SG-1100 has uplink but no connection to ISP gateway


  • My SG-1100 is configured for a static IP from my local ISP. It has an uplink to the ISP’s ONT:

    Screen Shot 2021-01-08 at 10.28.12 AM.png

    Still there is no connectivity to the ISP’s gateway:

    Screen Shot 2021-01-08 at 10.28.33 AM.png

    When I assign the same IP to my laptop and connect it directly, it can connect. My ISP’s support says that that points to a problem with my router, and I would have to agree.

    ISP Support and I have taken all these usual troubleshooting steps:

    • Reboot the ONT
    • Reboot the router

    I have not

    • Reset the SG-1100 to factory settings and reload settings from a very recent backup
    • Reinstalled the firmware on the SG-1100

    To reset it to factory settings, will have to connect it to a serial terminal? I have a RS-232-to-USB adapter, but is from the early 2000s, and I don’t think there are 64-bit drivers for it.

    Any other suggestions?

  • LAYER 8 Global Moderator

    What mask did you put on your wan address. For you to have a .27 the mask would have to be no smaller than /27 (0.0.0.0 - 0.0.0.31) 255.255.255.224.. Did you maybe make it a /32 which I believe it defaults to?

    When you connect your laptop, can it ping that gateway address?

    If the gateway does not answer ping then yes pfsense would think the connection is offline.

    Do you get mac address for the gateway in your arp table?


  • Thanks @johnpoz!

    Here is what I found:

    Screen Shot 2021-01-08 at 11.21.40 AM.png

    That is the subnet mask given to me by the ISP.

    The ARP table shows the gateway, and I verified with a representative of the ISP that the MAC address is correct:

    Screen Shot 2021-01-08 at 11.24.27 AM.png

    Does this provide any clues?

    Oh, and yes, I can ping the gateway from my laptop, when it assumes the IP address my router is supposed to have and connects directly.


  • Would any of these symptoms be consistent with a bad connection inside of the Ethernet connector? I mean, could it be that there is a single wire that’s not making contact while all the other are, and I would get an Up status on the WAN port? I am not familiar enough with the Ethernet hardware layer.

  • LAYER 8 Global Moderator

    Highly unlikely anything wrong with the cable if it comes up and shows link and does gig as the connection.

    Again when you connect your laptop and it works - can you ping the gateway? I would assume you would use the same cable - so that would test it the cable as well.

    If gateway doesn't answer ping you can always mark it as online. Or pick some other upstream IP to ping that does answer.

    up.png

    You see a mac address and its in your arp table. So seems to me just not answer ping, if pfsense thinks your gateway is down, then no nothing is going to work.


  • @dominikhoffmann your wan interface appears to be on a vlan ?

    might be better to provide all relevant information instead of bits and pieces


  • @johnpoz: Yes, I can ping the gateway from my laptop, when hooked up directly. That rules out any hypothesis that the gateway ceased responding to pings recently.


  • @heper: I appreciate your input! That appears to be normal:

    Screen Shot 2021-01-08 at 1.02.58 PM.png

    This is a configuration I have not changed from the default.

    @heper said in SG-1100 has uplink but no connection to ISP gateway:

    might be better to provide all relevant information instead of bits and pieces

    I apologize! I only know to provide what I initially understand to be relevant. I am relying on pointers from @johnpoz and you to learn what else might be insightful.


  • @dominikhoffmann said in SG-1100 has uplink but no connection to ISP gateway:

    I apologize! I only know to provide what I initially understand to be relevant.

    Hi,

    as John said, it is likely that GW not respond to PING...
    (although this is contradicted by a direct laptop connection)

    perform a test with a known DNS server IP for GW monitor

    I am already saying, - yes, not the solution, but it is a test...

    then perform a "tracert" and search for a nearby upstream IP that responds to PING
    (as much as possible to the accuracy of the GW parameter, whic is measured by pfSense - dpinger)

    eca81746-6131-4470-9f9e-ce8d9a42b74e-image.png

    0bd16f3d-a3a0-4763-9aaf-3adf5a60e031-image.png


  • @heper said in SG-1100 has uplink but no connection to ISP gateway:

    your wan interface appears to be on a vlan ?

    this does not mean that there is no PING response 😉

    just watch my ONT setting,.... with VLAN.... (and there is GW PING)

    359a80bd-b47c-4456-8424-3d118ae4a065-image.png

  • LAYER 8 Global Moderator

    Not enough experience with ont sort of devices - but with say cable modems. If you change the device connected them (the mac) you need to power cycle them.

    Have you powercycled the device between changing between laptop and pfsense?

    I take it you have done that since you do mention rebooting it.

    You could sniff on pfsense and if its sending out pings, but not getting an answer - then yeah its going to show offline. I would do a packet capture and validate that.. Then maybe ask the isp why that is happening.. Showing them the sniff saying hey - sending pings, to this ip/mac - why no answer..


  • @johnpoz said in SG-1100 has uplink but no connection to ISP gateway:

    Have you powercycled the device between changing between laptop and pfsense?

