-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hii, Mi ISP has replaced my router, and suddenly, all the machines behind the switches do not work. I power cycled router and switches. hgu router | \--------------- laptop (with full connection) | Switch 8 ports |\ | -- chromecast (without internet connection, does not work) || Switch 16 ports | | | | \ ---- desktop computer (partial connectivity) | | | | | | | Several computers, printer, etc. - From the laptop, when connected directly to the router, I have full connectivity. If I connect the laptop to the first switch: - I get IP from the router via DHCP. - I can't ping the router or connect to its web at 192.168.1.1 or outside. - I can connect to the desktop computer On the desktop computer: - I cannot ping the router nor connect to router config web at 192.168.1.1 or outside. - I can connect to the laptop and any other machine, except the router. On the router, I can see the map of all computers. On the switches, all LEDs are green. Since I can connect from the laptop to the desktop (and vice versa) via ssh, it means that all cabling and switches are working perfectly. There is connection from the computers to the router, as they get IP address by DHCP. - From the laptop, connected directly to the router, I can ping the switches. But I can't connect to the router configuration through the switch, ping 192.168.1.1, or connect to the internet. The router is blocking these connections, somehow. laptop: cer@Legolas:~> ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 1c:83:41:1b:d8:33 brd ff:ff:ff:ff:ff:ff altname enp3s0 inet 192.168.1.127/16 brd 192.168.255.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::f8a0:12a3:7a65:18ab/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 86:8e:bd:76:ea:47 brd ff:ff:ff:ff:ff:ff permaddr a0:d3:7a:a5:1d:4c altname wlp2s0 cer@Legolas:~> ip route default via 192.168.1.1 dev eth0 proto static metric 100 192.168.0.0/16 dev eth0 proto kernel scope link src 192.168.1.127 metric 100 cer@Legolas:~> cer@Legolas:~> route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default router.valinor 0.0.0.0 UG 100 0 0 eth0 192.168.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eth0 cer@Legolas:~> Desktop: cer@Telcontar:~> ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:d8:61:a1:5a:bd brd ff:ff:ff:ff:ff:ff altname enp34s0 inet 192.168.1.14/16 brd 192.168.255.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::2d8:61ff:fea1:5abd/64 scope link valid_lft forever preferred_lft forever cer@Telcontar:~> ip route default via 192.168.1.1 dev eth0 192.168.0.0/16 dev eth0 proto kernel scope link src 192.168.1.14 cer@Telcontar:~> cer@Telcontar:~> route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default router.valinor 0.0.0.0 UG 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 cer@Telcontar:~> When I connect the laptop via dhcp, I get: Legolas:~ # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default router.valinor 0.0.0.0 UG 100 0 0 eth0 192.168.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eth0 Legolas:~ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 1c:83:41:1b:d8:33 brd ff:ff:ff:ff:ff:ff altname enp3s0 inet 192.168.2.6/16 brd 192.168.255.255 scope global dynamic noprefixroute eth0 valid_lft 43170sec preferred_lft 43170sec inet6 fe80::830d:8dec:3a05:4af3/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 86:8e:bd:76:ea:47 brd ff:ff:ff:ff:ff:ff permaddr a0:d3:7a:a5:1d:4c altname wlp2s0 Legolas:~ # - -- Cheers Carlos E. R. (from openSUSE Leap 15.3 at Legolas) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCY8GVExwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVn04AnRIp+0JMrp+zmqKEVqph AgKqY6gSAKCNrmaNOrJ/sEHENzVVFRCzvkyh8Q== =MZdT -----END PGP SIGNATURE-----
On Fri, 13 Jan 2023 18:29:55 +0100 (CET) "Carlos E. R." <robin.listas@telefonica.net> wrote:
Hii,
Mi ISP has replaced my router, and suddenly, all the machines behind the switches do not work.
I power cycled router and switches.
hgu router | \--------------- laptop (with full connection) | Switch 8 ports |\ | -- chromecast (without internet connection, does not work) || Switch 16 ports | | | | \ ---- desktop computer (partial connectivity) | | | | | | | Several computers, printer, etc.
- From the laptop, when connected directly to the router, I have full connectivity.
If I connect the laptop to the first switch:
- I get IP from the router via DHCP. - I can't ping the router or connect to its web at 192.168.1.1 or outside. - I can connect to the desktop computer
On the desktop computer:
- I cannot ping the router nor connect to router config web at 192.168.1.1 or outside. - I can connect to the laptop and any other machine, except the router.
On the router, I can see the map of all computers.
On the switches, all LEDs are green.
Since I can connect from the laptop to the desktop (and vice versa) via ssh, it means that all cabling and switches are working perfectly.
There is connection from the computers to the router, as they get IP address by DHCP.
- From the laptop, connected directly to the router, I can ping the switches.
But I can't connect to the router configuration through the switch, ping 192.168.1.1, or connect to the internet. The router is blocking these connections, somehow.
