SA 520, Optional wan doesn't work (pppoe)

Answered Question

Hi,


Okay, so here it is, we have in one of our offices 2 adsl connections (Wanadoo + Free ADSL),
Up to now, the wanadoo was handled by a modem/routeur smc, Free have a top box with nat/firewall, and the computers were set to use one (so if one link went down, only half the computer would lose internet.


Far from satisfactory and not great from a security standpoint, but it worked, except now we need to have vpns and a robust connections.


So we bought a SA520
Primary wan is Free, reconfigured the top box, installed in 5 minutes, works like a charm.
My problem is with the optionnal wan.


I removed the smc modem/routeur (because it doesn't support bridge mode), and replaced it with an old speedtouch home, reconfigured the speedtouch, put a laptop behind, set up the PPPOE connection in XP, it works.


Went back to the SA520, created a PPPOE profile for the connection, set up the optionnal port as a wan, connected the speedtouch to it, enabled the port, and .... it doesn't work.


on the status page i get this, and it just stays like that :
Connection Time        : Not Yet Available
Connection Type       : PPPOE
Connection State       : Connecting...
Link State       : LINK UP
WAN State       : DOWN
IP Address       : 0.0.0.0
Subnet Mask       : 0.0.0.0
Gateway       : 0.0.0.0
DNS Server       : 0.0.0.0


the modem seems to communicate with the SA520, but the wan2 network led on the SA520 stays off.


Also, I tried to use the capture packets fonction, but i got an error :

/pfrm2.0/share/lua/5.1/teamf1lualib/util.lua:79: attempt to index local 'filep' (a nil value)<br>
stack traceback:<br>
  /pfrm2.0/share/lua/5.1/teamf1lualib/util.lua:79: in function 'fileToString'<br>
  /pfrm2.0/share/lua/5.1/teamf1lualib/web.lua:194: in function 'download'<br>
  download.lua:20: in main chunk<br>
  [C]: in function 'dofile'<br>
  /pfrm2.0/share/lua/5.1/teamf1lualib/web.lua:57: in function 'runPage'<br>
  platform.lua:175: in main chunk<br>
  (tail call): ?<br>
  (tail call): ?<br>
  (tail call): ?<br>
  [C]: in function 'xpcall'<br>
  /pfrm2.0/share/lua/5.1/cgilua.lua:426: in function '_xpcall'<br>
  /pfrm2.0/share/lua/5.1/cgilua.lua:533: in function </pfrm2.0/share/lua/5.1/cgilua.lua:508><br>
  (tail call): ?

Any idea ?

Correct Answer by William Childs about 7 years 4 months ago

Putting a router in front of this device will not solve your problem, unless you set the interface for static or dhcp. If you leave it in pppoe mode, it will try to send the login information to the router. The led on the port should not be an indication of your device working or not, it only provides port status and not device status. I still don't understand why or how you are trying to make nat "work". NAT (Network Address Translation) takes a private IP and maps it to a public IP for transmission across the internet. Have you tried setting the optional port for DHCP and then attaching it to another router, to see if it gets an IP dynamically? If not, try that. If it does, you are moving in the right direction. If not, swap cables and try again. If still no, you may have a defective device. Try setting the SA to use the optional port as the dedicated WAN port. You may need to contact your local SBSC for assistance. Here is the link for the numbers:


http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html


Bill

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
William Childs Tue, 01/19/2010 - 04:08
User Badges:
  • Bronze, 100 points or more

We need you to enable logging on the 520 and post the logs of the PPPoE negotiation. We are looking for the PADI and PADO messages that should be sent by your ISP. In the mean time, just as a test, set the optional port for Obtain IP automatically/DHCP and see if it works.


Bill

I'm assuming you are reffering to "Local Logging Config" page 208, I already did that,


current config :

Admin>Local Logging Config> everything is checked except "Output Blocking Event Log:                " (since i don't have protectlink)

Admin>IPv6 Logging> Everything checked

Admin>Remote logging>set to send me a mail every day with the logs

Admin>Logs Facility>Emergency, alert, critical, error, and warning checked for every facilities


After an entire night, all I have in the logs are :

[SA520]Mon Jan 18 19:54:37 2010(GMT +0100) [roubaix][System][PLATFORM][ERROR] IP:       78.229.148.32
[SA520]Mon Jan 18 19:54:37 2010(GMT +0100) [roubaix][System][PLATFORM][ERROR] BCAST:    78.229.148.255
[SA520]Mon Jan 18 19:54:37 2010(GMT +0100) [roubaix][System][PLATFORM][ERROR] SUBNET:   255.255.255.0
[SA520]Mon Jan 18 19:54:37 2010(GMT +0100) [roubaix][System][PLATFORM][ERROR] GW:       78.229.148.254
[SA520]Mon Jan 18 19:54:37 2010(GMT +0100) [roubaix][System][PLATFORM][ERROR] DNS1:     212.27.40.240
[SA520]Mon Jan 18 19:54:37 2010(GMT +0100) [roubaix][System][PLATFORM][ERROR] DNS2:     212.27.40.241
[SA520]Mon Jan 18 19:54:37 2010(GMT +0100) [roubaix][System][PLATFORM][ERROR] Interface:eth1 [SA520]Mon Jan 18 19:55:16 2010(GMT +0100) [roubaix][System][PLATFORM][ERROR] /pfrm2.0/bin/vipsecureConfig /tmp/system.db 18 ipAddressTable 8 failed. status=-1


