Skip to content
tmittelstaedt's profile

Problem solver


326 Messages

Sunday, October 17th, 2021 3:32 AM

Part #1 of 3 Guide to copper business static IPv6 setup from Comcast and DHCP-PD on the Comcast CBR-T.


This guide is the result of my work integrating the CBR-T (Technicolor CGA4131 version 1) into my IPv6 network in October 2021.  This modem was running firmware version CGA4131COM_4.10p10s1_PROD_sey for the Software Image Name and Prod_20.2_d31 & MTA Application for the eMTA & DOCSIS Software Version.  It is NOT in "bridged mode" 

COMCAST DOES NOT ALLOW STATIC IP ADDRESSING ON RESIDENTIAL SERVICE.  COMCAST DOES NOT ALLOW CUSTOMER-PROVIDED CABLE MODEMS/ROUTERS WITH STATIC IP SERVICE.  Because of this, anyone needing static IPs on Comcast copper coax must get Comcast business service and must rent a Comcast-provided cablemodem/router.

The CBR-T is the newest Comcast cable modem used for Business services over copper coax cable that require static IPv4.  It replaces all prior business modems including the Cisco, SMC and Netgear and I have been told that it is the business platform going forward.  It is a DOCSIS 3.1 modem that is able to support a maximum bandwidth of above a gigabit on Coax.  So, you will need to get familiar with the CBR-T pecularities on IPv6 setup since in the next few years that will be the only option for Comcast cable with static IPs.

The modem also has the ability to have 19" rack ears attached to it and I have mine rack mounted.  The modem IS NOT self-installed so if you want the rack ears ask your installer when he brings it out to put a set on.

The modem DOES NOT have a power switch that I can see (or that works)  Cold-booting is done by pulling the power cable out and plugging back in.

When you get your CBR-T modem it is going to be installed by a tech since that's the only way Comcast does it for static IPs. Make sure you can login to the CBR-T with a web broweser BEFORE the tech leaves.  Make sure that IPv4 routing for public and private is working properly before reading this guide.

Terms used:

Client DHCPv4:  Configure a computer to obtain IPv4 addressing from a DHCP server
Client DHCPv6:   Configure a computer to obtain IPv6 addressing from a DHCPv6 server.  The CBR-T is configured as both a DHCPv4 and a DHCPv6 server.
DHCP-PD:  DHCPv6 with Prefix Discovery, defined in RFC 3633, see   The CBR-T is also configured as a DHCP-PD Server.  Routers obtain IPv6 prefixes using DHCP-PD
User Router, aka Cisco 2800: a router plugged into the CBR-T that translates IPv4 to a Private LAN.  For this guide it is the Cisco 2800.  You can use any router you wish that is IPv6 compliant such as a router based on dd-wrt for example.  In this discussion I use "Cisco 2800" when discussing Cisco-specific router commands.
Private LAN:  The network behind your own "user router", generally the IPv4 numbers are translated "private IP addresses" (192.168.1.x)
Public LAN:  The network that connects the CBR-T to your User Router where your static IPv4 subnet lives.

Template for this guide

My setup that I have based this guide on is as follows - I have a /28 of static IPv4 from Comcast, and I have a dozen Linux and FreeBSD servers that are publically numbered that are plugged directly into the Public Lan connected to the CBR-T with static IPv4, and SLAAC-assigned IPv6 with Privacy Extensions disabled which basically makes the IPv6 address on the LAN a permanent static assignment.  Many admins like to use ::1/64  ::2/64  ::3/64  and so on statically assigned IPv6 numbers and this is fine as well.  Each server runs a firewall access list.

The main device that is the basis of this guide is my Cisco 2800 (User Router) running Cisco IOS.  It is plugged into the CBR-T and a second "private" LAN is plugged into it.  It runs translation for the IPv4, and routes, not translates, IPv6.  It makes SLAAC-assignments for IPv6 as well as having an access list to prevent crackers from bothering the Windows systems on it.  A collection of Windows Server and Workstation and Linux and FreeBSD and so on devices are plugged into that LAN.

The IPv4 addressing used on the "public LAN" is publically numbered while the IPv4 used on the "private LAN" is privately numbered.  The IPv6 addressing used on the "public LAN" is likewise "publically numbered" while the IPv6 used on the "private LAN" is likewise "publically numbered" That is, despite the fact the Cisco 2800 router has the ability to "translate" IPv6, since address translation is an abomination I have not enabled it. This is a typical "dual stack" environment.

TIP:  No matter what guides you find on the Internet, "Security through obscurity" is the domain of the morons.  Privacy Extensions are regarded as "more secure" only by morons.  DO NOT setup IPv6 on a "private LAN" unless you have taken steps to run an IPv6 firewall.

