I recently had to delete several dangerous SPAM comments from my blog. While most of the comments were just plain old SPAM there was one or two that were very dangerous and had links to sites that would almost immediately infect a computer with all sorts of nasty spyware including root kits.
While I'm not a security expert I do spend a lot of my time performing network security related tasks. So I started wondering how is this SPAM was getting by Google's CAPTCHA engine?
After performing some research I found a very interesting Google Tech Talk presentation on Human Computation. The initial part of the discussion describes CAPTCHA and how some folks are trying to circumvent the solution.
You can find all the Google Tech Talks here.
Cheers!
Sunday, March 30, 2008
CAPTCHA
Monday, March 24, 2008
Multicast Routing Protocol (Part 1)
I was originally just going to write about DVMRP, but I've also decided to post some basic examples for setting up PIM-SM. I'll break this post into two parts; first part will look at utilizing DVMRP to setup a simple Multicast domain on a single switch while the second part will look at utilizing PIM-SM across multiple switches.
We have a few Nortel Contact Center (formerly Symposium) installations deployed throughout the organization. The Nortel Agent Desktop Display (ADD) utilizes multicast to distribute the information between the server and the individual clients. Unless the clients are in the same VLAN as the server (Application/Web server and Database server) you're going to need a Multicast Routing Protocol to facilitate the multicast communications between VLANs. I should point out that at this point I'm only talking about making multicast traffic available between VLANs on a single Nortel Ethernet Routing Switch 8600.
Note: Nortel Contact Center 6.0 appears to use the following two Multicast addresses by default; 230.0.0.1, 230.0.0.2Unfortunately I didn't have a spare Contact Center server to test with so I needed to figure out how I could test multicast traffic ahead of time and then just schedule any changes that needed to be made to facilitate inter-VLAN multicast communications. I recalled that VideoLAN - VLC media player could stream audio/video via multicast.
In order to test I setup two laptops running Windows XP Service Pack 2, laptop A (10.1.55.50/24) on VLAN 55 (10.1.55.0/24) and laptop B (10.1.56.50/24) on VLAN 56 (10.1.56.0/24).
Laptop A will be the broadcast server and stream the video while laptop B will be the client.
Let's setup the ERS 8600 switch;
ERS-8610:6# config vlan 55 create byport 1
ERS-8610:6# config vlan 55 ip address 10.1.55.5/24
ERS-8610:6# config vlan 55 ip ospf enable
ERS-8610:6# config vlan 55 ip vrrp 1 10.1.55.1
ERS-8610:6# config vlan 55 ip dvmrp enable
ERS-8610:6# config vlan 56 create byport 1And then some global settings;
ERS-8610:6# config vlan 56 ip address 10.1.56.5/24
ERS-8610:6# config vlan 56 ip ospf enable
ERS-8610:6# config vlan 56 ip vrrp 1 10.1.56.1
ERS-8610:6# config vlan 56 ip dvmrp enable
ERS-8610:6# config ip dvmrp enableNow we need to look at how to make VLC do what we need;
ERS-8610:6# config ip ospf enable
Once you install VLC and start the program you will be greeted by this lightweight frontend.
Click File -> Open File to bring up the Open dialog box.
Your selection should appear in the text box next to the Browse button. Click the check box for Stream Output and then click the button Settings.
If you wish to view the video on the source laptop then check the box next to Play Locally under Output Methods. When streaming to another system you don't have to play the file on the server, but you can use this option to visually confirm that our video is playing properly before trying to access the stream from another computer.
Check the box marked UDP and type in the Muticast address you want to stream the file to. You should use a local-scope multicast address between 239.0.0.0 - 239.255.255.255. You should also make sure that the Time-To-Live (TTL) is set to 2. Then click OK. The file is ready to play so click OK in the Open dialog box too.
The video or audio file should begin playing on the computer. The last thing to do before switching to the second laptop is to turn on VLC's web interface by clicking Settings -> Add Interface -> Web Interface. This will help provide remote control over VLC if we should need it from the second laptop.
Open VLC on the second laptop.
Click on File -> Open Network Stream. Select UDP/RTP Multicast and use the same Multicast address you use on the server. Click the OK button and VLC will start playing your stream.
Now that the stream is successfully playing on your computer you can open up a web browser to control VLC remotely. Type http://
If you want to make sure that VLC is configured and working properly move both laptops to the same VLAN. If the video stream works then you know that VLC is working properly and you need to focus the network configuration.