Something seems very strange to my eyes with the addresses, namely the /16 That seems fairly unusual for a domestic network. Also you don't say what the router or switch hardware actually are?
laptop:
cer@Legolas:~> ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 1c:83:41:1b:d8:33 brd ff:ff:ff:ff:ff:ff altname enp3s0 inet 192.168.1.127/16 brd 192.168.255.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::f8a0:12a3:7a65:18ab/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 86:8e:bd:76:ea:47 brd ff:ff:ff:ff:ff:ff permaddr a0:d3:7a:a5:1d:4c altname wlp2s0 cer@Legolas:~> ip route default via 192.168.1.1 dev eth0 proto static metric 100 192.168.0.0/16 dev eth0 proto kernel scope link src 192.168.1.127 metric 100 cer@Legolas:~> cer@Legolas:~> route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default router.valinor 0.0.0.0 UG 100 0 0 eth0 192.168.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eth0 cer@Legolas:~>
Desktop:
cer@Telcontar:~> ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:d8:61:a1:5a:bd brd ff:ff:ff:ff:ff:ff altname enp34s0 inet 192.168.1.14/16 brd 192.168.255.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::2d8:61ff:fea1:5abd/64 scope link valid_lft forever preferred_lft forever cer@Telcontar:~> ip route default via 192.168.1.1 dev eth0 192.168.0.0/16 dev eth0 proto kernel scope link src 192.168.1.14 cer@Telcontar:~> cer@Telcontar:~> route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default router.valinor 0.0.0.0 UG 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 cer@Telcontar:~>
When I connect the laptop via dhcp, I get:
Legolas:~ # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default router.valinor 0.0.0.0 UG 100 0 0 eth0 192.168.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eth0 Legolas:~ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 1c:83:41:1b:d8:33 brd ff:ff:ff:ff:ff:ff altname enp3s0 inet 192.168.2.6/16 brd 192.168.255.255 scope global dynamic noprefixroute eth0 valid_lft 43170sec preferred_lft 43170sec inet6 fe80::830d:8dec:3a05:4af3/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 86:8e:bd:76:ea:47 brd ff:ff:ff:ff:ff:ff permaddr a0:d3:7a:a5:1d:4c altname wlp2s0 Legolas:~ #
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-ID: <2fc4758b-dab6-e8ed-92c6-b1e0cdfc171a@Legolas.valinor> El 2023-01-13 a las 20:26 -0000, Dave Howorth escribió:
On Fri, 13 Jan 2023 18:29:55 +0100 (CET) "Carlos E. R." <> wrote:
Hii,
Mi ISP has replaced my router, and suddenly, all the machines behind the switches do not work.
But I can't connect to the router configuration through the switch, ping 192.168.1.1, or connect to the internet. The router is blocking these connections, somehow.
Something seems very strange to my eyes with the addresses, namely the /16 That seems fairly unusual for a domestic network.
That was a change I implemented years ago on the previous router, after comments here. It worked fine. Anyway, the new router failed before changing that. Not related.
Also you don't say what the router or switch hardware actually are?
Because the router namae will mean nothing to you. It is an HGU, it is in the graph. On another part of the web it says it is an: Optical fibre access equipment -Askey Model: RTF8115VW Hardware revision 5 software ES_g13.12_RTF_TEF001_V8.19_V026 In the label it says it is "router smart WiFi (HGU) RTF8115VW The 1st switch is TP-Link TL-SG108E 8-Port Gigabit Easy Smart Switch The 2nd switch is TP-Link TL-SG1016DE 16-Port Gigabit Easy Smart Switch EVERYTHING was working before the router was replaced. In this situation: Router---SW1---SW2---Laptop2 | | | | | desktop Laptop1 | google chromecast chromecast does not have internet The latop1 has full connectivity: It has internet (via dhcp or not), can ssh to desktop, can ping SW1, can ping SW2, can ping router. Laptop2 (running XFCE rescue Leap 15.1, auto network) gets IP via DHCP. Desktop has partial connectivity (lan, no internet): can ssh to laptop1 can ping SW1 can ping SW2 can not ping router If I connect the router to only one of the switches (either one) the situation doesn't change. I have not seen diagnostic tools in the router web page. The router has ssh but refuses my password, and a second attempt doesn't even connect. The log has this: Jan 14 00:49:13 (none) authpriv.info dropbear[26307]: Child connection from 192.168.1.127:60876 Jan 14 00:49:14 (none) authpriv.notice dropbear[26307]: now_time = 7690 Jan 14 00:49:14 (none) authpriv.info dropbear[26307]: AppIsAllowToLogin(): Protection of brute force attack!! Lockout remaining: 109 seconds. Jan 14 00:49:14 (none) authpriv.info dropbear[26307]: Exit before auth: Protection of brute force attack!! Lockout remaining: 109 seconds. Ok, then I can try again. Got in. Doesn't accept "help" or "ping" as commands. Nor "?" - -- Cheers Carlos E. R. (from openSUSE 15.4 (Legolas)) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCY8HwKRwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfV4aMAoJVmX2VFixwgouNLMpcL Oh7IAlOMAJ42iCg9OaVeEOMfnbu9BUEQiDEbnw== =jS3e -----END PGP SIGNATURE-----
On 1/13/23 15:58, Carlos E. R. wrote:
Content-ID: <2fc4758b-dab6-e8ed-92c6-b1e0cdfc171a@Legolas.valinor>
El 2023-01-13 a las 20:26 -0000, Dave Howorth escribió:
On Fri, 13 Jan 2023 18:29:55 +0100 (CET) "Carlos E. R." <> wrote:
Hii,
Mi ISP has replaced my router, and suddenly, all the machines behind the switches do not work.
