Viewing Article

No StarNo StarNo StarNo StarNo Star | Jan 6 2011, 4:58 PM |
Disable ARP-Spoof Detection on Firewalls
As Sharedband aggregates traffic over multiple routers with differing MAC addresses, some devices can see the packets as being "Spoofed". To enable your connection to run at optimal capacity, you will need to turn this ARP spoofing detection feature off. To do so, follow the below instructions which we have provided for common firewalls:

DrayTEK 2820 Firewalls

The following information may extend to other Draytek models.

1) Telnet to your router

2) Check the status using the following command:
router> ip arp accept status
current status: disable
If the router returns disable as above then you will need to run the following command:
router> ip arp accept 1
Accept illegal ARP REPLY packets.
Now to check the status re-run the command:
router> ip arp accept status
current status: enable

Cisco Internet Service Routers (ISR) 1921/2951 Firewalls operating on IOS 15
This particular advice is only required if you have a 'routed IP block' provided by Sharedband.
The following information may extend to other Cisco Internet Service Routers provided that they are operating on IOS 15.

A secondary IP address needs to be added to the Cisco's WAN Ethernet interface (the interface facing the Sharedband routers) within the same subnet as the Sharedband router's LAN IP addresses.

For example: For Sharedband routers occupying 192.168.3.1-192.168.3.4, this would require the secondary IP address on the Cisco's WAN Ethernet interface to be configured with 192.168.3.254

The steps to achieve this are:

Access the Cisco firewall's command line configurator and type...

Router> enable
Router# conf t
Router(config)# int WAN-IF-NAME (e.g fa0/1)
Router(config-if)# ip address x.x.x.x 255.255.255.0 secondary (replace x.x.x.x with desired secondary address)
Router(config-if)# exit
Router(config)# exit
Router# wr mem