Note: Windows XP defaults to IGMP v3 which is fine for this test.You can use the following commands to troubleshoot the network pieces. In the examples below I had the laptops connected to an ERS 5520 switch which was uplink on port 1/1. That is why the port is reported as 1/1 throughout the different commands.
DVMRP
IGMP
ERS-8610:6# show ip dvmrp info
==================================================================
Dvmrp General Group
==================================================================
AdminStat : enabled
Genid : 0x47c42ef1
Version : 3
NumRoutes : 2
NumReachableRoutes : 2
UpdateInterval : 60
TriggeredUpdateInterval : 5
LeafTimeOut : 125
NbrTimeOut : 35
NbrProbeInterval : 10
FwdCacheTimeout : 300
RouteExpireTimeout : 140
RouteDiscardTimeout : 260
RouteSwitchTimeout : 140
ShowNextHopTable : disable
generate-trap : disable
generate-log : disable
PruneResend : disable
ERS-8610:6# show ip dvmrp interface
================================================================================
Dvmrp Interface
================================================================================
DEFAULT DEFAULT DEFAULT ADVERTISE
IF ADDR METRIC OPERSTAT LISTEN SUPPLY METRIC SELF
-------------------------------------------------------------------------------
Vlan55 10.1.55.1 1 up enable disable 1 enable
Vlan56 10.1.56.1 1 up enable disable 1 enable
2 out of 2 entries displayed
--------------------------------------------------------------------------------
IF ADDR IN-POLICY OUT-POLICY INTF TYPE
--------------------------------------------------------------------------------
Vlan55 10.1.55.1 Active
Vlan56 10.1.56.1 Active
2 out of 2 entries displayed
ERS-8610:6# show ip dvmrp route
================================================================================
Dvmrp Route
================================================================================
SOURCE MASK UPSTREAM_NBR INTERFACE METRIC EXPIRE
--------------------------------------------------------------------------------
10.107.55.0 255.255.255.0 0.0.0.0 Vlan55 1 155
10.107.56.0 255.255.255.0 0.0.0.0 Vlan56 1 155
2 out of 2 entries displayed
Hopefully I haven't gone over the top on this one.
ERS-8610:6# show ip igmp cache
================================================================================
Igmp Cache
================================================================================
GRPADDR INTERFACE LASTREPORTER EXPIRATION V1HOSTTIMER TYPE STATICPORTS
--------------------------------------------------------------------------------
239.255.1.1 Vlan56 10.1.56.50 213 0 DYNAMIC NULL
239.255.255.250 Vlan55 10.1.55.50 214 0 DYNAMIC NULL
239.255.255.250 Vlan56 10.1.56.50 219 0 DYNAMIC NULL
3 out of 3 entries displayed
ERS-8610:6# show ip igmp group
================================================================================
Igmp Group
================================================================================
GRPADDR INPORT MEMBER EXPIRATION TYPE
-------------------------------------------------------------------------------
239.255.1.1 V56-1/1 10.1.56.50 209 Dynamic
239.255.255.250 V55-1/1 10.1.55.50 210 Dynamic
239.255.255.250 V56-1/1 10.1.56.50 215 Dynamic
Total number of groups 3
Total number of unique groups 2
ERS-8610:6# show ip igmp sender
================================================================================
Igmp Sender
===============================================================================
GRPADDR IFINDEX MEMBER PORT STATE
--------------------------------------------------------------------------------
239.255.1.1 Vlan 55 10.1.55.50 1/1 NOTFILTERED
1 out of 1 entries displayed
Please post any comments, corrections or suggestions.
Cheers!
Saturday, March 22, 2008
Power over Ethernet Plus (PoE+)
I just recently learned that the majority of 802.11n products in design will likely out pace the current 13-15 watts of power provided by the 802.3af specification. It seems the IEEE is already working on 803.at, a new specification labeled "PoE+" by some.
What does this mean for the thousands of PoE (802.3af) ports already deployed throughout organizations?
Here's a good article, A Look at POE Plus, in Network Computing by Peter Morrissey.
There are also some interesting articles over at Network World regarding 802.11n.
I'm not sure about everyone else out there but I won't be rushing to deploy 802.11n or 802.3at gear anytime soon. We've actually standardized on using PoE capable network switches throughout the network going forward. The price cost between a PoE switch and a non-PoE switch is almost negligible when you consider the time and effort required to replace that switch in the future if PoE is required for some new application.
If you're seriously thinking about deploying 802.11n you'll need to consider how you're going to power those devices.
