Search the Community
Help & Support Forums
- Business Internet & Ethernet
- Cloud Solutions
- Billing & Customer Service
- Business Phone
- Business TV
- Think Tank
- Welcome Community
The subject is accurate but incomplete. The CG3000DCR will not respond to pings (or anything ...
The subject is accurate but incomplete. The CG3000DCR will not respond to pings (or anything else) for any source address it has allocated via IA_NA or IA_PD request but these addresses will route through the CM.
No self respecting network engineer would ever direct routes to a router that was responding to pings. This had both me and the comcast techs mystified. The solution is to ignore the non-response to pings and just install routes anyway and ping to things past the CM.
IPv6 traceroute through the CG3000DCR is completely broken which can also be deceiving.
The CG3000DCR is a workable solution to native IPv6 but has bugs and quirks that can make it seem like it is not working. I'll start a separate thread and send a summary of bugs and quirks in the CG3000DCR that might trip up other users.
I've made some headway on this. According to tier 2 the cisco does support a prefix delega...
I've made some headway on this. According to tier 2 the cisco does support a prefix delegation in passthrough mode, although mine is apparently problematic so it's being replaced with the netgear. I know that the netgear will work when you request a prefix delegation - my old one hands me a /60. According to the tech the Cisco gateway should also do this. I'm not clear if you can use the entire /56, even statically. If you don't need more than the 100Mb package you could ask for a netgear, I know those work.
Update: Comcast came out and replaced the Cisco for a Netgear CG3000DCR. As ndb217 &nb...
Update: Comcast came out and replaced the Cisco for a Netgear CG3000DCR.
As ndb217 stated, It's broadcasting a /60 so that might be a problem later (I need x2 /57) but at least the routing is working now.
Hello NVTech and welcome to forums, I apologize for any miscommunications you suffered...
Hello NVTech and welcome to forums,
I apologize for any miscommunications you suffered recently. As static IPv6 is a new products not all of our support reps have been granted access manipulate such a new and important database. if you static assignment has not been completed please send me a private message so I can assist you. Again I apologize for the communications.
I was told by support that you need to have dhcpv6 enabled on the modem and have at least one devic...
I was told by support that you need to have dhcpv6 enabled on the modem and have at least one device directly connected to the modem make a dhcp request for an ipv6 address to get the ipv6 routing to work. As for the built in diagnostics, my experience has been it uses the WAN ipv6 address, so it doesn't help any in troubleshooting problems with the LAN addresses on the modem.
I received a call from the tech last week and he said that basically it's not currently possible to...
I received a call from the tech last week and he said that basically it's not currently possible to set up reverse DNS lookups for IPv6 at this time. As in, the system is not yet in place to do it, either by setting up NS records to a customer name server, or even to just configure individual PTR records as is done currently with IPv4 static addresses.
This is disappointing since it makes IPv6 email servers problematic. Many email providers, including gmail, will refuse to talk to an IPv6 SMTP relay if its forward DNS lookup doesn't match the reverse DNS of the returned IP address. This is to combat SPAM, but it effectively makes matching reverse IPv6 DNS mandatory if you wish to run a mail server.
I have pretty much everything else you could set up for IPv6 going on my network except a native IPv6 email server. It's the last thing for me to be truly IPv6 compliant.
As an interesting note. I've looked at my pfSense RRD logs and typically 50% or more of my traffic is IPv6. Probably because the "big guys" like Youtube and Google are IPv6. I note that the IPvFoo plugin is showing this forum to not be IPv6. For shame!
In the mean time, I'll probably just get an HE tunnel set up if I want to go all the way with a native email server. Or wait until it becomes possible to set up reverse DNS for IPv6 on Comcast. PLEASE Comcast, after all these years, implement a web interface to set up PTR records. Having to call them in is a pain!
With that model of cable modem I would set it into True Bridged mode (there is a post somewhere on...
