Skip to content
tmittelstaedt's profile

Problem solver

 • 

323 Messages

Sun, Oct 17, 2021 6:12 AM

Part #3 of 3 Guide to Copper business static IPv6 setup from Comcast and DHCP-PD on the Comcast CBR-T.

This uses Cisco IOS router commands for configuring the Cisco 2800 and I've included the relevant parts of the Cisco configuration at the bottom.  You will have to translate this to whatever configuration commands are used for your brand of User Router.  Start from the CBR-T router online, passing IPv4 traffic, and you are able to surf the web using IPv4 from a PC plugged into the CBR-T.

1) After logging in and changing the password, turn off the wifi networks.  (these are just CPU wasters)  Click Connection, Status and click on the edit buttons for each network and shut them off

2) Record the following information from the Connection, Status page:

Link Local Gateway Address (IPv6) fe80:0bad:beef:dead:beef
Global Gateway Address (IPv6)  2603:3004:273:f900:0bad:beef:dead:beef
Delegated prefix  2603:3004:273:f900::/56

Note that it is not necessary to tick the Stateless (Auto Config) checkbox on the router
web interface - it will do it anyway whether that box is ticked or not.  In fact it's best
NOT to change much else from the defaults although you can turn off the firewall on the
CBR-T.

3) Configure the Cisco 2800 to obtain a dhcp-pd address.  Assuming the WAN port on the Cisco is named FastEthernet0/0 here's the portion of the IPv6 config snippet (ipv4 and access list commands are removed):

interface FastEthernet0/0
 description Comcast-Link
 no ip redirects
 no ip unreachables
 ip nbar protocol-discovery
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 ipv6 address autoconfig default
 ipv6 enable
 ipv6 dhcp client pd comcast-prefix
 random-detect dscp-based
 no cdp enable

4) Now issue the command:

#sh ipv6 general-prefix

You should get back something like the following:

IPv6 Prefix comcast-prefix, acquired via DHCP PD
  2603:3004:273:F960::/59 Valid lifetime 265472, preferred lifetime 265472
#

5) Now find out the IPv6 address of your Cisco 2800 with the command

#sh ipv6 interface fastethernet0/0

FastEthernet0/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::21B:CFF:FE3C:3FA0
  Description: Comcast-Link
  Global unicast address(es):
    2603:3004:273:F900:21B:CFF:FE3C:3FA0, subnet is 2603:3004:273:F900::/64 [PRE]
      valid lifetime 299 preferred lifetime 299
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF3C:3FA0
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  ND advertised reachable time is 0 milliseconds
  ND advertised retransmit interval is 0 milliseconds
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  Hosts use stateless autoconfig for addresses.
#

Make sure it's a legitimate address of the first /64 of the 2603:3004:273:F900::/56 prefix delegated to the CBR-T

6) Check that the Cisco 2800 has the correct default gateway

#sh ipv6 route

IPv6 Routing Table - 8 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
       U - Per-user Static route
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
S   ::/0 [1/0]
     via FE80::0BAD:BEEF:DEAD:BEEF, FastEthernet0/0
C   2603:3004:273:F900::/64 [0/0]
     via ::, FastEthernet0/0
L   2603:3004:273:F900:21B:CFF:FE3C:3FA0/128 [0/0]
     via ::, FastEthernet0/0
S   2603:3004:273:F960::/59 [1/0]
     via ::, Null0
C   2603:3004:273:F960::/64 [0/0]
     via ::, FastEthernet0/1
L   2603:3004:273:F960:21B:CFF:FE3C:3FA1/128 [0/0]
     via ::, FastEthernet0/1
L   FE80::/10 [0/0]
     via ::, Null0
L   FF00::/8 [0/0]
     via ::, Null0
#

6) Now make sure you can ping out from the FastEthernet0/0 address 2603:3004:273:F900:21B:CFF:FE3C:3FA0 with the command:

#ping ipv6 www.microsoft.com repeat 5

Translating "www.microsoft.com"...domain server (8.8.8.8) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2600:1405:1800:181::356E, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/13/16 ms
#

7) Next, subnet the /59 into a /64 and apply the /64 to the LAN interface of your router.  Use the first /64 of the 2603:3004:273:F960::/59 prefix handed to you by the CBR-T  with the commands:

interface FastEthernet0/1
 description LAN Interface
 ip address 172.16.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 ipv6 address 2603:3004:273:F960::/64 eui-64
 ipv6 enable

8)  Now, issue a ping using that address to make sure the CBR-T is routing

#ping
Protocol [ip]: ipv6
Target IPv6 address: www.microsoft.com
Translating "www.microsoft.com"...domain server (50.198.160.177) [OK]

Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands? [no]: yes
Source address or interface: fastethernet0/1
UDP protocol? [no]:
Verbose? [no]:
Precedence [0]:
DSCP [0]:
Include hop by hop option? [no]:
Include destination option? [no]:
Sweep range of sizes? [no]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2600:1405:1800:18B::356E, timeout is 2 seconds:
Packet sent with a source address of 2603:3004:273:F960:21B:CFF:FE3C:3FA1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms
#

9) If none of this works test an IPv6 ping from a host plugged into the CBR-T.  Since that will get IP addressing via SLAAC from the first /64 subnet of the /56 assigned to it.  If that doesen't work power-cycle the modem and call Comcast if you still can't get out on the IPv6 network.  If pings from the router WAN interface work but pings from the router internal interface do not work then power-cycle the CBR-T and try again.

10) At this point your hosts plugged into the inside LAN network of the Cisco 2800 will start getting SLAAC addresses and default gateways from the Cisco 2800 and should be able to ping out.

11) Install IPv6 firewalls and IPv6 access lists on the router and hosts with IPv6 addresses

12) Add static routes to your hosts on the PublicLAN network pointing to the Cisco 2800.

Here are some examples:

For the Linux boxes:

To show routes

 route -A inet6
 route -C -A inet6

To add a route

# route -A inet6 add 2603:3004:273:F960::/59 gw FE80::21B:CFF:FE3C:3FA0 enp4s0f0

For FreeBSD:

To show routes

netstat -r

To add a route

#route add -inet6 2603:3004:273:F960::/59 FE80::21B:CFF:FE3C:3FA0%bce0  

For Windows

To show the routes:

netsh interface ipv6 show route store=persistent

To add a route

netsh interface ipv6 set route 2603:3004:273:F960::/59 "Internet" FE80::21B:CFF:FE3C:3FA0 1 0 2 yes 5000 5000 store=persistent

Windows IPv6 info
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/install-configure-ip-version-6

No Responses!