MikeL's Zyxel C3000Z DSL Modem HowTo
19-Mar-2025
I'm going to go into gory detail here.

Scenario:
My CenturyLink Zyxel C3000Z dual DSL modem is in a basement area - I have to go outdoors through a gate and a locked door to get to it, so want to minimize visits to it. The house is a split-level, so there's always more stairs - again I want to minimize visits to equipment.

Upstairs, in the office with a desktop computer, there is also a server that is accessible from the internet, thus has a fixed IP address. There is ONE cat5 cable from basement office to the upstairs. In the upstairs office there is also a wifi access point as the wifi reception from the basement is poor.

Additionally, in the basement area, there is a Raspberry Pi (rPi) that must also be available to the outside internet, and a desktop computer.

The desktops should be able to simply plug in and get a protected internal IP address via DHCP. This should also be true of any wifi connections. The servers with external availability obviously must be configured explicitly to their respective assigned addresses.

To make this all work required a fair amount of trickery and some external hardware. As there is only one cable from basement to upstairs, I had to bring in a cheap/simple 5 port netgear switch so as to make both the server network and the internel network both be available via the same cable to the upstairs. At the upstairs end I already had another switch as there's several devices.

Lastly, I'm a business and have the public on the property, so need to have an isolated Guest wifi.

Setup
Pick a port on the modem (I chose 2), and plug it into the switch. Only plug one non-server device in at this time.
Go to a desktop on the line you plugged in. You should get a 192.168.0 address via DHCP.
Go into browser, go to 192.168.0.1 and log into modem admin.

Modem config
WAN settings
  IP Addressing Type: Block of Static IP Addresses
  Subnet Mask: 255.255.255.248
  Gateway Address: 63.226.250.182
  LAN DHCP Addressing: Private LAN Subnet
Note that when you select "Private", it will womp any settings you may have had in the DHCP Settings and DHCP Reservation. It should automatically set as follows:
  DHCP Server: Enabled   Modem IP Address: 192.168.0.1
  Beginning DHCP Address: 192.168.0.2
  Ending DHCP Address: 192.168.0.254
  Subnetmask: 255.255.255.0
DHCP Reservations should be set to:
  DHCP Reservations state: Enable
  DHCP Reservation (IP allocation): Enable
  Beginning DHCP Reservation IP: 192.168.0.2
  Ending DHCP Reservation IP: 192.168.0.128
Note that the DNS Host Mapping screen seems to show ourself at 192.168.0.1 - I did not add this, it seems to have done this automatically as well.

Now go into Wireless Setup
Basic Settings:
   Wireless Radio: Enable
  Network Name: PvDslModem
Wireless Security:
  SSID: select PvDslModem
  Select WPA - Personal (iPhone will whine about weak security if WPA is included)
  Use Custom Security Key/Passphrase (and choose something)

Now the fun part - LAN Subnets
Pick one of the 2.4GHz SSIDs (I chose 2): (older devices like my house thermostats may only do 2.4GHz)
  LAN Subnet Name: Guest
  Select 2.4GHz SSID2
  IPv4 Addressing State: Enable
  Network Adress: 192.168.1.0
  Subnetmask: 255.255.255.0
  Gateway Address: 192.168.1.1
  Modem IPv4 Admin Access: Disable
  DHCP Server State: Enable
  DHCP Start Address: 192.168.1.2
  DHCP End Address: 192.168.1.254

Pick another port on the modem (I chose port 1) -- do NOT plug it in yet. Make a new LAN Subnet:
  LAN Subnet Name: Servers
  Select Ethernet 1
  IPv4 Addressing State: Enable
  Network Address: 63.226.250.0
  Subnetmask: 255.255.255.0
  Gateway Address: 63.226.250.1
And hit Save.
Lastly, plug this ethernet cable into any port of switch.

Now go back into Wireless Setup and configure passwords (as shown above) for any new SSID LAN Subnets that you created.

NOTES:
Below you'll find links to old config pages that used to work. After a recent powerfail and modem replacement I was unable to get those simpler directions to work.

I believe the issue I had is that this modem does not support "hairpin NAT". With the older configurations, the internal networks could not get to the servers, even though they're all passing through the same modem. It may be possible that this could be fixed with NAT or static routing or some such, but I was not able to do it.

Everything I've described here should work exactly the same on the newer C4000BZ modem.

If you want to have additional security in exchange for convenience, you can make a LAN subnet with an unusual IP block, perhaps 192.168.234.x, and do not enable DHCP on it. Anyone trying to use it would have to know to hardcode and IP in this range and that the gateway is that range .1.

Config page for C4000BZ modem
Config page for ActionTec C 1900 modem
Config page for ActionTec Q 1000 modem
Feel free to contact me if you have suggestions for a better way, or anything else...
Copyright © 1995-2025 Mike Lempriere (running on host bayanus)