PA-220 won’t get IP from ISP.

Reply
Highlighted
L2 Linker

PA-220 won’t get IP from ISP.

Hey, all. I have a PA-220 that I am trying to setup on my network. I connected it up and set up the layer 3 on it, then turned my router into an AP and lost all connectivity.

 

Currently I have it connected to my modem on ethernet1/1, and As it is a residential connection obviously my IP is dynamic. I followed the dynamic configuration instructions as seen on the website, but my interface reports an IP of 0.0.0.0, which is where the default route points to. 

I believe it should e obtaining one from the ISP and applying it to the interface. I see ARPs for stuff over my wireless in the house,  And I see IPs being assigned, but none of it has internet connectivity. 

does anyone have any thoughts on what to look at? My current e1/1 configuration is:

 

(leaving out the set network interface Ethernet Ethernet1/1 layer 3 on all of it)


ndp-proxy enables no

Lldp enable no

dhcp-client enable yes

dhcp-client create-default-route yes

 

Thanks. 


Accepted Solutions
Highlighted
Cyber Elite

Re: PA-220 won’t get IP from ISP.

Try to assign it to VR other than default.

Also Reset the modem when you connect next time.

What does system log shows?

MP

View solution in original post

Highlighted
L2 Linker

Re: PA-220 won’t get IP from ISP.

Configuring the NAT worked and resolved my issues as far as traffic not flowing properly. 

View solution in original post

Tags (1)

All Replies
Highlighted
Cyber Elite

Re: PA-220 won’t get IP from ISP.

Make sure you have assigned right Zone and VR to the Eth1/1 interface.

What you see on system logs?

MP
Highlighted
L2 Linker

Re: PA-220 won’t get IP from ISP.

Thanks for the response. I didn't anything stand out in the system logs, a lot of failure to resolve DNS names for content updates and such, but nothing more than that, all stuff I would expect to see if there was no internet connectivity.

 

I have confirmed that ethernet1/1 is in the untrust zone and belongs to the default virtual router (I haven't set up any other VRs). I am able to provide screenshots or anything else needed now that I have regained access to my network and the internet (I reset my router to factory defaults and removed my firewall from the equation at this point).

Highlighted
L0 Member

Re: PA-220 won’t get IP from ISP.

What steps have you taken on your ISP modem. You mentioned that you "turned it into an AP". I assume you have cable service?

So its a Cable Modem, Router and Access point in 1?

 

If you want the PA to be your gateway/router, your modem has to be in Bridge or Passthrough mode. Where the modem bridges the cable connection to an ethernet port. This turns off all routing / nat and AP functions of the combo unit. This makes it so that your PA has a direct connection to your ISP.

If you are just turning off DHCP and NAT on the ISP box, that isn't enough as the ISP box is still the edge device, it just isn't running DHCP services.

Highlighted
Cyber Elite

Re: PA-220 won’t get IP from ISP.

@Gareth.Doyle,

I think @Ben_Travis  is on the right path here. It's really common to see ISPs deploy modem/router combo units, and the vast majority of these will not provide passthrough/bridge services while also acting as a wireless access point. I would place your ISP equipment into bridge/passthrough and ensure that your PA-220 is working in this configuration. If that works, I would simply pick up a different wireless access point to put behind your PA-220.

Highlighted
L2 Linker

Re: PA-220 won’t get IP from ISP.

@Ben_Travis, no the modem is just a modem.

 

Current setup is ISP connects to the Modem which connects to the Router. I own all of the equipment.

I want the setup to be ISP connects to the Modem connects to the PA-220 connects to the Router. I plugged the ISP into the Modem, the modem into the PA-220, turned the router into an AP and plugged that into the PA. DHCP functionality was disabled on the router and enabled on the PA-220. Also, the PA-220 was setup to dynamically receive the IP address from the ISP.

 

The IP address never changed from 0.0.0.0 on that interface. Should it have?

 

Thanks.

Highlighted
Cyber Elite

Re: PA-220 won’t get IP from ISP.

@Gareth.Doyle 

 

If Modem is Directly connected to the PA-220 and you are not getting public IP address on the PA outside interface and as per you

all the config on PA is good.

Did you try to reboot ISP modem?

Try to connect the Laptop directly to the Modem and see if you get the public ip or not?

IF you get the Public IP on Laptop and not on PA 220 then you might ask ISP to reset the modem.

Sometimes ISP modem has IP assigned to particular mac address and they may need to reset the modem.

 

MP
Highlighted
L2 Linker

Re: PA-220 won’t get IP from ISP.

@MP18, when the modem is directly connected to a laptop the laptop has full internet access and pulls the IP/gateway information from the ISP, when my router is connected it pulls the IP address and gateway information as well.

