Xfinity XB7 not requiring bridge mode?
T-20
12.6.1
Just received a new XB7 modem from Xfinity for my home Internet to replace an older Technicolor XB3.
On the XB3 I had to run it in bridge mode as I have a BOVPN between my home and work networks using the public IP of the T-20 as the BOVPN endpoint. Which worked perfectly fine.
I installed the new XB7, activated it, and much to my surprise the BOVPN tunnel came right up and worked perfectly using the DHCP address the XB7 assigned to my T-20. No need for bridge mode, pass through, port forwarding etc....... on the XB7, or public IP's on the back side of my firebox.
No only that it's much faster.
Out of curiosity I placed the XB7 into bridge mode and the T-20 wasn't able to obtain an IP address from Xfinity. Disabled bridge mode and everything worked fine again.
Is this expected behavior from the XB7 modem or did I finally get lucky for once?
A pleasantly surprised,
- Doug
It's usually something simple.
Comments
This document suggests that you should be using Bridge mode:
https://www.xfinity.com/support/articles/wireless-gateway-enable-disable-bridge-mode
Next to Bridge Mode, click Enable.
A message appears stating "WARNING: Enabling Bridge Mode will disable Router functionality of Gateway and turn off the private Wi-Fi network. Are you sure you want to continue?" Click OK to confirm.
You can now use your own router in place of the Wireless Gateway's router capabilities. Click Logout at the top right. Connect your personal router to any of the Ethernet ports on the Xfinity Wireless Gateway.
Those same instructions are repeated here:
XB7 in Bridge Mode?
https://forums.xfinity.com/conversations/your-home-network/xb7-in-bridge-mode/60b1441ce244962670ac677f
Yeah Bruce, I read the same documentation and followed the instructions to the letter. The T-20 couldn't obtain an IP address.
Disable bridge mode and it works perfectly.
Why? You got me, it just does.
It's usually something simple.
Easiest way to see what's going on would be a packet capture from the firewall. You can use the diagnostic tasks , TCPDUMP option to do it.
http://www.watchguard.com/help/docs/fireware/12/en-us/Content/en-US/fsm/log_message_learn_more_wsm.html
If you're using port 0, using an advanced argument like
"-nei eth0 port 67 or port 68"
should show you the DHCP traffic, if it's occurring at all.
If the Comcast device isn't handing out a DHCP address, Comcast would need to look into why it's not doing that.
-James Carson
WatchGuard Customer Support