* SOLVED* CBRAS setup question

  • Hello, at CenturyLink/CenturyTel they are moving to CBRAS. This is some type of LAN subnetting. Any help on setup would be appreciated. I've found a few BRAS discussions which leads to PPPOE discussion but nothing seems to apply (or I'm missing it).

    In this made-up example CenturyLink would assign a

    • static IP (
    • subnet (
    • gateway (
      I'd put their DSL modem into bridge mode and configure pfSense. Life was happy.

    Nowadays they are giving me a

    • static IP (
    • starting IP (
    • subnet (
    • gateway (
      and saying I need to configure LAN subnetting.

    I'm not clear on whether CBRAS is a bastardized 'CenturyLinkBRAS' or something else completely.

  • Sigh, always forgetting something...

    The big picture point is that we need a VPN between site1 (using CBRAS) and site2 (normal setup of bridge+pfSense w/static).

    CenturyLink says they cannot set bridge mode on the DSL modem, it needs their static IP to route everything to our pfSense router (which will use the starting IP).

  • On Interfaces> LAN> Static IP Config there is a IPv4 gateway. pfSense says don't use this if this is a LAN - which I never do under the normal setup. Maybe I would put the starting IP (.241) there?

  • Put your pfSense WAN into DHCP mode. Does it get an IP address from your ISP?

    You can configure LAN whoever you like as long as it doens't overlap the WAN network. And no, you never specify a gateway for LAN.

    Btw I've never heard of CBRAS. I assume you found this page?


  • Thanks! I've not seen that page. I've been focused more on the pfSense cfg side. And (blushingly said) one Google search of CenturyLink+CBRAS takes me right there.

  • After reviewing that my new question is - what do I set pfSense WAN to? If the DSL modem gets the 'static IP' then my plan is to use the 'starting IP' on pfSense. I'm headed over to test it out.

  • Put your pfSense WAN into DHCP mode. Does it get an IP address from your ISP/modem?

  • @KOM

    Now the DSL is offline again. CenturyLink says they are reprogramming the line, again. I've set pfSense to dhcp.

  • OK, DSL is back up again.
    I've plugged the pfSense WAN port into the modem's LAN/WAN port. pfSense pulls a off of the C3000Z DSL modem. With that the pfsense and office work for basic Internet.

    It wasn't a typo the C3000Z has a white port that says LAN/WAN and (4) additional yellow ports that says ethernet.

  • My next test was to move pfSense WAN cable to one of the yellow ethernet ports and enter the

    • starting IP
    • subnet
    • gateway

    pfSense shows a good link to the gateway but no traffic passes out to the Internet.

    Keeping the settings of the pfSense I moved the cord from the ethernet port to the LAN/WAN port. This makes everything fail. This makes sense to me since it was pulling the before and me trying to force a it's saying nope.

  • Good you've got it working. Your double-NAT config shouldn't be a problem unless you are trying to port-forward some servers.

  • @KOM
    I'm thinking I will have problems becasue I'm trying to build a VPN between the sites. Won't doubling NATing confuse it?

    Also, I was talking with a fifth tech at CL. He believes they have to update/submit an AGW form. From what he said, it sounds like they need to add my gateway IP to their 'gateway db system'.

  • Yes, that would cause you some issues. Is this ISP the only one in your area? Perhaps they have a higher tier or business plan where you don't have to fight this double-NAT CBRAS nonsense.

  • @vegastech
    More FYI...
    The CL tech double checked my settings in their DSL modem. He also said I should use the starting IP on my router. The first static IP goes into the C3000Z. It should be noted that the static IP (not starting IP) is actually the network subnet ID. It sounds to me like their DSL modem becomes a mini router and defines a public network which my router is part of.

    I'm headed back to the office in a bit to see if things are working properly - i.e. I can put the starting IP on pfSense and move the the cable to the ethernet port.

  • @KOM
    Unfortunately, they are the only feed to the building. Cox cablemodem service says they'll build into the building over the next year.

  • OK, so next I would confirm with them that this CBRAS dealie is all they support. Ask if there is any way at all to get a bridged connection.

  • @KOM
    Nope, no more bridge mode for CenturyLink. All of their future rollouts with static IP will be CBRAS.

  • Highly unfortunate. I don't know if there is anything else you can do.

  • @vegastech

    This a.m. I called in to check the state of the AGW job. Finally, I wound up with a knowledgeable tech! He looked at the setup and said, no, AGW is more oriented for towns and COs not users and that Vegas has had their AGW updated for some time. As he looked at the setup he noticed that the office profile was sharing the same resources assigned to another location/office/business. I asked if he meant our IP address(s) and he said not that specifically but other CL resources. He adjusted things and said to reboot the DSL modem. An hour later I was onsite, move the pfSense WAN to the ethernet1 (away from the LAN/WAN) port, rebooted the DSL modem, assigned the starting IP, gw, subnet to pfSense WAN port and voila everything is working. I updated the IP in the far side of the VPN and that link came up. We're now getting .6ms RTT and .2 RTTsd on our gateway. Those are incredible numbers for any site in Vegas. It appears the office's temperamental Aprima EMR cross network scanning app is working properly (the dang thing that started all of this).

    More CBRAS things to note

    • don't config your network as, you shouldn't anyway/ever; the DSL modem still has a network in its brain and the modem exists at; the modems never go into bridge mode; I can access the modem from inside my network which I though I wouldn't be able to do even though 'don't pass private IP' options are enabled in pfSense

    Hopefully these notes will help other people with their CBRAS setup. The real issue is training of the CenturyLink staff to properly configure, deploy, and troubleshoot their new CBRAS service. The pfSense side pretty straight forward.

  • Yeah, I called them 10 minutes before you did and straightened them out for you.

    😆 😆

Log in to reply