Netgate SG-1000 microFirewall

Author Topic: Comcast Metro-Ethernet Fiber w/Static IPv6- can't get to work  (Read 179 times)

0 Members and 1 Guest are viewing this topic.

Offline urbanextant

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Comcast Metro-Ethernet Fiber w/Static IPv6- can't get to work
« on: January 05, 2018, 01:20:56 pm »
I have Comcast's Metro-Ethernet product with two fiber lines up and running.  One is a 2gig/sec up/down and the other is a 1gig/sec up/down.  They terminate in a Juniper ACX2100, which is then connected to a Netgate XG-1541 via MMF cabling which combines them into one outgoing internal LAN that connects via MMF cabling to a D-Link dxs-1210-12tc which all of our MMF cables and CAT7a wiring runs off of throughout the house.

Comcast has provided Static IP addresses for all lines.

My issue is IPv4 was a walk in the park to set up.  I cannot, for the life of me, setup IPv6 and get it working.  In the Netgate/pfSense device it shows I've setup the two WAN IPv6 correctly, and they work, ping, etc., but nothing in the LAN side of things has any IPv6 connectivity.  Comcast provided a /48 block of IPv6 addresses for each fiber line.

I'd appreciate any help anyone is able to provide guiding me in how to get IPv6 up and running.

Thanks in advance!

Offline urbanextant

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Comcast Metro-Ethernet Fiber w/Static IPv6- can't get to work
« Reply #1 on: January 05, 2018, 06:48:27 pm »
So, I was able to figure a way to get this to work.  It's not with SLAAC the way Comcast Business wants it, but it works, nonetheless.  I took the second of the derived /64 subnets that could be worked out of our /48 block, and I used it as a static IPv6 /64 block to output on LAN1 to the D-Link.  On the D-Link I fiddled with some of the minimal IPv6 options, and under the "neighbors" tab were all the IPv6 assigned addresses for every device hooked to our network.

If I had to do this over again, I'd not purchase the D-Link device.  It's a colossal pain in the arse to deal with, and the settings you want to be able to really change and work with, just aren't there.  I'm using it, at this point, as a simple switch to connect all of our copper and multimode fiber lines to from around the house.  I think I'll be looking into replacing it later this year when the electrician wires the house with fiber optic cabling.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9819
  • Karma: +1107/-311
    • View Profile
Re: Comcast Metro-Ethernet Fiber w/Static IPv6- can't get to work
« Reply #2 on: January 05, 2018, 09:18:54 pm »
You don't really have much choice on a static address. SLAAC cannot be used to put addresses on the inside interfaces. If they are routing a /48 to you you do what you did. Statically assign a /64 from it to the inside interface.

Set pfSense to Unmanaged in DHCPv6 & RA for that interface and it will hand out SLAAC to that subnet.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline urbanextant

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Comcast Metro-Ethernet Fiber w/Static IPv6- can't get to work
« Reply #3 on: January 06, 2018, 12:10:25 pm »
Thanks for the reply.  I realized I was having a dumb dumb moment when it dawned on me SLAAC will not work for a block as large as a /48, let alone TWO /48 blocks that are being piped into the Netgate pfSense box.  It then came to me that a /64 was the largest block that would be feasible to make that work, and with 65k+ of them in a /48 block it was easy to pick just one for the LAN that runs to our switch, the D Link Box.  I didn't know about the other pfSense settings, and I greatly appreciate your assistance with that.  I'll go in and tinker with it later today.

When we signed up for this Comcast product, they billed it as Gigabit Pro, a residential product for the home, that was fiber optic.  We were told in an email ALL equipment would be included to make it work. This is NOT a residential product, it is known internally as Comcast Business Metro Ethernet, and all support, etc. comes from that department, not residential.  After signing up for it, we dealt ONLY with Comcast Business, which by the way, is light years better than Comcast Residential. After assisting Comcast with construction costs to run the fiber line underground down our 1/4 mile long driveway, they tell us we need a firewall, layer three device, switch, etc.  I didn't go to college for computer science.  It's a miracle that I've taught myself enough networking and programming since October to get all of this optimized and up and running.
« Last Edit: January 06, 2018, 12:19:21 pm by urbanextant »