 

It appears that the PA-220 does not pull this information though. I think my next troubleshooting step is simply hooking up the PA-220 to the modem and nothing else and seeing if it can pull that information. I think I jumped off the cliff next time instead of using the stairs.  

Highlighted
L2 Linker

Re: PA-220 won’t get IP from ISP.

It failed again. Please see the below outputs from CLI:

 

Plugged straight into the Modem:

PA-220> show interface ethernet1/1

--------------------------------------------------------------------------------
Name: ethernet1/1, ID: 16
Link status:
Runtime link speed/duplex/state: 1000/full/up
Configured link speed/duplex/state: auto/auto/auto
MAC address:
Port MAC address aa:aa:aa:aa:aa:aa (changed just because)
Operation mode: layer3
Untagged sub-interface support: no
--------------------------------------------------------------------------------
Name: ethernet1/1, ID: 16
Operation mode: layer3
Virtual router default
Interface MTU 1500
Interface IP address (dynamic): 0.0.0.0/0
Interface management profile: N/A
Service configured:
Zone: outside-L3, virtual system: vsys1
Adjust TCP MSS: no
Policing: no
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Physical port counters read from MAC:
--------------------------------------------------------------------------------
rx-broadcast 0
rx-bytes 1024900
rx-multicast 0
rx-unicast 15589
tx-broadcast 6
tx-bytes 2076
tx-multicast 0
tx-unicast 0
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Detailed physical port counters read from MAC:
--------------------------------------------------------------------------------
rx packets 256 to 511 bytes 6
--------------------------------------------------------------------------------

Hardware interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 962544
bytes transmitted 3012678
packets received 15589
packets transmitted 8809
receive incoming errors 0
receive discarded 0
receive errors 276
packets dropped 0
--------------------------------------------------------------------------------

Logical interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 922054
bytes transmitted 3012678
packets received 15313
packets transmitted 8809
receive errors 0
packets dropped 0
packets dropped by flow state check 0
forwarding errors 0
no route 0
arp not found 0
neighbor not found 0
neighbor info pending 0
mac not found 0
packets routed to different zone 0
land attacks 0
ping-of-death attacks 0
teardrop attacks 0
ip spoof attacks 0
mac spoof attacks 0
ICMP fragment 0
layer2 encapsulated packets 0
layer2 decapsulated packets 0
tcp cps 0
udp cps 0
sctp cps 0
other cps 0
--------------------------------------------------------------------------------

 

 

When it is diconnected:

PA-220> show interface ethernet1/1

--------------------------------------------------------------------------------
Name: ethernet1/1, ID: 16
Link status:
Runtime link speed/duplex/state: unknown/unknown/down
Configured link speed/duplex/state: auto/auto/auto
MAC address:
Port MAC address aa:aa:aa:aa:aa:aa
Operation mode: layer3
Untagged sub-interface support: no
--------------------------------------------------------------------------------
Name: ethernet1/1, ID: 16
Operation mode: layer3
Virtual router default
Interface MTU 1500
Interface IP address (dynamic): 0.0.0.0/0
Interface management profile: N/A
Service configured:
Zone: outside-L3, virtual system: vsys1
Adjust TCP MSS: no
Policing: no
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Physical port counters read from MAC:
--------------------------------------------------------------------------------
rx-broadcast 0
rx-bytes 1177938
rx-multicast 0
rx-unicast 17963
tx-broadcast 7
tx-bytes 2422
tx-multicast 0
tx-unicast 0
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Detailed physical port counters read from MAC:
--------------------------------------------------------------------------------
rx packets 256 to 511 bytes 7
--------------------------------------------------------------------------------

Hardware interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 1106086
bytes transmitted 3014046
packets received 17963
packets transmitted 8813
receive incoming errors 0
receive discarded 0
receive errors 312
packets dropped 0
--------------------------------------------------------------------------------

Logical interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 1062832
bytes transmitted 3014046
packets received 17651
packets transmitted 8813
receive errors 0
packets dropped 0
packets dropped by flow state check 0
forwarding errors 0
no route 0
arp not found 0
neighbor not found 0
neighbor info pending 0
mac not found 0
packets routed to different zone 0
land attacks 0
ping-of-death attacks 0
teardrop attacks 0
ip spoof attacks 0
mac spoof attacks 0
ICMP fragment 0
layer2 encapsulated packets 0
layer2 decapsulated packets 0
tcp cps 0
udp cps 0
sctp cps 0
other cps 0
--------------------------------------------------------------------------------

Highlighted
Cyber Elite

Re: PA-220 won’t get IP from ISP.

Try to assign it to VR other than default.

Also Reset the modem when you connect next time.

What does system log shows?

MP

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!