I have a SSG-5-SH-W-US and I cannot get the DHCP client to work with my Comcast LinkSys Cable modem. I upgraded from an old NS5GT which worked great but the SSG-5 just won't pick up an IP address. I've reset the unit and even used just the wizard to configure it (with no other options, using all defaults), to no avail. I checked the port ethernet0/0 and it seems to work fine.
The interfaces are defined as follows:
set interface eth0/0 zone untrust set interface eth0/0 dhcp-client enable set interface eth0/1 zone dmz set interface eth0/1 ip 192.168.10.1 255.255.255.0 set interface bgroup0 zone trust set interface bgroup0 ip 192.168.1.1 255.255.255.0 set interface bgroup0 manage set interface bgroup0 port ethernet0/2 set interface bgroup0 port ethernet0/3 set interface bgroup0 port ethernet0/4 set interface bgroup0 port ethernet0/5 set interface bgroup0 port ethernet0/6
Product Name: SSG5-Serial-WLAN Serial Number: 0xxxxxxxxxxxx, Control Number: 00000000 Hardware Version: 0710(0)-(00), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0) Flash Type: Samsung Software Version: 6.2.0r1.0, Type: Firewall+VPN Feature: AV-K Compiled by build_master at: Wed Oct 15 18:36:36 PDT 2008 Base Mac: 0017.cb80.7480 File Name: screenos_image, Checksum: 89b9a9c6, Total Memory: 256MB
Date 03/13/2009 05:50:56, Daylight Saving Time enabled The Network Time Protocol is Disabled Up 0 hours 24 minutes 22 seconds Since 13Mar2009:05:26:34 Total Device Resets: 15, Last Device Reset at: 03/13/2009 05:15:23
System in NAT/route mode.
In the DEBUG output, I captured the following:
## 2009-03-13 06:01:41 : DHCP: got packet from if <ethernet0/1>. ## 2009-03-13 06:01:41 : DHCP (ethernet0/0): Received ack msg xid <ac823278> from IP 68.87.xx.xx (MAC 001d457xxxx): offer IP 98.xx.xx.xx
## 2009-03-13 06:01:41 : DHCP (ethernet0/0): bad transaction id, got <ac823278>, expect <1397c174> ## 2009-03-13 06:01:43 : DHCP (ethernet0/0):Client periodic check(1,0) ## 2009-03-13 06:01:43 : DHCP: HA (client) send (Release): (ethernet0/1) ## 2009-03-13 06:01:43 : DHCP: send_dhcp_pak enter src_ip: 0x0, dst_ip: 0xffffffff ## 2009-03-13 06:01:43 : DHCP: packet send to outif <ethernet0/1>. ## 2009-03-13 06:01:43 : DHCP (ethernet0/0): Discover xid<1397c175>. ## 2009-03-13 06:02:01 : DHCP: got packet from if <ethernet0/1>. ## 2009-03-13 06:02:01 : DHCP (ethernet0/0): Received offer msg xid<05c76374> from IP 68.87.xx.xx (MAC 001d457xxxx): offer IP 73.xx.xx.xx
The bad transaction ID seems like the root of my problem I'm guessing. *sigh* The NS5GT was more forgiving. Unfortunately, the cable modem does not have any firmware updates available. Does anyone know how to get the SSG5 to be more forgiving and work? Thanks.
After an exhausting search on the internet, I found others who experienced this same problem. Amongst all of those, there was a gem. The problem is that some cable modems (LinkSys in my case) keep track of the MAC address to which they are connected. I needed to unplug the cable modem for a couple of minutes (not just a quick unplug but long enough for the residual power to discharge). Once I did that, it did the trick!