Cheers!
Wednesday, March 19, 2008
Nortel Business Ethernet Switch 110
In June 2006 Nortel released a whole new line of class Ethernet Switches for small to medium sized businesses. While these switches don't support the latest and greatest enterprise features they seem to be a very good value for those small businesses.
There are multiple models to choose from in both the 24port and 48port form factors, there are PoE (Power over Ethernet) models as well.
A full list of the models and there feature sets can be found here.
There are some re-occuring questions from folks that I thought I would post on;
What is the default username and password?
Username: nnadminHow can I factory reset the switch or recover the password?
Password: PlsChgMe!
There is a reset button in the front of the switch depicted in the figure below as (2);What is the default IP address of the switch?
The default IP address is 192.168.1.132 with a subnet mask of 255.255.255.0.How can I login to the switch?
Just give your desktop or laptop a static IP address in the 192.168.1.0/24 network, connect your desktop or laptop to any of the RJ45 ports and open a web browser to http://192.168.1.132.While I'm happy to post this information here let me just point out that all this information is in the documentation if you chose to RTFM.
Cheers!
Monday, March 17, 2008
Happy St. Patrick's Day
It's really amazing how fast the days, weeks and months go by. If you're looking for to listen to some traditional and folk music straight from Dublin, Ireland browse over to www.liveireland.com.
Tuesday, March 11, 2008
How to set passwords from the CLI?
There have been quite a few comments posted to the Factory Reset Nortel Ethernet Switch article. One of those comments requested some help in how to set the passwords from the CLI (command line interface). You'll obviously need the read-write password in order to login to the switch and reset the passwords. Without the read-write password you'll need to factory reset the switch.
Note: I'm still trying to figure out the best way to display the CLI stuff... if I use the PRE HTML tag the font is really too small, if I don't use the PRE HTML tag the formatting (spacing) gets lost making it difficult to compare the post with the real world output from a CLI interface.
Nortel Ethernet Routing Switch 5500 Series (v5.1)
Here's how to set the passwords on the Nortel Ethernet Routing Switch 5500 Series (v5.1 software).
5520-48T-PWR>enableWhat's the syntax to set the read-only and read-write passwords?
5520-48T-PWR#config term
Enter configuration commands, one per line. End with CNTL/Z.
5520-48T-PWR(config)#cli password ?We'll use the commands below to set the read-only (RO) password to "readonlypassword" and the ready-write (RW) passwords to "readwritepassword";
read-only Modify read-only password
read-write Modify read-write password
serial Enable/disable serial port password.
telnet Enable/disable telnet and web password.
5520-48T-PWR(config)#cli password read-only readonlypasswordWhat is the syntax to enable the passwords on the serial and telnet interfaces?
5520-48T-PWR(config)#cli password read-write readwritepassword
5520-48T-PWR(config)#cli password serial ?We'll use the commands below to set the serial and telnet interface to use the local passwords we've just configured above. You could also use RADIUS and TACACS authentication if you set it up.
local Use local password.
none Disable password.
radius Use RADIUS password authentication.
tacacs Use TACACS+ AAA services
5520-48T-PWR(config)#cli password telnet ?
local Use local password.
none Disable password.
radius Use RADIUS password authentication.
tacacs Use TACACS+ AAA services
5520-48T-PWR(config)#cli password serial localAnd let's not forget to save the configuration file (even though the switch should auto-save it).
5520-48T-PWR(config)#cli password telnet local
5520-48T-PWR(config)#copy config nvramNortel Ethernet Routing Switch 4500 Series (v5.0)
5520-48T-PWR(config)#exit
5520-48T-PWR#disable
5520-48T-PWR>
The Nortel Ethernet Routing Switch 4500 Series (v5.0 software) is piratically identical to the 5500 series except that it does not yet support TACACS authentication.
4548GT-PWR(config)#cli password ?Nortel Ethernet Switch 460/470 (v3.7.2)
read-only Modify read-only password
read-write Modify read-write password
serial Enable/disable serial port password.
telnet Enable/disable telnet and web password.
4548GT-PWR(config)#cli password serial ?
local Use local password.
none Disable password.
radius Use RADIUS password authentication.
4548GT-PWR(config)#cli password telnet ?
local Use local password.
none Disable password.
radius Use RADIUS password authentication.
The Nortel Ethernet Switch 460/470 (v3.7.2 software) is identical to the ERS 4500 series.
470-48T>enableHopefully this should help a few folks out.