But I can't connect to the router configuration through the switch, ping 192.168.1.1, or connect to the internet. The router is blocking these connections, somehow.
Something seems very strange to my eyes with the addresses, namely the /16 That seems fairly unusual for a domestic network.
That was a change I implemented years ago on the previous router, after comments here. It worked fine. Anyway, the new router failed before changing that. Not related.
Also you don't say what the router or switch hardware actually are?
Because the router namae will mean nothing to you. It is an HGU, it is in the graph.
On another part of the web it says it is an:
Optical fibre access equipment -Askey Model: RTF8115VW
Hardware revision 5 software ES_g13.12_RTF_TEF001_V8.19_V026
In the label it says it is "router smart WiFi (HGU) RTF8115VW
The 1st switch is TP-Link TL-SG108E 8-Port Gigabit Easy Smart Switch
The 2nd switch is TP-Link TL-SG1016DE 16-Port Gigabit Easy Smart Switch
EVERYTHING was working before the router was replaced.
In this situation:
Router---SW1---SW2---Laptop2 | | | | | desktop Laptop1 | google chromecast
chromecast does not have internet
The latop1 has full connectivity: It has internet (via dhcp or not), can ssh to desktop, can ping SW1, can ping SW2, can ping router.
Laptop2 (running XFCE rescue Leap 15.1, auto network) gets IP via DHCP.
Desktop has partial connectivity (lan, no internet): can ssh to laptop1 can ping SW1 can ping SW2 can not ping router
If I connect the router to only one of the switches (either one) the situation doesn't change.
I have not seen diagnostic tools in the router web page. The router has ssh but refuses my password, and a second attempt doesn't even connect. The log has this:
Jan 14 00:49:13 (none) authpriv.info dropbear[26307]: Child connection from 192.168.1.127:60876 Jan 14 00:49:14 (none) authpriv.notice dropbear[26307]: now_time = 7690 Jan 14 00:49:14 (none) authpriv.info dropbear[26307]: AppIsAllowToLogin(): Protection of brute force attack!! Lockout remaining: 109 seconds. Jan 14 00:49:14 (none) authpriv.info dropbear[26307]: Exit before auth: Protection of brute force attack!! Lockout remaining: 109 seconds.
Ok, then I can try again.
Got in. Doesn't accept "help" or "ping" as commands. Nor "?"
Does this help, Carlos? https://bandaancha.eu/store/josh/manual-router-hgu-askey-rtf8115vw.pdf Regards, Lew
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El 2023-01-13 a las 16:05 -0800, Lew Wolfgang escribió:
On 1/13/23 15:58, Carlos E. R. wrote:
...
Does this help, Carlos?
https://bandaancha.eu/store/josh/manual-router-hgu-askey-rtf8115vw.pdf
That's an interesting find, thanks. It seems to be an incomplete manual for the ISP chap that goes to the houses to install the thing, so not the user manual. - -- Cheers Carlos E. R. (from openSUSE 15.4 (Legolas)) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCY8H22Rwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVeesAniiR8hgTIm4w+h7dHqXm EMKnT3ZEAJ4xsgnAsCkiJgy3GnQP1jql+sz4iQ== =jjkx -----END PGP SIGNATURE-----
* Carlos E. R. <robin.listas@telefonica.net> [01-13-23 19:28]:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
El 2023-01-13 a las 16:05 -0800, Lew Wolfgang escribió:
On 1/13/23 15:58, Carlos E. R. wrote:
..
Does this help, Carlos?
https://bandaancha.eu/store/josh/manual-router-hgu-askey-rtf8115vw.pdf
That's an interesting find, thanks.
It seems to be an incomplete manual for the ISP chap that goes to the houses to install the thing, so not the user manual.
- -- Cheers Carlos E. R.
(from openSUSE 15.4 (Legolas))
-----BEGIN PGP SIGNATURE-----
iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCY8H22Rwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVeesAniiR8hgTIm4w+h7dHqXm EMKnT3ZEAJ4xsgnAsCkiJgy3GnQP1jql+sz4iQ== =jjkx -----END PGP SIGNATURE-----
did you bother to try changing the ###/16s to ***/24 ??? -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet oftc
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El 2023-01-13 a las 21:31 -0500, Patrick Shanahan escribió:
* Carlos E. R. <> [01-13-23 19:28]:
El 2023-01-13 a las 16:05 -0800, Lew Wolfgang escribió:
On 1/13/23 15:58, Carlos E. R. wrote:
did you bother to try changing the ###/16s to ***/24 ???
