SR516ac with multiple static IPs?

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
7 posts Page 1 of 1
by fmc » Mon Aug 02, 2021 5:06 pm
Called for support on degraded/intermittent Fusion ADSL performance. Replaced maybe-failing Pace 4111N with Smart/RG SR516ac. Four static IP addresses, one of which is on Sonic's device, the other three on other devices (HP PC running FreeBSD, Dell PC running FreeBSD, Apple Airport base station).

Had to give the SmartRG router its address (this information resulting from a call to Sonic support) for it to light its Internet lamp (it not doing this after 30+ minutes is why I called).

The SmartRG does OK as a router and AP. If I plug in or connect to it via WiFi and let it DHCP me I can browse, do e-mail, &c. ADSL performance is not so obviously intermittent with it too, thus far anyway.

But there's those other three devices with their static IP addresses. The FreeBSD hosts can ping each other, and the SmartRG, and the Airport base station, through their ports on the Smart/RG but act like they can't get packets out: lots of "sendto: host is down" which suggests ARP'ing for the default gateway (173.228.89.1) isn't working like it did with the Pace. Yup, incomplete ARP cache entry.

Has anyone got a configuration similar to this working, and if so how?
by fmc » Tue Aug 03, 2021 2:45 pm
One of the devices (173.228.89.85, an HP plugged into LAN port 1) is running a reasonably stock FreeBSD, and I'm willing to do a bit of playing with its configuration to see what I can learn.

First I decided to see what would happen if I had it proxy ARP for 173.228.89.1 giving the MAC address of the router as its answer. I mean, that might get it and the other 173.228.89.85-87 hosts to send off-net packets to the actual router. But, no, they still can't get out and the rest of the Internet can't get to them. I deleted that ARP entry.

Second I decided to run tcpdump -vvvna a bit to see what I could learn. Ah, there's something sending mass ARP packets, wanting 192.168.42.1 to be told MAC addresses for roughly /26-sized chunks of 192.168.42.0, one every few seconds. One of 'em extends up to 192.168.43.1 and I wonder what kind of off-by-one error that is. Also a couple things trying to talk to NTP servers, those would be the FreeBSD hosts. And all three hosts trying to find a MAC address for 173.228.89.1 via ARP.

Third I changed it to do DHCP instead of being configured with a static address. It received an address, 192.168.42.4, netmask 255.255.255.0, default gateway 192.168.42.1. That is consistent with what I see in tcpdump, and what it tells me is that the router thinks it should be presenting as 192.168.42.1/24 to all its LAN ports, and does not issue static IP addresses from 173.228.89.85-87 via DHCP.

(The MacBook I have plugged into LAN port 4 for configuration of the SR516ac has got 192.168.42.2, and another MacBook I have connected to its WiFi has got 192.168.42.3.)

So now I am pretty sure that all the hardware is working and there is a configuration or software problem. I put the HP back to its static IP configuration of 173.228.89.85, set it running tcpdump -vvvna again with similar output.
by fmc » Tue Aug 03, 2021 4:21 pm
Now I am looking at the SR516ac. What can I do with it?

On the Pace 4111N, what I remember having to do to get the static addresses to work was to tell it that LAN ports 1-3 were to be added to the Primary connection, and then plug my statically-addressed devices into them. This worked fine and is the configuration I want to replicate here.

Also, Routing remained enabled on the Pace: I did not need to use Bridge mode to accomplish my ends with that.

The SR516ac doesn't have quite the same webby interface. The closest thing I can find to what I think I want to do is under "Advanced Setup" and is named "Interface Grouping", which shows me a single group "Default" that has all the interfaces: WAN interfaces eth4.1, ptm0.1, atm0.1; and LAN interfaces LAN1-LAN4 and a bunch of wlan interfaces for 5GHz, 2.4GHz, and guest networks. I think what I want to accomplish is to put LAN1, LAN2, and LAN3 interfaces into a group with the WAN interface(s), but also want to share the WAN interface(s) with the (NAT router that is providing its service to) LAN4 and wl* interfaces.

There's a mildly worrying sentence up above this that reads "Only the default group has IP interface." which makes me wonder whether they expect non-default groups to be running XNS, IPX, or maybe some new mode that I haven't heard of.

