Ubiquiti Edgerouter no Internet issue

[tek9]

Hi all. Long post, but please bear with me.
I have an issue with an EdgeRouter PRO that I cannot for the life of me figure out.
Backstory: Client (accountant) is getting a new server and router to replace his junky equipment and he wants it done a bit more secure than what he has. He had his previous IT guy set him up with a "server", which was really a home built computer running a version of Windows Server, don't recall which one exactly. Only used as a File Server. He used RDP to remote into the Server and to the other computers in his office by using Port Forwarding to punch holes in his Firewall. You get the idea.
A few times he had some issues with people getting into his network using RDP, I believe, so it was decided to do something about it.
So about a year ago he asked for a normal server and a new router that can handle VPN connections to we don't have to do port forwarding. I got him a big HP Server and an EdgeRouter PRO so it can handle multiple VPN connections simultaneously, I set up the VPNs and other settings on the EdgeRouter, tested it on my network and it worked fine. I sent it over to him with his son (both are my clients, but the son lives close by, while the father is about 1.5 hours away). He calls me about a month ago (!), like 10 months after delivery, that he's setting up the EdgeRouter for the first time and it's not working. He didn't have time to look at it until then.... Anyway, I was on the phone with him for hours at that time, and today, troubleshooting and here's what we know:
He's using Cable for his Internet, Dynamic IP, with no-IP for DDNS. The cable company supplied him with a DLink router which was working fine.
Edgerouter is setup with DHCP for the WAN port, and the rest of the ports are a bridged LAN.
When he plugged in the cable from the modem to the new EdgeRouter WAN port, he doesn't get any Internet. We power cycled the modem a bunch of times with no change. The LEDs for the WAN port flash briefly for a few seconds then go off as if there's no cable in the port. Tried different cables, no difference. If he plugs the Dlink back in, it works. So I'm thinking maybe bad port or bad cable, but if we plug the EdgeRouter WAN into a LAN port on the Dlink, it does work! Obviously double-NAT, but we do have internet. So hardware is ruled out.
I'm thinking maybe Optimum (the cable company) locks their modem to only work with their routers, so he tried an old Belkin router that he used around 5 years ago with DSL, not from the Cable company. He had set the Belkin to access point mode only (that's what he told me. Seems to be in pass-through mode) so it's not doing any routing. Plugged the Belkin into the modem, and the EdgeRouter WAN port into the Belkin, and we do have Internet. Not only that, but the EdgeRouter is showing his Public IP address for the WAN Port and I can successfully VPN into the router and RDP into his network with this setup! So it's not locked into their routers.
MTU is set to 1500, in case it makes a difference.
I also ran the Wizard to reset the router to a basic WAN>LAN setup but it didn't help.
So I don't understand why it would not work when directly connected to the modem, and the LEDs wouldn't even show any activity, but when connected through a different router, even in passthrough mode, it worked fine?

 

[Slaters Kustum Machines]

Sounds like it could be an auto-negotiation issue. Do they have a spare switch you could put between the modem and the ER Pro? Just something else to handle the auto-negotiation of the connection, or maybe try setting the port speed and duplex settings manually between the two.

 

[Markverhyden]

Did you engage the ISP? Sometimes they do have MAC binding and will reject a new MAC. Sometimes doing a release with the old device will free it up.

 

[Slaters Kustum Machines]

You might be able to clone the MAC as well, not tried it with an ER Pro.

 

[tek9]

Sounds like it could be an auto-negotiation issue. Do they have a spare switch you could put between the modem and the ER Pro? Just something else to handle the auto-negotiation of the connection, or maybe try setting the port speed and duplex settings manually between the two.

I didn't think of that, thanks. I don't think they have any spare stuff hanging around. I can try changing it on the Edgerouter side. So you're saying I should just experiment with different speed and duplex settings in case it changes, or do you have a specific combination in mind?

 

[tek9]

Did you engage the ISP? Sometimes they do have MAC binding and will reject a new MAC. Sometimes doing a release with the old device will free it up.

We didn't contact the cable company yet, though I've asked him multiple times to find out if they're doing something to the router to lock it in, but he's a bit stubborn (older guy) and wants to do it on his own first. (I know, I know, but I've got to tread lightly here since they're a very good referral)
If all else fails, I guess we'll talk to them.

 

[Slaters Kustum Machines]

I didn't think of that, thanks. I don't think they have any spare stuff hanging around. I can try changing it on the Edgerouter side. So you're saying I should just experiment with different speed and duplex settings in case it changes, or do you have a specific combination in mind?

I don't have any specific settings to try, just go through them to see if any combinations work. I have seen weird things where throwing a switch in the middle fixed the issue and never went back to change the settings to see if manually setting the speed/duplex to see if that fixed it or not. A cheap un-managed switch just worked.

 

[tek9]

You might be able to clone the MAC as well, not tried it with an ER Pro.

Should I clone the MAC of the modem or of the old D-Link router? Normally I would clone the D-Link, but in this case the Belkin router is doing pass-through and the D-Link isn't in the mix and it's still working.

