Strange MicroSemi PDS-208 behavior
-
Take the rest of the network out of the equation completely..
That's how it all started. I connected a terminal to the microsemi and it's fine, it can communicate.
Then just a while ago, I connected the microsemi to a small unmanaged switch and the terminal to the same switch and the terminal can no longer reach the microsemi. As usual, I saw a few pings then no more. As soon as I connected the terminal back into the microsemi, it pings again.
Also that destination host unreachable is where the client doesn't know the mac.. if there was a firewall blocking, or the device just didn't want answer then the response would be timeout. Not unreachable - unreachable means the client doesn't know what mac address to send the traffic too.
Or it doesn't have a route, etc. but if devices are on the same network and you get host unreachable - that means there is no mac for that IP..
It has a route and it's reachable from the LAN but only for a few seconds.
The reason there's no MAC is only because it goes MIA :). That's why nmap doesn't see the host. In what I shared, I'm showing that by the time I was able to ping it then nmap it, it was reachable long enough to get the nmap result back then no more.edit: here is a question for you - are you actually apply the config.. You can change the running config, but are you saving that running config?
Yes, the config is saved and the microsemi has been rebooted a few times and comes back with the same 192.168.1.22 IP.
-
@lewis said in Forced to use vlan1:
HI, thanks for your input. Yes, that's how it was. The terminal as I call it is a tiny stand alone Linux box I use for stuff like this. It's only connected to the microsemi.
So, to clarify: only one Linux box is directly connected to the microsemi switch and ping dies out after a very short time!?
If the switch is really "dump" and does not have any mechanism to detect an DoS attack, my guess is that here is a broken network stack.
The ping should never die out.Does this happen with another client too?
Regards
-
@daduls Sure but there's no extra configuration on it, it's just default.
-
@lewis Thx, this noob sees no reason your microsemi switch should be giving you such a hard time. I'm gonna make popcorn and watch.....
-
@fsc830 said in Forced to use vlan1:
So, to clarify: only one Linux box is directly connected to the microsemi switch and ping dies out after a very short time!?
The initial IP of the microsemi was 192.168.0.50 and I've since changed it to 192.168.1.22 and the Linux box is at 192.168.1.75 connected directly to any port.
The short ping responses are when I connect the microsemi to the network and ping it from anything else on the same LAN. From that, I get 3-5 pings then no more and only if I restart the microsemi or if I unplug the Ethernet and plug it back in. After that, nothing else.
I shared an image above showing I was pinging it, when it came back online, it started responding so I quickly ran an nmap. The nmap result came back which surprised me since it only stays online for a few pings. Yet there was the result. Right after that, I pinged it again and it was gone.
It's as if the nmap kept it alive long enough to complete the scan then done.
If the switch is really "dump" and does not have any mechanism to detect an DoS attack, my guess is that here is a broken network stack.
The ping should never die out.Sorry, what does 'dump' mean in your comment?
Does this happen with another client too?
Yes, I kept two different clients pinging non stop so I could monitor the behavior. Both saw the same thing. The only one that never stops seeing it is the Linux box connected directly to it. And of course, as mentioned above, it did exactly the same as the others did when I connected it to a switch and the microsemi to the same switch, unmanaged.
-
@lewis So then the problem is clearly in the Main Lan switch. Do you have something configured on the port you're using? Did you add a vlan to it already maybe?
Try a different port on that switch. -
"Dump" in my question means that there is no "intelligence" which handles a continued ping as DoS (Denial of Service) attack and blocks responding.
Just downloaded the manual and did took a short(!) look into it.
The switch has some security features, so i.e. an ARP monitoring, if a port receives more than 200 ARP requests, the switch handles this as an attack (as far as the quick review is correct).
So its may be worth to dig in a bit more in the port settings.No idea, if this is part of your problem.
Regards
-
@jarhead said in Forced to use vlan1:
@lewis So then the problem is clearly in the Main Lan switch. Do you have something configured on the port you're using? Did you add a vlan to it already maybe?
Try a different port on that switch.It's not related to the main switch at all since I'm not using it. My test above was using another switch not connected to anything but the terminal and the microsemi with the same behavior. I also shared the setup of the main switch a few comments back.
-
@lewis You just posted that when the pc is on the micro switch it pings constantly, but when on the main switch it fails.
Did you not say that?The short ping responses are when I connect the microsemi to the network and ping it from anything else on the same LAN.
Yes, I kept two different clients pinging non stop so I could monitor the behavior. Both saw the same thing. The only one that never stops seeing it is the Linux box connected directly to it. And of course, as mentioned above, it did exactly the same as the others did when I connected it to a switch and the microsemi to the same switch, unmanaged.