So I click the add button. That takes me to an interface grouping configuration page with some instructions.

"To Create a new interface group:
"1. Enter the Group name and the group name must be unique and select either 2. (dynamic) or 3. (static) below.

"2. If you like to automaticall add LAN clients to a WAN interface in the new group add the DHCP vendor ID string. By configuring a DHCP vendor ID string any DHCP client request with the specified vendor ID (DHCP option 60) will be denied an IP address from the local DHCP server.

"3. Select interfaces from the available interface list and add it to the grouped interface list using the arrow buttons to create the required mapping of the ports. Note that these may obtain public IP address."

Their emphasis, and I'm thinking that is what I am trying to do.

"4. If this interface is to share the WAN interface, click the ''shared WAN interface'' box, otherwise the WAN interface you select will be removed from any other interface groups.

"5. Click Apply/Save button to make the changes effective immediately."

OK so I think I want to take the (static) path through this: steps 1 and 3, and 4 because I want the WAN interface to be shared. So I give it a group name "Ext", check the "Shared WAN Interface" box, and put all the "Available" WAN interfaces in the "Grouped WAN Interfaces" box: ipoe0_0_35/atm0,1, ipoe0_1_1/ptm0.1, ipoe_eth4/eth4.1, No Interface/None. Then I put LAN1, LAN2, and LAN3 in the "Grouped LAN Interfaces" box. And now I'm going to click "Apply/Save" to see what happens. See you on the other side!
by fmc » Tue Aug 03, 2021 4:23 pm
"Invalid Session Key, please try again" OK, will do it again, faster, see you on the other side
by fmc » Tue Aug 03, 2021 4:54 pm
How that went.

An interface group was created and the WAN interfaces were included in it only.

The mass /26 ARP query groups on seen from tcpdump being run on the device plugged into LAN1 switched from 192.168.42.* to 192.168.2.*. Where'd that come from? Who ordered this subnet?

The MacBooks on wired and WiFi could still connect to http://192.168.42.1/admin but not to the Internet.

The devices with static IP addresses don't seem to be able to get out either. tcpdump shows 'em making ARP requests for 173.228.89.1, but no answers, as before.

So I removed the Ext interface group and that has got it back to "some things work, but nothing involving static IPs other than 173.228.89.84."

Going to try something a little different. New group named "Ext2", shared WAN interface checked (again), this time only grouped WAN interface is "No Interfaces/None", grouped LAN interfaces are LAN1, LAN2, LAN3.
by fmc » Tue Aug 03, 2021 5:43 pm
Well, that worked better, in that hosts on the 192.168.42/24 net can still do Internet stuff, but the static hosts still don't work, and the one running tcpdump is again showing me ARP requests for /26-sized chunks of 192.168.2/24, which makes me think they've been placed in an undesired RFC 1918 private network by the router.

Serious question for Sonic: Can the SR516ac be made to support a group of four or eight static IP addresses, given that these are services you still offer and bill for, and I'm also paying to rent the SR516ac? Yesterday I placed a support call to inquire how to configure the router for this, and was told that configuring my hosts was outside the scope of Sonic support and that Sonic support had satisfied its requirement by configuring the router with its one static IP address.

Configuring my hosts is really not the sort of help I am asking for, unless the SR516ac has differing requirements: they were configured to work with the Pace modem, and two of them remain unchanged and I can put the third back if I haven't already.
by fmc » Wed Aug 04, 2021 7:43 am
Blundering round some more using DuckDuckGo to see what other adventures folks have had with SR516ac devices I found this:

viewtopic.php?f=10&t=16820

Which pointed me toward putting the SR516ac in bridging mode as described on this page:

https://help.sonic.com/hc/en-us/article ... ridge_mode

Those directions work; my usual programming of sshguard log messages is restored.

The resulting SR516ac configuration still seems to have a webby admin interface at http://192.168.42.1/admin via cable into LAN port 4 but is no longer offering addresses via DHCP on its wireless networks.

This will have to do for now. I have other fires to fight for the next two to three weeks.
7 posts Page 1 of 1

Who is online

In total there are 14 users online :: 1 registered, 0 hidden and 13 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Bing [Bot] and 13 guests