Forum Discussion

CuriousOne's avatar
CuriousOne
New Contributor

IPv6 Routing using Arris TG2472 modem (Cox Wireless modem) & Juniper SRX firewall

 Hi All,

I was about to ask if anyone had this working, but figured it out and thought I'd share as this would be gold information for a few with the need.

 

I have a Juniper SRX240 setup behind the Arris TG2472 modem. The modem can do IPv6 and will pull an address using SLAAC.

 

Any, the Arris modem is using a link-local as the gateway. It says the link-local is FE80::226:99FF:FE89:EBD9.

 

On my juniper, I entered the command, 'set routing-options rib inet6.0 static route 0::/0 qualified-next-hop fe80::226:99ff:fe89:ebd9 interface ge-0/0/0.0'. This is the command required to enter a link-local as a next-hop (more or less gateway) for the firewall.

 

I tried to ping google v6 dns (2001:4860:4860::8888) and it didn’t work. I had a client plugged into the Arris modem as well as it was successful, so I checked the IPv6 neighbors on the windows client and didn’t see fe80::226:99ff:fe89:ebd9, but I did see fe80::3e7a:8aff:fefb:3609 (check output below) and more specifically, it is also a router. I changed the Juniper cmd to 'set routing-options rib inet6.0 static route 0::/0 qualified-next-hop fe80::3e7a:8aff:fefb:3609 interface ge-0/0/0.0' and viola….IPv6 Magic! So, I don’t even see the link-local that the Arris modem says it sees, but whatever…likely a bug.  This is now working.

 

BTW, you get a /60, so I am testing using routed /64’s behind each other to see if that works. It should, but you never can tell with cheaper gear.

 

Happy routing!

 

C:\WINDOWS\system32>netsh interface ipv6 show neighbors

Interface 6: External                (Note, this is what I named my NIC, yours will likely be Local Area Connection 1).


Internet Address Physical Address Type
-------------------------------------------- ----------------- -----------
2600:8801:9600:a60::27 64-87-88-4f-53-00 Reachable (Router)
2600:8801:9600:a60:dc0b:16ff:7396:46a3 30-f9-ed-b9-d5-ec Stale
fe80::2021:1669:3f57:ffe4 00-00-00-00-00-00 Unreachable
fe80::3987:e30a:9749:495f 00-00-00-00-00-00 Unreachable
fe80::3e7a:8aff:fefb:3609 3c-7a-8a-fb-36-09 Reachable (Router)
fe80::42b4:f003:e8f9:7f01 Unreachable Unreachable
fe80::59e4:f17b:7bc0:d5b7 08-3e-8e-c1-a9-1d Stale
fe80::6c9b:c68e:caa:d83f 30-f9-ed-b9-d5-ec Stale
fe80::d01d:4ba:5d4a:6273 00-00-00-00-00-00 Unreachable

Arris
Cox
iPv6
routing
SRX
TG2472

3 Replies

Sort By
Most LikedOldestNewest
Replies have been turned off for this discussion
  • Tecknowhelp's avatar
    Tecknowhelp
    Valued Contributor II

    If you even know what a Juniper firewall is, you shouldn't be using a gateway IMO. I would suggest getting a Netgear CM600 for internet and a DPQ3212 for phone (if required) and then test your firewall config direct to the CM600 modem.

    PS. Are you calling the TG2472 a modem on purpose or accident? Nothing with more then 1 LAN port is a modem. Do you have something to use as a router?

  • zils72's avatar
    zils72
    New Contributor

    Do you know how to connect a Netgear CM600 modem along with the DPQ3212 so that my phone lines work thru the DPQ but my WiFi goes through the CM600?  Tried to hook it up while on phone with COX tech but she couldn't get it to work for me. Any help you could provide would be GREATLY appreciated.

  • ChrisL's avatar
    ChrisL
    Former Moderator
    @zils72

    You should be able to connect the Netgear to a working cable outlet and contact our technical support to move the data provisioning from the Cisco to the Netgear. This process is usually pretty simple unless the modem is associated with another account.