[SA520]Mon Jan 18 19:55:52 2010(GMT +0100) [roubaix][Local1-UTM][TM_PROTECTLINK][INFO] checking protectlink license...
[SA520]Mon Jan 18 19:55:53 2010(GMT +0100) [roubaix][Local1-UTM][TM_PROTECTLINK][INFO] license function returned 4 error code=102 # of licenses=0
[SA520]Mon Jan 18 19:55:53 2010(GMT +0100) [roubaix][Local1-UTM][TM_PROTECTLINK][INFO] device not registered.
[SA520]Mon Jan 18 19:55:53 2010(GMT +0100) [roubaix][Local1-UTM][TM_PROTECTLINK][INFO] next license check after 300 secs. current licensestate=1

repeat the last 4 lines a dozen of times

[SA520]Mon Jan 18 20:46:14 2010(GMT +0100) [roubaix][Local1-UTM][TM_PROTECTLINK][INFO] license check disabled.


no mention whatsoever of the wan2 port (78.229.148.32 is the ip of wan1)

jamccord Wed, 01/20/2010 - 07:55
User Badges:

Firmware version 1.1.21 is available for download.  Please download the release notes and firmware and update your SA500 device.

Updated to 1.1.21


Re-done config from scratch


still no optionnal wan (I can't even get the front led to light up),

nat rules still don't work (i can access the device config page from outside, but the other rules set in firewall>Ipv4 rules don't seem to apply)

I still can't trace packet (I don't have the error from the first post anymore, just a page that says that a problem occured)


I'm starting to wondering is the problem isn't comming from a faulty device.


included is the device config

William Childs Wed, 01/20/2010 - 23:47
User Badges:
  • Bronze, 100 points or more

I will load this config into our 520 here and see what happens.


Bill

William Childs Thu, 01/21/2010 - 00:30
User Badges:
  • Bronze, 100 points or more

I tried loading this into my SA520 and got a checksum error. I did upgrade my firmware to the latest version. Could you please post it again?


Bill

William Childs Thu, 01/21/2010 - 02:15
User Badges:
  • Bronze, 100 points or more

Have you tried to set the WAN mode for load balancing? I noticed in the config you uploaded the WAN mode was "Use only single WAN port".


Click on the Networking tab, and then the Optional port sub-tab. Select Optional port mode then set it for WAN and apply. Next, select the WAN Mode sub-tab, and set the radio button for load balancing. Click apply.


Then, in the Optional Port sub-tab select WAN. Click the checkbox for the option at the top (Internet connection requires a login) and fillout the PPPoE information for that carrier. This is where you choose the Wanadoo profile you created. If it is not the Wanadoo ISP, then create a new PPPoE profile and choose it accordingly.


If it still does not connect, you may want to ask your ISP if they are seeing your PADIs (PPP Active Discovery Initiation). If they are not, then the problem is still on the SA520. If they are, then the problem belongs with PPP negotiation (most likely a username and password mismatch). You are looking to see if you get a PADO (PPP Active Discovery Offer) from the ISP (like DHCP's Offer stage).


Bill

Yes I did, I put it back to use single wan until it works.


I also asked my isp, which doesn't see any identification request.


I also tried to put a router with nat on 192.168.11.100 with a dmz on 192.168.11.1, and I set the sa520 with this static values, but it still doesn't work.

My main concern is that the traffic led on the front of the sa520 stays off, even though the i have some activity on the lan led of the modem.


Also, it doesn't explain why the nat doesnt work.

Correct Answer
William Childs Fri, 01/22/2010 - 03:28
User Badges:
  • Bronze, 100 points or more

Putting a router in front of this device will not solve your problem, unless you set the interface for static or dhcp. If you leave it in pppoe mode, it will try to send the login information to the router. The led on the port should not be an indication of your device working or not, it only provides port status and not device status. I still don't understand why or how you are trying to make nat "work". NAT (Network Address Translation) takes a private IP and maps it to a public IP for transmission across the internet. Have you tried setting the optional port for DHCP and then attaching it to another router, to see if it gets an IP dynamically? If not, try that. If it does, you are moving in the right direction. If not, swap cables and try again. If still no, you may have a defective device. Try setting the SA to use the optional port as the dedicated WAN port. You may need to contact your local SBSC for assistance. Here is the link for the numbers:


http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html


Bill

stone.james Fri, 02/26/2010 - 09:19
User Badges:

I am having a similar issue except it is on the main WAN port.  Everything was working until the WAN State suddenly became down and will not return.  I have tried turning off the PPPOE and making it a static or DHCP connection to no avail.  It has literally taken me months to get this configured correctly and once I do it only works for a week.  What can I try?  The WAN LED is not on, the Link State is UP but the WAN State is down, it does not matter if I have PPPOE, Static or DHCP enabled.  I am on my last efforts before I return this PoS.


James