Service Interface Specification”. For differences in 2.0 & 3.0 see here)

I’ve verified that this device does not have the TWC WiFi Hotspots feature. No TWCWiFi, or TWCWiFi-Passpoint SSIDs are available. Right now it seems it really is restricted to Business-Class customers and standalone installs. If you are a TWC customer and want to connect to the free TWC WiFi you can search the coverage map to find locations close to you.
**This does not mean COMCAST customers don't have to worry. You do, see the link above.

What next?
Well, Time Warner promised my new cable modem would ship configured the way I asked. I told them I would be taking advantage of the 2 Class C IP addresses, and I would not be using their wireless router feature. Of course it came un-provisioned, requiring me to spend more unproductive time on the phone. I finally reached a level three technician only to find that I could have configured it myself.

1. Plug a PC with Ethernet directly into one of the LAN ports (see diagram below). 
2. Access the modem interface by typing into the browser, press return and the modem interface with the user name and password entry input will appear on the screen.
3. The default user name is “Admin” and the default password is “password” in lower case. Enter “password” and the basic set up page appears.
4. Click the LAN setup tab, then LAN settings. Disable the DHCP Server (needed so your router can have a Class C IP address)
5. Click NAT Mode pull-down and select “Bridged”.
6. Click the Enable UPnP checkbox to disable UPnP. (for the dangers of Universal Plug-n-Play see here)
6. Click the Firewall tab and unselect “enabled”. Security will be provided by your own router.
7. Click the Wireless Setup tab uncheck enable wireless. If you choose to keep the cable modem’s provided wireless you should do the following:
       I. Turn off WPS (WiFi Protected Setup (Why? It's vulnerable: Link)
       II.Change the SSID and set a strong WPA2 password. (Instructions)
       III. Change the admin password.
9. Connect your router, or two; you have extra Ethernet ports after all!
(make sure to select an IP range other than the one listed above (like 192.168.x, 10.10.0.x)

Why did I connect 2 routers? Well, I have VLANs for keeping some things separate, but I want  my guest wired and wireless networks to be actual separate physical networks. Call me paranoid!