Results 1 to 2 of 2
  1. #1
    Newbie
    Join Date
    Jan 2020
    Posts
    1

    Default Hosts not discovered on a Cisco routed network

    This is an informational post as I've found a fix that might help others. I have the exact same setup and have the same issue till I fixed it. all IP address in devices had the MAC address of the Cisco switch/router, not their real MAC address.
    Originally posted on this thread:

    Untangle 12.1 routed mode

    WAN ><UNTANGLE><LAN (VLAN1) 172.16.1.1

    The LAN is comprised of Cisco Catalyst 2920 edge switches and a layer 3 Cisco Catalyst 3650 core switch with 2 VLANS configured; VLAN1 (172.16.1.0/24) the default management VLAN to which untangle is joined (internal interface 172.16.1.1) and VLAN10 (172.16.10.0/24) on which all internal hosts are connected. The core cisco switch (172.16.10.254) is configured as the default gateway to all hosts on VLAN10 and in turn VLAN10 on the cisco switches is configured with a default gateway address of the untangle internal interface (172.16.1.1). There is a static route configured on Untangle for VLAN10 with network 172.16.10.0/24 and next hop set to the internal interface.

    Untangle can ping all active hosts on VLAN10, hosts on VLAN10 can access the internet and Untangle filters the hosts but it can't resolve individual hosts, i.e. Untangle reports traffic coming from VLAN10 with a Hostname of "core switch". What we'd like to do is identify individual hosts - how might this be accomplished?

    The feedback on this post indicated that disabling the arp proxy on the Cisco switches would resolve the issue the command was:
    en
    config t
    ip arp proxy disable
    exit

    This actually stopped all my VLANs from accessing the internet via Untangle but it did point to the reason why and the fix. Arp proxy is supposed to help connect clients when there's not default gateway configured. I do have this configured so why did the clients stop accessing the internet?

    Well it was simple...
    I had chosen the out of box option for declaring routes on Config>Network>Routes>New Static Route
    On each VLAN, I'd chosen the "Next Hop" to be "Local on Internal" from the drop down. This worked because of the Arp Proxy service running on the Cisco switches/Router but listed all the Host as the same MAC Address
    When I turn off the Arp Proxy service, there was nothing to join the networks together. Client could no longer access the Internet!

    The Fix:
    I turned Arp proxy back on! Use the command no #ip arp proxy disable, no reason not to run it and client could access the internet again.

    On Config>Network>Routes>New Static Route, instead of using the drop down list, I typed the IP address of the Default Gateway of the VLAN that Untangle was connected too, so routing was correct and then I cleared all the Hosts/Devices by running the script below:

    SSH in Untangle and run:

    /etc/init.d/untangle-vm stop

    rm -f /usr/share/untangle/settings/untangle-vm/devices.js
    rm -f /usr/share/untangle/settings/untangle-vm/hosts.js

    /etc/init.d/untangle-vm start

    All the Hosts and Devices will be cleared out.

    Low and behold, all the IP address had the real Host names and for the first time, we can see who is doing what.

    I hope this helps anyone else with this issue with a Cisco Network.
    Last edited by HughesHall; 01-20-2020 at 06:44 AM.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,352

    Default

    Quote Originally Posted by HughesHall View Post
    This is an informational post as I've found a fix that might help others. I have the exact same setup and have the same issue till I fixed it. all IP address in devices had the MAC address of the Cisco switch/router, not their real MAC address.
    Thanks for posting this tip!
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2