Patrick, please. It was /24 when the technician left the house, and it was not working. I did not change to /16 till an hour or two later. And it has been /16 for years in the previous router. Right now, I can ping from desktop or laptop 2 to laptop 1. I changed nothing, it just started to work. But ping to router sill doesn't work. I will leave ping trying while I go to sleep. - -- Cheers Carlos E. R. (from openSUSE 15.4 (Legolas)) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCY8IbrRwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVtEAAn30UDyctrmPd8EYu9wVt E/3fz3L4AJ9ZBG/lMweOByAboGu84aDmIhFKPw== =Gf2m -----END PGP SIGNATURE-----
On 1/13/23 21:04, Carlos E. R. wrote:
Right now, I can ping from desktop or laptop 2 to laptop 1. I changed nothing, it just started to work. But ping to router sill doesn't work.
I will leave ping trying while I go to sleep.
Sounds like a whole slew of F'ed up security software somewhere in the TCP stack that was bound to the old router MAC that now sees the new MAC and even though you have new IPs from (my guess is your router that does the DHCP for you??), they also have the old leases bound to the old MAC that either haven't expired, or are causing havoc with "which lease is the good lease". I've seen weird stuff with ISP routers are involved. I'm sure your tech made sure your new router was provisioned with the ISP and was happy, but the LAN facing part of what your router does for you (and what your old router did for you) may need time for all old leases to expire and work themselves out. Bouncing the machines and router doesn't necessarily clear all the stuff that is persistent based on the time the lease expires. No silver bullet for you, but it would be interesting to crank up Wireshark or tcpdump on laptop1 in promiscuous mode and grab 300 seconds of traffic and see if that sheds any light on what is going on... Only thing I can say for sure is -- Good Luck Carlos.... (you'll need it :) -- David C. Rankin, J.D.,P.E.
* David C. Rankin <drankinatty@suddenlinkmail.com> [01-13-23 22:28]:
On 1/13/23 21:04, Carlos E. R. wrote:
Right now, I can ping from desktop or laptop 2 to laptop 1. I changed nothing, it just started to work. But ping to router sill doesn't work.
I will leave ping trying while I go to sleep.
Sounds like a whole slew of F'ed up security software somewhere in the TCP stack that was bound to the old router MAC that now sees the new MAC and even though you have new IPs from (my guess is your router that does the DHCP for you??), they also have the old leases bound to the old MAC that either haven't expired, or are causing havoc with "which lease is the good lease".
will not repowering the router with a delay to allow it to loose retentions, restart leases? my at&t/arris does. about the only way now that my system ip changes.
I've seen weird stuff with ISP routers are involved. I'm sure your tech made sure your new router was provisioned with the ISP and was happy, but the LAN facing part of what your router does for you (and what your old router did for you) may need time for all old leases to expire and work themselves out. Bouncing the machines and router doesn't necessarily clear all the stuff that is persistent based on the time the lease expires.
No silver bullet for you, but it would be interesting to crank up Wireshark or tcpdump on laptop1 in promiscuous mode and grab 300 seconds of traffic and see if that sheds any light on what is going on...
Only thing I can say for sure is -- Good Luck Carlos.... (you'll need it :)
I have daisy chained routers before. maybe something to try. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet oftc
On 1/13/23 21:59, Patrick Shanahan wrote:
will not repowering the router with a delay to allow it to loose retentions, restart leases? my at&t/arris does. about the only way now that my system ip changes.
I'm no expert here, but not necessarily. It depends on where the information is cached. I know from experience with a mixed LAN (windows/Linux), a change in the ISP router and the ISP reprovisioning of the MAC, even with a 5 minute shutdown of the router, that didn't resolve all the boxes -- I can't reach the internet or name resolution problems. (that was also when I decided to buy my own routers and just risk buying again when the DOCSIS standard changes) It will depend on what all the router does for the LAN. If it does DHCP, then you have the DHCP leases, from the old and new routers, that the PC will have record of. It would be great if all OS's were smart enough to check if old server exists, and if not, dump all leases and other info (DNS, Gateway, Netmask, etc..) that they acquired along with the original lease -- but no (and with good reason, DHCP goes down, etc.., you don't want all info lost) While ISC DHCP is much, much better behaved than generic router firmware DHCP, even changing hosts/versions of ISC DHCP can have lingering stale lease issues. At least there, if paired with BIND, you have rndc to help clean up the name resolution aspects. There are other aspects associated with DNS that DHCP that come into play. Many times the actual zone files (or whatever table the router uses) are not updated with each new DHCP lease acquired. Often it's just a journal entry in a separate file that will be synced with the zone files later. Additionally, leases handed out can be paired with hashed TEXT records that further relate the lease to the host. I'm sure that doesn't help. Then on the PC side with with openSUSE (and similar with any OS) you have the caching nameserver daemon (nscd on Leap) running to help speed things up. I'm not sure how sophisticated it is, but it too may relate MAC to IP to help prevent man-in-the-middle attacks. I need to read more on that to see what if anything it does.
snip>
I have daisy chained routers before. maybe something to try.
