SMC2804WBR can't get IP from DHCP server?

My config is like this:

DSL -> firewall -> switch -> SMC2804WBR -> PC

Starting from factory settings, it works. Then I configure the SMC:
no broadcast ESSID
64 bit WEP
MAC address filtering

Still works fine. Then I started to play with different cables. After a
while, the PC lost the internet connection but is still connected to the SMC
(can see SMC's config web page). I have other PC connected to the switch
before the SMC, so I know my internet is working.

The status page of the SMC says DSL/WAN is not connected. I keep clicking
renew to no avail. Rebooting the SMC didn't help. If I bypass the SMC, the
PC connected to the switch can obtain IP just fine. Finally, I force the SMC
to use a static IP/gateway/DNS and it then works.

Has anyone seen this problem? I'm using 1.11a firmware.

"peter" <(E-Mail Removed)> wrote in news:6dUcd.2444$EP4.1196@trnddc06:

> Has anyone seen this problem? I'm using 1.11a firmware.

Jump down to 1.10 and watch the problem disappear.

--
Minister of All Things Digital & Electronic, and Holder of Past Knowledge
(E-Mail Removed). Cabal# 24601-fnord | Sleep is irrelevant.
I speak for no one but myself, and |Caffeine will be assimilated.
no one else speaks for me. O- | Decaf is futile.

I have isolated this problem down to the firewall.
If I turn off the "SPI and Anti DoS" feature, then the DHCP client works
again.

I also tried with "SPI and Anti DoS" but turned off all the SPI options and
it still doesn't work. This implies something in the Anti DoS is preventing
its own DHCP client from working.

I don't understand the options in DoS, so I don't know how to isolate this
further, ideas?

Connection policy:
Fragmentation half-open wait: 10s
TCP Syn wait: 30s
TCP FIN wait: 5s
TCP connection idle timeout: 3600s
UDP session idle timeout: 30 s
H.323 data channel idle timeout: 180s

Dos Detect Criteria:
total incomplete tcp/udp sessions high: 300 sessions
total incomplete tcp/udp sessions low: 250 sessions
incomplete tcp/udp sessions (per min) high: 250 sessions
incomplete tcp/udp sessions (per min) low: 200 sessions
max incomplete tcp/udp sessions number from same host: 10
incomplete tcp/udp sessions detect sensitive time period: 300 ms
max half-open fragmentation packet number from same host: 30
half-open fragmentation detect sensitive time period: 10000ms
flooding cracker block time: 300s


"peter" <(E-Mail Removed)> wrote in message
news:6dUcd.2444$EP4.1196@trnddc06...
> My config is like this:
>
> DSL -> firewall -> switch -> SMC2804WBR -> PC
>
> Starting from factory settings, it works. Then I configure the SMC:
> no broadcast ESSID
> 64 bit WEP
> MAC address filtering
>
> Still works fine. Then I started to play with different cables. After a
> while, the PC lost the internet connection but is still connected to the
> SMC (can see SMC's config web page). I have other PC connected to the
> switch before the SMC, so I know my internet is working.
>
> The status page of the SMC says DSL/WAN is not connected. I keep clicking
> renew to no avail. Rebooting the SMC didn't help. If I bypass the SMC, the
> PC connected to the switch can obtain IP just fine. Finally, I force the
> SMC to use a static IP/gateway/DNS and it then works.
>
> Has anyone seen this problem? I'm using 1.11a firmware.
>

peter <(E-Mail Removed)> wrote:
> I have isolated this problem down to the firewall.
> If I turn off the "SPI and Anti DoS" feature, then the DHCP client works
> again.

SMC speaks to this a little in their FAQ
http://www.smc.com/index.cfm?sec=Sup..._id=379&site=c
It is also mentioned on DSL Reports
http://www.dslreports.com/forum/rema...6807~mode=flat


I unchecked SPI and anti-DoS because it prevents connection to any IP
address ending in 000 or 255 and also sent me a bunch of SMURF attack
messages. Prior to that I made these adjustments, which stopped some
problem that I had. My SMC7004WFW settings are behind yours.

> Connection policy:
> Fragmentation half-open wait: 10s -- 30
> TCP Syn wait: 30s -- 60
> TCP FIN wait: 5s -- 25
> TCP connection idle timeout: 3600s
> UDP session idle timeout: 30 s
> H.323 data channel idle timeout: 180s

> Dos Detect Criteria:
> total incomplete tcp/udp sessions high: 300 sessions
> total incomplete tcp/udp sessions low: 250 sessions
> incomplete tcp/udp sessions (per min) high: 250 sessions
> incomplete tcp/udp sessions (per min) low: 200 sessions
> max incomplete tcp/udp sessions number from same host: 10 --20
> incomplete tcp/udp sessions detect sensitive time period: 300 ms > --1000
> max half-open fragmentation packet number from same host: 30 > --60
> half-open fragmentation detect sensitive time period: 10000ms
> flooding cracker block time: 300s

---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5

Thanks for the pointers.
The solution suggested by another poster --- downgrade the firmware from
1.11a to 1.10, also works. In addition to your parameters, I should compare
the DoS parameters from the 1.10 firmware to the 1.11a one.

<(E-Mail Removed)> wrote in message
news:cl6e70$aol$(E-Mail Removed)...
> peter <(E-Mail Removed)> wrote:
>> I have isolated this problem down to the firewall.
>> If I turn off the "SPI and Anti DoS" feature, then the DHCP client works
>> again.
>
> SMC speaks to this a little in their FAQ
> http://www.smc.com/index.cfm?sec=Sup..._id=379&site=c
> It is also mentioned on DSL Reports
> http://www.dslreports.com/forum/rema...6807~mode=flat
>
>
> I unchecked SPI and anti-DoS because it prevents connection to any IP
> address ending in 000 or 255 and also sent me a bunch of SMURF attack
> messages. Prior to that I made these adjustments, which stopped some
> problem that I had. My SMC7004WFW settings are behind yours.
>
>> Connection policy:
>> Fragmentation half-open wait: 10s -- 30
>> TCP Syn wait: 30s -- 60
>> TCP FIN wait: 5s -- 25
>> TCP connection idle timeout: 3600s
>> UDP session idle timeout: 30 s
>> H.323 data channel idle timeout: 180s
>
>> Dos Detect Criteria:
>> total incomplete tcp/udp sessions high: 300 sessions
>> total incomplete tcp/udp sessions low: 250 sessions
>> incomplete tcp/udp sessions (per min) high: 250 sessions
>> incomplete tcp/udp sessions (per min) low: 200 sessions
>> max incomplete tcp/udp sessions number from same host: 10 --20
>> incomplete tcp/udp sessions detect sensitive time period: 300 ms
>> > --1000
>> max half-open fragmentation packet number from same host: 30 > --60
>> half-open fragmentation detect sensitive time period: 10000ms
>> flooding cracker block time: 300s
>
> ---
> Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5
>