<html theme="default-light"><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head><body text="#000000">Putting a CL modem into a bridge mode where
it only handles the PPPoE connection is simply checking a radial select
button and hitting apply. If your firewall supports PPoE, even better,
as you no longer need their Modem and router in the mix. But, that is
just my experience, and it is limited. I have a CL fiber to the door
drop, and they gave me a Zyxel C3000Z device for connection. I promptly
ripped it out and allowed pfSense to maintain the PPPoE connection. I
had to call support for packet loss one time, and they refused to help
me. So goes it rolling your own I guess. Turns out a day later we had a
several hour outage due to one of the multiplexing cards used to
distribute the 40Gb/s core fiber to the GPON devices failed. Seems like
that was a likely culprit for some of the packet loss the previous day.<br>
<br>
Having just gotten off a call in which the Senior Director of Security
Architecture and Engineering (a friend of mine from Atlanta) for Cox was
a participant, before he hung up I asked him about the typical Cox
supplied modems. Very, very few of them are purely bridge devices -
especially with the push to "Panoramic WiFi". A member of CentryLink who
was also on the call (ISP InfoSec sharing/working group) mentioned how
painful it was to support the number of company issued
modems/gateway/router models there are for different infrastructure and
connections - let alone ones that customers buy and bring to the party.
BTW, the MAC address thing is because they do actually use a MAC locking
like feature for security. Apparently it is bad for the network if you
just go plug your modem in at several houses in the neighborhood due to
the way DOCSIS works. I still have to dig into that and ask some more
questions on that one.<br>
<br>
There was a collective groan among the engineers when another ISP spoke
up about the number of critical flaws they find in their DOCIS devices
each year.<br>
<br>
With the amount of consolidation which has happened in the past 20 years
in the broadband market, the landscape is riddled with legacy bits and
pieces of this provider and that provider somehow being coerced into
working together to accomplish passing traffic. One of the ISPs
mentioned they had no less than 350 different models of core switching
equipment made by more than a dozen manufacturers in their network. They
have a team of 40 (really 5 teams of 8) that simply monitor and ensure
that the OSPF functions properly among the various models and brands to
make sure that the network properly heals/manages congestion.<br>
<br>
Anyway, just throwing it out so that people can see and understand the
picture at a higher level. The final comment on the call was from an
engineer at a midwestern rural provider and one that I am sure many of
us can relate to. She said she spends all day pulling her hair out
trying to keep the network functioning at the highest of levels. The
first words out of her kids' mouths when she gets home are "Mom, the
WiFi seems slow today."<br>
<br>
I talked with Alexander this afternoon, and it looks like he has a
functioning network again. The APs were reluctant to give up their old
configuration, so a factory reset and new DHCP leases seem to have done
the trick.<br>
<br>
Hopefully this sheds a bit of light on something for a few people.<br>
<br>
Mac<br>
<br>
<br>
<span>Michael Butash via PLUG-discuss wrote on 5/4/20 4:59 PM:</span><br>
<blockquote type="cite"
cite="mid:CADWnDstQgN+8bU3U61raqWC-j1wynmo0sDdssQ50eKDshZ9qkQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div dir="ltr"><div>Ideally when you plug into a cable modem, it comes
up, and passes your ethernet to the cmts in a bridge, lets one mac
address dhcp/arp, and things work. It learns that one ip/mac, and
disallows any other mac. No security, nat, nothing, just real dumb dhcp
+ default routing with a public ip. Routers/firewalls try to NAT you,
thus double NAT if using a router behind it.<br></div><div><br></div><div>CL
sells you a dsl modem/router that does your local security whether you
want it or not, full router/nat/firewall, and probably spyware. Making
it a modem is possible, but takes work, and your firewall has to support
PPPoE (not all can/do). Last time I touched a combo Cox router/modem, I
didn't see any way to do so. I told them to buy a real modem, and that
worked with their belkin/cisco/linksys/netgear they had.</div><div><br></div><div>If
your "modem" mentions wifi, it's a router/firewall, not a modem. Not
all are clear about this, as they dumb it down for consumers, but an
important point.</div><div><br></div><div>-mb</div><div><br></div></div>
<br>
<div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, May
4, 2020 at 1:53 PM Stephen Partington via PLUG-discuss <<a
href="mailto:plug-discuss@lists.phxlinux.org" moz-do-not-send="true">plug-discuss@lists.phxlinux.org</a>>
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div
dir="ltr"><div class="gmail_default" style="font-family:trebuchet
ms,sans-serif">I Owned a Nighthawk Router/Modem combo, The way that
Netgear handled that is that the modem was hard-wired to a bridge on the
router side. and technically you could see it as a separate device in
the router configs if you rooted around enough. but the modem side was
just a modem.</div></div><br><div class="gmail_quote"><div dir="ltr"
class="gmail_attr">On Mon, May 4, 2020 at 11:03 AM Michael Butash via
PLUG-discuss <<a href="mailto:plug-discuss@lists.phxlinux.org"
target="_blank" moz-do-not-send="true">plug-discuss@lists.phxlinux.org</a>>
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div
dir="ltr"><div>Cox modems *are* bridges first and foremost typically,
unless you get a bundled router/modem, which is only what CenturyLink
sells. If you got a "router/modem" combo, just buy a modem-only device
for a dumb bridge and simple ethernet for a public ip. I recommend
staying with an arris cable modem, originally motorola, they basically
developed cable modem docsis, and are always the best.<br></div><div><br></div><div>I
moved from Cox to CL when Cox started adding a usage cap, and that was
new to me to get my Fortinet firewall online with CL and their DSL doing
PPPOE. I've seen the router/cable modem combo boxes later, but never
owned one as I always have my own router/firewall.</div><div><br></div><div>-mb</div><div><br></div></div><br><div
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, May 4,
2020 at 8:36 AM Donald Mac McCarthy <<a
href="mailto:mac@oscontext.com" target="_blank" moz-do-not-send="true">mac@oscontext.com</a>>
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>Will
Cox allow for a bridge/virtual bridge
mode? Xfinity does, which allows you to put in a firewall, and use the
modem only as a gateway, therefore preventing a double NAT situation.
