* SOLVED* CBRAS setup question

vegastech · Mar 21, 2019, 9:26 PM

OK, DSL is back up again.
I've plugged the pfSense WAN port into the modem's LAN/WAN port. pfSense pulls a 192.168.0.7 off of the C3000Z DSL modem. With that the pfsense and office work for basic Internet.

It wasn't a typo the C3000Z has a white port that says LAN/WAN and (4) additional yellow ports that says ethernet.

vegastech · Mar 21, 2019, 9:36 PM

My next test was to move pfSense WAN cable to one of the yellow ethernet ports and enter the

starting IP
subnet
gateway

pfSense shows a good link to the gateway but no traffic passes out to the Internet.

Keeping the settings of the pfSense I moved the cord from the ethernet port to the LAN/WAN port. This makes everything fail. This makes sense to me since it was pulling the 192.168.0.7 before and me trying to force a 71.71.150.241 it's saying nope.

KOM · Mar 22, 2019, 1:32 PM

Good you've got it working. Your double-NAT config shouldn't be a problem unless you are trying to port-forward some servers.

vegastech · Mar 22, 2019, 3:10 PM

@KOM
I'm thinking I will have problems becasue I'm trying to build a VPN between the sites. Won't doubling NATing confuse it?

Also, I was talking with a fifth tech at CL. He believes they have to update/submit an AGW form. From what he said, it sounds like they need to add my gateway IP to their 'gateway db system'.

KOM · Mar 22, 2019, 3:16 PM

Yes, that would cause you some issues. Is this ISP the only one in your area? Perhaps they have a higher tier or business plan where you don't have to fight this double-NAT CBRAS nonsense.

vegastech · Mar 22, 2019, 3:20 PM

@vegastech
More FYI...
The CL tech double checked my settings in their DSL modem. He also said I should use the starting IP on my router. The first static IP goes into the C3000Z. It should be noted that the static IP (not starting IP) is actually the network subnet ID. It sounds to me like their DSL modem becomes a mini router and defines a public network which my router is part of.

I'm headed back to the office in a bit to see if things are working properly - i.e. I can put the starting IP on pfSense and move the the cable to the ethernet port.

vegastech · Mar 22, 2019, 3:22 PM

@KOM
Unfortunately, they are the only feed to the building. Cox cablemodem service says they'll build into the building over the next year.

KOM · Mar 22, 2019, 3:24 PM

OK, so next I would confirm with them that this CBRAS dealie is all they support. Ask if there is any way at all to get a bridged connection.

vegastech · Mar 22, 2019, 5:42 PM

@KOM
Nope, no more bridge mode for CenturyLink. All of their future rollouts with static IP will be CBRAS.

KOM · Mar 22, 2019, 5:48 PM

Highly unfortunate. I don't know if there is anything else you can do.

vegastech · Mar 22, 2019, 7:30 PM

@vegastech

This a.m. I called in to check the state of the AGW job. Finally, I wound up with a knowledgeable tech! He looked at the setup and said, no, AGW is more oriented for towns and COs not users and that Vegas has had their AGW updated for some time. As he looked at the setup he noticed that the office profile was sharing the same resources assigned to another location/office/business. I asked if he meant our IP address(s) and he said not that specifically but other CL resources. He adjusted things and said to reboot the DSL modem. An hour later I was onsite, move the pfSense WAN to the ethernet1 (away from the LAN/WAN) port, rebooted the DSL modem, assigned the starting IP, gw, subnet to pfSense WAN port and voila everything is working. I updated the IP in the far side of the VPN and that link came up. We're now getting .6ms RTT and .2 RTTsd on our gateway. Those are incredible numbers for any site in Vegas. It appears the office's temperamental Aprima EMR cross network scanning app is working properly (the dang thing that started all of this).

More CBRAS things to note

don't config your network as 192.168.0.0, you shouldn't anyway/ever; the DSL modem still has a network in its brain and the modem exists at 192.168.0.1; the modems never go into bridge mode; I can access the modem from inside my network which I though I wouldn't be able to do even though 'don't pass private IP' options are enabled in pfSense

Hopefully these notes will help other people with their CBRAS setup. The real issue is training of the CenturyLink staff to properly configure, deploy, and troubleshoot their new CBRAS service. The pfSense side pretty straight forward.

KOM · Mar 22, 2019, 7:33 PM

Yeah, I called them 10 minutes before you did and straightened them out for you.

techsalot · Jul 29, 2020, 2:14 PM

I am in a similar situation. I do not have the CL modem, only a pfsense box and CL fiber that uses CBRAS and I have a static IP. Help? Can’t get this thing to use it.

vegastech · Jul 31, 2020, 3:38 AM

@techsalot
Here's what I found in my notes...

C3000Z

C3000Z becomes a mini router that defines a public IP range, the pfSense router is in that new range
remember that defining + wiring the 'ethernet ports' is important, especially if you only assign a single port
DSL1 is a single pair going to the DSL modem, usually tops out about 20Mb/s
DSL2 is an additional single pair going to the DSL modem, they bond the lines together and can get about 40Mb/s total
remember to turn off the wifi at the C3000Z
default IP is 192.168.0.1
in bridge mode the world icon no longer lights up
crazy, but even after you properly configure the LAN and WAN in pfSense, you can still get to 192.168.0.1 from your LAN, regardless of the segment (i.e. 192.168.111.111 can still get to 192.168.0.1)
never use 192.168.0.0 for the LAN, you shouldn't be doing that anyway

techsalot · Jul 31, 2020, 4:00 AM

@vegastech thanks, but I think you misunderstood what I have.

I have NO CL modem.

I have ONT > pfsense

That’s it. It gets the DHCP from CL, not sure how to configure the static on the pfsense.

stephenw10 · Aug 2, 2020, 4:01 PM

Set the WAN to your assigned static IP/subnet and add a gateway to it using the IP they have have given you for that. It should not be more difficult than that if they are routing that IP to you.
Otherwise they should tell you how it needs to be configured.

Steve

techsalot · Aug 4, 2020, 1:36 AM

@stephenw10 it is more difficult than that. That does not work with CBRAS.

https://www.reddit.com/r/centurylink/comments/b9u6mj/centurylink_cbras_what_it_is_and_how_it_works/?utm_source=share&utm_medium=ios_app&utm_name=iossmf

stephenw10 · Aug 4, 2020, 10:39 AM

Ah, OK, that's fun!

Well you should be able to leave the WAN set to DHCP and apply the statuc IP they gave you as an IPAlias on it. Then you can use it however you wish, 1:1 NAT out of it or use it as the default IP.

Steve

techsalot · Aug 4, 2020, 12:38 PM

@stephenw10 that sounds more like it, I’m just not really sure how to do that exactly.

Check my profile, I left a longer post in a different section with details if you could describe what to do based on that, it would be helpful.

stephenw10 · Aug 4, 2020, 12:39 PM

Go to Firewall > VirtualIPs. Add a new VIP with type IPAlias on the WAN. Set the static IP and give it a description.

Now go to Diag > Ping and try to ping something external using the new VIP as the source IP. If it succeeds you're good.

Steve