If I were in Carlos' situation, and nothing else worked, I'd start from a complete cold-start. Meaning all routers, switches, and PCs off. Then I'd bring the router up (go though the config), then sw1 (go through config), then sw2 (go through config), then I'd bring the computers back to life. It all depends on what does DHCP -- whatever that hardware is -- it needs to be brought up first before the PC come on line. In the old days there was a 2-hub (switch) limit between any two endpoints in a network. To the extent you even had specific up-link ports for chaining two together. Carlos' layout seems fine even if he has ancient hardware. Hopefully after his nap all will have sorted itself out automagically -- here's to hope :) -- David C. Rankin, J.D.,P.E.
On 2023-01-14 06:52, David C. Rankin wrote:
On 1/13/23 21:59, Patrick Shanahan wrote:
will not repowering the router with a delay to allow it to loose retentions, restart leases? my at&t/arris does. about the only way now that my system ip changes.
I'm no expert here, but not necessarily. It depends on where the information is cached. I know from experience with a mixed LAN (windows/Linux), a change in the ISP router and the ISP reprovisioning of the MAC, even with a 5 minute shutdown of the router, that didn't resolve all the boxes -- I can't reach the internet or name resolution problems. (that was also when I decided to buy my own routers and just risk buying again when the DOCSIS standard changes)
It will depend on what all the router does for the LAN. If it does DHCP, then you have the DHCP leases, from the old and new routers, that the PC will have record of. It would be great if all OS's were smart enough to check if old server exists, and if not, dump all leases and other info (DNS, Gateway, Netmask, etc..) that they acquired along with the original lease -- but no (and with good reason, DHCP goes down, etc.., you don't want all info lost)
That's why I booted 2nd laptop with Rescue XFCE image, Leap 15.1, network in auto mode. ...
snip>
I have daisy chained routers before. maybe something to try.
If I were in Carlos' situation, and nothing else worked, I'd start from a complete cold-start. Meaning all routers, switches, and PCs off. Then I'd bring the router up (go though the config), then sw1 (go through config), then sw2 (go through config), then I'd bring the computers back to life.
It all depends on what does DHCP -- whatever that hardware is -- it needs to be brought up first before the PC come on line.
In the old days there was a 2-hub (switch) limit between any two endpoints in a network. To the extent you even had specific up-link ports for chaining two together. Carlos' layout seems fine even if he has ancient hardware.
Not very ancient... both switches are gigabit.
Hopefully after his nap all will have sorted itself out automagically -- here's to hope :)
Nah... I was fortunate to convince Telefónica to send a technician. Was easy, in fact. I'm sorry for the chap working on a Saturday, but he came early and ruined my mid day lunch, which would have happened at 15 hours and had to wait till 18 hours. And no siesta today. Now the problem is package loses, but I'm going to keep silent about that. Crossed fingers. Madrecita que me quede como estoy. Don't know how to translate that. Something like Virgin Mother, please let me remain as I am, no more "issues", please, I'll shut up. ;-) -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
On 1/14/23 11:52, Carlos E. R. wrote:
Madrecita que me quede como estoy.
Don't know how to translate that. Something like Virgin Mother, please let me remain as I am, no more "issues", please, I'll shut up. ;-)
That goes in the keeper file... :) -- David C. Rankin, J.D.,P.E.
On 2023-01-14 04:59, Patrick Shanahan wrote:
* David C. Rankin <> [01-13-23 22:28]:
On 1/13/23 21:04, Carlos E. R. wrote:
Right now, I can ping from desktop or laptop 2 to laptop 1. I changed nothing, it just started to work. But ping to router sill doesn't work.
I will leave ping trying while I go to sleep.
Sounds like a whole slew of F'ed up security software somewhere in the TCP stack that was bound to the old router MAC that now sees the new MAC and even though you have new IPs from (my guess is your router that does the DHCP for you??), they also have the old leases bound to the old MAC that either haven't expired, or are causing havoc with "which lease is the good lease".
will not repowering the router with a delay to allow it to loose retentions, restart leases? my at&t/arris does. about the only way now that my system ip changes.
I tried. I power-cycled everything in the rack.
I've seen weird stuff with ISP routers are involved. I'm sure your tech made sure your new router was provisioned with the ISP and was happy, but the LAN facing part of what your router does for you (and what your old router did for you) may need time for all old leases to expire and work themselves out. Bouncing the machines and router doesn't necessarily clear all the stuff that is persistent based on the time the lease expires.
No silver bullet for you, but it would be interesting to crank up Wireshark or tcpdump on laptop1 in promiscuous mode and grab 300 seconds of traffic and see if that sheds any light on what is going on...
Only thing I can say for sure is -- Good Luck Carlos.... (you'll need it :)
I have daisy chained routers before. maybe something to try.
That's what some people did. Connect the ISP router, transparently, to another router purchased by client. The first router in what they call "DMZ mode". -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
On 2023-01-14 04:27, David C. Rankin wrote:
On 1/13/23 21:04, Carlos E. R. wrote:
Right now, I can ping from desktop or laptop 2 to laptop 1. I changed nothing, it just started to work. But ping to router sill doesn't work.
I will leave ping trying while I go to sleep.
(router replaced and problem solved)
Sounds like a whole slew of F'ed up security software somewhere in the TCP stack that was bound to the old router MAC that now sees the new MAC and even though you have new IPs from (my guess is your router that does the DHCP for you??), they also have the old leases bound to the old MAC that either haven't expired, or are causing havoc with "which lease is the good lease".
Nah... If you mean the external MAC, that's not an issue. (the input to the router is a fibre, anyway) The problem is the talking between router and switches. Faulty software in the router, most probably. Or incapable hardware. New router has package loses between 5 and 25%, with pings from sw to router, just half a metre away.
I've seen weird stuff with ISP routers are involved. I'm sure your tech made sure your new router was provisioned with the ISP and was happy, but the LAN facing part of what your router does for you (and what your old router did for you) may need time for all old leases to expire and work themselves out. Bouncing the machines and router doesn't necessarily clear all the stuff that is persistent based on the time the lease expires.
I power cycled everything, changed cables, everything. He (2nd chap) reseted the router to factory, and the sw to factory. Nothing he tried worked. He thought the sw could have a bad configuration, so I got him to download the tp-link easy config software (it is windows, I said my laptop didn't run windows), and he tried and saw that the management capabilities of the switch were basically nil. That was not the issue. Only then he went back to the car to bring and _try_ an new router. Worked instantly. The new router seems identical, but is made by another manufacturer to the same specs of Telefónica.
No silver bullet for you, but it would be interesting to crank up Wireshark or tcpdump on laptop1 in promiscuous mode and grab 300 seconds of traffic and see if that sheds any light on what is going on...
Didn't think of that.
Only thing I can say for sure is -- Good Luck Carlos.... (you'll need it :)
Yeah.... well, issue was solved. Kind of. :-) -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
On 14.01.2023 02:58, Carlos E. R. wrote:
In this situation:
Router---SW1---SW2---Laptop2 | | | | | desktop Laptop1 | google chromecast
chromecast does not have internet
And does it have connectivity to other systems/devices?
The latop1 has full connectivity: It has internet (via dhcp or not), can ssh to desktop, can ping SW1, can ping SW2, can ping router.
Laptop2 (running XFCE rescue Leap 15.1, auto network) gets IP via DHCP.
And what about connectivity to other devices/Internet? At the very least show the same information for all related devices.
Desktop has partial connectivity (lan, no internet): can ssh to laptop1 can ping SW1 can ping SW2 can not ping router
It sounds like different ports on your "router" have different settings. Besides, you cal it "router" - does it really *route* between ports where laptop1 and switches are connected? At the very least try to swap ports where laptop1 and switches are connected. But his is really something in your "router" and you may get better support on your ISP forums.
If I connect the router to only one of the switches (either one) the situation doesn't change.
I have not seen diagnostic tools in the router web page. The router has ssh but refuses my password, and a second attempt doesn't even connect. The log has this:
Jan 14 00:49:13 (none) authpriv.info dropbear[26307]: Child connection from 192.168.1.127:60876 Jan 14 00:49:14 (none) authpriv.notice dropbear[26307]: now_time = 7690 Jan 14 00:49:14 (none) authpriv.info dropbear[26307]: AppIsAllowToLogin(): Protection of brute force attack!! Lockout remaining: 109 seconds. Jan 14 00:49:14 (none) authpriv.info dropbear[26307]: Exit before auth: Protection of brute force attack!! Lockout remaining: 109 seconds.
Ok, then I can try again.
Got in. Doesn't accept "help" or "ping" as commands. Nor "?"
On 2023-01-14 07:23, Andrei Borzenkov wrote:
On 14.01.2023 02:58, Carlos E. R. wrote:
(issue was solved by changing the router)
In this situation:
Router---SW1---SW2---Laptop2 | | | | | desktop Laptop1 | google chromecast
chromecast does not have internet
And does it have connectivity to other systems/devices?
You can not do anything on the Google Chromecast, can't do pings or anything. Doesn't have an interface for it.
The latop1 has full connectivity: It has internet (via dhcp or not), can ssh to desktop, can ping SW1, can ping SW2, can ping router.
Laptop2 (running XFCE rescue Leap 15.1, auto network) gets IP via DHCP.
And what about connectivity to other devices/Internet? At the very least show the same information for all related devices.
