03-27-2019 08:27 AM - edited 03-28-2019 06:38 AM
Hello.
We recently purchased an RV345 to use in our SMB setting. We have a static IP, gateway, subnet, and DNS1 & DNS2 from our WISP, and the configuration is very simple - something I've setup many, many times in the past. There is no MAC lock on the connection, as is sometimes the case with ISPs.
I powered up the RV345, logged in, changed the admin password, and set up WAN1 with the settings specified, and was shown in the WAN window that the connection was up on IPV4. But no internet connectivity. Could resolve hostnames (yahoo.com) and perform DNS lookups in the router's diagnostics area, but couldn't ping them. Machines on the network could connect to the internet, for about 30 seconds, after which no connectivity was available. The WAN status still showed IPV4 as up.
I reset the router and set it up again. Same thing. I did this many times, sometimes using DHCP, sometimes the Static IP settings. Finally I involved the ISP, and had them check things on their end. They said it looked like it was connected on their end and could see that the router was sending traffic to an IP on AWS - I'm guessing this is a Cisco firmware update check. But the issue was always the same. I could ping websites on the router or on a network device for about 20-30 seconds after re-configuring WAN1, but afterwards, nothing. No internet connectivity, though the router responded to LAN pings. I tried configuring the connection when connected to WAN2, but same thing.
Finally, I returned the RV345, thinking it may have been a hardware issue, and got a new RV340. Brand new - same exact thing. Nothing else is configured in the router - I'm literally powering it up, configuring WAN1, and then this happens. I've tried disabling the firewall in the router, but it makes no difference.
Finally, in order to rule out the possibility that it was anything other than a router issue, I brought in a Ubiquiti EdgeRouter 4 that I have as an on-hand backup router. Configured it with the same Static IP I had been using, and it worked like a charm instantly. Later still I grabbed a $50 Belkin Wireless Router we'd been using as a WAP and tried it - same thing, worked perfectly.
Does anyone have any suggestions I could try to make this work? The ONLY thing I haven't done is update the firmware. It shipped with the second-to-latest release. But, so far, every other router I've tried works perfectly after configuring the static IP. Only the Cisco RV-series appears to have problems. I'm replacing a Cisco C881 that we do not own and was only used as we used to be a branch office connected via a tunnel.
Our ISP is a WISP, or a fixed-based wireless provider. So we have an antennae and radio outside our facility. The only non-standard aspect to our install is that there's a POE injector on the WAN cable - the cable that would ordinarily be running from the ISP's modem to our router. This is because that cable powers the radio equipment on a tower outside our facility. I've run cable tests on it and they've all passed. So the CAT5 cable runs from the antennae to the POE injector, which then plugs into our router. I don't believe that these components are causing the issue.
Any help would be greatly appreciated. Not sure what to try at this point. I should add that the config on the C881 we're currently running matches the config that I'm using, with respect to the WAN configuration. They're identical.
Solved! Go to Solution.
03-27-2019 03:41 PM
Hi,
You may be hitting the CSCvm66202 bug. Will you please check whether the "Network Service Detection" is enabled ( WAN > Multi-WAN menu) and if yes try to disable.
Best regards,
Antonin
03-27-2019 09:15 AM
Hi,
How to Cisco router connected with your RF Connection? Is it directly connected to the RF device's cable where POE injector is connected? If then please try to connecting a switch middle of both device.
I am sure that you are not making a connection/IP address/MTU details with ISP and it's advice to check again.
Regards,
Deepak Kumar
03-27-2019 12:08 PM - edited 03-27-2019 12:29 PM
@Deepak Kumar wrote:
How to Cisco router connected with your RF Connection? Is it directly connected to the RF device's cable where POE injector is connected? If then please try to connecting a switch middle of both device.
Thank you for your reply. The CAT5 runs from the antennae and radio on top of a tower outside our facility to the ground, in through the wall, where it connects into a POE injector that connects directly to the router. You're saying I should try connecting the CAT5 cable coming from the WISP's hardware to a POE switch, and then connecting that to the router's WAN port? Any reason you can think of that it'd work on other routers but not this one?
@Deepak Kumar wrote:I am sure that you are not making a connection/IP address/MTU details with ISP and it's advice to check again.
I'm not sure what you mean here. You're saying the router isn't connecting to the ISP's service? I know that it is. They're able to see on their end whether the router has connected, and they do. Plus I do have internet access, just not for more than about 30 seconds. Even a reboot doesn't change this. I have to change the WAN config, then it'll come back up - but only for 30 seconds.
03-27-2019 09:22 AM
This is a very interesting set of symptoms. The fact that it works briefly and then stops working suggests that either something times out or develops a conflict. Does this router have the ability to show the contents of the arp table? If so would you post it?
It is also interesting that you say that you are able to resolve names but not able to ping those resources. Is the router able to ping the configured DNS server(s)?
I am wondering about the radio, antennae, and POE. Can you tell us a bit more about this and how it connects to your router?
HTH
Rick
03-27-2019 12:23 PM - edited 03-28-2019 06:39 AM
Thank you for your reply, I really appreciate it. I must admit this issue has really baffled me. I'm not a network engineer by any means, but I'm proficient in most general SMB network configurations, so you can image my embarrassment at not even being able to configure a basic Static IP WAN connection.
