Strange MicroSemi PDS-208 behavior

FSC830

"Dump" in my question means that there is no "intelligence" which handles a continued ping as DoS (Denial of Service) attack and blocks responding.

Just downloaded the manual and did took a short(!) look into it.
The switch has some security features, so i.e. an ARP monitoring, if a port receives more than 200 ARP requests, the switch handles this as an attack (as far as the quick review is correct).
So its may be worth to dig in a bit more in the port settings.

No idea, if this is part of your problem.

Regards

lewis

@jarhead said in Forced to use vlan1:

@lewis So then the problem is clearly in the Main Lan switch. Do you have something configured on the port you're using? Did you add a vlan to it already maybe?
Try a different port on that switch.

It's not related to the main switch at all since I'm not using it. My test above was using another switch not connected to anything but the terminal and the microsemi with the same behavior. I also shared the setup of the main switch a few comments back.

Jarhead

@lewis You just posted that when the pc is on the micro switch it pings constantly, but when on the main switch it fails.
Did you not say that?

The short ping responses are when I connect the microsemi to the network and ping it from anything else on the same LAN.

Yes, I kept two different clients pinging non stop so I could monitor the behavior. Both saw the same thing. The only one that never stops seeing it is the Linux box connected directly to it. And of course, as mentioned above, it did exactly the same as the others did when I connected it to a switch and the microsemi to the same switch, unmanaged.

lewis

@fsc830 said in Forced to use vlan1:

"Dump" in my question means that there is no "intelligence" which handles a continued ping as DoS (Denial of Service) attack and blocks responding.

Just downloaded the manual and did took a short(!) look into it.
The switch has some security features, so i.e. an ARP monitoring, if a port receives more than 200 ARP requests, the switch handles this as an attack (as far as the quick review is correct).
So its may be worth to dig in a bit more in the port settings.

No idea, if this is part of your problem.

Regards

Well, you're on to something because that's how it's behaving only it should not do that after just a few pings. I've looked at all the config and there aren't any blocking rules in place.

I wonder if these things are just borked? Brand new in the box though.

I connected one of the ports back to the main network.
I can ping the terminal but I can't ping the gateway on the main lan.

So basically, it only wants devices connected directly and wants nothing to do with anything connected to another switch.

That's kinda confusing.

FSC830

Well, to be honest, I would reset the microsemi back to factory defaults (page 88 in manual) and start over.
Do not assign any vlans or something else.
Just connect a pc, check ping to default IP 192.168.0.50.
Modify IP to 192.168.1.x (x an unused IP in your "main" LAN).
Check ping again. If ping is constant, connect it to the main switch and repeat ping test.
If ping dies again, I am rather sure its something weird in the settings.

Regards

lewis

@fsc830 said in Forced to use vlan1:

Well, to be honest, I would reset the microsemi back to factory defaults (page 88 in manual) and start over.
Do not assign any vlans or something else.
Just connect a pc, check ping to default IP 192.168.0.50.
Modify IP to 192.168.1.x (x an unused IP in your "main" LAN).
Check ping again. If ping is constant, connect it to the main switch and repeat ping test.
If ping dies again, I am rather sure its something weird in the settings.

Regards

Well, that's what I've done repeatedly :).
I took another one out of the box, brand new, no changes what so ever.
I have the Linux box on the same network and am connected to it using 192.168.0.50.
The only option is to change the vlan1 IP so I change it to 192.168.1.22. I change the Linux box and can reach it again but it can't be seen from the rest of the LAN when connecting a port to that.

lewis

@jarhead said in Forced to use vlan1:

@lewis You just posted that when the pc is on the micro switch it pings constantly, but when on the main switch it fails.
Did you not say that?

I did but I also added that the same happens when only the Linux box and the microsemi were connected to an unmanaged switch. To me, that eliminates the main switch as being a problem.

lewis

Things just got interesting.
I set one of the microsemi to 192.168.1.22 and the other to 192.168.1.23.
As you know, nothing on the LAN can reach them.
I then connected a cable between the two microsemi, port 1 on each and guess what.

Now my terminal, which is at 192.168.1.75 and connected to only one of the switches can communicate with both.

It's almost as if these are designed to only communicate with each other and not over any standard network. Seems like I can daisy chain them but cannot connect them to any switch. But if that was the case, I should not be able to use a standard Linux box to communicate with these.

What the heck is going on?

FSC830

Dump idea: if you connect the microsemi to your main switch using one of the two uplink ports (9+10 referring to manual), how behaves the ping then?

May be the PoE ports are not capable for an uplink?

Regards

lewis

@fsc830 said in Forced to use vlan1:

Dump idea: if you connect the microsemi to your main switch using one of the two uplink ports (9+10 referring to manual), how behaves the ping then?

May be the PoE ports are not capable for an uplink?

Regards

Yeah, I tried that too. I tried the PoE ports and I tried the uplinks and no difference. Seems I'll have to contact Microsemi this coming week because the seller is now pretending he's fed up with me asking for more information.

In my test, I have ports 1 to 1 and am able to reach both from the Linux box connected to one of the uplinks.

I'm wondering if he is aware of an issue but pretending he doesn't know.
None of this has been normal networking with these.

FSC830

Me too running out of ideas. Weird issue, please keep us up to date about the outcome.

Regards

lewis

For the fun of it, I connected a PoE camera to the microsemi on port 1.

The camera cannot be seen by anything on the 192.168.1.1/24 network but the Linux box connected to the microsemi with 192.168.1.75 can see the camera and controls.

Everything works, just can't connect the switches to a normal lan switch.

Really weird.

daduls

RMA sir!!!