-
@fsc830 said in Forced to use vlan1:
"Dump" in my question means that there is no "intelligence" which handles a continued ping as DoS (Denial of Service) attack and blocks responding.
Just downloaded the manual and did took a short(!) look into it.
The switch has some security features, so i.e. an ARP monitoring, if a port receives more than 200 ARP requests, the switch handles this as an attack (as far as the quick review is correct).
So its may be worth to dig in a bit more in the port settings.No idea, if this is part of your problem.
Regards
Well, you're on to something because that's how it's behaving only it should not do that after just a few pings. I've looked at all the config and there aren't any blocking rules in place.
I wonder if these things are just borked? Brand new in the box though.
I connected one of the ports back to the main network.
I can ping the terminal but I can't ping the gateway on the main lan.So basically, it only wants devices connected directly and wants nothing to do with anything connected to another switch.
That's kinda confusing.
-
Well, to be honest, I would reset the microsemi back to factory defaults (page 88 in manual) and start over.
Do not assign any vlans or something else.
Just connect a pc, check ping to default IP 192.168.0.50.
Modify IP to 192.168.1.x (x an unused IP in your "main" LAN).
Check ping again. If ping is constant, connect it to the main switch and repeat ping test.
If ping dies again, I am rather sure its something weird in the settings.Regards
-
@fsc830 said in Forced to use vlan1:
Well, to be honest, I would reset the microsemi back to factory defaults (page 88 in manual) and start over.
Do not assign any vlans or something else.
Just connect a pc, check ping to default IP 192.168.0.50.
Modify IP to 192.168.1.x (x an unused IP in your "main" LAN).
Check ping again. If ping is constant, connect it to the main switch and repeat ping test.
If ping dies again, I am rather sure its something weird in the settings.Regards
Well, that's what I've done repeatedly :).
I took another one out of the box, brand new, no changes what so ever.
I have the Linux box on the same network and am connected to it using 192.168.0.50.
The only option is to change the vlan1 IP so I change it to 192.168.1.22. I change the Linux box and can reach it again but it can't be seen from the rest of the LAN when connecting a port to that. -
@jarhead said in Forced to use vlan1:
@lewis You just posted that when the pc is on the micro switch it pings constantly, but when on the main switch it fails.
Did you not say that?I did but I also added that the same happens when only the Linux box and the microsemi were connected to an unmanaged switch. To me, that eliminates the main switch as being a problem.
-
Things just got interesting.
I set one of the microsemi to 192.168.1.22 and the other to 192.168.1.23.
As you know, nothing on the LAN can reach them.
I then connected a cable between the two microsemi, port 1 on each and guess what.Now my terminal, which is at 192.168.1.75 and connected to only one of the switches can communicate with both.
It's almost as if these are designed to only communicate with each other and not over any standard network. Seems like I can daisy chain them but cannot connect them to any switch. But if that was the case, I should not be able to use a standard Linux box to communicate with these.
What the heck is going on?
-
Dump idea: if you connect the microsemi to your main switch using one of the two uplink ports (9+10 referring to manual), how behaves the ping then?
May be the PoE ports are not capable for an uplink?
Regards
-
@fsc830 said in Forced to use vlan1:
Dump idea: if you connect the microsemi to your main switch using one of the two uplink ports (9+10 referring to manual), how behaves the ping then?
May be the PoE ports are not capable for an uplink?
Regards
Yeah, I tried that too. I tried the PoE ports and I tried the uplinks and no difference. Seems I'll have to contact Microsemi this coming week because the seller is now pretending he's fed up with me asking for more information.
In my test, I have ports 1 to 1 and am able to reach both from the Linux box connected to one of the uplinks.
I'm wondering if he is aware of an issue but pretending he doesn't know.
None of this has been normal networking with these. -
Me too running out of ideas. Weird issue, please keep us up to date about the outcome.
Regards
-
For the fun of it, I connected a PoE camera to the microsemi on port 1.
The camera cannot be seen by anything on the 192.168.1.1/24 network but the Linux box connected to the microsemi with 192.168.1.75 can see the camera and controls.
Everything works, just can't connect the switches to a normal lan switch.
Really weird.
-
RMA sir!!!
-
Two devices with same issue? Dont think, that a RMA will solve this.
My guess: a weird function or setting no one is currently aware of.
Never seen, that a network device cant use an IP-range other than the default one. ( and as @lewis wrote, meanwhile he is using 192.168.1.x as IP range in the microsemi switches).
The worst thing I saw in such limits was a router provided from ISP with a address 192.168.1.1 and a subnet mask 255.255.255.0, the IP could be changed, but not the subnet mask! The mask was fixed in router firmware.
But I cant imagine, that a switch is designed to communicate only with a switch from same brand.Regards