470-48T#config term
Enter configuration commands, one per line. End with CNTL/Z.
470-48T(config)#cli password ?
read-only Modify read-only password
read-write Modify read-write password
serial Enable/disable serial port password.
telnet Enable/disable telnet and web password.
470-48T(config)#cli password serial ?
local Use local password.
none Disable password.
radius Use RADIUS password authentication.
470-48T(config)#cli password telnet ?
local Use local password.
none Disable password.
radius Use RADIUS password authentication.
Cheers!
Saturday, March 8, 2008
How to find a wireless device ?
In this post I'll review how you can find a specific wireless device on your Motorola WS5100 Wireless LAN Switch.
We want to locate the following device wireless-laptop.acme.org so we need to start by identifying the IP address of the device. Thanks to Dynamic DNS we can be assured that our DNS servers will have that information.
C:\>nslookup wireless-laptop.acme.org.In most circumstances we'd now need to identify the MAC address of the wireless device. We can skip that step since the WS5100 will have the IP address of the client for us to search against.
Server: 10.1.1.1
Address: 10.1.1.1#53
Name: wireless-laptop.acme.org
Address: 10.1.195.55
WS5100# show wireless mobile-unitNow that we have the MU (Mobile Unit) index (the first number on the line) we can get the full details;
Number of mobile-units associated: 23
index MAC-address radio type wlan vlan/tunnel ready IP-address last active
1 00-1B-77-30-DF-80 30 11a 1 vlan 18 Y 10.1.195.57 1 Sec
2 00-20-E0-1A-0F-E5 58 11a 1 vlan 18 Y 10.1.195.48 20 Sec
3 00-13-E8-86-DF-F3 30 11a 1 vlan 18 Y 10.1.195.96 0 Sec
4 00-15-00-32-8C-EC 19 11a 1 vlan 18 Y 10.1.195.31 31 Sec
5 00-15-00-32-D6-46 29 11a 1 vlan 18 Y 10.1.195.50 16 Sec
6 00-15-00-32-D3-67 1 11g 2 vlan 17 Y 10.1.194.54 4 Sec
7 00-A0-F8-D4-46-9C 2 11b 4 vlan 22 Y 10.1.206.53 223 Sec
8 00-A0-F8-D4-48-FD 1 11b 4 vlan 22 Y 10.1.206.207 215 Sec
9 00-1B-77-2A-99-05 30 11a 1 vlan 18 Y 10.1.195.55 7 Sec
10 00-18-DE-7A-76-D0 30 11a 1 vlan 18 Y 10.1.195.67 16 Sec
11 00-16-6F-1D-F1-B9 1 11g 2 vlan 17 Y 10.1.194.44 6 Sec
12 00-1B-77-31-11-77 30 11a 1 vlan 18 Y 10.1.195.68 4 Sec
13 00-90-7A-04-16-5F 1 11b 3 vlan 21 Y 10.1.198.52 11 Sec
14 00-A0-F8-D6-3C-2A 1 11b 4 vlan 22 Y 10.1.206.70 652 Sec
15 00-A0-F8-D4-45-A5 2 11b 4 vlan 22 Y 10.1.206.252 170 Sec
16 00-13-E8-5B-ED-73 30 11a 1 vlan 18 Y 10.1.195.106 4 Sec
17 00-13-E8-5B-EE-39 30 11a 1 vlan 18 Y 10.1.195.111 23 Sec
18 00-18-DE-7A-9E-3A 30 11a 1 vlan 18 Y 10.1.195.77 20 Sec
20 00-90-7A-03-5E-C7 1 11b 3 vlan 21 Y 10.1.198.50 23 Sec
21 00-13-E8-86-C8-55 30 11a 1 vlan 18 Y 10.1.195.107 5 Sec
22 00-A0-F8-D4-48-5F 1 11b 4 vlan 22 Y 10.1.206.145 124 Sec
24 00-13-E8-86-C7-E7 30 11a 1 vlan 18 Y 10.1.195.110 10 Sec
26 00-1B-77-2A-5C-6C 30 11a 1 vlan 18 Y 10.1.195.81 37 Sec
Note: if you have a lot of mobile units you can use grep;
WS5100# show wireless mobile-unit | grep "10.1.195.55"
9 00-1B-77-2A-99-05 30 11a 1 vlan 18 Y 10.1.195.55 7 Sec
WS5100# show wireless mobile-unit 9In the information above we can see that the MU is associated to radio 30, so let's look at radio 30;
MAC: 00-1B-77-2A-99-05, IP Address: 10.1.195.55, Type: 11a, State: data-ready
Radio Config Index: 30, Bssid: 00-15-70-12-1D-78
Wlan: 1, Vlan: vlan 18, Voice: N, Powersave: N, Classification: normal
