Equipment (Modems,Gateways)
Back to Top

Bridge mode with a /28 and router behind the Cisco DPC3941B

SOLVED
AUWireless
Visitor

Bridge mode with a /28 and router behind the Cisco DPC3941B

I am a business customer with a /28 of public IPs (13 usable). I was issued a Cisco DPC3941B device. I have a Mikrotik CCR 1009 router running behind the DPC3941B.

 

I have read two opposite answers to this question: Can I put the DPC3941B into true bridge mode with my public /28 and allow my Mikrotik to handle all the IP routing?

 

When I do put it into Bridge mode, it does not seem to pass traffic from my Mikrotik but I am assuming my gateway IP is inorrect.

 

It seems like it would be easier to assign all customers a /30 and then give a separate /28 or /29 when they request static IPs.

 

What is the real answer on true bridge mode with static IPs with a real router behind the Comcast device?

Accepted Solution

Re: Bridge mode with a /28 and router behind the Cisco DPC3941B

Hell AUWireless and welcome,

 

If ANY industry standard Gateway, including your DPC3941B, is configured in True Bridge Mode (TBM) then your Static IP functionality becomes disabled, along with your LAN DHCP, Natting, etc. We any Gateway is in TBM the ONLY routing it is able to do is to pass the WAN DHCP address to any Firewall or Controlling Router device's WAN interface. Under these networking configuration conditions the the inherent Firewall or Controlling router device would then handling all LAN DHCP routing directly through its WAN interface to the Gateway's WAN interface into the Internet.

 

The ONLY way for you to use your Static IPs is to NOT have your DPC3941B in TBM, have Comcast program your static IP Gateway address into it's WAN interface, setup the static IP protocol and authorization, make sure that your Mikrotik CCR 1009 WAN interface is correctly programmed with your static IP routable, gateway, subnet mask addresses, pri & 2nd DNSs. It is always good networking practice to disable your DPC3941B LAN DHCP to avoid any DHCP conflicts with your Mikrotik CCR 1009 DHCP server.

 

Hope this helps you out.

View solution in context
Accepted Solution

Re: Bridge mode with a /28 and router behind the Cisco DPC3941B

The short answer is that you can't have both true bridge mode and static ip block from Comcast at the same time.

 

The way Comcast does the static ip block is that the comcast modem/gateway/router device is using the RIP protocol to announce your assigned /28 or /29 prefix.  It would be possible for you to configure your own Miktrotik router to run RIP and announce the same prefix, but you would need the 'password' which is in the comcast router.  This is a configuration that Comcast doesn't support.. probably they don't filter the customer announcements and so their way of keeping customers from messing it up is to not let them do this at all as it avoids all the extra work of policing and supporting that.

 

The comcast gateway seems to be running quagga - http://www.nongnu.org/quagga/docs/docs-multi/RIP-Authentication.html

If you can 'get into it' you can get the RIP key out of the comcast router but this is not something they will help you with.

 

What I would suggest instead is to turn off all the firewall type stuff you can find on the comcast gateway and just use your static ips, with the gateway being the comcast router (usualy the highest number in your prefix).  This is their supported configuration and it does work well.  If you have office users and not just servers, you should set up your Miktrotik to do DHCP-PD for v6 and take one or more of the static IPs for NAT on v4.

 

-Laszlo

 

View solution in context
Trusted Forum Contributor

Re: Bridge mode with a /28 and router behind the Cisco DPC3941B

Hell AUWireless and welcome,

 

If ANY industry standard Gateway, including your DPC3941B, is configured in True Bridge Mode (TBM) then your Static IP functionality becomes disabled, along with your LAN DHCP, Natting, etc. We any Gateway is in TBM the ONLY routing it is able to do is to pass the WAN DHCP address to any Firewall or Controlling Router device's WAN interface. Under these networking configuration conditions the the inherent Firewall or Controlling router device would then handling all LAN DHCP routing directly through its WAN interface to the Gateway's WAN interface into the Internet.

 

The ONLY way for you to use your Static IPs is to NOT have your DPC3941B in TBM, have Comcast program your static IP Gateway address into it's WAN interface, setup the static IP protocol and authorization, make sure that your Mikrotik CCR 1009 WAN interface is correctly programmed with your static IP routable, gateway, subnet mask addresses, pri & 2nd DNSs. It is always good networking practice to disable your DPC3941B LAN DHCP to avoid any DHCP conflicts with your Mikrotik CCR 1009 DHCP server.

 

Hope this helps you out.

Highlighted
AUWireless
Visitor

Re: Bridge mode with a /28 and router behind the Cisco DPC3941B

It does help - sort of. Not the answer I wanted.  I don't really want the DPC3941B doing any routing, DHCP, NAT, etc. I want my router to handle all of that.  However, it does not look like it can be done with my /28 since there is no gateway set up for me to connect to in bridge mode for my subnet.

 

I am in router mode now and my Mikrotik is using the DPC3941B as the gateway but it takes away some functionality I'd rather keep on my router. 

 

Customer support gave me the opposite information and they programmed my router in TBM - which never worked properly - but they insisted it would.

AUWireless
Visitor

Re: Bridge mode with a /28 and router behind the Cisco DPC3941B

Well, this seems to lead me to believe I can do bridge mode:

 

http://forums.businesshelp.comcast.com/t5/Equipment-Modems-Gateways/How-to-enable-bridge-mode-on-DPC...

 

I have made sure I am configured that way but what that does not tell me is the gateway IP I will use. It can't be the gateway I was given for my static block since that is being routed to me. I need a gateway on the far end of the Comcast link for my router to connect to and there is not one in my /28.  This is why a /30 for connectivity makes alot more sense and then you can give out /29's or /28's or whatever to the customer to use since those will now use your WAN IP of the /30 as the gateway address.

laszloh
New Member

Re: Bridge mode with a /28 and router behind the Cisco DPC3941B

The short answer is that you can't have both true bridge mode and static ip block from Comcast at the same time.

 

The way Comcast does the static ip block is that the comcast modem/gateway/router device is using the RIP protocol to announce your assigned /28 or /29 prefix.  It would be possible for you to configure your own Miktrotik router to run RIP and announce the same prefix, but you would need the 'password' which is in the comcast router.  This is a configuration that Comcast doesn't support.. probably they don't filter the customer announcements and so their way of keeping customers from messing it up is to not let them do this at all as it avoids all the extra work of policing and supporting that.

 

The comcast gateway seems to be running quagga - http://www.nongnu.org/quagga/docs/docs-multi/RIP-Authentication.html

If you can 'get into it' you can get the RIP key out of the comcast router but this is not something they will help you with.

 

What I would suggest instead is to turn off all the firewall type stuff you can find on the comcast gateway and just use your static ips, with the gateway being the comcast router (usualy the highest number in your prefix).  This is their supported configuration and it does work well.  If you have office users and not just servers, you should set up your Miktrotik to do DHCP-PD for v6 and take one or more of the static IPs for NAT on v4.

 

-Laszlo

 

Discussion stats
  • 4 replies
  • 4056 views
  • 0 kudos
  • 3 in conversation