PA-220 won’t get IP from ISP.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PA-220 won’t get IP from ISP.

L3 Networker

Hey, all. I have a PA-220 that I am trying to setup on my network. I connected it up and set up the layer 3 on it, then turned my router into an AP and lost all connectivity.

 

Currently I have it connected to my modem on ethernet1/1, and As it is a residential connection obviously my IP is dynamic. I followed the dynamic configuration instructions as seen on the website, but my interface reports an IP of 0.0.0.0, which is where the default route points to. 

I believe it should e obtaining one from the ISP and applying it to the interface. I see ARPs for stuff over my wireless in the house,  And I see IPs being assigned, but none of it has internet connectivity. 

does anyone have any thoughts on what to look at? My current e1/1 configuration is:

 

(leaving out the set network interface Ethernet Ethernet1/1 layer 3 on all of it)


ndp-proxy enables no

Lldp enable no

dhcp-client enable yes

dhcp-client create-default-route yes

 

Thanks. 

2 accepted solutions

Accepted Solutions

Try to assign it to VR other than default.

Also Reset the modem when you connect next time.

What does system log shows?

MP

Help the community: Like helpful comments and mark solutions.

View solution in original post

Configuring the NAT worked and resolved my issues as far as traffic not flowing properly. 

View solution in original post

14 REPLIES 14

Cyber Elite
Cyber Elite

Make sure you have assigned right Zone and VR to the Eth1/1 interface.

What you see on system logs?

MP

Help the community: Like helpful comments and mark solutions.

Thanks for the response. I didn't anything stand out in the system logs, a lot of failure to resolve DNS names for content updates and such, but nothing more than that, all stuff I would expect to see if there was no internet connectivity.

 

I have confirmed that ethernet1/1 is in the untrust zone and belongs to the default virtual router (I haven't set up any other VRs). I am able to provide screenshots or anything else needed now that I have regained access to my network and the internet (I reset my router to factory defaults and removed my firewall from the equation at this point).

What steps have you taken on your ISP modem. You mentioned that you "turned it into an AP". I assume you have cable service?

So its a Cable Modem, Router and Access point in 1?

 

If you want the PA to be your gateway/router, your modem has to be in Bridge or Passthrough mode. Where the modem bridges the cable connection to an ethernet port. This turns off all routing / nat and AP functions of the combo unit. This makes it so that your PA has a direct connection to your ISP.

If you are just turning off DHCP and NAT on the ISP box, that isn't enough as the ISP box is still the edge device, it just isn't running DHCP services.

@Gareth.Doyle,

I think @Ben_Travis  is on the right path here. It's really common to see ISPs deploy modem/router combo units, and the vast majority of these will not provide passthrough/bridge services while also acting as a wireless access point. I would place your ISP equipment into bridge/passthrough and ensure that your PA-220 is working in this configuration. If that works, I would simply pick up a different wireless access point to put behind your PA-220.

@Ben_Travis, no the modem is just a modem.

 

Current setup is ISP connects to the Modem which connects to the Router. I own all of the equipment.

I want the setup to be ISP connects to the Modem connects to the PA-220 connects to the Router. I plugged the ISP into the Modem, the modem into the PA-220, turned the router into an AP and plugged that into the PA. DHCP functionality was disabled on the router and enabled on the PA-220. Also, the PA-220 was setup to dynamically receive the IP address from the ISP.

 

The IP address never changed from 0.0.0.0 on that interface. Should it have?

 

Thanks.

@Gareth.Doyle 

 

If Modem is Directly connected to the PA-220 and you are not getting public IP address on the PA outside interface and as per you

all the config on PA is good.

Did you try to reboot ISP modem?

Try to connect the Laptop directly to the Modem and see if you get the public ip or not?

IF you get the Public IP on Laptop and not on PA 220 then you might ask ISP to reset the modem.

Sometimes ISP modem has IP assigned to particular mac address and they may need to reset the modem.

 

MP

Help the community: Like helpful comments and mark solutions.

@MP18, when the modem is directly connected to a laptop the laptop has full internet access and pulls the IP/gateway information from the ISP, when my router is connected it pulls the IP address and gateway information as well.

 

It appears that the PA-220 does not pull this information though. I think my next troubleshooting step is simply hooking up the PA-220 to the modem and nothing else and seeing if it can pull that information. I think I jumped off the cliff next time instead of using the stairs. 🙂 

It failed again. Please see the below outputs from CLI:

 

Plugged straight into the Modem:

PA-220> show interface ethernet1/1

--------------------------------------------------------------------------------
Name: ethernet1/1, ID: 16
Link status:
Runtime link speed/duplex/state: 1000/full/up
Configured link speed/duplex/state: auto/auto/auto
MAC address:
Port MAC address aa:aa:aa:aa:aa:aa (changed just because)
Operation mode: layer3
Untagged sub-interface support: no
--------------------------------------------------------------------------------
Name: ethernet1/1, ID: 16
Operation mode: layer3
Virtual router default
Interface MTU 1500
Interface IP address (dynamic): 0.0.0.0/0
Interface management profile: N/A
Service configured:
Zone: outside-L3, virtual system: vsys1
Adjust TCP MSS: no
Policing: no
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Physical port counters read from MAC:
--------------------------------------------------------------------------------
rx-broadcast 0
rx-bytes 1024900
rx-multicast 0
rx-unicast 15589
tx-broadcast 6
tx-bytes 2076
tx-multicast 0
tx-unicast 0
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Detailed physical port counters read from MAC:
--------------------------------------------------------------------------------
rx packets 256 to 511 bytes 6
--------------------------------------------------------------------------------

