View Ethernet equipment configuration examples

Updated 5/26/2016 2:04:29 AM by Comcast Expert
Email

Introduction

You receive two subnets from Comcast with Comcast Business Ethernet Dedicated Internet (EDI) circuits:

  • Wide Area Network (WAN) point-to-point connection between your network and Comcast Business

  • Public LAN (Local Area Network) IP Block

WAN Point-to-Point Connection

In an EDI plan, the WAN subnet is typically in the form of a /30 (255.255.255.252) network since the circuit is a point-to-point connection type.

Note: Comcast’s standard configuration is to use the /30 WAN point-to-point IP block. It is possible to have the WAN subnet in the form of a subnet larger than a /30, however this is an individual case basis that must be approved by Comcast Business.

The WAN point-to-point network provides security against Denial of Service (DOS) spoofing attacks and a clear demarcation point between your routed networks and Comcast Business.


Public LAN IP Block

The Public IP Block is in the form of a /29 - /24 network, depending on the information you provided us during network design. You are responsible for securing and providing a Layer 3 router capable of routing traffic between Comcast Business and your LAN. We do not consult or configure Customer Premise Equipment (CPE). The Layer 3 router should have at least two Layer 3 WAN network interfaces. One interface should face Comcast P2P (/30) and the other interface should face your LAN (/29 - /24).

Example Equipment Configuration

Comcast Business equipment at your site is Layer 2 Pass-Through only. No network routing is taking place on the devices and all ports have been disabled, except for those providing service to you.

This diagram demonstrates the network infrastructure segmentations for Comcast EDI services:

Ethernet_Equip_Configuration_Image_1

Equipment Configuration Scenario

These examples include generic information and are intended for reference only.

Provided IP information to Comcast:

  • Point-to-Point (P2P WAN Block): 107.0.74.0/30 ( Subnet mask: 255.255.255.252)

  • Provider (ISP) IP Address: 107.0.74.1

  • Customer IP Address: 107.0.74.2

  • Customer Allocated Public IP Block ( LAN Block): 24.102.88.0/24

  • Usable IPs: 24.102.88.1 – 24.102.88.254

  • DNS :Primary: 75.75.75.75 / Secondary: 75.75.76.76


Example #1: Sample line of code for router-only with NAT/PAT

Ethernet_Equip_Configuration_Image_2

interface Ethernet0/1
description Private LAN 1 (DMZ)
ip address 192.168.0.1 255.255.255.0
ip nat inside
!
interface Ethernet0/2
description Private LAN 2 (Inside)
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Ethernet0/0
description WAN connection to ISP (Outside)
ip address 107.0.74.2 255.255.255.252
duplex auto
speed auto
ip nat outside
!
ip route 0.0.0.0 0.0.0.0 107.0.74.1
!
ip nat pool NAT-pool 24.102.88.1 24.102.88.1 prefix-length 24
ip nat inside source list 10 pool NAT-pool overload
!
access-list 10 remark Permitted Private LAN to go out to the Internet
access-list 10 permit 192.168.0.0 0.0.0.255


Example #2: Sample line of code for Router plus Firewall with NAT/PAT (most common ISP Managed Services Set-up)

Router
interface Ethernet0/0
description Private LAN
ip address 24.102.88.1 255.255.255.0
!
interface Ethernet0/1
description WAN connection to ISP
ip address 107.0.74.2 255.255.255.252
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 107.0.74.1
!
Firewall
interface Ethernet0 auto
nameif Ethernet0 outside security0
nameif Ethernet1 inside security100
enable password **** encrypted
passwd **** encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 24.102.88.2 255.255.255.0
ip address inside 192.168.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 24.102.88.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
 


Example #3: Sample line of code for Firewall ONLY with Static NAT Translations

interface Ethernet0 auto
nameif Ethernet0 outside security0
nameif Ethernet1 inside security100
enable password **** encrypted
passwd **** encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list 110 permit tcp any host 24.102.88.1 eq smtp
access-list 110 permit tcp any host 24.102.88.2 eq www
access-list 110 permit tcp any host 24.102.88.3 eq https
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 107.0.74.2 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside, outside) 24.102.88.1 192.168.1.2 netmask 255.255.255.255
static (inside, outside) 24.102.88.2 192.168.1.3 netmask 255.255.255.255
static (inside, outside) 24.102.88.3 192.168.1.4 netmask 255.255.255.255
access-group 110 in interface outside
route outside 0.0.0.0 0.0.0.0 107.0.74.1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0 

Was This Article Helpful?

Rate this article on a scale of 1-5

Didn't find what you're looking for?

Related Articles

» More about Business Ethernet Help and Support