@Richard Burts wrote:This is a very interesting set of symptoms. The fact that it works briefly and then stops working suggests that either something times out or develops a conflict. Does this router have the ability to show the contents of the arp table? If so would you post it?
I apologize, but I don't have the RV340 setup right now. But I did look at the ARP table - it had a single entry - the laptop I was using to configure it. I recall it showed the IP of my laptop, the MAC address, the connection type as Dynamic, and the interface as VLAN 1. Nothing more was shown. I hadn't yet connected the router to our primary switch.
@Richard Burts wrote:
It is also interesting that you say that you are able to resolve names but not able to ping those resources. Is the router able to ping the configured DNS server(s)?
After configuring the WAN connection, I can successfully ping any IP or hostname I'd like, including our primary DNS (8.8.8.8). But after about 30 seconds, all ping attempts return "Operation not permitted". The DNS lookup still functions, however.
@Richard Burts wrote:I am wondering about the radio, antennae, and POE. Can you tell us a bit more about this and how it connects to your router?
As for the WISP setup, it looks like this:
At the top of the tower there is a MikroTik BaseBox 5 (I believe this is the correct model, but am not 100% certain). This is the WISP's equipment, not ours. That connects via RPSMA to the antennae (also owned by the WISP), which I believe is also a MikroTik product, though I'm unsure of the model. Power is provided to the BaseBox 5 via CAT5, which runs down the tower from the BaseBox, through the exterior wall, and into our networking room. The CAT5 plugs into a POE Injector, which gets power via an AC adapter, which then connects to the WAN port of our Cisco RV340 router. The POE injector is this model, I believe. It was provided to us by the ISP.
03-27-2019 01:55 PM
Thanks for the additional information. I had not been clear that the POE injector has its own AC adapter. So it plugs into an Ethernet port? Is it configured as a standard Ethernet connection? Or is there something in its config that is different? If it is standard Ethernet then I would have expected to see an entry for it in the arp table.
I also appreciate your further explanation of what happens after you boot up. I had been assuming that the ping just timed out. Perhaps because the router had lost outside connectivity. It is probably significant that you get an error message Operation not permitted. It makes it sound more like there is something in the RV configuration. I am also thinking about why or how the DNS lookup still works. How are you verifying that DNS lookup still works?
Am I correct that your attempts to ping are from your PC rather than from an administrator session on the RV? Does the administrator session have the capability to ping? If so when ping is failing for your PC could you test and see if it works from the administrator session?
HTH
Rick
03-27-2019 03:41 PM
Hi,
You may be hitting the CSCvm66202 bug. Will you please check whether the "Network Service Detection" is enabled ( WAN > Multi-WAN menu) and if yes try to disable.
Best regards,
Antonin
03-28-2019 06:16 AM - edited 03-28-2019 06:17 AM
Thank you all for your replies, I greatly appreciate your attempts to help me resolve this issue.
And thank you @amikat - your suggestion that the problem was bug related was indeed correct. Disabling Network Service Detection on WAN1 resolved the issue completely.
For anyone else running into this, the problem manifested exactly as described below:
- Network Service Detection is enabled (which is the default setting).
- Echo replies are not received from the gateway/remote host.
- The second WAN interface is not connected for redundancy.
Under these conditions, the router blocks traffic out the WAN interface even though the second WAN interface is not connected for redundancy. Ping or traceroute done from the Diagnostics page results in an "Operation not permitted" error. UDP appears to be unaffected since DNS queries and TFTP traffic pass successfully.
03-28-2019 07:01 AM
Thank you for the update telling us that the problem is resolved. It was a very good suggestion from Antonin about the bug. I find it especially surprising that the bug impacts ping and traceroute but does not impact UDP. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information (and this one certainly does). This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.
HTH
Rick
06-10-2023 06:00 PM
I was having a similar issue where my Cisco rv340 was behind Arris sb8200 modem for Xfinity. The difference is I never noticed it was temporarily working. After I recycled the modem and later Cisco router, DNS would work, I could see Cisco got connected to ISP, yet my laptop wasn't connecting to internet and traceroute wasn't working. After I disabled the "Network Service Detection" on WAN interfaces, it worked fine. Thank you!
01-14-2020 05:53 AM
I am experiencing the same error, but I could not solve it, doing everything I write in these solutions. He still doesn't want to connect to the Internet only on WAN1. what do you recommend me to do?
07-20-2020 01:46 AM
Saw your post dated Jan and we are also experiencing the same issue (it's July 2020). Is there anymore suggestions for this issue?
07-20-2020 10:33 AM - edited 07-20-2020 10:34 AM
If it is truly the same issue then perhaps the same solution might work - disable Network Service Detection. Or perhaps try a different version of code.
07-20-2020 07:02 PM - edited 07-20-2020 07:03 PM
Negative. We tried and it didn't fix the issue. Can you advise the alternative code? Thank you.
07-21-2020 07:35 AM
I do not have much experience with this model, and I do not know what version of code you are currently running. So it is hard to give good advice about alternative code. In general I would say that if the code you are running is older then try the most recent version. If you are running the latest code then back up a release or two.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide