Network Topology Question…
-
Hello All.
I have what I hope is a simple question. In my little brain it seems simple but I am seeing some activity that confuses me…
I will preface all of this by saying that all wireless devices seem to be operating normally (receiving IPs, internet connectivity, intranet connectivity, etc.)
I replaced my wired/wireless router (http://www.trendnet.com/products/proddetail.asp?prod=205_TEW-639GR&cat=166) with a pfSense box about a month and it has been working flawlessly. My pfSense has only 2 NICs…LAN and WAN...as I do nto need a DMZ and teh LAN port is connected to a 16 port unmanaged Gbit switch (http://www.newegg.com/Product/Product.aspx?Item=N82E16817111213).
I wanted to use my existing router as a wireless access point so I turned off DHCP, Port Forwarding, etc on it. I then connected it to the same switch via a CAT6 patch cable (not crossed) via one of the LAN ports on that router. One point to note: thsi wired/wireless router does not have an uplink port…only a WAN and 4 LANs.
Just to provide a visual, I created the image below to show the current setup:
My issue: When the wireless router is connected to the switch, it causes constant network traffic. All of the ports on the 16 port switch constantly blink (for any live devices). If I disconnect the wireless router, the traffic stops.
Is this normal? I assume not since I have never seen it before. I really didn't think it was causing an issue on my network until I DL'd something from the newsgroups. I can normally max out my connection at ~1.72MB/s and it is rock steady. With the wireless router connected to the switch, my bandwidth monitor (Newsleecher for anyone who cares) has alot of peaks and valleys…1.3MB/s up to 1.7MB/s...up and down constantly.
So...if this is not normal behavior this begs the question: should I be using a crossover cable between the switch and the wireless access point? That is the only solution I have come up with thus far but don't have a crossover readily available. I can make one easily enough, but figured I would ask first.
TIA for any help provided!!!
John
-
Can you run wireshark to see what kind of traffic the AP causes?
-
Is your Trendnet AP setup as a bridge or router? Things can obviously be confused if it's a router with the same IP scheme. Try to set it to Bridge mode if it is supported. If not supported, put the wireless on a different IP network range - 192.168.5.xxx
-t- -
IIRC, my router is rather talky as well. However, I've never noticed it slowing down my connection.
I'll try and remember to take a look and see what the traffic is, as I don't remember anymore.
-
Constant, rapid activity on ALL active ports generally indicates a broadcast storm, which is usually caused by some kind of loop. This would only be the case if you had two cables between the wireless AP and the switch. You didn't indicate this so I'll assume you don't have it setup that way. Furthermore, broadcast storms generally cripple a network completely which isn't what you have. Like others have said, my wireless is "talky" as well. It looked like a broadcast storm when I first plugged it in but it settled down in short order, still talks a lot though. For what it's worth, most all recent switches have auto MDI/MDI-X for all ports (automatic crossover) so you won't see uplink ports that often anymore. The wireshark suggestion is good, it would help narrow down the cause. Might have to run two captures, one with and one without the wireless hooked up, for a comparison.
Your AP should have all router functionality disabled, not sure if router/bridge mode really comes into play unless you have a connection on the WAN port. You said it's going to a LAN port only but if you can find the setting it wouldn't hurt to force it into bridge mode. The slowdowns could simply be a result of the server you're downloading from getting more heavily saturated. Does it do it on everything you download or is it just one source (newsgroups for example)? Are you on a wired or wireless computer when you get the jumpy speeds? Wireless and high bandwidth don't always go together, especially if you have low signal and/or are far away from the AP. For what it's worth your setup is almost exactly like mine (except I have two d-link router/APs for 2.4 and 5 GHz bands) and I have no issues.
-
OK Guys…
I used pfSense's built-in Packet Capture utility on 192.168.1.99 (the LAN IP of my wireless router) and here is what it is capturing:
19:58:25.305385 00:14:d1:c9:9b:d0 > 01:00:5e:7f:ff:fa, ethertype IPv4 (0x0800), length 368: (tos 0x0, ttl 4, id 0, offset 0, flags [DF], proto UDP (17), length 354) 192.168.1.99.32784 > 239.255.255.250.1900: [udp sum ok] UDP, length 326 19:58:25.413966 00:14:d1:c9:9b:d0 > 01:00:5e:7f:ff:fa, ethertype IPv4 (0x0800), length 377: (tos 0x0, ttl 4, id 0, offset 0, flags [DF], proto UDP (17), length 363) 192.168.1.99.32784 > 239.255.255.250.1900: [udp sum ok] UDP, length 335 19:58:25.525043 00:14:d1:c9:9b:d0 > 01:00:5e:7f:ff:fa, ethertype IPv4 (0x0800), length 432: (tos 0x0, ttl 4, id 0, offset 0, flags [DF], proto UDP (17), length 418) 192.168.1.99.32784 > 239.255.255.250.1900: [udp sum ok] UDP, length 390 19:58:25.634643 00:14:d1:c9:9b:d0 > 01:00:5e:7f:ff:fa, ethertype IPv4 (0x0800), length 442: (tos 0x0, ttl 4, id 0, offset 0, flags [DF], proto UDP (17), length 428) 192.168.1.99.32784 > 239.255.255.250.1900: [udp sum ok] UDP, length 400 19:58:45.298241 00:14:d1:c9:9b:d0 > 01:00:5e:7f:ff:fa, ethertype IPv4 (0x0800), length 368: (tos 0x0, ttl 4, id 0, offset 0, flags [DF], proto UDP (17), length 354) 192.168.1.99.32784 > 239.255.255.250.1900: [udp sum ok] UDP, length 326 19:58:45.406834 00:14:d1:c9:9b:d0 > 01:00:5e:7f:ff:fa, ethertype IPv4 (0x0800), length 377: (tos 0x0, ttl 4, id 0, offset 0, flags [DF], proto UDP (17), length 363) 192.168.1.99.32784 > 239.255.255.250.1900: [udp sum ok] UDP, length 335 19:58:45.517042 00:14:d1:c9:9b:d0 > 01:00:5e:7f:ff:fa, ethertype IPv4 (0x0800), length 432: (tos 0x0, ttl 4, id 0, offset 0, flags [DF], proto UDP (17), length 418) 192.168.1.99.32784 > 239.255.255.250.1900: [udp sum ok] UDP, length 390 19:58:45.628419 00:14:d1:c9:9b:d0 > 01:00:5e:7f:ff:fa, ethertype IPv4 (0x0800), length 442: (tos 0x0, ttl 4, id 0, offset 0, flags [DF], proto UDP (17), length 428) 192.168.1.99.32784 > 239.255.255.250.1900: [udp sum ok] UDP, length 400
So, the question at hand: what exactly is "239.255.255.250.1900"? According this this wiki it is the Simple Service Discovery Protocol: http://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol
Back to the original question…do I need to worry about this?
Thx!
John
-
If it isn't causing problems - no. I have the service running on various devices on my LAN without it causing problems.
-
Well, here is the kicker…
That traffic is happening with all wireless devices in my house powered off (namely my laptop and my wife's laptop). All of the traffic is coming from the LAN port on the router...nothing over WLAN. So, I can't blame that service running on a system connected to that router?
Is it possible that one (or all) of my systems hardwired to the 16 port switch are talking to the wireless router?
John
-
Well, which device has the ip 192.168.1.99 ?
Because that's the device sending these frames.
Not the AP/router (which in your diagram has the IP 192.168.1.2). -
Actually, mystery solved.
I ended up looking at my DHCP leases and found one that I did not recognize: 192.168.1.101. I got the corresponding MAC with a ARP - a command and blocked that MAC on my wireless router.
Out of curiosity, I looked up that MAC to see who the vendor is:
Search results for "00:1E:8F:5A:0A:EE"
Prefix Vendor
001E8F CANON INC.LMAO! I just blocked the wireless card in my color printer (Canon MP640). Man was that thing friggin chatty!!! I think I may just leave it blocked (or turn off wireless on it) as I have it connected via USB.
Anyway, thanks for the help guys!
John
-