Encryption Type: tkip (key index: 1) Authentication Type: eap
Last Assoc: 7990 seconds ago, Last Activity: 23 seconds ago, Roam-Count: 18
DHCP state : DHCPNONE AP Scan Support: N
Session Timeout: 100 days 00:00:00 Idle Timeout: 0 days 00:30:00
WS5100# show wireless radio 30It doesn't look like the Motorola switch shows us the radio description above so we'll need to use another command to get the description;
Radio: 30, Mac: <00-15-70-11-34-32>, Type: 11a, ap Index: 7, vlan 198
Current Channel: 36 [5180 MHz], Configured Channel: acs
Current Power: 17 dBm, Max ESS: 16, Max BSS: 4, Num Mu: 11
BSS: 00-15-70-12-1D-78, State: normal
Current Data-Rates/Speed: basic6 9 basic12 18 basic24 36 48 54
Last Adoption: 0 days 20:55:16 ago
Configuration:
Adoption-pref-id: 0
Max-mobile-unit: 256, Detector: N, On-channel-scan: N
WLAN-BSS mapping: [BSS 1]: 1
RTS-thres: 2346 bytes, Beacon-intvl: 100 K-uSec
Dtim-count: [BSS 1]: 10 beacons
Dtim-count: [BSS 2]: 10 beacons
Dtim-count: [BSS 3]: 10 beacons
Dtim-count: [BSS 4]: 10 beacons
CCA level: 1, CCA Mode: 1, mobile-unit power: 0 dBm
Short-Preamble: disabled, Antenna-Mode: diversity (both antennas)
Placement: indoor, Channel-Mode: acs, Power: 20 dBm
Data-Rates/Speed: basic6 9 basic12 18 basic24 36 48 54
WMM [best-effort]: aifsn: 3 txop-limit: 0 cwmin: 4 cwmax: 6
admission-control: disabled, max-mobile-unit: 32
WMM [background]: aifsn: 7 txop-limit: 0 cwmin: 4 cwmax: 10
admission-control: disabled, max-mobile-unit: 32
WMM [video]: aifsn: 1 txop-limit: 94 cwmin: 3 cwmax: 4
admission-control: disabled, max-mobile-unit: 32
WMM [voice]: aifsn: 1 txop-limit: 47 cwmin: 2 cwmax: 3
admission-control: disabled, max-mobile-unit: 32
WS5100# show wireless radio config 30So it looks like the device we're looking for, wireless-laptop.acme.org (10.1.193.55), is connected to radio 30 (802.11a) which has a description of "Main Building Lobby". While this will give you an idea of the basic location it doesn't provide you a specific location. While there are new APIs in the WS5100 and RFS7000 that can provide locationing by means of triangulation between multiple Access Ports, they require external applications and management software.
Radio: 30, Description: Main Building Lobby, MAC: 00-15-70-11-34-32
Radio Type: 11a, AP Type: ap300
Adoption-pref-id: 0
Max-mobile-unit: 256, Detector: N, On-channel-scan: N
WLAN-BSS mapping: [BSS 1]: 1
RTS-thres: 2346 bytes, Beacon-intvl: 100 K-uSec
Dtim-count: [BSS 1]: 10 beacons
Dtim-count: [BSS 2]: 10 beacons
Dtim-count: [BSS 3]: 10 beacons
Dtim-count: [BSS 4]: 10 beacons
CCA level: 1, CCA Mode: 1, mobile-unit power: 0 dBm
Short-Preamble: disabled, Antenna-Mode: diversity (both antennas)
Placement: indoor, Channel-Mode: acs, Power: 20 dBm
Data-Rates/Speed: basic6 9 basic12 18 basic24 36 48 54
WMM [best-effort]: aifsn: 3 txop-limit: 0 cwmin: 4 cwmax: 6
admission-control: disabled, max-mobile-unit: 32
WMM [background]: aifsn: 7 txop-limit: 0 cwmin: 4 cwmax: 10
admission-control: disabled, max-mobile-unit: 32
WMM [video]: aifsn: 1 txop-limit: 94 cwmin: 3 cwmax: 4
admission-control: disabled, max-mobile-unit: 32
WMM [voice]: aifsn: 1 txop-limit: 47 cwmin: 2 cwmax: 3
admission-control: disabled, max-mobile-unit: 32
Obviously you'll need to make sure that you've put descriptive locations on each radio (AP300) through the Motorola console when configuring/installing the APs.
