This not strictly a Linux/OSS question (unless the fact that the router in question is running openwrt counts), but I ask because there are bound to be network experts here and I'm going crazy.
I have an Asus WL500G wireless router connected to my DSL router. This lets me partition my network into two in a classic screened subnet architecture. Thusly:
outside | [DSL]---------DMZ hosts------- | | | [ASUS] | | inside (both wired and wireless)
DMZ net is 192.168.1.0, inside net is 192.168.10.0
As I said, the Asus is running x-wrt (a flavour of openwrt with a nice web interface on top). The Asus has 4 lan ports, 1 wan port and the wifi interface.
I have the following situation:
1. No problem with wifi. Any and all wifi devices I configure can connect, they can see all relevant hosts (including my dnsmasq DNNS/DHCP server) and can reach the 'net. So all hunkydory.
2. No problem with any /single/ wired lan connection in any of the lan ports (i.e all is good to go as in the wifi connection). So again, all hunkydory (and it doesn't matter which lan port I use.)
3. But - as soon as I connect any second wired device to the Asus, I get connection failures (ICMP errors "Destination Host Unreachable"). Oddly, if I leave a device connected running a ping I get most traffic dropped (of the order of 90%) but intermittently I get connection responses.
4. Now the bit that really confuses me. If I now connect an external switch to any port on the Asus and then connect any new wired device through that switch, it all works fine.
So - have I just got a duff switch in the Asus (and if so, why the hell does it work when I connect another switch)? Or should I be looking for something else?
Mick
---------------------------------------------------------------------
This is a Microsoft free zone. Please do not send me Microsoft Word Documents. For some reasons, see:
www.gnu.org/philosophy/no-word-attachments.html www.goldmark.org/netrants/no-word/attach.html ---------------------------------------------------------------------
On Sat, 24 May, 2008 5:33 pm, mbm wrote:
This not strictly a Linux/OSS question (unless the fact that the router in question is running openwrt counts), but I ask because there are bound to be network experts here and I'm going crazy.
I have an Asus WL500G wireless router connected to my DSL router. This lets me partition my network into two in a classic screened subnet architecture. Thusly:
outside | [DSL]---------DMZ hosts------- | | | [ASUS] | | inside (both wired and wireless)
DMZ net is 192.168.1.0, inside net is 192.168.10.0
As I said, the Asus is running x-wrt (a flavour of openwrt with a nice web interface on top). The Asus has 4 lan ports, 1 wan port and the wifi interface.
I have the following situation:
- No problem with wifi. Any and all wifi devices I configure can
connect, they can see all relevant hosts (including my dnsmasq DNNS/DHCP server) and can reach the 'net. So all hunkydory.
- No problem with any /single/ wired lan connection in any of the
lan ports (i.e all is good to go as in the wifi connection). So again, all hunkydory (and it doesn't matter which lan port I use.)
- But - as soon as I connect any second wired device to the Asus, I
get connection failures (ICMP errors "Destination Host Unreachable"). Oddly, if I leave a device connected running a ping I get most traffic dropped (of the order of 90%) but intermittently I get connection responses.
- Now the bit that really confuses me. If I now connect an
external switch to any port on the Asus and then connect any new wired device through that switch, it all works fine.
Sounds like this could be a speed/duplex mismatch. Can you confirm speed/duplex? I tend to force things to 100/full just to be on the safe side.
So - have I just got a duff switch in the Asus (and if so, why the hell does it work when I connect another switch)? Or should I be looking for something else?
Maybe the switch you used to test is better at autonegotiating speed and duplex then your other kit? Don't give up yet! :)
Cheers.
-Mark
----------------------------------------------------------- This message may contain confidential and/or privileged information. This information is intended to be read only by the individual or entity to whom it is addressed. If you are not the intended recipient, you are on notice that any review, disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete or destroy any copy of this message.
On Sun, 25 May 2008 11:59:29 +0100 (BST) "Mark Ridley" mark@webb-heath.com allegedly wrote:
- Now the bit that really confuses me. If I now connect an
external switch to any port on the Asus and then connect any new wired device through that switch, it all works fine.
Sounds like this could be a speed/duplex mismatch. Can you confirm speed/duplex? I tend to force things to 100/full just to be on the safe side.
Mark
Thanks for this. But I don't think that can be it.
A duplex mismatch would only manifest itself at high transmission rates (which can make it difficult to diagnose). The sort of traffic I am generating in a simple ping test should not cause any difficulty and I should not get the ICMP "host unreachable" response. (And forcing 100/full would defeat the purpose of autonegotiation and might actually cause later problems when a device tries to autonegotiate with the fixed device).