 

[Slaters Kustum Machines]

Should I clone the MAC of the modem or of the old D-Link router? Normally I would clone the D-Link, but in this case the Belkin router is doing pass-through and the D-Link isn't in the mix and it's still working.

I don't think it's a MAC issue in this case, based on your description. I was just throwing that out there as "food for thought" for if someone is in a similar situation and the ISP is locking to a specific MAC.

 

[Markverhyden]

We didn't contact the cable company yet, though I've asked him multiple times to find out if they're doing something to the router to lock it in, but he's a bit stubborn (older guy) and wants to do it on his own first. (I know, I know, but I've got to tread lightly here since they're a very good referral)
If all else fails, I guess we'll talk to them.

I understand. But I run into this all of the time. I just tell the customer that they should call the ISP and add me as a technical resource. Us techies can have our techy conversation and spare them the boredom.

 

[YeOldeStonecat]

The ERs can be "slow" in picking up a dynamic IP sometimes. Having them just sit there....with some hardware they'll pick up a new IP quickly, with other hardware...it can take a long time. I have noticed that on some devices that they're being slow with, somethings you need to kick them in the groin....I forget exactly where ..(I'm still at home can't go look quickly but I will when I get to HQ)....but you go into a status section of the Eth port used for the WAN, and if it's set to obtain auto from DHCP..there's a "Renew" button.

Question 1...is the ER at a recent firmware version? Or..what it came with out of the box? Highly recommend ensuring it's at a recent firmware versoin..especially something from at least the past year. Great improvements over what the ERs had 2 or 3 years ago.

Question 2...how long did you leave cable modem unplugged for? They can tend to be slow in handing an IP to a "new device". Often powering them off (unplugging the power) for a good 5 minutes or more will help clear out their arp table. Don't forget...if it's a modem used with IP phones it will have a battery inside too...you need to remove that also when you unplug the power cord. Else it's not powering down all the way. (insert the obvious caution that phones will be unavailable for this time period).

 

[Your PCMD]

We didn't contact the cable company yet

You dont have to. A router cannot be locked by a modem. Have a look at 192.168.100.1 (the modem) and look at the event log. What it sounds like to me is that the EdgeRouter is configured with a different subnet mask. I've seen that before where the subnet is at 192.168.2.1 but should be at 192.168.1.1/24 - or similar.

Also, if you hook a computer directly to the modem does it connect to the internet? Are you using the UNMS? Does the router itself has Internet access? The EdgeRouter PRO is supported and managed by UNMS (Ubiquiti Network Management System) you know.

Can you ping the ISP Gateway from the CLI?

 

[tek9]

The ERs can be "slow" in picking up a dynamic IP sometimes. Having them just sit there....with some hardware they'll pick up a new IP quickly, with other hardware...it can take a long time. I have noticed that on some devices that they're being slow with, somethings you need to kick them in the groin....I forget exactly where ..(I'm still at home can't go look quickly but I will when I get to HQ)....but you go into a status section of the Eth port used for the WAN, and if it's set to obtain auto from DHCP..there's a "Renew" button.

Question 1...is the ER at a recent firmware version? Or..what it came with out of the box? Highly recommend ensuring it's at a recent firmware versoin..especially something from at least the past year. Great improvements over what the ERs had 2 or 3 years ago.

Question 2...how long did you leave cable modem unplugged for? They can tend to be slow in handing an IP to a "new device". Often powering them off (unplugging the power) for a good 5 minutes or more will help clear out their arp table. Don't forget...if it's a modem used with IP phones it will have a battery inside too...you need to remove that also when you unplug the power cord. Else it's not powering down all the way. (insert the obvious caution that phones will be unavailable for this time period).

When I tested this unit on my own network (Cable ISP) it worked fine immediately, so I don't think it's something on the ER itself. I also tried the renew button for that ETH port while on the client's network and it didn't make a difference.
The firmware was on 1.9.1 IIRC yesterday morning when I started on it, and I updated it to the latest 1.9.7 hotfix 4. No diff.
I don't remember exactly how long he kept in unplugged. Probably less than 5 minutes, though. I did ask him to verify there's no battery and that all the LEDs were off. If the battery would be in, it would still keep the batt. light lit.

 

[YeOldeStonecat]

Technicolor brand gateway?

 

[tek9]

I'm not sure. Haven't seen it and I didn't ask him. I know in these parts of NY and NJ they provide ARRIS modems.

 

[tek9]

Sounds like it could be an auto-negotiation issue. Do they have a spare switch you could put between the modem and the ER Pro? Just something else to handle the auto-negotiation of the connection, or maybe try setting the port speed and duplex settings manually between the two.

So just an update on this issue: Slaters, you were right. I manually changed the speed/duplex settings on that port to 100/Full and the Internet is working now. Client just returned from an overseas trip so couldn't take care of it until now.
BTW: I logged into the modem itself after changing the router settings, and the speed/duplex for the modem was reporting 100/Half for some reason.
I told the client to get a new modem from the ISP because it appears to be flaking out by now.