Never lived in a Cox area before, and currently ride CL fiber.<br>
<br>
Mac<br>
<br>
<span>Michael Butash via PLUG-discuss wrote on 5/3/20 2:00 PM:</span><br>
<blockquote type="cite"><div dir="ltr"><div>Cox modems will learn and
allow only 1 mac at a
time (unless business is set to allow more, but not on residential). If
switching out firewalls, I 99% of time reboot the modem first and
foremost.</div><div><br></div><div>-mb<br></div></div>
<br>
<div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, May
3, 2020 at 12:08 PM Snyder, Alexander J via PLUG-discuss <<a
href="mailto:plug-discuss@lists.phxlinux.org" target="_blank"
moz-do-not-send="true">plug-discuss@lists.phxlinux.org</a>>
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div
dir="auto">I got it working. <div dir="auto"><br></div><div dir="auto">I
assigned the SFP+ port as my LAN and assigned it the 10.x.x.x/16
network. Then I had to call COX and list the WAN Mac address with them.
Upon doing so I was able to reach external sites, and all downstream
devices started coming alive!</div><div dir="auto"><br></div><div
dir="auto">Thanks for all the suggestions and help!<br><br><div
dir="auto">Thanks, <br>Alexander<br><br>Sent from my Galaxy S10+</div></div></div><br><div
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, May 3,
2020, 03:14 Herminio Hernandez, Jr. via PLUG-discuss <<a
href="mailto:plug-discuss@lists.phxlinux.org" target="_blank"
moz-do-not-send="true">plug-discuss@lists.phxlinux.org</a>> wrote:<br></div><blockquote
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px
solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Can you login
to the FW via the LAN interface? Can you ping the FW LAN interface?
Check the routing and NAT policy on the FW. All outbound traffic should
NAT to the FW WAN interface and there should be a default (<a
href="http://0.0.0.0/0" rel="noreferrer" target="_blank"
moz-do-not-send="true">0.0.0.0/0</a>) route to the internet.</div><br><div
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, May 2,
2020 at 7:27 PM Seabass via PLUG-discuss <<a
href="mailto:plug-discuss@lists.phxlinux.org" rel="noreferrer"
target="_blank" moz-do-not-send="true">plug-discuss@lists.phxlinux.org</a>>
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
I'm with Mac, I think it is not the firewall, but if you have the
ability to plug it into a display with a keyboard, you can use that for
configuration and modify a different device at the same time.<div><br></div><div>Makes
it easier to troubleshoot by giving you the ability to configure your
pfSense ports at the same time.<br><blockquote type="cite"><br><br>Message:
2<br>Date: Sat, 2 May 2020 09:04:35 -0700<br>From: Donald Mac McCarthy
<<a href="mailto:mac@oscontext.com" rel="noreferrer" target="_blank"
moz-do-not-send="true">mac@oscontext.com</a>><br>To: "Snyder,
Alexander J via PLUG-discuss"<br> <<a
href="mailto:plug-discuss@lists.phxlinux.org" rel="noreferrer"
target="_blank" moz-do-not-send="true">plug-discuss@lists.phxlinux.org</a>><br>Subject:
Re: pfSense + Ubiquity<br>Message-ID: <<a
href="mailto:18adfa38-3e72-7b0a-e31a-1ddf175d717f@oscontext.com"
rel="noreferrer" target="_blank" moz-do-not-send="true">18adfa38-3e72-7b0a-e31a-1ddf175d717f@oscontext.com</a>><br>Content-Type:
text/plain; charset="utf-8"<br><br>I can help - but I am unavailable to
do so until tomorrow.<br><br>Make sure there are not any thing other
than default VLANs on the<br>interfaces to start with. Ubiquiti is
famous for not havinght eSFP+<br>ports active in the default
configuration, and I believe the switch has<br>all the ports to shutdown
on default config as well.<br><br>I think it is the switch not passing
traffic through - no the firewall.<br><br>Mac<br>Snyder, Alexander J via
PLUG-discuss wrote on 5/2/20 8:53 AM:<br>> Does anyone out there
have experience with pfSence and Ubiquity switches?<br>><br>> I
have zero with either but that didn't stop me from buying both ....<br>>
how hard could it be?! LOL.<br>><br>> I bought a Negate
XG-1537-1U. I bought a Unifi Pro 24 PoE switch.<br>><br>> I can
configure the FW immediately after<br>>
firstboot/restore-default-configs, but only if i set the LAN interface<br>>
to be the cable that goes directly to my laptop. That's great, but<br>>
that does shit for the downstream switch.<br>><br>> I have a 10GB
SFP+ Port that I want to configure as the downstream<br>> port to
ubiquity, but any configuration other than mentioned above<br>> fails
.... and I'm now on my 12th "Reset To Factory Defaults" ... any<br>>
help on this would be greatly appreciated!<br>><br>> Thanks,<br>>
Alexander<br>><br>> Sent from my Galaxy S10+<br>><br>><br>>
---------------------------------------------------<br>>
PLUG-discuss mailing list - <a
href="mailto:PLUG-discuss@lists.phxlinux.org" rel="noreferrer"
target="_blank" moz-do-not-send="true">PLUG-discuss@lists.phxlinux.org</a><br>>
To subscribe, unsubscribe, or to change your mail settings:<br>> <a
href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br><br>--<br>Donald
"Mac" McCarthy<br>Director, Field Operations<br>Open Source Context<br>+1.602.584.4445<br><a
href="mailto:mac@oscontext.com" rel="noreferrer" target="_blank"
moz-do-not-send="true">mac@oscontext.com</a><br><a
href="https://oscontext.com" rel="noreferrer" target="_blank"
moz-do-not-send="true">https://oscontext.com</a><br>-------------- next
part --------------<br>An HTML attachment was scrubbed...<br>URL: <<a
href="http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20200502/aeab14b4/attachment-0001.html"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20200502/aeab14b4/attachment-0001.html</a>><br><br>------------------------------<br><br>Subject:
Digest Footer<br><br>_______________________________________________<br>PLUG-discuss
mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org"
rel="noreferrer" target="_blank" moz-do-not-send="true">PLUG-discuss@lists.phxlinux.org</a><br>To
subscribe, unsubscribe, or to change your mail settings:<br><a
href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br><br><br>------------------------------<br><br>End
of PLUG-discuss Digest, Vol 179, Issue 2<br>********************************************<br></blockquote><div><br></div><div><br></div></div>---------------------------------------------------<br>
PLUG-discuss mailing list - <a
href="mailto:PLUG-discuss@lists.phxlinux.org" rel="noreferrer"
target="_blank" moz-do-not-send="true">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss"
rel="noreferrer noreferrer" target="_blank" moz-do-not-send="true">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote></div>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a
href="mailto:PLUG-discuss@lists.phxlinux.org" rel="noreferrer"
target="_blank" moz-do-not-send="true">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss"
rel="noreferrer noreferrer" target="_blank" moz-do-not-send="true">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote></div>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a
href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank"
moz-do-not-send="true">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote></div>
<br>
<fieldset></fieldset>
<br>
<pre>---------------------------------------------------
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank" moz-do-not-send="true">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank" moz-do-not-send="true">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre></blockquote>
<br>
<div>-- <br>Donald "Mac" McCarthy<br>
Director, Field Operations<br>
Open Source Context<br>
+1.602.584.4445<br>
<a href="mailto:mac@oscontext.com" target="_blank"
moz-do-not-send="true">mac@oscontext.com</a><br>
<a href="https://oscontext.com" target="_blank" moz-do-not-send="true">https://oscontext.com</a></div>
</div></blockquote></div>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a
href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank"
moz-do-not-send="true">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote></div><br
clear="all"><div><br></div>-- <br><div dir="ltr">A mouse trap, placed
on top of your alarm clock, will prevent you from rolling over and going
back to sleep after you hit the snooze button.<br><br>Stephen<br><br></div>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a
href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank"
moz-do-not-send="true">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">---------------------------------------------------
PLUG-discuss mailing list - <a class="moz-txt-link-abbreviated" href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a class="moz-txt-link-freetext" href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>Donald "Mac" McCarthy<br>
Director, Field Operations<br>
Open Source Context<br>
+1.602.584.4445<br>
<a class="moz-txt-link-abbreviated" href="mailto:mac@oscontext.com">mac@oscontext.com</a><br>
<a class="moz-txt-link-freetext" href="https://oscontext.com">https://oscontext.com</a></div>
</body></html>