At one of our offices, a new ISP recently installed an Internet connection via Radwin microwave radios, going to an E1 line back to the capital where their routing equipment is. There is a very strange problem which has prevented us from using the Internet connection, and neither our technicians nor the ISP's have been able to resolve it.
When a laptop computer is connected to the Radwin, it can use the Internet connection. However, when we go from Radwin to our router (Linux-based) through a switch (HP 3500-24G-PoE+ yl), the connection is not usable. Our router ARPs for the GW, but never receives any replies.
Using mirror and monitor commands to mirror traffic from various switchports to another switchport where a laptop is running Wireshark, I can see ARP replies from the ISP reaching the ingress switchport. But the ARP replies are not visible on the egress switchport (to the router).
In Wireshark, I can see that the destination MAC addresses on these ARP packets is the router's address. I can also see the router's address in the switch's MAC address table. The switch should forward those packets to the egress switchport! But it doesn't.
Both switchports are on the same VLAN (ingress is untagged, egress is tagged). We are not using anything like arp-protect. No lockout-mac, no dhcp-snooping, no spanning-tree. The config is almost minimal.
The obvious conclusion is that the switch itself could be defective. But I have tried another HP switch and a Cisco SF302, with the same results in each case. I have also tried updating the firmware in the original HP 3500. All 3 of these switches have been successfully used elsewhere. Everything on our LAN works through any one of them. And the secondary Internet connection which is being used right now works through them as well, just not the new primary connection.
Also interesting is that I can ARP-ping (and ICMP ping) the management interfaces on the Radwins, from the router, through the switch. Those ARP replies pass through the switch just fine. But the ones from the GW do not.
I have experimented with manually setting MDIX, port speed, and duplex settings on the relevant switch ports; no difference.
Also interesting: the GW's MAC address does not appear in the switch's MAC address table. The MAC addresses of the Radwins and the router do.
Do you have any ideas why on earth these switches would behave this way???
Best Answer
What does the switch port configuration look like? Access, trunk, something else? Have you asked your ISP what their port configuration (not on the Radwin, but on their router/switchport facing you) looks like? Is spanning-tree forwarding facing the Radwin link in both directions? It kind of sounds like a VLAN mismatch or something along those lines.
Does it work if you plug that laptop into the switch? That would likely rule out the router config.