USG20W-VPN new clients belong to the wrong interface

ogentech
ogentech Posts: 1  Freshman Member
edited April 2021 in Security
Hello,

When machines in our network are turned off and started again our USG20W-VPN will often show them in the arp-table as belonging to the "wan" interface (the "show arp-table" command) despite being in the "lan1" interface.

Currently we resolve the problem manually by either pinging the machine from the router or having to issue a command such as "tracert 8.8.8.8" which seems to "fix" the arp table.

While the address is in the wrong interface it has no access to the internet.

This is the result of the show arp-table command. Please note that 192.168.10.143 doesn't have access to the internet and that 192.168.10.8 is classified both as lan1 and wan at the same time (it should be only in lan1).

Router> show arp-table
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.10.4             ether   00:1d:09:28:8a:1d   C                     lan1
192.168.10.153           ether   40:b4:cd:69:03:7d   C                     lan1
192.168.10.106           ether   94:65:2d:a3:76:8d   C                     lan1
192.168.10.143           ether   98:de:d0:05:42:54   C                     lan1
192.168.10.105           ether   b8:ae:ed:75:2c:ef   C                     lan1
192.168.10.123           ether   e0:d5:5e:0d:0f:7b   C                     lan1
192.168.10.151           ether   b8:ae:ed:73:1f:dd   C                     lan1
192.168.10.104           ether   b8:ae:ed:73:66:09   C                     lan1
192.168.10.132           ether   ac:0d:1b:f8:7d:c9   C                     lan1
192.168.10.143           ether   98:de:d0:05:42:54   C                     wan
192.168.10.150           ether   f8:63:3f:58:c2:71   C                     lan1
192.168.10.140           ether   78:24:af:3c:a5:91   C                     lan1
192.168.10.130           ether   94:de:80:77:15:67   C                     lan1
192.168.10.8             ether   d8:50:e6:d3:0d:00   C                     lan1
192.168.10.129           ether   10:c3:7b:4d:fb:b0   C                     lan1
192.168.10.157           ether   1c:1b:0d:17:8c:5d   C                     lan1
192.168.10.110           ether   30:5a:3a:09:1d:d0   C                     lan1
192.168.10.166           ether   b8:ae:ed:73:65:f2   C                     lan1
192.168.10.8             ether   d8:50:e6:d3:0d:00   C                     wan
192.168.10.100           ether   40:d3:ae:70:c1:4c   C                     lan1
192.168.10.203           ether   00:17:61:12:3a:85   C                     lan1

We need help with resolving this.


thanks in advance,

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    Hello ogentech,
    To analyze this case,
    please private message the packet of wan and lan1 to me, when issue occur.
    Moreover, since the IP: 192.168.10.143 and 192.168.10.8 are classified both as lan1 and wan, I would like you to double confirm the topology which is not loop. (Please share the topology of this case).
    Charlie

Security Highlight