Hardware

Static IPs dropping on your cable modem? Check your ARPs

TR member jdclyde shares a problem that he had with his cable modem dropping access to Web servers. Find out his solution.

This post was written by TechRepublic member jdclyde.

I recently moved away from wireless Internet at work because it dropped regularly, even without bad weather. The cable modem I switched to has a five IP block, and I installed a SonicWall TZ190. The email does a NAT to the same address as the SonicWall, so when people try to authenticate, they don't see it going to an address other than where it originated. A Web server does a NAT to the address at the far end of the block. Everything works like a dream, but only for about 20 minutes. Then access to the last four IPs drops.

After much troubleshooting and packet captures, I discovered the problem -- Address Resolution Protocol (ARPs) from the IP provider. The ARPs to the first address (the SonicWall) comes from the gateway (cable modem LAN port). The ARPs for the other four come from the WAN port of the cable modem, which is on a different (10dot) network. The cable company goes from their gateway to the Internet to an internal 10dot network, and then back to a real IP for the LAN of the gateway and your network block.

Background communications on a LAN are done by the MAC address, and they are determined by ARP requests. If the target is not on the LAN, then it goes to the gateway and uses the IP address. The SonicWall is smart enough to know that ARP is a LAN-only protocol, so it DROPS the ARP requests coming from the 10dot network. After 20 minutes of cycling the firewall, the ARPs timeout and the four IPs go dead.

I worked with the cable company for about a week, and they basically said, "Tough beans. That’s how the modem works, and we have no control over that."

What was my solution? I programmed in an exception to allow ARPs from the 10dot network. This is just one more thing to watch for as more and more people switch to cable modems for affordable Internet.

About

Sonja Thompson has worked for TechRepublic since October of 1999. She is currently a Senior Editor and the host of the Smartphones and Tablets blogs.

19 comments
SemoTech
SemoTech

We just had a similar issue on a project involving a Cablevision Cisco Cable Modem with 5 fixed IP's.  Only the 1st assigned IP to the Cisco ASA firewall's WAN interface was working and the other additional IP's were not! 

Seems if you have static one to one nats with no other external IPs on the internet switch you will need proxy arp. So the ASA can tell the modem that it holds more that the one outside interface mac. 

The Cisco IOS command to enable this on the "outside" interface of the ASA firewall is:

no sysopt noproxyarp outside

followed by the following two cleanup commands:

clear arp

clear xlate

This has permanently fixed the issue, and is required when using cable modems with multiple static IP's and Cisco ASA firewalls.

Hops this helps...

jimamily
jimamily

DSL utilizes existing copper telephone wire connections to properties but is always on, so you will not need to dial up in order to use the Internet and it will not tie up your telephone. Cable http://dslorcableinternet.com/

tcarver
tcarver

Our problem was dropping Internet. We'd power cycle the cable modem and get connectivity back. When I called support about this, they indicated that they were unable to see the SonicWall and that they usually can tell that SOMETHING is there even if they can't tell what it is. I enabled ping on the WAN interface and asked the tech to cycle the modem. Once this was done, they said they could tell that something was getting an IP address now. We'll see how it goes.

r_park
r_park

Strugling with the same issue, can anyone tell me where I program/setup an exception to allow ARPs from the 10dot network Thanks

pwright
pwright

Depending on your edge equipment and the provider's network setup, there might be a role for proxy arp as part of the solution as well. Because arp requests are broadcast, I'm a little nervous about punching holes in the firewall for them. Having an edge device use proxy arp to "answer" the provider's arp requests might be a safer alternative.

jdclyde
jdclyde

I heard from them before I even knew this had been posted. Matter of fact, that is HOW I knew it got posted. B-)

libinbenedict
libinbenedict

Could you please demonstrate what was happening graphically...because i'm not well versed in these things...

jdclyde
jdclyde

Has anyone ever seen this issue? Chalk this up to one more mental note on things to look for when dealing with cable/DSL modems, huh? If I had heard of such an issue before hand, I could have probably saved myself a weeks worth of headache... :D

lrrp
lrrp

My ISP (Charter) and I have been trying to resolve this problem too. They replaced my SMC8014 to no avail (obviously not the problem). I have a /27 behind a Sonicwall Pro 2040. Occasionally, every few weeks, the SMC goes offline. Charter has blamed high session traffic for the problem. This thread here may actually be it. I think that Charter uses the 10x network for internal devices. I too use 10x for internal devices. This has caused me untold angst as I have no good answer to my customers when it occurs! If I can define ARP entries in my Sonicwall what would I define? Add a static ARP entry for the public IP of the Charter provided SMC router and then disallow ARP from WAN? Thanks for any advice anyone is willing to provide. :)

dwdino
dwdino

Are you stating that the ISP was using ARP to test for use of the assigned IP addresses?

jdclyde
jdclyde

The LAN port on the cable modem connects to the WAN port on my SonicWall. The WAN port on the cable modem connects to the providers network. ARP requests are only valid on a local segment. If you need to leave that segment, you use the IP address and go through your gateway. The cable modem was sending from THEIR WAN interface which is on a different segment.

melekali
melekali

...but I was thinking as I was reading the article that you would need an exception policy. Nice solution.

seanferd
seanferd

Never seen anything like it (that I know of). The only ARP weirdness I've seen is certain firewall and communications apps seem to cause a continuous game of "who has" between the NIC and the router. It was freaking me out to see the LAC icon constantly lit when I was not instigating network traffic. Thank goodness for Wireshark.

jdclyde
jdclyde

The only issue is where the ARP originates from. If you have a cisco router, it will maintain an ARP table as well, as do all switches.

jdclyde
jdclyde

I just know how much time it has saved me hearing such stories from other techs, so figured I would give something back. :D

jdclyde
jdclyde

with switches instead of hubs. If you have a low end up that doesn't allow you to set a port to listen, you have to intercept the traffic by getting in the stream. In this case, the SonicWall has a built in monitor.

jdclyde
jdclyde

at my last job that I got laid off from i had made the major mistake of getting a WatchGuard Firebox. Talk about a beast to manage.

seanferd
seanferd

Which I suppose would be quite handy. In several fora, I've come across discussions involving a corporate network where there is either no good way to monitor traffic for various purposes, or the admins just don't know how to do it.

Editor's Picks