Hardware interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 962544
bytes transmitted 3012678
packets received 15589
packets transmitted 8809
receive incoming errors 0
receive discarded 0
receive errors 276
packets dropped 0
--------------------------------------------------------------------------------

Logical interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 922054
bytes transmitted 3012678
packets received 15313
packets transmitted 8809
receive errors 0
packets dropped 0
packets dropped by flow state check 0
forwarding errors 0
no route 0
arp not found 0
neighbor not found 0
neighbor info pending 0
mac not found 0
packets routed to different zone 0
land attacks 0
ping-of-death attacks 0
teardrop attacks 0
ip spoof attacks 0
mac spoof attacks 0
ICMP fragment 0
layer2 encapsulated packets 0
layer2 decapsulated packets 0
tcp cps 0
udp cps 0
sctp cps 0
other cps 0
--------------------------------------------------------------------------------

 

 

When it is diconnected:

PA-220> show interface ethernet1/1

--------------------------------------------------------------------------------
Name: ethernet1/1, ID: 16
Link status:
Runtime link speed/duplex/state: unknown/unknown/down
Configured link speed/duplex/state: auto/auto/auto
MAC address:
Port MAC address aa:aa:aa:aa:aa:aa
Operation mode: layer3
Untagged sub-interface support: no
--------------------------------------------------------------------------------
Name: ethernet1/1, ID: 16
Operation mode: layer3
Virtual router default
Interface MTU 1500
Interface IP address (dynamic): 0.0.0.0/0
Interface management profile: N/A
Service configured:
Zone: outside-L3, virtual system: vsys1
Adjust TCP MSS: no
Policing: no
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Physical port counters read from MAC:
--------------------------------------------------------------------------------
rx-broadcast 0
rx-bytes 1177938
rx-multicast 0
rx-unicast 17963
tx-broadcast 7
tx-bytes 2422
tx-multicast 0
tx-unicast 0
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Detailed physical port counters read from MAC:
--------------------------------------------------------------------------------
rx packets 256 to 511 bytes 7
--------------------------------------------------------------------------------

Hardware interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 1106086
bytes transmitted 3014046
packets received 17963
packets transmitted 8813
receive incoming errors 0
receive discarded 0
receive errors 312
packets dropped 0
--------------------------------------------------------------------------------

Logical interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 1062832
bytes transmitted 3014046
packets received 17651
packets transmitted 8813
receive errors 0
packets dropped 0
packets dropped by flow state check 0
forwarding errors 0
no route 0
arp not found 0
neighbor not found 0
neighbor info pending 0
mac not found 0
packets routed to different zone 0
land attacks 0
ping-of-death attacks 0
teardrop attacks 0
ip spoof attacks 0
mac spoof attacks 0
ICMP fragment 0
layer2 encapsulated packets 0
layer2 decapsulated packets 0
tcp cps 0
udp cps 0
sctp cps 0
other cps 0
--------------------------------------------------------------------------------

Try to assign it to VR other than default.

Also Reset the modem when you connect next time.

What does system log shows?

MP

Help the community: Like helpful comments and mark solutions.

System logs don't show anything other than the port going up or down and my logging into the device.

 

I will create another VR and assign it to that, but then I will also have to reassign the inside VLAN to that new VR as well. That's not a big deal. I'll reset the modem when I make this change as well.

@MP18, I finally had a chance to create the separate VR. When I did this I moved my connection over directly to my modem and rebooted the modem, but I had to go get my laptop to console into the PA-220. I then realized that I hadn't committed my changes. So I consoled into the PA-220 to commit and noticed that the port was pulling an IP address from my ISP.

 

Seems like all is well now and I didn't even need that other VR. Interesting how sometimes things just work...

 

Thanks for the assistance!

@Gareth.Doyle 

 

Happy to hear that all is working now.

It is good place to learn and think about the solutions to problems.

It keeps brain working.

Thanks for updating!

MP

Help the community: Like helpful comments and mark solutions.

So when I got a chance to test this out it sitll didn't work, despite the outside interface being assigned a dynamic IP by the ISP.

 

I think the issue is simply that I didn't have a NAT configured. My understanding was that the firewall would form a dynamic NAT, but this does not appear to be the case. I put the NAT rule in place and ran a simple test command and it NAT'd appropriately. I am going to attempt to connect this again this evening if I have a chance.

Configuring the NAT worked and resolved my issues as far as traffic not flowing properly. 

  • 2 accepted solutions
  • 10275 Views
  • 14 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!