Like others who have posted I have an IPv4/29 and an IPv6/56 that shows up and is assigned to my account. From all the posts I am completely confused on the proper way to get my IPv6 working on more than just my CPE's WAN interface (DHCPv6 from DPC3941B) gateway.
So my question is what is the proper way to enable and utilize the IPv6 I was given? Do I configure my WAN interface:
Appreciate any feedback or support on this. Like others I would like to also be ahead of the curve when securing for the IPv6 Internet.
I would like to help with your static inquiry. The DPC3941B would not auto-assign or force an IP on the CPE. The CPE would need to support and request the IPv6 information. If you are having any issues, I can definitely check to see if the static information is properly configured on your gateway.
Please private message me your account number and the name of your business if you need any help.
We're having a similar issue that I would like help resolving. We have a block of 5 static IPv4 addresses and a static /56 of IPv6 addresses:
For various reasons technical and philosophical, we cannot use the routing features of the Comcast Business IP Gateway (Cisco DPC3939B). Since we can't put it in bridge mode (bridge mode is incompatible with static IP assignments due to RIPv2), we've disable all DHCP, firewalls, NAT, etc. in the DPC3939B, and it's purely pass-through. We're using a common enterprise routing solution (VyOS, an OSS fork of Vyatta/Brocade) as the CPE. It's plugged in to LAN1 on the DPC3939B. All traffic for the whole network goes through there.
I had no problems assigning all of the IPv4 addresses to the router and using them as needed. But IPv6 is just not working. Despite the fact that we have a 2603:xxxx:xxxx:8700::/56, we can't get the gateway to route anything other than 2603:xxxx:xxxx:8700::/64. I can statically assign anything from 2603:xxxx:xxxx:8700::1/64 to 2603:xxxx:xxxx:8700:ffff:ffff:ffff:ffff/64 to the WAN on my router and my router can ping and be pinged from the outside, but if I try to assign anything in a higher prefix, like 2603:xxxx:xxxx:8701::1/64, it no longer works. As such, my IPv6 capabilities are limited to traffic only between my router and the internet. I can statically assign IPv6 addresses to the public servers behind my router (which, being on a LAN, have to use a separate /64 prefix than the WAN, or else traffic can't route between them). However, when I ping the outside world from these servers, I can see (with tcpdump) the traffic leaving my router and I can see it getting to the destination, and then I can see the destination responding, but the response packets never get back to my router.
It seems that the DPC3939B is not routing any incoming traffic other than 2603:xxxx:xxxx:8700::/64 to my router, but it should be routing everything 2603:xxxx:xxxx:8700::/56 to my router. My account is assigned a static 2603:xxxx:xxxx:8700::/56 and, as such, I should be able to use the full 2603:xxxx:xxxx:8700::/56 static assignment. Limiting me to just the first prefix of 2603:xxxx:xxxx:8700::/64 makes IPv6 completely useless. (Note that I do not exect to be using DHCPv6 here—these are static IP addresses and, as such, I must be able to assign and use them statically.)
If I could SSH into the DPC3939B, I'm confident that I could set up the necessary route, but that doesn't seem to be an available option, and the Static Routing screen on the web console only supports IPv4 (it gives you an error if you attempt to insert IPv6 addresses). If I was simply allowed to configure the RIPv2 md5 key directly in my CPE and enable bridge mode on the DPC3939B, I'm also confident I could get everything working, but Comcast does not allow this. We're paying way too much money for static IP addresses for my entire IPv6 delegation to be useless. Can you please help get this resolved? The problem is definitely not beyond the demarcation ... it's before the demarcation, in Comcast's equipment or Comcast's configuration.
Note: I've seen several forum postings, such as this one, that suggest that the Cisco is useless for IPv6 and only supports the first /64, and to get use of the full /56 you have to use the Netgear. I have no way of knowing whether that's actually the issue here; it's possible the Cisco has a firmware update that resolved this. If it is the case that the Cisco can't do this, you shouldn't be issuing the Cisco to new accounts that have specifically requested static IPv6 (which I did, and was given a Cisco just two months ago), and you certainly shouldn't be charging so much for a defective piece of equipment, and I suppose that means I need to get a Netgear brought out.
Please let me know if you make any headway with this. I still have no solutions and I have tried Sophos UTM 9.x, Sophos XG, and OpnSense. With all three the issue appears to be in the Cisco DPC3914B gateway device.