The symptoms were the same on all machines I tried. Everything behind the switches could connect to one another just fine, but no one could connect to the router or internet. However, the laptop connected to the router could connect to everything. I can not ssh to "laptop2", doesn't have a daemon running, can not paste here anything. That "laptop 2 gog IP via DHCP" means it did connect to the router and got an answer, for DHCP. But not ping or anything else.
Desktop has partial connectivity (lan, no internet): can ssh to laptop1 can ping SW1 can ping SW2 can not ping router
It sounds like different ports on your "router" have different settings. Besides, you cal it "router" - does it really *route* between ports where laptop1 and switches are connected?
No, it is an "ISP provided router". All eth mouths are probably on an internal switch. It is very difficult to know what capabilities has that router, the help on the web page is minimal, and I haven't located a proper manual.
At the very least try to swap ports where laptop1 and switches are connected.
I did, no change.
But his is really something in your "router" and you may get better support on your ISP forums.
I tried that. I finally managed to get attention and a technician came. It took him an hour to get convinced that it was the router fault, and _try_ with a new router. He was nice, he might have said that switches where not their problem. The new router worked instantly, albeit with package loses between 5 and 25%. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Hallo Carlos E. R., op 13-01-2023 om 18:29 schreef je:
Mi ISP has replaced my router, and suddenly, all the machines behind the switches do not work. [...]
In the (near?) future your ISP will have to guarantee 'net neutrality', so you will have the right to use your own router. https://umap.openstreetmap.fr/en/map/router-freedom-tracker_581123#4/53.12/1... https://wiki.fsfe.org/Activities/CompulsoryRouters/ -- Harrie ✊
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El 2023-01-13 a las 22:12 +0100, Harrie Baken escribió:
Hallo Carlos E. R., op 13-01-2023 om 18:29 schreef je:
Mi ISP has replaced my router, and suddenly, all the machines behind the switches do not work. [...]
In the (near?) future your ISP will have to guarantee 'net neutrality', so you will have the right to use your own router.
https://umap.openstreetmap.fr/en/map/router-freedom-tracker_581123#4/53.12/1...
Meanwhile, I am stuck. - -- Cheers Carlos E. R. (from openSUSE 15.4 (Legolas)) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCY8HlbRwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfV9JgAoIpPf9VzJmDLQ7uDDAqM YbkkcQsQAJ4gPJJYDEcR0NZ+dyfFsHxEr0JjDw== =t4fy -----END PGP SIGNATURE-----
On 2023-01-13 11:29:55 Carlos E. R. wrote:
|Hii, | |Mi ISP has replaced my router, and suddenly, all the machines behind the |switches do not work. | |I power cycled router and switches. | |hgu router | | | \--------------- laptop (with full connection) | |Switch 8 ports | ||\ || -- chromecast (without internet connection, does not work) | |Switch 16 ports | || | | | \ ---- desktop computer (partial connectivity) || | | || | | Several computers, printer, etc. | |From the laptop, when connected directly to the router, I have full |connectivity. | |If I connect the laptop to the first switch: | | - I get IP from the router via DHCP. | - I can't ping the router or connect to its web at 192.168.1.1 or | outside. - I can connect to the desktop computer | |On the desktop computer: | | - I cannot ping the router nor connect to router config web at |192.168.1.1 or outside. | - I can connect to the laptop and any other machine, except the router. | |On the router, I can see the map of all computers. | |On the switches, all LEDs are green. | |Since I can connect from the laptop to the desktop (and vice versa) via |ssh, it means that all cabling and switches are working perfectly. | |There is connection from the computers to the router, as they get IP |address by DHCP. | | | |From the laptop, connected directly to the router, I can ping the |switches. | | | |But I can't connect to the router configuration through the switch, ping |192.168.1.1, or connect to the internet. The router is blocking these |connections, somehow. | |laptop: | |cer@Legolas:~> ip addr |1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group | default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 | inet 127.0.0.1/8 scope host lo | valid_lft forever preferred_lft forever | inet6 ::1/128 scope host | valid_lft forever preferred_lft forever |2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state | UP group default qlen 1000 link/ether 1c:83:41:1b:d8:33 brd | ff:ff:ff:ff:ff:ff | altname enp3s0 | inet 192.168.1.127/16 brd 192.168.255.255 scope global noprefixroute | eth0 valid_lft forever preferred_lft forever | inet6 fe80::f8a0:12a3:7a65:18ab/64 scope link noprefixroute | valid_lft forever preferred_lft forever |3: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group | default qlen 1000 link/ether 86:8e:bd:76:ea:47 brd ff:ff:ff:ff:ff:ff | permaddr a0:d3:7a:a5:1d:4c altname wlp2s0 |cer@Legolas:~> ip route |default via 192.168.1.1 dev eth0 proto static metric 100 |192.168.0.0/16 