Hello community, in the process of deploying a 20X at a temporary site last week we observed some strange behaviour.
Consider the following very basic topology:
The ISP router was issuing an IP to our 20X via DHCP, this all works as expected, however clients connecting to the LAN ports on the 20X were unable to obtain an IP from the Peplink via DHCP.
On checking the event log on our 20X we observed the following log entries:
Note that nearly all the IPs in the DHCP pool are being claimed by a single MAC address (48:8f:5a - a Mikrotik Router), this MAC address is the interface of the ISP router connected to WAN1 of our 20X.
There are no physical connections to the ISP router apart from the single WAN port on the 20X (checking the ARP table from CLI confirmed the only interface that MAC was seen on was WAN1), the ISP router is not configured in any way for the 192.168.3.0 /24 network, the ISP router is not acting as a DHCP client on the interface facing our 20X.
The only explanation for this behaviour I had was that the ISP router was performing Proxy-ARP on that interface and that for some reason our Peplink was checking for addresses being in use before allocating them to DHCP clients but was incorrectly sending those test packets out of all interfaces, not just the interface the subnet is directly attached to and as a result the ISP router was claiming that 192.168.3.xxx was owned by itself because of them performing Proxy-ARP and the IP would then be marked as “in use” for the DHCP pool - repeat this process until the pool is exhausted.
Once we spoke with the ISP engineers they confirmed that their router was indeed configured for Proxy-ARP (why they had this enabled they could not say), on disabling Proxy-ARP on their interface connected to our 20X our problem went away.
I am waiting to get home in a couple of days so I can setup a proper test environment with some traffic taps either side of a 20X so I can try and reporduce the behaviour and obtain packet captures to confirm my suspicions but before I do that has anybody seen this before, is it a known issue in 8.1.0 and if so is it fixed in 8.1.1?