With that model of cable modem I would set it into True Bridged mode (there is a post somewhere on the forum to do this) and then setup a router behind it to use DHCP/DHCPv6 to obtain an IP4 and an IPv6 set of IP addresses. I would not even begin to assume that the IPv6 implementation on the Surfboard is complete or even correct.
- Ipv6 disable dhcp
All you need to do is UNCHECK the DHCP Stateful. Do NOT mess with anything else. Win...
All you need to do is UNCHECK the DHCP Stateful. Do NOT mess with anything else.
Windows Server 2012 ignores stateless DHCP IPv6 if stateful DHCP IPv6 is disabled.
Here is an article you should read:
Here's the operative paragraph:
"...If a DHCPv6 server is available but doesn't offer IPv6 addresses (i.e., it's configured as a stateless DHCPv6 server set up to serve clients with the o flag set and return only DNS server addresses and search suffixes), Windows will ignore it. However, if the DHCPv6 server returns an IPv6 address along with DNS server addresses and search suffixes, Windows will add the address to the interface and use the additional information..."
"...do I setup up a forwarder to the the comcast primary & secondary dns on the WS2012R2E server..."
You NEVER setup a DNS server to obtain a dynamic IP address via DHCP, DHCPv6, SLAAC or any other means of dynamic assignment!!!!!!!!!
ANY WINDOWS SERVER ACTING AS AN ACTIVE DIRECTORY ROOT IS A DNS SERVER!!!!
In addition you should consider that for a COMMERCIAL SETUP LIKE A SMALL OFFICE you should USE YOUR OWN ROUTER WITH COMCAST!
I HIGHLY RECOMMEND that for small office setups you purchase a HIGH SPEED HIGH QUALITY SMALL ROUTER AND LOAD DD-WRT FIRMWARE ON IT! Examples are routers like the Netgear WNDR3400. Look for routers on the dd-wrt compatability list that have 64MB of dram and 8MB of flash. Then buy a Dynamic DNS account from a business like no-ip.com. dd-wrt supports this out of the box. Use this device with YOUR OWN Cable modem that is in Bridged mode, a very good cable modem model is Motorola SB6121 or Motorola SB6141
This will give you the benefit of a reachable IP on the Internet (using DNS name) without having to pay extra money for a static IP, and without having to pay extra money to "rent" a cable modem from Comcast, and it will give you the control to TURN OFF IPv6 on the router and turn it on when you are ready.
IN ADDITION there are fewer bugs in the IPv6 implementations on these routers!
No, best practices is to use .local This is why RFC 6762 was written. There's eve...
No, best practices is to use .local This is why RFC 6762 was written. There's even a wikipedia page on .local
The CERT thing has always existed. The way it works is as follows:
When you install Essentials or any Windows server OS it creates a self-signed certificate that is created from
the name. So if the server is named aaa.bbb.local then the cert has that name in it.
In a controlled domain the client systems can have that self-signed certificate pushed to them by the
domain controller. They incorporate it into their own certificate store and everything is fine.
Now along comes the admin and they want to use the webserver on the Windows server on the Internet and
serve out https pages. They turn it on, apply aaa.bbb.com to the DNS and discover the self-signed cert
is invalid when the server is accessed from the public Internet.
So they go to a SSL Cert provider and buy a cert. This is where the confusion comes from.
There's several different kinds of SSL certs out there. The simplest and cheapest are the single-name certs that
are only good for aaa.bbb.com
The more expensive certs allow multiple domain names, usually up to 5. Those are the ones your supposed to
buy. You tell the SSL cert provider to list both aaa.bbb.com and aaa.bbb.local as names in that cert. Then when you apply it, encryption works both inside and from the outside.
The people saying to not use .local are either completely misunderstanding things - probably because they bought a cheap cert with a single name, tried to apply it to their Windows server and it blew chunks - or they are trying to game the system by deliberately ignoring the fact that hosts on the inside that attempt to go to aaa.bbb.com are going to saturate the router with useless hairpin traffic just so they can save a few bucks on a cheap SSL cert.