Pfsense not getting WAN IP from Arris TG1672G Modem (Bridged Mode)

Cascadoo

Hi Folks,

My Pfsense machine is connected to the ISP Arris TG1672G Modem set to bridged mode.

For some reason the Pfsense box is now unable to get an IP address from the Arris modem. If I connect to the Arris directly with a laptop and reset the Arris modem, the laptop is able to get a public IP and internet works, so the bridged mode on the Arris seems to be working.

I then tried re-connecting the pfsense box to the modem, then reboot modem but still no WAN IP on the pfsense. Tried rebooting the pfsense as well but still no dice. What I did notice is that when I reboot the pfsense it does seem to get a WAN IP of "192.168.100.20" for a couple seconds then goes to N/A. I don't know why that happens as that subnet does not exist on my network.

I have went through multiple attempts of defaulting the Arris modem and re-configuring it to Bridged mode, always testing with a laptop each time to confirm that the bridge mode is working, then rebooting when I re-connect the pfsense box. I reboot after changing the connection as I assume the Arris binds the public IP to the specific mac address of the device connected on port 1 until reboot.

At the moment I have taken off the bridge mode from the Arris modem and pfsense is able to get a LAN side DHCP IP from the Arris which now works as the WAN IP on pfsense. Internet works for now but would like to get it working in bridge mode once more for my port forwards etc to work.

Can anyone share some insight into why it may be having difficulties getting a WAN IP when the Arris modem is to bridge mode?

Raffi_

192.168.100.20 is assigned when the modem has not synced yet. That is assigned to pfSense so that you can access the modem web GUI, usually at 192.168.100.1. That address is obviously not useful for web access though. Maybe you can login to the modem at 192.168.100.1 and see if it has a public IP assigned to it. If so, on pfSense go to Status > Interfaces. Then try using the Release and Renew button on WAN interface.

It might also be worth trying to go to Interfaces > WAN and under "Reject leases from" put in the 192.168.100.1 of the modem. This should force pfSense to ignore that 192.168.100.20 which is being assigned. This will likely prevent you from accessing the modem web GUI, but that's normally not helpful anyway (unless you found it helpful above of course).

edit, another thing that might be worth trying is to put a dumb switch between the modem and pfSense WAN if you have one laying around to see if the modem is not playing well with the direct connection to the NIC of pfSense.

Cascadoo

Thank you for the response, very useful information. I will look into these options tomorrow to see if it makes a difference, as I do actually have a spare regular switch on hand.

The default web interface on the Arris is 192.168.0.1 but I do know there is an alternate web interface into the Arris that requires a daily password if I recall correctly. I am not too knowledgeable on the Arris modem but I assume the this is the backdoor interface that the ISP uses to connect to the modem.

Raffi_

@Cascadoo said in Pfsense not getting WAN IP from Arris TG1672G Modem (Bridged Mode):

The default web interface on the Arris is 192.168.0.1 but I do know there is an alternate web interface into the Arris that requires a daily password if I recall correctly.

Yes the 192.168.0.1 would be the address when it is in router mode. I'm not sure if that would be different (192.168.100.1) when in bridge mode. I assumed so only because it assigned a temporary address in that same subnet and most standalone cable modems have that same address.

Cascadoo

Went back at it this morning setting the Arris back into Bridged mode. Released and renewed WAN IP on pfsense and got a public IP but no internet which is strange. Waited a bit then tried rebooting pfsense just in case but still no internet.

I then tried a regular switch in between the Arris and pfsense and after a little bit of time internet started working. Then removed the switch, so direct connection from Arris to pfsense box and internet works.....I then tried rebooting pfsense to see if it will persist after a reboot and it does, internet still works......I am honestly a bit confused as to why this works.

Raffi_

If you are getting a public IP on WAN, then it should work fine. If something is not working, you normally don't have to reboot pfSense like a typical router. In fact, that could compound the issue and make it more difficult to figure out what is going on. For instance, when you say you got a public IP, but no internet, I'm guessing you opened up a browser and couldn't get a page to load? That could be normal at first especially after rebooting pfSense. If you are using the default DNS settings, pfSense will act as the DNS resolver. The first time you try to load some website it might seem unresponsive because the resolver has not cached anything yet. If you give it some time, like you did while going between plugging and unplugging the connection, that might have been all it needed, a little more time.

edit, if you do have this issue again and can't get a web page to load, next time try a ping to 8.8.8.8. That may help narrow down what the problem is. If you can ping 8.8.8.8 but can't ping google.com, then it's a DNS issue and not a problem with your connection to the web. If you can't ping 8.8.8.8, then we take it from there.