    As long as the cable modem requires a power cycle, the ONT responds immediately and assigns a new IP from the range based on the MACs.

    so it mentions OP ONT, so the above process is not necessary here

    BTW:

    package capture is a good idea 😉


  • I now works. After resetting the SG-1100 to factory settings and only changing it from being a DHCP client on the WAN to the static IP assigned by the ISP, I made another call to the ISP, because short of refreshing the device there was nothing left to try. Their ARP table had my laptop’s MAC address lodged in it, from when I had hooked it up straight to the ONT. Once the support rep cleared that MAC address, I started getting connectivity.

    There is no telling what had been wrong initially.

    The ONT (optical network terminal) doesn’t get rebooted by the customer. It is something the ISP can do remotely, though, and they did that initially. Their troubleshooting steps apparently do not involve doing that for everything.

    Thanks to all for helping! I certainly learned something.

  • LAYER 8 Global Moderator

    @dominikhoffmann said in SG-1100 has uplink but no connection to ISP gateway:

    Their ARP table had my laptop’s MAC address lodged in it

    Yeah that for sure would cause you grief ;) Glad you got it sorted.. But wouldn't you be able to remove power from the ont? That would for sure reboot it --- heheh.


  • @dominikhoffmann said in SG-1100 has uplink but no connection to ISP gateway:

    I certainly learned something.

    even from my ISP (L2 eng.) age I can think of these, which were the rigid settings of the network security:

    DHCP MAC Address Exclusion List
    Prerequisites for GPON DHCP Leasequery

    these are parameters configured on the "head - end" that are sometimes good, sometimes bad

    😉


  • @johnpoz: So would that ISP ARP table reside in the ONT or in their data center equipment. I am not sure how transparent the ONT is. As far as I understand it is merely a physical-layer bridge.

  • LAYER 8 Global Moderator

    Normally a true hardware bridge wouldn't have a arp table.. But I am not up to speed on those devices..

    They are a bit more involved than just a simple bridge.. Do you have a specific model number.. There are many different ways an ISP might be setup.. I doubt the device they deployed to you is just a simple hardware bridge..


  • @dominikhoffmann said in SG-1100 has uplink but no connection to ISP gateway:

    As far as I understand it is merely a physical-layer bridge.

    They can be configured in different ways, as several types of services are available through it (DATA, VoIP, IPTV, etc).

    They (ONT) usually do not act as a network bridge, this is how ARP appears:
    (All configurations are received from OLT after proper authentication, therefore difficult to hack)

    28ce7eaf-4537-4c4d-9918-1987bde851aa-image.png

    https://community.fs.com/blog/components-and-architecture-of-gpon-ftth-access-network.html

    in bridge mode, f.e PPPoE or IPoE.:
    https://forum.huawei.com/enterprise/en/huawei-ont-bridge-mode-introduction/thread/498679-100181

    I know Huawei in your place is not current, but it is a good description 😉


  • @daddygo: “Mathematics: The Beautiful Language of the Universe”

    Mathematics is the body of truths about numbers. Truth is the Logos, the second person of the Trinity who said about himself, “I am the Truth, the Way, and the Life.”


  • @dominikhoffmann said in SG-1100 has uplink but no connection to ISP gateway:

    Mathematics is the body of truths about numbers.

    Hmmm,

    Yeah, I graduated with a degree in mathematics in the early 90s, but I don't remember it anymore...🙃

    BTW:

    I didn't rotate the Bible much, only once I read it, because I think it’s mandatory...

    somehow in my reading, math and faith, opposite poles


  • @daddygo said in SG-1100 has uplink but no connection to ISP gateway:

    I didn't rotate the Bible much, only once I read it, because I think it’s mandatory...
    somehow in my reading, math and faith, opposite poles

    Not the way I see it. If, in fact, the Son, the second person of the Trinity, is Truth, then the pursuit of truth and mathematics and the pursuit of theological truth are merely different aspects of the same object of study.

    Beyond that, though, the thing that already shocked the ancient Greeks was that that Principle, which was the logical conclusion of every action having a cause and that there had to be one original cause, is a person and a person who entered His own creation. That’s why Christmas is such a big deal. He did that, in order to make us oh-so-limited creatures members of His family. He wants to have an eternal relationship with you, and me, and every other human being. That’s the Good News, the Gospel.

  • LAYER 8 Global Moderator

    How did this thread turn to into thumper spam?


  • @dominikhoffmann

    Thanks for your reply, really.

    I already understand you, but we have different points of view and opinions. I have been and will remain an atheist all my life.

    Perhaps this is due to the technical approach, the "creator" cannot show much on this subject...

    I have to say that I have always respected religions, and it remains so.
    I always like to talk to religious people because we see the world from different perspectives.

    BTW:
    and as long as we live we learn ✋


  • @johnpoz said in SG-1100 has uplink but no connection to ISP gateway:

    How did this thread turn to into thumper spam?

    Don't worry John, only people are talking.
    Aren't you used to it? :)

    +++edit:
    it is only such an aftershock as in the case of volcanoes


  • @johnpoz: I just responded to @DaddyGo’s religious statement about beauty and mathematics in his signature. It was just a “BTW.”