News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

AccessFromWAN being ignored by OBI202??

Started by xzaphod, June 02, 2013, 10:06:22 AM

Previous topic - Next topic

xzaphod

Hello.

So I recently bought the OBI202. Turns out I got hardware version is 1.4 and software version 3.0.1 (Build: 3932).

It was easy to configure with two Google Voice numbers (phone & fax), and turned on AccessFromWAN. After confirming everything's okay, including accessing the OBI202 from the wired WAN port, I then plugged in the WiFi dongle and got that working. Again, I was successful accessing the OBI202 configuration from the (now WiFi'd) WAN port at the unique IP address it's getting from my DHCP lease server. I configured the DHCP lease server to always issue that MAC address that same IP address so it doesn't move around.

Fast forward to today. I am trying to get access to the OBI202 to "snapshot" my network equipment configurations. Nothing changed since I was last on the OBI202. In fact, nothing changed anywhere on that VLAN. The OBI202 had not even rebooted (it's on a UPS to protect it from power glitches).

Using obitalk.com, I am successful getting into the Expert Mode configuration. I see the IP address is as I expected: what I assigned a couple weeks earlier. The box behaves correctly using obitalk.com.

I confirmed from my router's DHCP lease server combined with my log files that there are no duplicate IP addresses on that VLAN.

I am about to save a copy of my configuration to my local computer. I can only do that from the OBI202 web server. So I type my IP address into my web browser and, lo, it fails. My web browser says the web page isn't there after a few seconds of "Waiting for web page to load".

Using ***0 and 30#, I determine that the OBI202 still says AccessFromWAN is enabled. I also see this on obitalk.com.

I connect a straight-thru RJ45 cable from my computer to the OBI202 LAN port. My computer gets an IP address in the 192.168.10.0/24 network and I am successful getting access to the OBI202 web pages using 192.168.10.1. I disable AccessFromWAN and save that configuration. After disconnecting the RJ45 and getting back on this VLAN, I am unable to get to the OBI202 at port 80. I am not surprised.

I reconnect the RJ45 and re-enable AccessFromWAN; ***0 + 30# confirms that AccessFromWAN is enabled once again. I disconnect the RJ45, get back on my home VLAN, and try again to connect to my OBI202 network address at port 80. No joy in Mudville.

Why did my OBI202 decide, seemingly spontaneously, to refuse to obey AccessFromWAN? Anyone have a similar experience? How did you solve this?

Yes, I can connect my RJ45 and get access but that's not the way it's supposed to work.

Shale

Can you ping your OBi202? A subnet problem could give that kind of symptoms... make sure that the IP you hand out to the OBi is in the same subnet as the computer.

xzaphod

Good point! I checked my router. Both clients (OBI202 & computer) are on the same VLAN, same subnet, and are using the same WLAN (wireless LAN) radio on my WiFi router. The subnet is a /24 with no further partitioning.

I ran Wireshark to watch the computer's network traffic. When I ping the OBI202, I see the computer sending multiple ARP (Address Resolution Protocol) "Who has <OBI202 IP address>?" requests on the VLAN but I don't see the OBI202 responding to that ARP request. There is a lot of other traffic on the wireless network interface: this is certainly working. Wireshark on my computer is limited in that it is not a full WiFi packet sniffer; I cannot see the OBI202 traffic with my router's radio, just what traffic would get back to my computer. [Perhaps time to get a WiFi packet sniffer?]

It would seem the OBI202 isn't responding to ARP requests when other devices on the OBI's network ask for its IP address. This would appear to be a change in the OBI202 behavior because a couple weeks ago I was successful configuring the OBI202 from its WAN interface.

Any suggestions?

QBZappy

Quote from: xzaphod on June 02, 2013, 10:06:22 AM
I reconnect the RJ45 and re-enable AccessFromWAN; ***0 + 30# confirms that AccessFromWAN is enabled once again. I disconnect the RJ45, get back on my home VLAN, and try again to connect to my OBI202 network address at port 80. No joy in Mudville.

At this point confirm the OBi ip by using the phone attached to the Obi. Dial ***1. Is it the ip address you expect? Can you successfully ping the address.
Owner of the 1st OBi110/100 units in service in Canada & South America. 1st OBi202 on my street. 1st OBi1032 in Montreal.

xzaphod

#4
The problem is averted! I'd like to say "solved" but I cannot make that claim.

Performing the diagnostics that led to my most recent post on this thread got me a-thinkin' about what might be happening on my home network. The home network is composed of multiple VLANs and multiple WLANs with multiple WiFi router radios broadcasting different SSIDs.

I remembered I'd set up another WLAN (SSID) on the same router radio that the OBI202 is using. This was for redundancy and not a vital component (at least not yet). So I turned off the broadcast of that SSID from that router's radio and, lo!, I could ping and connect to the OBI202 web interface. Woohoo! At least a little.

I have been trying to figure out why the OBI202 wouldn't respond to the ARP request when the router's radio is broadcasting two SSIDs (each with a different set of credentials). I don't understand enough of WiFi to develop a credible hypothesis.

Anyone able to proffer an explanation? I'm stumped.

Edit: The router radio was broadcasting two SSIDs on the same MAC address. With just one SSID on the MAC address, the OBI202 web interface seems to work.


Shale

When using Wireshark, you will need to have each device that you want to watch connected to a hub that is not a switch. http://wiki.wireshark.org/HubReference Don't be surprised to pay more for a dumb hub than for a smarter switch.

I bought a used Netgear 104 for that purpose.

xzaphod

Thank you. The layer 2 network hub is a possible solution on a wired network and would work well if all your devices are reasonably co-located. I've used this solution before.

Another solution on a wired network is to bridge layer 3 traffic from all the ports on a VLAN (including the WLAN) onto a single port where your Wireshark computer is plugged in. Of course, you have to have a router that can do this link aggregation without suffering bandwidth overload.

My network is wireless and the OBI202 problem occurred when my router's WiFi configurationwas set to broadcast two different SSIDs; the problem seems purely related to WiFi so I need to see the network packets on the wireless side. Wireshark partners to offer a solution. Please see the URL http://www.riverbed.com/products-solutions/products/performance-management/wireshark-enhancement-products/Wireless-Traffic-Packet-Capture.html This nifty capability is a WiFi USB dongle (not unlike OBI's WiFi dongle) operating in promiscuous mode and software for your Windows box. The two combine to sniff the air for all WiFi traffic the dongle's antenna can grab. All the packets are aggregated onto the USB port and delivered to Wireshark or other capture & analysis software. [Note, one could do something similar with a Bluetooth dongle and appropriate software that understood Bluetooth packets.]

The Wireshark/Riverbed solution comes in three flavors. The more upscale flavors include the ability to inject packets into the WiFi etherverse. You'd want (need!) a pretty fast computer to determine what to inject and to create and inject the packets fast enough to make a difference. I'd be happy with the $200 packet capture device. I had a wired network packet capture & injection capability many years ago. It can be quite interesting to watch, or alter, the traffic on a network.

Full disclosure: I neither have connection to Wireshark or Riverbed nor am I advocating any nefarious activity. The capability exists to help solve problems.

I still don't understand why having my router's WiFi radio broadcasting two SSIDs on the same MAC is confusing the OBI202 when none of my other devices seemed to have a problem. I wonder if it's a bug in the OBI202 support for WiFi via OBI's USB dongle?