I can't do anything about the switch settings anyway. The Asus is a home DSL device with an umanaged switch in it. It is designed to be plug and play for any home user. I have just changed the OS.
So - have I just got a duff switch in the Asus (and if so, why the hell does it work when I connect another switch)? Or should I be looking for something else?
Maybe the switch you used to test is better at autonegotiating speed and duplex then your other kit? Don't give up yet! :)
Oh, I'm not about to give up! I've got bugger all else to do on wet bank holiday sunday.
Mick
---------------------------------------------------------------------
This is a Microsoft free zone. Please do not send me Microsoft Word Documents. For some reasons, see:
www.gnu.org/philosophy/no-word-attachments.html www.goldmark.org/netrants/no-word/attach.html ---------------------------------------------------------------------
On Sun, 2008-05-25 at 15:32 +0100, mbm wrote:
A duplex mismatch would only manifest itself at high transmission rates (which can make it difficult to diagnose). The sort of traffic I am generating in a simple ping test should not cause any difficulty and I should not get the ICMP "host unreachable" response. (And forcing 100/full would defeat the purpose of autonegotiation and might actually cause later problems when a device tries to autonegotiate with the fixed device).
Not always true, I have had auto-negotiation problems cause all manner of issues regardless of volume of traffic. inc devices randomly disconnecting, intermittent routing of packets..frame corruption etc etc. That said these problems are far rarer than they used to be.
On Sat, May 24, 2008 at 05:33:52PM +0100, mbm wrote:
This not strictly a Linux/OSS question (unless the fact that the router in question is running openwrt counts), but I ask because there are bound to be network experts here and I'm going crazy.
I have an Asus WL500G wireless router connected to my DSL router. This lets me partition my network into two in a classic screened subnet architecture. Thusly:
outside | [DSL]---------DMZ hosts------- | | | [ASUS] | | inside (both wired and wireless)
DMZ net is 192.168.1.0, inside net is 192.168.10.0
So you have the wired and wireless networks bridged? Is the Asus doing NAT for you, or all NAT on the ADSL device?
As I said, the Asus is running x-wrt (a flavour of openwrt with a nice web interface on top). The Asus has 4 lan ports, 1 wan port and the wifi interface.
I have the following situation:
- No problem with wifi. Any and all wifi devices I configure can
connect, they can see all relevant hosts (including my dnsmasq DNNS/DHCP server) and can reach the 'net. So all hunkydory.
Is the dnsmasq server on the Asus, or elsewhere?
- No problem with any /single/ wired lan connection in any of the
lan ports (i.e all is good to go as in the wifi connection). So again, all hunkydory (and it doesn't matter which lan port I use.)
DHCPing on the lan connection?
- But - as soon as I connect any second wired device to the Asus, I
get connection failures (ICMP errors "Destination Host Unreachable"). Oddly, if I leave a device connected running a ping I get most traffic dropped (of the order of 90%) but intermittently I get connection responses.
ICMP errors to where? Any problems with traffic between 2 wired hosts? Between a wired host and a wireless host? Between a wired host and a host in the DMZ? Between the wired host and the outside world? Or all of the above?
- Now the bit that really confuses me. If I now connect an
external switch to any port on the Asus and then connect any new wired device through that switch, it all works fine.
So - have I just got a duff switch in the Asus (and if so, why the hell does it work when I connect another switch)? Or should I be looking for something else?
J.
On Tue, 27 May 2008 14:41:11 +0100 Jonathan McDowell noodles@earth.li allegedly wrote:
So you have the wired and wireless networks bridged? Is the Asus doing NAT for you, or all NAT on the ADSL device?
Yes.The wired and wireless networks are bridged. Both networks are on 192.168.10.0/24. The WAN is separate on 192.168.1.0/24 (The interface actually has address 192.168.1.254 with default GW as 192.168.1.1 - i.e. the internal address address of my ADSL router). The ASUS also does NAT (so my internal network is behind two NAT routers.) The VLAN config (the default for the openwrt build) looks like this:
VLAN0 12345 ports together to form the LAN VLAN1 05 ports together to form the WAN
(where port 5 is the internal port). So any of the physical ports 1,2,3 or 4 or the wireless port are all on one VLAN and this is mapped to my internal network. I can confirn that this works because I can pick any single one port and/or the wireless and everything works as it should.
Is the dnsmasq server on the Asus, or elsewhere?
