[UPDATE: As of March 2019, this also works for ATT / NiTel setups]
I had to deal with a most interesting network issue with Comcast Business Fiber. Comcast Business Fiber and Metro Ethernet both use an interesting way to get the static IPs to the customer. In my example, the LAN will be 10.1.1.x/24, Comcast will give you two blocks, a 1.2.3.4/30 for routing and a 2.3.4.16/28 for your use as public IP addresses.
What Comcast [or ATT/NiTel] is saying is you will setup the /30 as you normally do, then use the ARP of 1.2.3.5 to route your 2.3.4.16/28 packets. Confused, I will explain it at the end, but for now, lets look at the Sonicwall setup:
Setting up the Sonicwall for the /30 is very simple, you set it up like any other as Comcast gives you the basics. For our Example:
1.2.3.4/30 would break out as:
- 1.2.3.4 – Network address [unusable]
- 1.2.3.5 – Comcast Router [set as your Gateway]
- 1.2.3.6 – Customer useable address [This would be the address you would set X1 WAN to]
- 1.2.3.7 – Broadcast [unusable]
As you see from the picture above, this is very simple and is standard for almost all Comcast setups.
Now for the tricky part, 2.3.4.16/28. Now, Comcast, for some reason, decided to send this through the Gateway as 1.2.3.5. Your router must support Layer 2 if you want to break it out to a separate router. Instead, for this discussion, I want 2.3.4.16/28 to be used by the Sonicwall. Where you would lose 2.3.4.16 [Network] and 2.3.4.17 [Comcast Gateway] the good news is this gives you 2.3.4.16 through 2.3.4.30 for your use. You actually get MORE IPs to use and we all know that’s important. But how do we set this up, Uncle Carl? We don’t have a ROUTER IP address!! Help me Obi-wan…
Setup your range in the Sonicwall under “Network” -> “Address Objects”
In this case, I just called “Comcast-2.3.4.16-Fiber-IPs”. Notice that /28 = 255.255.255.240 for the Netmask. You will need this later for the route.
Now for the “Secret Sauce”, you need to add an ARP address on your X1 interface for each of the 2.3.4.16/28 addresses you want to use. In my example, I want to use 2.3.4.20. So, create an ARP using “Network” -> “ARP” and under “Static ARP Entries” click on [ADD…].
![Setup ARP for each external IP address on the X1 [WAN] port.](http://www.carlc.com/uploads/wp-content/uploads/2015/04/Sonicwall-3.png)
You should repeat this for each IP address you want to use in your 2.3.4.16/28 range.
Now, we need to tell the Sonicwall where to send any outbound requests for these 2.3.4.16/28 IP addresses. Click on “Network” -> “Routing” and scroll down to the “Route Policies” and click on [Add…].
![Tell the Sonicwall that your 2.3.4.16/28 IPs are to go out the X1 [WAN] port. Make sure the Gateway IP is 0.0.0.0 as that's critical to get this to work.](http://www.carlc.com/uploads/wp-content/uploads/2015/04/Sonicwall-4.png)
Now, just add Address Objects for your 2.3.4.x IPs and NAT policies as you normally would. You can search the internet for instructions.
But how does this work? Why does it work? There’s no Gateway. We did not set this up using the regular “Network” -> “Interface” for 2.3.4.16/30. That’s because what the Sonicwall will do is send all packets for remote internet IP addresses as ARP requests. The Sonicwall knows to put the request on X1 and do a ARP request [remember the 0.0.0.0 we put as Gateway?]. For example, if 2.3.4.20 wants to talk to 8.8.8.8, the packet is sent as a ARP request for 8.8.8.8 [who has 8.8.8.8?] and the ARP address of the local Comcast router responds as the next hop, which is called a “Proxy ARP”. Now your 2.3.4.20 request knows to go via the MAC address of the Comcast router thanks to the ARP response.
I hope this helps fellow Sonicwall users as it’s actually easy once you understand how to do it.
For more information, or where I got my ideas:
DELL Sonicwall – Configuring Multiple WAN Subnets Using Static ARP with SonicOS Standard
And various articles on “IP routing gateway to ARP” look up.