dev eth0 proto kernel scope link src 192.168.1.127 metric | 100 cer@Legolas:~> |cer@Legolas:~> route |Kernel IP routing table |Destination Gateway Genmask Flags Metric Ref Use | Iface default router.valinor 0.0.0.0 UG 100 0 | 0 eth0 192.168.0.0 0.0.0.0 255.255.0.0 U 100 0 | 0 eth0 cer@Legolas:~> | | |Desktop: | |cer@Telcontar:~> ip addr |1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group | default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 | inet 127.0.0.1/8 scope host lo | valid_lft forever preferred_lft forever | inet6 ::1/128 scope host | valid_lft forever preferred_lft forever |2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state | UP group default qlen 1000 link/ether 00:d8:61:a1:5a:bd brd | ff:ff:ff:ff:ff:ff | altname enp34s0 | inet 192.168.1.14/16 brd 192.168.255.255 scope global eth0 | valid_lft forever preferred_lft forever | inet6 fe80::2d8:61ff:fea1:5abd/64 scope link | valid_lft forever preferred_lft forever |cer@Telcontar:~> ip route |default via 192.168.1.1 dev eth0 |192.168.0.0/16 dev eth0 proto kernel scope link src 192.168.1.14 |cer@Telcontar:~> |cer@Telcontar:~> route |Kernel IP routing table |Destination Gateway Genmask Flags Metric Ref Use | Iface default router.valinor 0.0.0.0 UG 0 0 | 0 eth0 192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 | 0 eth0 cer@Telcontar:~> | |When I connect the laptop via dhcp, I get: | |Legolas:~ # route |Kernel IP routing table |Destination Gateway Genmask Flags Metric Ref Use | Iface default router.valinor 0.0.0.0 UG 100 0 | 0 eth0 192.168.0.0 0.0.0.0 255.255.0.0 U 100 0 | 0 eth0 Legolas:~ # ip addr |1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group | default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 | inet 127.0.0.1/8 scope host lo | valid_lft forever preferred_lft forever | inet6 ::1/128 scope host | valid_lft forever preferred_lft forever |2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state | UP group default qlen 1000 link/ether 1c:83:41:1b:d8:33 brd | ff:ff:ff:ff:ff:ff | altname enp3s0 | inet 192.168.2.6/16 brd 192.168.255.255 scope global dynamic | noprefixroute eth0 valid_lft 43170sec preferred_lft 43170sec | inet6 fe80::830d:8dec:3a05:4af3/64 scope link noprefixroute | valid_lft forever preferred_lft forever |3: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group | default qlen 1000 link/ether 86:8e:bd:76:ea:47 brd ff:ff:ff:ff:ff:ff | permaddr a0:d3:7a:a5:1d:4c altname wlp2s0 |Legolas:~ #
I'm not a network guru, but I notice that the ethernet device for Desktop does not show 'noprefixroute' on both inet and inet6, while the others do. I don't know what this does; could it be significant? Leslie -- Platform: Linux Distribution: openSUSE Leap 15.4 x86_64
On 2023-01-14 04:58, J Leslie Turriff wrote:
On 2023-01-13 11:29:55 Carlos E. R. wrote:
...
I'm not a network guru, but I notice that the ethernet device for Desktop does not show 'noprefixroute' on both inet and inet6, while the others do. I don't know what this does; could it be significant?
I have no idea what that would mean. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
On 2023-01-13 18:29, Carlos E. R. wrote:
Hii,
Mi ISP has replaced my router, and suddenly, all the machines behind the switches do not work.
I power cycled router and switches.
...
Since I can connect from the laptop to the desktop (and vice versa) via ssh, it means that all cabling and switches are working perfectly.
There is connection from the computers to the router, as they get IP address by DHCP.
- From the laptop, connected directly to the router, I can ping the switches.
But I can't connect to the router configuration through the switch, ping 192.168.1.1, or connect to the internet. The router is blocking these connections, somehow.
Quick answer: they replaced my router, and worked instantly. I put back my configuration, and it keeps working (yes, with the /16). A but: I have package loses between switch-1 and router(5% to 20%). I'm tired, I'll live with that (package loss before me touching anything). The new router is very similar, but built by another maker. Nombre del equipo: MitraStar HGU Modelo: GPT-2541GNAC Serial Number: Versión Hardware: tmp_hardware2.1 Versión Software: ES_g7.7_100VNJ0b68 Versión Firmware: ES_g7.7_100VNJ0b68 The man came, said it was very strange. Did a myriad tests. Did a factory reset of the switch. Entered the configuration of the switch (needs a software in Windows), restored the IP address of the switch, and finally convinced himself that the switch was basically non configurable. Finally, he agreed to try another router, and this one worked instantly. With package losses, but I'll live with that. There are no package losses seen on laptop connected to switch, to other LAN machines. There are no package losses seen on laptop connected to router. He says that the router is cheap and needs a cheap switch, not a good one. It is clear, to him and to me, that there is something between router and switch that they don't understand one another well. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
participants (8)
-
Andrei Borzenkov -
Carlos E. R. -
Dave Howorth -
David C. Rankin -
Harrie Baken -
J Leslie Turriff -
Lew Wolfgang -
Patrick Shanahan