FSC830

Two devices with same issue? Dont think, that a RMA will solve this.
My guess: a weird function or setting no one is currently aware of.
Never seen, that a network device cant use an IP-range other than the default one. ( and as @lewis wrote, meanwhile he is using 192.168.1.x as IP range in the microsemi switches).
The worst thing I saw in such limits was a router provided from ISP with a address 192.168.1.1 and a subnet mask 255.255.255.0, the IP could be changed, but not the subnet mask! The mask was fixed in router firmware.
But I cant imagine, that a switch is designed to communicate only with a switch from same brand.

Regards

johnpoz

@fsc830 Not unheard of that switch brands don't like to talk to each other.. I saw it once when we were migrating networks were we couldn't get the switches at the location to talk to cisco switches.. That had to prob 20 years ago ;) What is the brand of this dumb switch - do you have any other switches you could try. What about port? What about the cable used?

Its rare - but maybe brand X of this dumb switch and these whatever china switches don't like each other?

What ports are you using to connect the switches? Looks like the 2 ports that are not poe are suppose to be uplink ports. Are you connecting your linux box to one of those or one of the poe ports?

What lights do you get on the interfaces when you connect the switches? Maybe they are having issue with negotiation? Maybe one is 10 and other is 100, or one gig and other 100, etc. Go to the store and pick up some 5 or 8 port dumb switch.. You should be able to find one for like 20 or 40 bucks. And see if that works with these switches.

It looks like the switches have a storm control feature.. Its possible there is some traffic on the network that is shutting down the port. Page 33 of the manual.. Could be something in port security preventing changing of mac connected to port, could be something in the static arp settings.. Or some sort of ACL set.

lewis

All I was told is 'these are layer 2' switches'. They don't have the usual IP address setup, the IP is tied to a vlan, it's the only option.

What ports are you using to connect the switches? Looks like the 2 ports that are not poe are suppose to be uplink ports. Are you connecting your linux box to one of those or one of the poe ports?

I documented that many times in all my comments. I tried uplink ports and PoE ports, they all act the same way. Even now, connected together, it doesn't matter if the terminal is in a PoE or uplink port, nor does it matter if the link between the switches is a PoE port or uplink, all act the same way.

What lights do you get on the interfaces when you connect the switches? Maybe they are having issue with negotiation? Maybe one is 10 and other is 100, or one gig and other 100, etc.

I checked those things too and the speeds were correct. Everything I have is gigabit and ports were always gigabit.

Go to the store and pick up some 5 or 8 port dumb switch.. You should be able to find one for like 20 or 40 bucks. And see if that works with these switches.

I have a bunch here and I tested those things over the weekend also. I posted that I had connected the microsemi direct to the main switch which is a netgear. I also tried from a cisco switch and then I tried using an unmanaged switch with the Linux box and the microsemi connected to that with no change.

The only time these things work is connected to each other and for the Linux box, it has to be connected directly to any port of the microsemi.

It looks like the switches have a storm control feature.. Its possible there is some traffic on the network that is shutting down the port. Page 33 of the manual..

Yes, I looked at all those options as well and all of them are disabled. While something seems to be blocking something, it's not obvious in the settings since those show nothing enabled.

Could be something in port security preventing changing of mac connected to port, could be something in the static arp settings.. Or some sort of ACL set.

There are no ACL rules either.

As mentioned, I had done everything from clearing ARP cache to pulling the power cord to restarting the devices repeatedly.

Maybe I should change the title on this to "Microsemi craziness, anyone use them?" so see if someone else here know about them. I'm sure many in this thread would like to know what happened. As humans, we love to assign blame right.

I'll try a few more things today in case I overlooked some specific combination of steps but I'm pretty sure everything has been tried.

Since the Linux box can communicate with these and even see the camera output, maybe I can come up with some silly method of using them. The Linux box has two ports so maybe some sort of forwarding so the rest of the LAN can actually use these.

FSC830

@lewis said in Forced to use vlan1:

All I was told is 'these are layer 2' switches'. They don't have the usual IP address setup, the IP is tied to a vlan, it's the only option.

Who told such nonsens? Or, if this is truth, who manufactured such nonsens? (no answer expected)
If these switches are not able to communicate with other infrastructure components, kick them off.
Replace them with devices using default standards.
Even if they would running now -by some miracle- I would not rely on them in future changes.

Regards

johnpoz

@fsc830 said in Forced to use vlan1:

Even if they would running now -by some miracle- I would not rely on them in future changes.

I would agree.. Not like there isn't other poe switches.. Where did you get them anyway? Did you pay for them, were they free?

I am also going to mention again about your setup of a dumb switch upstream of a vlan capable switch.. If your just going to use the switch as dumb with poe then ok. But if you plan on putting vlans on them at some future point, its not good idea to have a dumb switch upstream because they do not understand tags. And you will not have isolation at layer 2.

If your having this much trouble with them just trying to do simple no vlans even just connecting to your network - the future does not bode well.

lewis

@johnpoz Got a great deal on ebay of these but the seller is trying to tell me I'm wasting his time by asking for information LOL. The microsemi site doesn't seem to have any specific support.

I don't have a dumb switch in the mix. I just pulled one off the shelf to test what would happen if I connected the microsemi to that then the terminal to that, would they be able to communicate and the answer was nope.

I don't really need vlans, it's just what these have for networking as the only option so was trying to use them as they are. The thought was to isolate PoE networked stuff to its own network. Using them in a dumb way would be fine.

johnpoz

@lewis said in Forced to use vlan1:

Got a great deal on ebay

Doesn't seem like it to me.. How much time have you spent trying to get something that should take like 2 minutes to setup?

If your still in the return window - return them! If not prob just eat the cost and just some well known brand poe/poe+ switch... I see a smart poe+ 8 port gig netgear on amazon for like 75$

They also do make dumb poe/poe+ switches if your looking to save a few bucks.. And don't plan on having needs of vlans