Cheers!
Sunday, March 2, 2008
Ethernet Frames Maligned
I thought I would share this story with everyone. We had discovered an issue with Ethernet frames being maligned/corrupted between the Motorola Access Port 300 (AP300) and the Motorola Wireless (WS5100) LAN Switch.
We had a ticket open with Motorola trying to understand why a significant number of our AP300s were rebooting themselves at odd hours during the early morning. Motorola had requested that we provide network traces at the Access Point and Wireless Switch. Surprisingly Motorola came back and pointed out that the payload in some of the Ethernet frames was getting modified between the Wireless Switch and the Access Port.
The fundamental equipment involved in this problem were as follows; Nortel Ethernet Switch 460 (ES 460), Ethernet Switch 470 (ES 470), Ethernet Routing Switch 5520 (ERS 5520), Ethernet Routing Switch 8600 (ERS8600); Motorola Wireless LAN Switch 5100 (WS5100) and Access Ports 300(AP300).
The Motorola WS5100s and AP300s are physically connected over the same Layer 2 Ethernet network. The “Ethernet 1” port on the WS5100 is connected to a Virtual Local Area Network (VLAN) which provides a single broadcast domain for all AP 300s to connect to the WS5100. The “Ethernet 2” port on the WS5100 is used as a trunk interface to bridge between the WLANs (wireless) and VLANs (wired) segments. We essentially have core switches and edge switches (distribution is collapsed down into the core). The core switch can be a single ERS8600 or a pair of ERS8600s (Layer 3) connected via an IST (Inter-Switch Trunk). At the edge we generally deploy ES470(Layer 2) or ERS5520(Layer 2). We have deployed ES460s (PoE) into closets where ES470s are already present to specifically support PoE and the wireless network.
Here is a quick topology of the network with respect to the WS5100s and AP300s.
We recently started deploying the ERS5520s (in place of the ES470s) which directly support PoE allowing us to deploy one less piece of equipment at the edge and also provides one less bridge (hop) to switch through.
We have been plagued by a problem that is affecting the Motorola AP300s causing them to randomly reset and re-adopt at different times of the day without warning or cause. In searching for the cause of this problem we’ve documented numerous Ethernet frames being maligned as they travel from the AP300 to the WS5100.
With respect to the examples I’m going to draw the following topology applies;
It should be noted that we do use the ES460s and ERS5520s to remark the 802.1p bits in the Ethernet frame so we can provide some measure of QoS with respect to the Nortel (Spectralink) Wireless LAN phones that we currently have deployed. In essence we mark all Ethernet packets on the “APVLAN” with a QoS level of 4 (“Gold”, BoSS-65530).Network Trace Analysis
I will refer to the following two trace files;
"ers460side1.pcap" closet ES460 traceI tried to merge up the two traces so each trace is synchronous with the other. We'll focus on packet 3, you can see in the closet ES460 trace that bytes 15 and 16 are 0x20 and 0x12 respectively.
"ers8600side1.pcap" core ERS8600 trace
Looking at the other trace you can see that bytes 15 and 16 are different than in the first trace. You can see that the bits in 16 have been shifted to bytes 26.
You can again see the same problem in packet 4;
You can see it again in packets 6, 7, 10, 39, 43, 45, etc.
In the end the problem turned out to be a software/hardware issue with the Nortel Ethernet Routing Switch 8600. If DiffServ was enabled on the Ethernet port that was being mirrored, the mirrored data was somehow getting corrupted in the process of copying the packets. Once we disabled DiffServ on the Ethernet port the problem disappeared. We opened a case with Nortel but were told that it would be handled as an enhancement request, not a correction request (go figure!).
I personally no longer trust either the port mirror or packet capture facilities of the Nortel ERS 8600 and rely on physical taps so there can be no doubt or questions about the validity of the capture data.
We still have issues with our Motorola AP300s rebooting from time to time but they have been much better since Motorola released v2.1.3 software for the WS5000/WS5100s. We are currently working with Motorola to resolve issues in their v3.x software line that is causing our Nortel 2211 (Spectralink) wireless phones to occasionally reboot while idle and roaming.
Cheers!
Subscribe to:
Posts (Atom)
