Skip to content
Skip to main content

  • Home

mhanley's profile
mhanley
1st Reply
Stamp of Approval
1st Topic

New Contributor

 • 

13 Messages

Sunday, August 2nd, 2020 4:00 PM

Comcast Static IPv6 Setup on UniFi Security Gateway 4P

Hello,

I am having issues setting up my static IPv6 Address from my Comcast Cable Modem. If I bypass the USG and connect directly to the Comcast Cable Modem, IPv6 works correctly. I also have my static IPv4 address working correctly on the USG.

 

I reviewed the following Instructions:

 

Using the Unifi Controller UI, I am stumped on the following values

 

IPv6 WAN (via Internet -> WAN Networks)

  • IPv6 Connection Types: Static IP
  • IPv6 Address: what value do I use here?
  • Prefix Length: 64
  • Router: what value do I use here?

IPv6 LAN (via Local Networks)

  • IPv6 Interface Type: Static
  • IPv6 Gateway Subnet: what value do I use here?
  • IPv6 RA Priority: Enabled

I feeling like I must be missing something very basic. Any help would be very much appreciated.

Question

 • 

Updated 

1 year ago

5.3K

21

0

mahdi_c

Contributor

 • 

12 Messages

4 years ago

I see, thank you @sparky04cr !

For your new modem, have you tried setting the prefix length to 59 on the USG WAN interface?

I have a new modem and I get "almost static" IPv6 by setting the WAN prefix to 59.

(I haven't been able to get fully-static IPv6 working yet, so was interested in your post -- I will try that this week and see what happens.)

0

0

sparky04cr

New Contributor

 • 

11 Messages

4 years ago

mahdi_c - you do not have the older CG3000DCR modem? The modem I have now (stuck with a DPC3939B) - PD does not work, it is broke. I must manually set up the route. I am able to go out, but everything coming in is blocked by the modem and reported as an 'Intrusion Attack' unless the device is connected directly to the modem and the modem can register the MAC itself. I have even set the LAN side of the USG to be in the same 64 block as the modem itself, still blocked. I have gone up the chain in Comcast to a point to what I want shut off (IDS) is built into the Cisco firmware and it can not be turned off. The only way to turn it off is to go into 'Bridge' mode, with this I will loose my static IPv4 address. I have access to the newer Comcast 'Technicolor' 'CGA4131COM' where I was able to pass IPv6 with a static IPv4 addressing correctly. Testing proved that IPv6 was not always successful, but it appears very promising as PD is working properly on this modem for easy set-up. What you are stating is like the IDS of the modem is enabled and blocking the packets coming back - check the logs inside the modem.

0

0

mahdi_c

Contributor

 • 

12 Messages

4 years ago

I see, I'll check the logs. I have the Technicolor CGA4131COM.

0

0

mahdi_c

Contributor

 • 

12 Messages

4 years ago

Hi @sparky04cr , how do you have your USG configured when the modem is in "Bridge" mode?

I'm trying that setup myself now and can't seem to get it working right.

Network: WAN

Connection type: Static IP

IPV6 address: 2603:1:1:6e00::feed

Prefix length: 56 (what Comcast allocated)

Router: fe80::1:1:1:bc87

Network: LAN

IPV6 interface type: Static

2603:1:1:6e01::1/56

IPV6 RA: on

IPV6 RA Priority: High

on the USG, I ran "ip -6 route" and saw the following:

2603:1:1:6e00::/56 dev eth1  proto kernel  metric 256
fe80::/64 dev eth1  proto kernel  metric 256
fe80::/64 dev eth0  proto kernel  metric 256
fe80::/64 dev eth2  proto kernel  metric 256
fe80::/64 dev eth1.2  proto kernel  metric 256
fe80::/64 dev eth1.3  proto kernel  metric 256
default via fe80::1:1:1:bc87 dev eth0  proto kernel  metric 1024

Is that how you have the USG configured with the Comcast modem in "Bridge" mode? 


(I would message this privately, however I think how to configure the USG for Comcast Business is good to keep public for anyone else searching for this.)

Thanks!

0

0

sparky04cr

New Contributor

 • 

11 Messages

4 years ago

Hello mahdi_c,

PD on the modem you are using is set-up different than the one I had working correctly. I have not had time to play with the CGA4131COM much yet, only the initial testing I did with IPv6 months ago, access to this device limited. It may do all local IPv6 addressing for next hops, as what it currently seems to have setup on your side. On the LAN side I used, 'Static' IPv6 with a subnet /64 for each VLAN being used that I wanted. Example - your 2603:1:1:6e00::/56 would be 2603:1:1:6e00::/64. I could not get PD working properly on the LAN side - static IP was just simpler to do. For the WAN of the USG I used DHCP addressing with a PD set to 59. I have looked thru my notes - I only have that written down. To answer your question - You may want to try a 'Static' subnet for the LAN (eth1) instead of the full range offered by Comcast.

0

mahdi_c

Contributor

 • 

12 Messages

4 years ago

Thank you so much @sparky04cr !

You're right about PD on the CGA4131COM - if you want IPv6 addressing to work with PD (however with an unpredictable prefix), the following settings for the "interfaces" section on the USG should work in config.gateway.json (the necessary dhcpv6-pd settings are not accessible via the web UI):

  "interfaces": {
    "ethernet": {
      "eth0": {
        "address": [
          "10.1.10.2/24",
          "50.1.1.9/29",
          "50.1.1.10/29",
          "50.1.1.11/29",
          "50.1.1.12/29",
          "50.1.1.13/29"
        ],
        "description": "WAN",
        "dhcpv6-pd": {
          "no-dns": "''",
          "pd": {
            "0": {
              "prefix-length": "59"
            }
          },
          "prefix-only": "''",
          "rapid-commit": "disable"
        }
      }
    }
  },

For IPv6 specifically, the main setting is the "dhcpv6-pd" block. I just included it in the context of an example "interfaces" block for reference.

I'll try using /64 subnets for VLANs instead of the entire /56. Hopefully that works! Thanks again. :)

(edited)

2

0

CC_Abbie

Contributor

 • 

45 Messages

Thank you for working with us! Sounds good! You're welcome. Please let us know if you need anything further! 

I no longer work for Comcast.

Like

Reply

4 years ago

bitblaster2

New Contributor

 • 

9 Messages

I have an improvement to share for dealing with the non-static nature of the IPv6 PDs on the UniFi USG.

--- /opt/vyatta/sbin/dhcpv6-pd-client.pl-orig
+++ /opt/vyatta/sbin/dhcpv6-pd-client.pl
@@ -58,7 +58,7 @@
         $prefix = 64 if !defined $prefix;
         $prefix =~ s/\///;
         my $sla_len = 64 - $prefix;
-        $output .= "\tprefix ::/$prefix infinity;\n";
+        $output .= "\tprefix PUT_PREFIX_HINT_HERE::/$prefix infinity;\n";
         my @intfs = $config->listNodes('interface');
         my $count = 0;
         foreach my $intf (@intfs) {

Replace PUT_PREFIX_HINT_HERE with the first 59-bits of your prefix. Making this change will persist across a reboot. An improvement would be to create a

/opt/vyatta/share/vyatta-cfg/templates/interfaces/ethernet/node.tag/dhcpv6-pd/prefix-hint/* so this could be added to config.gateway.json, but that's for another day. :-)

Like

Reply

1 year ago