03-10-2003 07:15 PM
I picked up a UBR924's hoping to have a killer router/switch/firewall/VOIP/VPN machine on my new Comcast cable service. I couldn't get it to work at all in transparent bridging mode--it won't pass the PC's DHCP request through from the ethernet side to Comcast--so I turned on routing. Turns out Comcast provides a DHCP address to the cable interface, along with a default gateway on 10.0.0.0 address space. That's fine, but they also expect to provide one DHCP address in the 12.0.0.0 address space to the ethernet interface of a PC or external (separate) router.
Any ideas out there on how I can get this UBR924 to work for me (even, failing all else, in bridging mode)?
03-10-2003 07:38 PM
The ubr924 comes in bridging mode as factory default which can be later changed to routing mode etc. If it's a new install the cable modem's mac address needs to be registered with the provider.
The cable interface will typically get an non routable address but the PC behind will get a public address (unless they are doing NATing at the head end).....are you using the same PC to get an ip address? Usually the "max-cpe" command on the cmts or DOCSIS config file will control how many PCs (thus different mac addresses can connect....the max-cpe defaults to1 if not configured other wise)
http://www.cisco.com/warp/public/109/bridging_cm_sample_config.html
deb ip dhcp server events / deb dhcp detailed will be useful
Thanks, Mak.
03-10-2003 08:43 PM
You can use the internet routable ip address which will be allocated to a PC behind the cable modem and perform a NAT on a cable modem. That way you can have more then one PC going to internet using NAT on a public ip address which will be allocated to PC's eth using DHCP.
You need to use "cable-modem dhcp-proxy " command for that. Here is the url explaining that with config.
http://www.cisco.com/warp/customer/109/cable_dhcp_proxy.shtml
03-11-2003 05:29 PM
Thanks--got closer but still no cigar. Tried both configs--the first one (using dynamic NAT pool) is most promising, but I'm still not getting an IP address on the loopback interface, which is where I expect the "PC" address from Comcast shoud go. Initialization passes all the way to "download config file state", then fails on 'registration state', falls back to 'Wait for MAP state' and continues to loop like that.
Tried the second, even simpler config--DHCP proxy on Cable interface directed to E0. E0 never got a DHCP address.
Still stumped--no help from Comcast :-(
03-11-2003 06:11 PM
Oh--btw--part of the problem here may be that Comcast expects to see anor ethernet interface MAC address before sending out a DHCP address for the client; the loopback interface has no MAC, and I haven't found a way to assign one. As to the 2nd config--Comcast's DHCP server IP address seems to change between several different servers, writing access list 'permit 'statements into my config at each change of address.
03-15-2003 08:15 PM
I talked to Comcast about this router and (from one of the supervisors at a TAC) was that the uBR924 is in testing and is supposed to be put on the list of approved CM's.
They have a db with mac addresses assigned to a specific CM model and that's probably why it doesn't work. I read on some other forums where some were able to successfully connect to Comcast with this router. I'm willing to wait until it gets approved. I'm sure it'll help if you call and ask about it too. They said they started testing it after they received many calls about the CM.
-Bobby
12-13-2004 09:12 PM
upgrade to IOS ver "ubr920-k8o3v6y5-mz.122-19c.bin" and use the following config. I had the same issue with Insight communications. Your lo 0 will get the routable address. I have also inclused some configs if you want to port forward to a server located in your backend. Make sure to take out my "YA_right!!!!" comments. enjoy! o ya the 2nd mac they will se will be one higher then your c 0. And when your l 0 gets an address the xx.xx.xx.xx xx.xx.xx.xx will get filled automagically!!!
version 12.2
service nagle
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ubr
!
boot system flash ubr920-k8o3v6y5-mz.122-19c.bin
!
clock timezone - 6
ip subnet-zero
no ip source-route
ip tcp synwait-time 5
ip telnet source-interface Loopback0
ip name-server 4.2.2.2
ip dhcp excluded-address 192.168.2.1 192.168.2.50
!
ip dhcp pool LOCAL_NET
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 4.2.2.2
domain-name ya_right.com
lease 1 12
!
ip audit attack action drop
ip audit notify log
ip audit po max-events 100
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
ip address xx.xx.xx.xx 255.255.255.255
!
interface Ethernet0
ip address 192.168.2.1 255.255.255.0
ip nat inside
no ip mroute-cache
no cdp enable
!
interface cable-modem0
ip nat outside
no ip mroute-cache
no cable-modem compliant bridge
cable-modem dhcp-proxy nat PUBLIC
!
ip nat pool PUBLIC xx.xx.xx.xx xx.xx.xx.xx netmask 255.255.254.0
ip nat inside source static tcp 192.168.2.20 80 interface Loopback0 8080
ip nat inside source static tcp 192.168.2.20 22 interface Loopback0 22
ip nat inside source static tcp 192.168.2.15 443 interface Loopback0 443
ip nat inside source static tcp 192.168.2.15 80 interface Loopback0 80
ip nat inside source static tcp 192.168.2.15 25 interface Loopback0 25
ip nat inside source route-map nonat pool PUBLIC overload
ip classless
ip route 0.0.0.0 0.0.0.0 10.12.10.1 254
no ip http server
no ip http cable-monitor
!
logging trap debugging
access-list 99 permit 192.168.2.0 0.0.0.255 log
access-list 99 deny any log
access-list 120 permit ip 192.168.2.0 0.0.0.255 any
no cdp run
route-map nonat permit 10
match ip address 120
!
!
voice-port 0
input gain -2
output attenuation 0
!
voice-port 1
input gain -2
output attenuation 0
!
banner motd ^C
####################################################################
## ##
## Authorized use only! ##
## ##
## All activity is subject to monitoring! ##
## ##
####################################################################
^C
!
line con 0
exec-timeout 30 0
password xxxx
login
line vty 0 4
access-class 99 in
exec-timeout 30 0
password xxxx
login
!
scheduler max-task-time 5000
end
12-14-2004 12:56 PM
I have also been having the same problem with Comcast. I will try this config and IOS to see if it works. From speaking with TAC and Comcast the UBR924 does not support DOCSIS 1.1 and we thought that was the problem.
Daniel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: