Odd Network Connectivity

Recently two of the machines on my network went down, more or less at the same time. I checked the packet rate which seems to be fine (slight disparity which should be normal). The LAN icon in the tray says connected at 100Mbps.  In the "view network connections" it shows the same and the profile shows IP address, subnet mask, default gateway etc, fine.  They are all set to obtain addresses automatically.  Did IPconfig, all settings appear to be fine.  I pinged other machines in the network and sent and recieved al packets.  I pinged and address outside the network and it timed out.  The loss of connectivity on these machines appears to have happened rather suddenly.  Some more relevant information: I swept both machines and found viruses.  I also cleaned both machines of all viruses.  I connected my MAC to the end of one of the cables and also got no connection, so I am not completely convinced that it is the client machine.  I also was sure to use a cable that is known to be working (i took it off of a connected machine). Both machines indicate that they are connected.  Though I am sure that is deceptive since they are probably only connected the the switch. 

One more side note:  I recently daisy chained a "dumb" switch in to increase the number of computers in one room.  I did that a couple of weeks ago. But only one of the machines is in that room. 

I am completely baffled at this point.  I ran the netshell utility also.  One other thing, when the computer boots up the command line window opens and says "A connection could not be found"

Any help would be greatly appreciated.  Thanks.

On the cable where you couldn't connect with your Mac, can you move the cable to a different port on the switch in the network closet?  This will isolate the problem to either the cable plant or network switch.  If everything is ok on another port then try the questionable port directly to your mac with a patch cable in the network closet.

If the switch is a manageable switch you may be able to log onto the management address of the switch and see in the logs if the port has been shut down, or reconfigured in a way that makes the port inoperable.

If it is not a managed switch you should be able to do some diagnosis with the lights on the switch port and the NIC card on the PC or MAC.  You should see a light pattern that matches the other switch ports.

Dave

Dave,

         Thanks for responding.  I did move the cable between ports.  Though I have not test the light pattern.  The main switch is a firebox soho and there is another unmanaged switch which is a netgear fs116.  Strangely none of the other ports except the ones that are already in use actually seem to work.  The firebox has been password protected adn the previous admin didnt leave the info on it behind.  Will resetting it to factory require reconfigration of the network?  Thanks again.

Since your router is also your firewall and router, I'm pretty sure your reset to factory defaults would result in having to reconfigure the entire device. 

Since the firebox is a discontinued product, and you have no administrative access to it (is this something your ISP would have set up and own the password to?) I would consider trying to replace the entire device.

It is possible that the firebox has the intelligence to disable the ports when it finds a problem or consider what's happening a security breach.  This could explain the PC not working when you added the hub.

The unmanaged switch should not have any issues that a power off power on wouldn't reset, unless the port is actually damaged (lighting strike power surge etc.)

Dave

Dave,

    Thanks again.  I don't have an issue with resetting to factory defaults, I am just wondering if that would wreak havoc on the rest of the network (i.e. will other devices lose connectivity until i reconfigure it).  I only ask because I am trying to keep the man hours low and manageable for my ngo client.  I read in the manual that lost password would require resettig to factory, so I assume the ISP wouldn't need to send me that info.  I will check into it tonite and tomorrow and post again.  Thanks again for your help.

I am presuming the router is the pathway to the Internet so when you reset to factory defaults you will loose your authentication to the ISP and loose your Internet connectivity.  You will need your authentication information to program back into the router.  This box may also be providing DHCP services to your network, so when you boot PCs they will not be able to obtain an IP address until that is reconfigured.

The devices should still be able to pass Ethernet packets across the switch.

Dave

I also just wanted to make sure I heard you right.  Did you suggest that the router/firewall disabled the ports for those two machines because a virus was detected?  If so, I would then need to reconfigure those ports in order to restore connectivity to those machine? (i.e., it isnt simply a matter of removing the threats, or even reinstalling the OS on the affected systems.).  Thanks again

On high end equipment it would be possible for a network intrusion system to detect network virus type activity and disable the port that the bad traffic is coming from.  On the lower end equipment the port can be disabled more from the physical and data layer of the ISO model. 

So a defective network card could begin "jabbering" which the switch would detect as invalid traffic and shut the port down.  Unplugging and plugging the cable back in should reset this and start you over.

It is possible that the switch is configured to only accept traffic from a particular NIC card attached to a particular port.  Again this is more from the managed switch environment than unmanaged switches.  Your soho router probably is more of an unmanaged switch that is looking for malformed packets and jabbering than particular high level traffic.

To keep on track to your problem.  If a laptop cannot get on the network by using a known good patch cable to a port on the switch the port is defective, if a power off / power on doesn't resolve the problem and a factory reset doesn't get the ports working again it is a hardware problem and the device should be replaced. 

With the factory reset you just need to be sure you know all the information to reload the configuration in the router / firewall / VPN part of the box (any Ethernet port configuration should be fine defaulted).

Dave

Dave,

         Thank you again for your timely responses.  The firebox and the fs116 are in different rooms (hey i didnt build it).  I can access at least one of the machines through remote desktop (this one is my main concern at this point).  Also, I can ping other machines from this computer.  The FS116 is slaved into the firebox (all the way on the other side of the office).  Switching the client machine in question between ports on the FS116 has yielded no positive results.  But some of the other devices that are plugged into the FS116 appear to be functioning correctly.  I am going to go in and troubleshoot some more now, Ill post here to let everyone know what I discover.  Thank you.

After some careful examination of the hardware I've determined the following:

The firebox router is connected to the internet via a westell modem.  The WAN cable it connected to a data jack the leads all the way to the other side of the office where it is connected to the netgear fs116 switch.  The computer in that room and two adjacent rooms, plus printers are connected to this switch.  3 computers in the room with the firebox occupy 3 of the ports on the firebox itself, the 4th is occupied by another cable that is connected to a "dumb" switch (a real cheapy).  I assumed this was done to increase the number of available ports in that room.  The fs116 only has about 2/3 of its ports occupied and none of the remaining ports appear to have a signal (i tested this with a working cable).  There wasn't a whole lot of info on the firebox, but it does have a config interface that I can access through the browser using the ip address.  I am uncertain if this qualifies as a managed router.  Since the main machine I am concerned about has network access (I can even acces it via remote desktop) but no internet, I think it is logical to assume that the signal stops at the router.  Though the point of disabling the addiditional ports on the fs116 escapes me.  It appears that only one of the ports on the cheapy switch is functioning also.  I am also accounting for the possibility that the number of additional ports is somehow restricted by the router.  The network originally had 9 machines, and I recently added two.  And now two machines (not the new ones) don't work.  Am I on the right track here?  Or should I be looking at something else, like DHCP or something?  Thanks again.

On a side note...

Consider documenting this info with a network diagram (Dia works pretty well if you don't have Visio).

A network diagram graphically shows how the servers, switches modems connect. Not only is it a great visual aid (helpful both for troubleshooting/pondering your network/etc. and for meetings with managers/vendors), but it will prevent "the next guy/gal" from having to repeat this work.

Just think how much easier all this would be if the last admin had taken the time to draw a picture of the network :)

A network diagram doesn't take very long and doesn't have to be perfect (since it's only for internal use). It doesn't even have to include the entire network... I have one taped to my filing cabinet that just shows the stuff involved in our VOIP network.

I would definitely take a look at the DHCP settings... if only to rule it out.

When you run into one of these "odd" problems, I find that it's best to try and isolate the trouble to a specific area. In other words, spend some time figuring out what is not causing the problem.

I like to draw a little diagram showing the flow (logical or physical or both) from the machine having a problem to whatever server/network/etc it should get to. I include every device that it touches. Then, it is just a matter of testing each device until I hit the one that is not working.

You've already been doing this (replacing the cable with known good, for example). My point is that I like to start at the computer (check settings) then work my way out until I hit the problem... checking everything along the way.

Back when I did tech support, I learned to verify, verify, verify. There is nothing worse than spending hours troubleshooting only to realize that the problem is caused by a setting you assumed was set correctly (port number, whatever).

Specifically in this case...

• Verify that the computers are using DHCP and do not have static address/mask/gateway
• Try pinging the FS116, Firebox, and Westell modem from a problem computer
• Disconnect both problem computers from the switch and move a working computer's cable to one of their ports (ipconfig /release; move cable; ipconfig /renew... just to be sure). If the working computer still works, then you can pretty much rule out the physical layer
• Go through server settings and make sure they are correct (DHCP, router settings/filters)

I would second the motion to create a network diagram, from your description it sounds like some of your work station are on the WAN side of the Firebox and the rest on the LAN side.  If this is the case then you may have two DHCP servers one on the Westell modem and one on the Firebox, and the two workstations may not be able to talk to each other for many reasons.

Dave