DaddyGo

@Raffi_ said in Pfsense not getting WAN IP from Arris TG1672G Modem (Bridged Mode):

If you are getting a public IP on WAN, then it should work fine.

exactly...
@Raffi

it is a question of DNS... (maybe)
I had a post about DOCSIS modems vs. pfSense WAN dhcp, here in the forum...

the pfSense has a very hard time picking up dynamic IP from DOCSIS modems...

it is a question of configuring DOCSIS too, I have worked on telekom CO. (HU,SI,PT,A,E) systems for a long time as a consultant.. (GPON, DOCSIS)

so pfSense sends the request (DHCP), but Edge-QAM + CMTS rejects it due to strict rules...

it is a question of when the snake bites its own tail...

Cascadoo

@Raffi_ said in Pfsense not getting WAN IP from Arris TG1672G Modem (Bridged Mode):

f you are getting a public IP on WAN, then it should work fine. If something is not working, you normally don't have to reboot pfSense like a typical router. In fact, that could compound the issue and make it more difficult to figure out what is going on. For instance, when you say you got a public IP, but no internet, I'm guessing you opened up a browser and couldn't get a page to load? That could be normal at first especially after rebooting pfSense. If you are using the default DNS settings, pfSense will act as the DNS resolver. The first time you try to load some website it might seem unresponsive because the resolver has not cached anything yet. If you give it some time, like you did while going between plugging and unplugging the connection, that might have been all it needed, a little more time.
edit, if you do have this issue again and can't get a web page to load, next time try a ping to 8.8.8.8. That may help narrow down what the problem is. If you can ping 8.8.8.8 but can't ping google.com, then it's a DNS issue and not a problem with your connection to the web. If you can't ping 8.8.8.8, then we take it from there.

I had a serial connection up when rebooting the Pfsense and noticed that it did stick at the DNS resolver phase for quite some time before continuing. I did not even think to ping the DNS.

Thank you for all the for insight and assistance with resolving this issue.

@DaddyGo said in Pfsense not getting WAN IP from Arris TG1672G Modem (Bridged Mode):

it is a question of DNS... (maybe)
I had a post about DOCSIS modems vs. pfSense WAN dhcp, here in the forum...
the pfSense has a very hard time picking up dynamic IP from DOCSIS modems...
it is a question of configuring DOCSIS too, I have worked on telekom CO. (HU,SI,PT,A,E) systems for a long time as a consultant.. (GPON, DOCSIS)
so pfSense sends the request (DHCP), but Edge-QAM + CMTS rejects it due to strict rules...
it is a question of when the snake bites its own tail...

Interesting information, will look for the post.

DaddyGo

@Cascadoo said in Pfsense not getting WAN IP from Arris TG1672G Modem (Bridged Mode):

Interesting information, will look for the post.

is old...... and is about Cisco CMTS systems with DOCSIS...
I have a client who has this problem every time, when the ISP dynamic IP is updated...

f.e.:
https://www.cisco.com/c/en/us/td/docs/cable/cbr/configuration/guide/b_docsis_cbr_full_book_xe16_7/b_docsis_cbr_full_book_xe16_7_chapter_01011000.pdf
https://www.cisco.com/c/en/us/td/docs/cable/cmts/config_guide/b_cmts_security_and_cable_monitoring_features.pdf

winger46146

Was your pc the 1st thing plugged into the modem? If so it might be locked to your PC MAC address. You can try spoofing the WAN MAC to your pc MAC address.

Cascadoo

@winger46146

I made sure that I removed laptop connection from the modem when it goes down to reboot to apply the bridge mode change so that the pfsense is the only connection to the modem.

It's functioning know but as Raffi said it may be that I just had to wait a bit longer after it pfsense got a public IP.

DaddyGo

@Cascadoo said in Pfsense not getting WAN IP from Arris TG1672G Modem (Bridged Mode):

but as Raffi said it may be that I just had to wait a bit longer after it pfsense got a public IP.

if there is no hard ISP limit (time delay, protection intervals) then DHCP should do its thing .... immediately
so powering off the modem tells the ISP that it can allocate a new DHCP lease time...

that when this is the question and this ISP CMTS setup...

BTW:
because the MAC learning, which is why the "MAC spoofing" often comes in handy