Trunks and VLANs and Firewalls, Oh my. (Part 4)
Posted 08-07-2008 at 09:53 PM by Bob_McMillen
Sunday and Monday mornings found us up on lifts with our heads stuck in boxes while swaying back and forth fearing for our lives.
We found out the hard way that these devices were configured as layer 2 switches, and there is no command line interface. It's all web GUI, and the GUI is barely configurable for what we wanted to do.
We found that we could click on each port and tell it what kind of device is attached to each port. By telling each port that a desktop and phone was connected to each one, wireless access points and phones started to come up.
We had to configure the fiber ports as routers by clicking a picture of a router and applying it to the port. How silly.
Later on we discovered that there was a routing loop because not only were the fiber ports connected to each other they were also connected by CAT 5 cables. We had to wait until each port reported an error to figure out what was happening.
I then came up with the idea of hanging a 25' cable down each pole so we didn't have to climb to the top of each 500 switch when we needed to connect to them or reboot them.
The only problem was every time we tried to connect to the management port it strangely brought an entire group of computers off the network for no apparent reason. In order to troubleshoot it though we would have to bring it down over and over until we found the problem. We decided to just not connect to them since everything was working anyway, and that was that.
When I got home after four days of non stop work I had found I lost several pounds because we rarely took time to eat. I was also glad to get a full nights sleep and the bruises I received from being contorted while on a lift were starting to subside.
I got an email after getting home on Monday that the client VPN was down. I remoted into the firewall and found the DNS and the authenticating servers were still pointed to the old IP address. I then fixed that and remoted into the authenticating server. In IAS on Windows servers you can change what authenticating IP address you want to take orders from and there has to be a matching password. After adjusting this the VPN started to work.
There is no real good way of preparing for a job like this unless you are intimately familiar with it. Since no single person knew all of it there were lots of difficulties in completing the project.
I still wake up in a cold sweat thinking that stupid layer 2 switch that brought the network down did it again. I hope that changes soon!
We found out the hard way that these devices were configured as layer 2 switches, and there is no command line interface. It's all web GUI, and the GUI is barely configurable for what we wanted to do.
We found that we could click on each port and tell it what kind of device is attached to each port. By telling each port that a desktop and phone was connected to each one, wireless access points and phones started to come up.
We had to configure the fiber ports as routers by clicking a picture of a router and applying it to the port. How silly.
Later on we discovered that there was a routing loop because not only were the fiber ports connected to each other they were also connected by CAT 5 cables. We had to wait until each port reported an error to figure out what was happening.
I then came up with the idea of hanging a 25' cable down each pole so we didn't have to climb to the top of each 500 switch when we needed to connect to them or reboot them.
The only problem was every time we tried to connect to the management port it strangely brought an entire group of computers off the network for no apparent reason. In order to troubleshoot it though we would have to bring it down over and over until we found the problem. We decided to just not connect to them since everything was working anyway, and that was that.
When I got home after four days of non stop work I had found I lost several pounds because we rarely took time to eat. I was also glad to get a full nights sleep and the bruises I received from being contorted while on a lift were starting to subside.
I got an email after getting home on Monday that the client VPN was down. I remoted into the firewall and found the DNS and the authenticating servers were still pointed to the old IP address. I then fixed that and remoted into the authenticating server. In IAS on Windows servers you can change what authenticating IP address you want to take orders from and there has to be a matching password. After adjusting this the VPN started to work.
There is no real good way of preparing for a job like this unless you are intimately familiar with it. Since no single person knew all of it there were lots of difficulties in completing the project.
I still wake up in a cold sweat thinking that stupid layer 2 switch that brought the network down did it again. I hope that changes soon!
Total Comments 0
Comments
Recent Blog Entries by Bob_McMillen
- Trunks and VLANs and Firewalls, Oh my. (Part 4) (08-07-2008)
- Trunks and VLANs and Firewalls, Oh my. (Part 3) (08-07-2008)
- Trunks and VLANs and Firewalls, Oh my. (Part 2) (08-07-2008)
- Trunks and VLANs and Firewalls, Oh my. (Part 1) (08-07-2008)
- Video Problems with Vista Beta (06-18-2008)
