USG20W-VPN new clients belong to the wrong interface

ogentech Posts: 1  Freshman Member
edited April 2021 in Security

When machines in our network are turned off and started again our USG20W-VPN will often show them in the arp-table as belonging to the "wan" interface (the "show arp-table" command) despite being in the "lan1" interface.

Currently we resolve the problem manually by either pinging the machine from the router or having to issue a command such as "tracert" which seems to "fix" the arp table.

While the address is in the wrong interface it has no access to the internet.

This is the result of the show arp-table command. Please note that doesn't have access to the internet and that is classified both as lan1 and wan at the same time (it should be only in lan1).

Router> show arp-table
Address                  HWtype  HWaddress           Flags Mask            Iface             ether   00:1d:09:28:8a:1d   C                     lan1           ether   40:b4:cd:69:03:7d   C                     lan1           ether   94:65:2d:a3:76:8d   C                     lan1           ether   98:de:d0:05:42:54   C                     lan1           ether   b8:ae:ed:75:2c:ef   C                     lan1           ether   e0:d5:5e:0d:0f:7b   C                     lan1           ether   b8:ae:ed:73:1f:dd   C                     lan1           ether   b8:ae:ed:73:66:09   C                     lan1           ether   ac:0d:1b:f8:7d:c9   C                     lan1           ether   98:de:d0:05:42:54   C                     wan           ether   f8:63:3f:58:c2:71   C                     lan1           ether   78:24:af:3c:a5:91   C                     lan1           ether   94:de:80:77:15:67   C                     lan1             ether   d8:50:e6:d3:0d:00   C                     lan1           ether   10:c3:7b:4d:fb:b0   C                     lan1           ether   1c:1b:0d:17:8c:5d   C                     lan1           ether   30:5a:3a:09:1d:d0   C                     lan1           ether   b8:ae:ed:73:65:f2   C                     lan1             ether   d8:50:e6:d3:0d:00   C                     wan           ether   40:d3:ae:70:c1:4c   C                     lan1           ether   00:17:61:12:3a:85   C                     lan1

We need help with resolving this.

thanks in advance,

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hello ogentech,
    To analyze this case,
    please private message the packet of wan and lan1 to me, when issue occur.
    Moreover, since the IP: and are classified both as lan1 and wan, I would like you to double confirm the topology which is not loop. (Please share the topology of this case).

Security Highlight