Nat Router Issues

Hi, I have an issue when I change my default gateway for another router.
The new router has the same IP addresses as the old one.
All my non-nat clients work perfectly but any client behind a Nat enabled Canopy radio will not be able to ping the default gateway or get onto the internet.
The only way to get them back on and working again seems to be to put the old router back in and away they go again.
Anyone have this issue or any ideas on how to fix.

Any help is appreciated.

Can you re-post with a little more detail including IP addresses and the physical layout of your network? I am confused as to what devices you are referring to when you are changing IP addresses of default gateways.

Do you have a clearly stated access list? ex. 0.0.0.255

Ok, the default gateway address that every radio on our network uses is 10.14.0.254 Mask 255.255.0.0
A present we are just using a netgear router with the above address and everthing works correctly. The netgear router is the default gateway to the internet.
As soon as I take out the above netgear router and replace it with either an IPCop pc or a Cisco router, any pc behind a Nat enabled router will not be able to ping the 10.14.0.254 address and will not be able to surf the net. Any pc behind a radio that is not in Nat mode works ok.
It appears that something in the Nat enabled radios does not allow it to talk to the new firewall.

Do you have a clearly stated access list? ex. 0.0.0.255 ?
As far as the Cisco router is concerned, it has an access list for 10.14.0.0 mask 255.255.0.0 and everything not behind a Nat radio is ok and can surf.

I am still having difficulty understanding your question.


Ok, the default gateway address that every radio on our network uses is 10.14.0.254 Mask 255.255.0.0


Are you referring to a radio in bridge mode? If so, are you referring to the radios’ LAN-1 Default Gateway?

A present we are just using a netgear router with the above address and everthing works correctly. The netgear router is the default gateway to the internet.


Are you saying that the Netgear WAN IP address is 10.14.0.254/16, or 10.14.0.254 is the WAN Default Gateway?

As soon as I take out the above netgear router and replace it with either an IPCop pc or a Cisco router, any pc behind a Nat enabled router will not be able to ping the 10.14.0.254 address and will not be able to surf the net. Any pc behind a radio that is not in Nat mode works ok.
It appears that something in the Nat enabled radios does not allow it to talk to the new firewall.


What I take from this description is that you have NAT-enabled radios in your network that are terminated into NAT-enabled routers.

Sorry for my ignorance but I am having difficulty helping you because I cannot wrap my head around your physical setup.

I will try to expain:

Default gateway address that every radio on our network uses is 10.14.0.254 Mask 255.255.0.0
Are you referring to a radio in bridge mode? If so, are you referring to the radios’ LAN-1 Default Gateway?
Yes

A present we are just using a netgear router with the above address and everthing works correctly. The netgear router is the default gateway to the internet.
Are you saying that the Netgear WAN IP address is 10.14.0.254/16, or 10.14.0.254 is the WAN Default Gateway?
The Netgear Routers IP address is 10.14.0.254. This address is the Default Gateway for the network.
Ie: all radios have the Netgear routers ip 10.14.0.254 as their default gateway.

What I take from this description is that you have NAT-enabled radios in your network that are terminated into NAT-enabled routers.
Yes that is true - is that a problem ?

If you have NAT turned OFF in the RADIO’S, (which turns DHCP OFF) plug into the WAN/INTERNET port on the Netgear Router. That way the Netgear router will hand out the IP’s, and perform NAT.

If you have NAT turned on in the RADIO’s (therefore the radios are handing out IP’s, (ex 169.254.1.2), plug into a numbered port. Use the netgear as an access point.

You should probably log into the netgear router and disable DHCP and see if you can disable NAT. Or just make it act as an access point, which may be a option.

If you have a NAT-enabled radio terminated into a NAT-enabled router then all traffic is being double-NAT-ed. It will obviously work but is not necessary. Follow the suggestions from the previous post and all should be fine.

Sorry but these replys don’t really help.
I have a large network spread out with radios etc…
All I need to do is replace the Netgear router with a Cisco router but I can’t as any Radio currently setup for Nat will then fail to access the internet through the router. They all work at present but as soon as the router is swapped - any radio running in Nat mode stops being able to access the internet.
I am looking for a reason why, when I change the Netgear WAN router and replace it with the Cisco router, any radio setup using Nat will not be able to access the internet. All other equipment including other Canopy radios not setup to use Nat can carry on and still use the internet.

You should prob. post the config of the Cisco router. Or call cisco support.

any radio running in Nat mode stops being able to access the internet.


Let me try to understand this. Are you saying that if you swap a Netgear router out with a Cisco router, every single NAT-enabled radio in your network stops working, or just the radio that is connected to the swapped router?

I would still suggest taking the NAT-eabled radios out of NAT mode if they are terminated into a NAT-router.

Let me try to understand this. Are you saying that if you swap a Netgear router out with a Cisco router, every single NAT-enabled radio in your network stops working, or just the radio that is connected to the swapped router?

CORRECT :slight_smile:
every single NAT-enabled radio in your network stops working

I would still suggest taking the NAT-eabled radios out of NAT mode if they are terminated into a NAT-router.
I would like to do this but it is not very pratical at the moment. It is a large network and there are a number of people using NAT enabled radios.

Ok. Now we are getting somewhere. Would it be possible to post the EXACT IP address information of one of your radios in question, as well as the IP information of one of your Netgear routers.

Example:

All IP information for all interfaces of a NAT-enabled radio

All IP information of a Netgear router, i.e. IP, mask and gateway of the router’s WAN interface, IP, mask, and gateway of the router’s LAN interface.

I know that when NAT is enabled on an SM, a bunch of “virtual interfaces” are created that you assign addresses to. I am not all that familiar with the terminology of these interfaces as all my SM’s are in bridge mode. But I think if I can draw out a portion of your network and place addresses in the correct place I can begin to help you fix this.

Can you send me a private message containing your email address and I will send it directly. I don’t really want to post too much information onto the Canopy site about our network.
Thanks

After you install the new router, try rebooting the customer equipment. It may be that the new router needs an ARP request.

Yes, thought of that, rebooted everything at my end and every radio in between. No better
Thanks

Can ARP be playing a role in this? I know ARP and NAT work together. ARP might have your gateway IP referencing the MAC of your Neatgear router. At a command prompt type

arp -a
to view the IP to MAC list. You can add a static entry using
arp -s 10.14.0.254   00-aa-00-62-c6-09
<<< MAC of new router) You could also delete any entries with 10.14.0.254 and let the PC rebuild the ARP table. I’m not sure if a Canopy has ARP or not, but a PC behind it would. Just a thought.

thanks for the ARP info,
I think you may be onto something here, checked in the Radio and it is set for an ARP timeout of 20 minutes. I will change this and also check the PC’s arp info.

Thatr’s your problem. The ARP timout in the radio needs to be higher than the core router.

Bridged networks work differently.

Hi all,
thanks for all the replys, after leaving turned on for 2 hours it starts to work. Must be the NAT timeouts as previously mensioned.