Re: rv345 ARP Proxy

l33t · ‎12-18-2019

Hi there, I am having issues when disabling NAT on the rv345. I am no networking guru so bear with me here.

My setup looks like this:

+---------+                     +----------+                         +-----+
|         | 192.168.0.1/24      |          | 192.168.0.33/27         |     |
| router  +---------------------+  rv345   +-------------------------+ PC  |
|         |      192.168.0.2/27 |          |         192.168.0.34/27 |     |
+---------+              (WAN1) +----------+                         +-----+

Also NAT is disabled on WAN1.

My problem occurs when "PC" ICMP ping "router":

"router" receive the ICMP ping request
"router" broadcast an ARP who has request
rv345 does not answer the request

It seems like there is no ARP proxy on WAN1, hence the question, does the rv345 support an ARP proxy on WAN interfaces? If yes then why isn't the proxy responding?

PS: Not sure this is the right board for this, apologies if it isn't.

Thanks,

/D

balaji.bandi · ‎12-18-2019

First, of let me ask you try to ping router using RV router as your Gateway, ping go all the way and no return?

can you post the traceroute from PC what IP you pinging?

another thing i have noticed here (not sure is this typo ?) /27 is this configure the same way? or /24?

192.168.0.1/24

At the same time router has routing back to RV to reach the subnet 192.168.0.33/27 ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

l33t · ‎12-18-2019

1) Yes the ping goes all the way, the below is from a capture between "router" and "rv345". Note that my diagram was wrong; PC has 192.168.0.58, not 192.168.0.34 albeit this does not change the issue.

2) There you go

[root@PC ~]# tracepath 192.168.0.1
 1?: [LOCALHOST]                      pmtu 1500
 1:  _gateway                                              1.014ms
 1:  _gateway                                              0.740ms
 2:  no reply
[...]
30:  no reply
     Too many hops: pmtu 1500
     Resume: pmtu 1500

3) There is no typo. The reason for this is that I have no control over "router" interface configuration hence I am using a /27 prefix on "rv345" to enable several subnets and proper routing.

4) Well yes "router" can route beacause it's on a /24 prefix and hence believe its on the same interface. Also the routing table on the "rv345" seems correct:

This really is a layer 2 issue :(

l33t · ‎02-23-2020

Bumping this thread as it has fallen into oblivion. It is a shame that such a feature is not working on a SMB class router. This model is really disappointing without even mentioning the fake console port ...

Allowing the user to disable NAT via the webui without enabling - or giving the option to enable - an ARP proxy as defined in RFC 1027 is utterly useless.

@cisco is fixing this device on your roadmap or shall we migrate to another vendor?

Richard Burts · ‎02-23-2020

The crux of this problem is that the router and the rv345 have significantly different understanding of the network to which they connect. The router believes that it is connected to 192.168.0.0/24 while the rv345 believes that the network is 192.168.0.0/27. I do understand your point that proxy arp would be a way to make this misconfiguration work. I do not have enough expertise in that particular platform to address whether there is a way to get proxy arp to work on the rv345, but I will observe that given the increasing concern about the security implications of proxy arp that I am not surprised that this platform might not support it.

HTH

Rick

paul driver · ‎02-24-2020

Hello
Seems like the the reason icmp is failing from that pc is when you disable NAT on the RV345, the Router does not know about subnet 192.168.0.32/27 thats why your using nat in the first place correct?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul