New Adtrans 12 Port Switch, putting devices in "Public Network"

[xendrome]

So I have an office with various devices nad 3  workstations, they are all joined to a domain. Working on a VOIP project with new Adtrans POE switches. This one I figured I would setup and test. The problem I am having is, once I connect the PCs to the switch, they seem to take a long time "Identifying Network" then default to "Public" instead of the domain.

 

PC IP example

IP: 172.16.50.115

Subnet: 255.255.255.0

Gateway: 172.16.50.254 (Sonicwall Router/Internet Access)

DNS1: 172.16.50.6 (Server 2008 R2 DNS)

DNS2: 172.16.50.5 (Server 2008 R2 DNS)

 

Adtrans Switch:

VLAN Interface

IP:172.16.50.132

Subnet:255.255.255.0

Gateway:172.16.50.254

DNS: Same two as above.

 

I can get to all of my resources internally and externally and access the Adtrans Switch GUI, But it is like something is being blocked or not passing along to let the domain info get to the client.

 

If I hook the old dummy switch back up and reboot the clients, they work as normal and show the domain under network location.

 

Any ideas anyone?

 

[sc302 Veteran]

how many switches do you have?  what does the network look like?  is the adtran switch on the same vlan identifier that the pcs are connecting to as the upper level switch/router/firewall?  Vlan1 2 3, etc...

 

dummy switch would get whatever as it is a dummy switch...a managed switch the default vlan is 1 and can cause weird issues if the adtran vlan is 1 and the upper switch vlan is 20....

 

[xendrome]

1 hour ago, sc302 said:

how many switches do you have?  what does the network look like?  is the adtran switch on the same vlan identifier that the pcs are connecting to as the upper level switch/router/firewall?  Vlan1 2 3, etc...

 

dummy switch would get whatever as it is a dummy switch...a managed switch the default vlan is 1 and can cause weird issues if the adtran vlan is 1 and the upper switch vlan is 20....

 

Sonicwall>Dummy Switch With Fiber>Fiber to Another Dummy Switch>Domain Controller/DNS Servers>

                                       |

                                       |__________Adtrans Switch>3 computers

 

Short version above, there are additional sites connected via fiber past these switches but to keep it simple. I really don't even care about VLANS at this point, I just want to swap out the switches one by one and configure the VLAN/QOS later for the VOIP stuff we are putting in. The Adtrans seems to default to a VLAN of 1.

 

The PCs are not configured for a VLAN, want the default VLAN to default to 1 eventually for the data traffic, but am not concerned with it now.

[sc302 Veteran]

sonicwall to dummy switch with fiber

sonicwall is configured for what vlan that the dummy switch with fiber is on?

 

 

pc's are irrelevant, they will be configured for whatever vlan port that the switch is handing out or the vlan that is defined with 802.1x (dynamic vlan)....lets concentrate on the switches and what vlans are assigned to them...

[xendrome]

16 minutes ago, sc302 said:

sonicwall to dummy switch with fiber

sonicwall is configured for what vlan that the dummy switch with fiber is on?

 

 

pc's are irrelevant, they will be configured for whatever vlan port that the switch is handing out or the vlan that is defined with 802.1x (dynamic vlan)....lets concentrate on the switches and what vlans are assigned to them...

We aren't using any VLANs right now at all, Sonicwall has none setup and dummy switch has none either. I can route traffic just fine across the dummy switches and Sonicwall BTW from a computer plugged into the Adtrans with a Default VLAN of 1

[+BudMan MVC]

vlan 1 is default vlan..

 

So you have no real vlans in this network, all dummy switches.  Adding a smart switch with everything in vlan 1 is just like a dummy switch.

 

So your issue was that pcs showed the network as public? vs private - but you could still get to stuff.  Normally when PCs see the network as public they turn on their firewalls.  Which sure could block stuff.

 

Moving packets across a switch is not routing btw..

[xendrome]

Budman exactly, that's what I thought should happen.

 

I replaced a 8 port dummy switch with a 12 port Adtrans, with only a default VLAN of 1. 

 

The workstations plugged into this new 12 port Adtrans are detecting as "Unidentified Network - Public Network". And that is exactly my problem, they are turning on their FIrewalls and not obeying my GPOs to disable the Firewalls. Thus I can't remote manage them anymore.

 

If I remove the Adtrans and plug a 8 port dummy back in, they show up right away back on "Domain Network"

[+BudMan MVC]

well you have to look to how windows determines what network is what.  When the mac of their gateway changes that could do it.  It's been a while since I have gone over all the things that tell windows its on a different network.. You didn't change the IP space?

 

https://blogs.technet.microsoft.com/networking/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles/

 

There is a much better article that goes over the actual details, have to try and find it.. But from what I recall the docs on it are kind of sparse.

[sc302 Veteran]

something is changing when pluggin in the switch causing the pc to change the way it thinks....

 

defaulting the adtran would be something worth trying...if it is just a dummy swtich (no configurations) then you could do this without worry.  

 

if it is the default config, post up the config.  perhaps there is a weird config issue in the default config.

[xendrome]

19 minutes ago, BudMan said:

well you have to look to how windows determines what network is what.  When the mac of their gateway changes that could do it.  It's been a while since I have gone over all the things that tell windows its on a different network.. You didn't change the IP space?

 

https://blogs.technet.microsoft.com/networking/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles/

 

There is a much better article that goes over the actual details, have to try and find it.. But from what I recall the docs on it are kind of sparse.

Yeah no change in IP space, only thing new is this switch has an IP assigned in the main LAN subnet for management GUI. That's it.

9 minutes ago, sc302 said:

something is changing when pluggin in the switch causing the pc to change the way it thinks....

 

defaulting the adtran would be something worth trying...if it is just a dummy swtich (no configurations) then you could do this without worry.  

 

if it is the default config, post up the config.  perhaps there is a weird config issue in the default config.

It's brand new out of the box, I guess I could default it and reconfigure it again. Also firmware update maybe?

[sc302 Veteran]

I wouldn't configure it...just default and plug a computer in, see what happens.

[xendrome]

5 minutes ago, sc302 said:

I wouldn't configure it...just default and plug a computer in, see what happens.

Well, out of the box it's "Default" VLAN 1 is set to 10.10.10.1. Think that will work with clients on 172.16.50.x ?

[sc302 Veteran]

Yep

[xendrome]

I'm wondering if this Adtrans isn't causing a broadcast storm, the reason I say that is both times I have had it hooked up earlier this morning and this afternoon doing testing, there have been some intermitant failures on a couple of our WAN connections, high pings, dropping pings, etc across a few tunnnels.

[sc302 Veteran]

well...run a sniffer on the link that the ad tran is on.

[xendrome]

 

1 hour ago, sc302 said:

well...run a sniffer on the link that the ad tran is on.

I might, but I checked the other fiber switch stats and don't see a ton of broadcast traffic showing in the stats.

 

Anyone else have any other ideas?

[sc302 Veteran]

Enable logging and check for errors.   Faulty switch. Crappy code. Shot in dark without knowing or seeing the devices,  the Flux capacitor isn't fluxing

[+BudMan MVC]

Those flux capacitors can very very finicky to be sure...  I would check that..  

 

Why would there be a broadcast storm unless you have a loop?  As to what the IP address of the switch vlan 1 interface has no bearing on anything other than you being able to get to it, etc.  Out of the box with no settings it should just be dumb switch with all ports in untagged vlan 1 setup.. 

[xendrome]

So no progress with it today. I upgraded the FIrmware, which went well. Interestingly enough, the new Firmware had additional options in the main menu with features the firmware it shipped with did not even show.

 

Then I decided to do "Factory Default" from the GUI. After that, it never came back, neither on the IP I had set or the factory default VLAN IP of 10.10.10.1

 

I don't have a M/F straight serial cable here no a Serial to USB adapter. So I will have to console into it on Monday and CLI the config back to default with putty, once the cables get here. 

 

TLDR: Haven't been able to tell if new firmware/factory reset fixed the problem yet.

[+BudMan MVC]

Still wondering what you think the switch is doing??  You said you could get to everything its just windows says it was public?  Not sure how changing the firmware of the switch is going to do anything?

 

Did you look here?

https://support.microsoft.com/en-us/kb/2524478

The network location profile changes from "Domain" to "Public" in Windows 7 or in Windows Server 2008 R2

 

If the NLA service is starting before the network comes up guess that could cause a problem.  Try changing that to delayed start, also are you ports to set to port fast on the switch which may or may not be part of default setup?  If not they can take a long time to come up and your NLA could be starting first and not seeing the domain sets public...

[xendrome]

So some updates.

 

1: Took the console cable, got the 1531P (12 port) back to the original firmware and factory default (VLAN 1: 10.10.10.1 management IP), hooked it back up in a different setup like this pic below, different building, same type Netgear switch for the LAN, but no fiber this time all CAT5e and servers hook to the same switch. Laptop was a static IP of 172.16.50.114 and DCs are 172.16.50.6 and 172.16.50.5 all static.
 

Same exact issue, the laptop sits at "Identifying", then eventually comes up with "select network location" or defaults to "public" but everything works on the laptop, internet/lan resources. Just the Firewall is enabled automatically.

 

I then did another test, took a brand new 1544P (28 port) out of the box, did the exact same setup above and had the same issue. So it is not that specific switch.

 

The last test I did was, I took the 1544P down to another building with it's own internet connection, connected via a site-to-site VPN tunnel. I pulled their old dummy switch, placed this 1544P in place, and everything worked flawlessly. Computers instantly defaulted to "Domain Network" even after several reboots.

 

So at this point it appears to be some type of incompatibility with the Adtran vs Netgear switches, any idea what might cause this or what settings i could explore?

 

[sc302 Veteran]

where is the laptop pulling dhcp from?

 

do you have option 015 "DNS Domain Name" enabled and configured with your fully qualified AD domain name (company.local) on your DHCP server for that vlan ? 

Does the switch have that configuration?

Have you tried enabling DHCP on the switch interface then connecting a computer to the switch after it has obtained a dhcp'd address?

 

just taking stabs at this, in no means does this mean it isn't configured or that you haven't attempted this....I don't know your network or have any insight on how it is setup.

[xendrome]

1 hour ago, sc302 said:

where is the laptop pulling dhcp from?

 

do you have option 015 "DNS Domain Name" enabled and configured with your fully qualified AD domain name (company.local) on your DHCP server for that vlan ? 

Does the switch have that configuration?

Have you tried enabling DHCP on the switch interface then connecting a computer to the switch after it has obtained a dhcp'd address?

 

just taking stabs at this, in no means does this mean it isn't configured or that you haven't attempted this....I don't know your network or have any insight on how it is setup.

laptop is static, it's part of the domain so it has a "computername.domainname" address, is registered with the two AD DNS servers. These switches are now out of the box with a default VLAN, so basically a dummy switch with no other VLANs setup.

[sc302 Veteran]

if it is static, for giggles, in you ip properties, advanced button, dns

 

defaults in there right?  You can try the below, making sure the defaults checks and buttons are set as below.

 

 

[xendrome]

1 hour ago, sc302 said:

if it is static, for giggles, in you ip properties, advanced button, dns

 

defaults in there right?  You can try the below, making sure the defaults checks and buttons are set as below.

 

 

Actually tried that a few days ago when I was first troubleshooting. No difference, and not required with the any of the dummy switches.