NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Luu5hahc's avatar
Luu5hahc
Aspirant
May 04, 2019

CM1100 won't do IPv6 with Cisco router (on Xfinity)

Cisco 2851 router with IOS 15.1(4)M12a

SB6141 has been running for years doing IPv4 & IPv6, with /60 PD, and no problems.

 

I bought a new CM1100 (fw 2.01.02), plugged a Macbook directly into it, accessed the Walled Garden, and registered it. It worked fine and had both IPv4 & IPv6 addresses.

 

Then I put the CM1100 in front of the Cisco, and all I got was event logs filling up with TFTP failure errors. No connectivity, just one channel locked. SNR, downstream power, upstream power, all excellent. Plugged the Macbook on it, and again it worked. Plugged a Mac Mini into it, and that worked as well. Then I started pruning the router config and discovered that removing IPv6 from the interface config enables it to work (on IPv4-only). Just re-inserting  the "ipv6 enable" statement creates the problem w/o any of the other IPv6 statements.

 

Every attempt was initiated with a CM powercycle.

I even tried using the reset button.

I also tried connectiing the router and modem via an isolated VLAN on a switch so I could configure the switch to send a copy of all the traffic to a 3rd port where a computer captured it with Wireshark. I compared that with another capture on a direct connection to a Mac, but no serious differences were apparent.

 

At this point I am baffled.

How can a router *behind* the CM prevent the CM from connecting with the CMTS???

I've put the SB6141 back into service.

 

Router config:

interface GigabitEthernet0/1

description SB6141

ip address dhcp

ip nat outside

ip virtual-reassembly in

zone-member security ZONE_EXT

duplex auto

speed auto

ipv6 address dhcp rapid-commit

ipv6 enable

ipv6 nd autoconfig default-route

ipv6 dhcp client pd hint ::/60

ipv6 dhcp client pd CCPFX rapid-commit

ipv6 dhcp client request vendor

6 Replies

  • Luu5hahc's avatar
    Luu5hahc
    Aspirant
    May 05, 2019

    I went back and reviewed the Wireshark packet captures I had made, both on the standalone Mac, and on the vlan capture made via running the CM<->router traffic running through a monitored VLAN on a switch. It finally occurred to me that the router sends out IPv6 routing advertisements, (expected of any IPv6-capable router), but the Mac does not (as expected of a standalone host). 

     

    Some research of Cisco docs pulled up these interface options:

    ipv6 nd ra suppress  (to suppress unsolicited RAs)

    ipv6 nd ra suppress all  (to suppress all RAs)

     

    I suspected the RAs on the interface toward the modem were not needed in this topology, so I added the "ipv6 nd ra suppress" to the interface, then power-cycled the SB6141. Everything worked as normal. (Solicited RAs are still available if requested.)

     

    Then I crossed my fingers, swapped in the CM1100, and registered with the Walled Garden.

    It works. So the problem is a bug in the firmware of the CM1100 that causes TFTP failures if RAs are seen on the LAN interface, but at least there is a workaround.

  • Luu5hahc's avatar
    Luu5hahc
    Aspirant
    May 05, 2019

    I went back and reviewed the Wireshark packet captures I had made, both on the standalone Mac, and on the vlan capture made via running the CM<->router traffic running through a monitored VLAN on a switch. It finally occurred to me that the router sends out IPv6 routing advertisements, (expected of any IPv6-capable router), but the Mac does not (as expected of a standalone host). 

     

    Some research of Cisco docs pulled up these interface options:

    ipv6 nd ra suppress  (to suppress unsolicited RAs)

    ipv6 nd ra suppress all  (to suppress all RAs)

     

    I suspected the RAs on the interface toward the modem were not needed in this topology, so I added the "ipv6 nd ra suppress" to the interface, then power-cycled the SB6141. Everything worked as normal. (Solicited RAs are still available if requested.)

     

    Then I crossed my fingers, swapped in the CM1100, and registered with the Walled Garden.

    It works. So the problem is a bug in the firmware of the CM1100 that causes TFTP failures if RAs are seen on the LAN interface, but at least there is a workaround.

    • vkdelta's avatar
      vkdelta
      NETGEAR Employee Retired
      May 07, 2019

      as far as I know, you should not send any RAs on the Cisco's WAN interface (behind Cable Modem). 

      RA's are needed on the LAN side and not on WAN side.