TIP: You will want to run your networking gear on a nice fat UPS because IPv6 routing IS DYNAMIC and does NOT take kindly to power "blips" that reboot equipment.

An overview of Cisco IPv6 router commands is here:


When the CBR-T modem boots it is MOSTLY configured from Comcast from a boot file it fetches over the network from Comcast.  Once booted you can login to it by plugging a computer with Client DHCPv4 turned on into it, you will get an IPv4 address of 10.1.10.x and you can use a web browser to connect to with a userID of cusadmin and a password of highspeed.  You will be required to change the password immediately.  YOU CANNOT LOGIN TO ANY OTHER IP ADDRESS ON THIS MODEM FROM ANY OTHER IP ADDRESS THAN THE 10.1.10.x ON YOU ARE ASSIGNED.

When you have static IPv4 addresses they come in a subnet and are usable on the Public LAN.  Some people may get ONE public IPv4 and put it on their own User Router, thus the Public LAN only has 2 public IPv4 addresses on it, one on the CBR-T and the other on their User Router's WAN interface, and they don't have an ethernet switch in between their User Router and the CBR-T.

Comcast also makes the IPv6 you are assigned static if you have static IPv4.  Comcast assigns a /56 of IPv6 to each of it's customers.  If the customer is dynamic then this is a dynamic assignment.  If you have your OWN cable modem and you are dynamic then you would put your modem in bridged mode and do your IPv6 on your own router and this guide is NOT for you.

But with the CBR-T the /56 of IPv6 is assigned to the cable modem and the CBR-T then splits it up into subnets.  Unfortunately, the logic behind this is undocumented, but with testing I have found the following:

* The CBR-T takes the first /64 subnet out of the /56 assigned and uses it for it's LAN interface.

* If the CBR-T gets a DHCP-PD request it issues a /59 subnet (prefix) via DHCP-PD that is taken out of the /56 assigned.  Note that there are a total of 8 /59 subnets in a /56.  The first /59 in the /56 is not going to be usable since the /64 used for the LAN interface is taken out of that.

* The CBR-T seems to "move" DHCP-PD assignments from /59 subnet to /59 subnet within the /56 block as a result of a cold boot. (excepting the first /64 that is used for the LAN interface, that always comes from the very first /64 of the assigned /56)

* The CBR-T appears unable to route certain /59 subnets.  You may have to power-cycle/cold boot the CBR-T a few times to get it to select a routable /59 subnet to hand out via DHCP-PD.  One user has reported that sending a DHCP-PD request with an empty DUID will cause the CBR-T to select the "next" /59 subnet so this may be another strategy although I don't know if that means sending a DHCP-PD request with an empty DUID followed by a subsequent DHCP-PD request with a filled-out DUID will get the same "new" selected subnet.

*My experience with the CBR-T is that once the CBR-T has selected and issued a /59 subnet then repeated DHCP-PD requests using the same DUID will result in returning that selected /59 subnet.  Since it's important for connectivity to NOT have the issued /59 subnet shifting around all the time, my strategy is to put the CBR-T on a UPS with a nice long runtime, then repeatedly cold-boot it until it gets a routable /59 subnet then leave it alone.

As for the rest of the unused IPv6 /59 subnets it's anyone's guess what the CBR-T does with them.  My speculation is that possibly some of them were intended by Comcast to be assigned to VoIP usage as there are 8 voice POTS ports on the CBR-T

Note that you SHOULD NOT use anything larger than a /64 subnet on a LAN as this is a sort of de-facto size and you may run into bugs doing a larger or smaller subnet.  A /64 subnet contains 1.8446744073709551616 × 10^19 individual IP addresses so using anything larger than that is wasteful. In addition, the /59 subnet that the CBR-T hands out via DHCP-PD can have 32 separate /64 subnets in it.

Since there is NO method in the CBR-T interface to insert a static IPv6 route, DHCP-PD is the only way to get the CBR-T to insert a route so that it will act as an actual router for IPv6 networks that are behind the User Router.

DNCP-PD does have a mechanism in it to tell the serving router that the client router wants a particular prefix or a particular size of prefix.  This is called "hints"  My experience (and the exprience of others) is that the CBR-T ignores DHCP-PD prefix suggestions in the IA_PD from a requesting router.  It always returns a ::/59.  So, a configuration on the User Router that is requesting DHCPD-PD such as:

ipv6 dhcp client pd hint ::/60 rapid-commit


ipv6 dhcp client pd hint blah:blah:blah:my:desired:prefix::/59

is ignored.

Note that both these behaviors ARE compliant with the rfc3633 standard

New problem solver


37 Messages

2 years ago

Thank you for posting this! 

I appreciate all the details you have put in.  While I have moved along to an HE.NET tunnel, I may one day try to use the comcast provided v6 again.