No. The dnsmasq is on a separate server (on 192.168.10.10). That dnsmasq server will issue (fixed) DHCP addresses to any of my wireless devices mapped in /etc/ethers. Other machines have fixed IP addresses.
DHCPing on the lan connection?
See above.
ICMP errors to where? Any problems with traffic between 2 wired hosts? Between a wired host and a wireless host? Between a wired host and a host in the DMZ? Between the wired host and the outside world? Or all of the above?
All of the above. Errors to anywhere. It is really weird. I can pick any port for the first connection and any (remaining) port for the second connection and that second connection consistently fails /unless/ I add another switch in the way.
I have no clue. :-(
Mick
---------------------------------------------------------------------
This is a Microsoft free zone. Please do not send me Microsoft Word Documents. For some reasons, see:
www.gnu.org/philosophy/no-word-attachments.html www.goldmark.org/netrants/no-word/attach.html ---------------------------------------------------------------------
[There is no need to CC me on replies; I read the list.]
On Tue, May 27, 2008 at 04:07:42PM +0100, mbm wrote:
On Tue, 27 May 2008 14:41:11 +0100 Jonathan McDowell noodles@earth.li allegedly wrote:
Is the dnsmasq server on the Asus, or elsewhere?
No. The dnsmasq is on a separate server (on 192.168.10.10). That dnsmasq server will issue (fixed) DHCP addresses to any of my wireless devices mapped in /etc/ethers. Other machines have fixed IP addresses.
DHCPing on the lan connection?
See above.
So you DHCP through the NAT? Interesting.
ICMP errors to where? Any problems with traffic between 2 wired hosts? Between a wired host and a wireless host? Between a wired host and a host in the DMZ? Between the wired host and the outside world? Or all of the above?
All of the above. Errors to anywhere. It is really weird. I can pick any port for the first connection and any (remaining) port for the second connection and that second connection consistently fails /unless/ I add another switch in the way.
If you are finding that 2 hosts connected to the wired switch on the ASUS are seeing errors talking to each other I'd be suspecting an electrical fault with the ASUS. There shouldn't be any software involvement there once the switch chip is configured to bridge the various ports appropriately.
(I've had a wl500g myself in the past, running vanilla OpenWRT though not bridging the wired/wireless networks and never saw a similar problem.)
J.
On Tue, 27 May 2008 16:19:53 +0100 Jonathan McDowell noodles@earth.li allegedly wrote:
So you DHCP through the NAT? Interesting.
Actually no. The DHCP server is on the same internal .10.0 lan as the rest of my network. The DMZ .1.0 net has fixed IP addresses.
If you are finding that 2 hosts connected to the wired switch on the ASUS are seeing errors talking to each other I'd be suspecting an electrical fault with the ASUS. There shouldn't be any software involvement there once the switch chip is configured to bridge the various ports appropriately.
You are probably right. I bought the Asus second hand from a bloke on Amazon (they don't seem to be available any more and the WRTSL54Gs are equally difficult to source). I tested it with a laptop (wired and wireless) before reflashing and it all seemed OK. But of course I did not connect multiple wires until after reflashing. So I have no idea whether it was faulty before. Oh well.
Anyone got another ASUS WL500GD they don't want? Or a Linksys WRTSL54GS?
(I've had a wl500g myself in the past, running vanilla OpenWRT though not bridging the wired/wireless networks and never saw a similar problem.)
So what did you do? Disable the wireless? Or put it on a separate VLAN with a different subnet?
Mick ---------------------------------------------------------------------
This is a Microsoft free zone. Please do not send me Microsoft Word Documents. For some reasons, see:
www.gnu.org/philosophy/no-word-attachments.html www.goldmark.org/netrants/no-word/attach.html ---------------------------------------------------------------------
On Tue, May 27, 2008 at 04:52:39PM +0100, mbm wrote:
On Tue, 27 May 2008 16:19:53 +0100 Jonathan McDowell noodles@earth.li allegedly wrote:
(I've had a wl500g myself in the past, running vanilla OpenWRT though not bridging the wired/wireless networks and never saw a similar problem.)
So what did you do? Disable the wireless? Or put it on a separate VLAN with a different subnet?
VLANs weren't involved; the wifi is a separate interface and if you don't create a bridge then it can be configured with a separate subnet. I always try to do this - that way I can trust my wired network more than the wireless one rather than having the wireless network reduce the trust of the wired one.
J.
-
Jonathan McDowell -
Mark Ridley -
mbm -
Wayne Stallwood