Networked visited by University of Michigan

[sc302 Veteran]

45 minutes ago, BinaryData said:

Yeah, i'll put it in my rack. I've been talking with BudMan about Firewalls and switch setups.

this would be a great investment, can get you into better switching tech, but may be out of your price range

http://www.ebay.com/itm/CISCO-CATALYST-2960XR-WS-C2960XR-24TS-I-24-PORT-10-100-1000-4-SFP-IP-LITE-/172070284344?hash=item2810302c38:g:W0kAAOSwLnlWn~pM

 

some of the features

Quote

Cisco Catalyst 2960-XR IP-Lite High-Performance Routing

The Cisco hardware routing architecture delivers extremely high-performance IP routing in the Cisco Catalyst 2960-XR IP-Lite Switches:

●   IP unicast routing protocols (Static, Routing Information Protocol Version 1 [RIPv1], RIPv2, RIPng, and EIGRP-Stub) are supported for network routing applications.

●   Advanced IP unicast routing protocols (OSPF for Routed Access) are supported for load balancing and constructing scalable LANs. IPv6 routing (OSPFv3) is supported in hardware for maximum performance.

●   EIGRPv3-Stub and PIMv6-Stub are supported as a part of the IPv6 routing suite.

●   Equal-cost routing facilitates Layer 3 load balancing and redundancy across the stack.

●   Policy-based routing (PBR) allows superior control by facilitating flow redirection regardless of the routing protocol configured (for both IPv4 and IPv6).

●   Hot Standby Routing Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) provides dynamic load balancing and failover for routed links.

●   Protocol Independent Multicast (PIM) for IP multicast is supported, including PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), PIM sparse-dense mode and Source Specific Multicast (SSM).

Network Security

The Cisco Catalyst 2960-X Series Switches provide a range of security features to limit access to the network and mitigate threats, including:

●   MAC-based VLAN assignment enables different users to authenticate on different VLANs. This feature enables each user to have a different data VLAN on the same interface.

●   Cisco TrustSec uses SXP to simplify security and policy enforcement throughout the network. For more information about Cisco TrustSec security solutions, visit cisco.com/go/TrustSec.

●   Comprehensive 802.1X Features to control access to the network, including Flexible Authentication, 802.1x Monitor Mode, and RADIUS Change of Authorization.

●   IPv6 First-Hop Security enhances Layer-2 and Layer-3 network access from proliferating IPv6 devices especially BYOD devices. It protects against rogue router advertisements, address spoofing, fake DHCP replies and other risks introduced by IPv6 technology.

●   Device Sensor and Device Classifier enable seamless versatile device profiles including BYOD devices. They also enable Cisco Identity Services Engine (ISE) to provision identity based security policies. This feature is available on both the 2960-X and the 2960-XR product families.

●   Cisco Trust Anchor Technology enables easy distribution of a single universal image for all models of Catalyst 2960-X by verifying the authenticity of IOS images. This technology allows the switch to perform IOS integrity checks at boot-up by verifying the signature, verifying the Trusted Asset under Management and authenticating the license.

●   Cisco Threat Defense features including Port Security, Dynamic ARP Inspection, and IP Source Guard.

●   Private VLANs restrict traffic between hosts in a common segment by segregating traffic at Layer 2, turning a broadcast segment into a nonbroadcast multi access like segment. This feature is available in IP-Lite feature set only.

◦     Private VLAN Edge provides security and isolation between switch ports, which helps ensure that users cannot snoop on other users’ traffic.

●   Unicast Reverse Path Forwarding (uRPF) feature helps mitigate problems caused by the introduction of malformed or forged (spoofed) IP source address into a network by discarding IP packets that lack a verifiable IP source address. This feature is available in IP-Lite feature set only.

●   Multidomain Authentication allows an IP phone and a PC to authenticate on the same switch port while placing them on appropriate voice and data VLAN.

●   Access Control Lists (ACLs) for IPv6 and IPv4 for security and QoS ACEs.

◦     VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within VLANs.

◦     Router ACLs define security policies on routed interfaces for control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.

◦     Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.

●   Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3 (SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.

●   Switched Port Analyzer (SPAN), with bidirectional data support, allows Cisco Intrusion Detection System (IDS) to take action when an intruder is detected.

●   TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts unauthorized users from altering the configuration.

●   MAC Address Notification allows administrators to be notified of users added to or removed from the network.

●   Multilevel security on console access prevents unauthorized users from altering the switch configuration.

●   Bridge protocol data unit (BPDU) Guard shuts down Spanning Tree Port Fast-enabled interfaces when BPDUs are received to avoid accidental topology loops.

●   Spanning Tree Root Guard (STRG) prevents edge devices not in the network administrator’s control from becoming Spanning Tree Protocol root nodes.

●   IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of concurrent multicast streams available per port.

●   Dynamic VLAN assignment is supported through implementation of VLAN Membership Policy Server client capability to provide flexibility in assigning ports to VLANs. Dynamic VLAN facilitates the fast assignment of IP addresses.

full list:

http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-x-series-switches/data_sheet_c78-728232.html

[BinaryData]

Well, I know it's directly related to my Desktop. I've disconnected every device on the router (haven't nuked it yet), nothing on the WiFi, and only my desktop. Wondering if I picked up something bad along the way.

[+BudMan MVC]

Pretty much any smart/managed switch supports span ports so why would you want/need a hub?

 

If your client is the only one having problems then I would for sure disable that teredo that has an IP per your PM to me.. Windows out of the box is going to want to use that teredo connection.   Disable it and see if clears up your problems.

 

I am a big fan of ipv6, it is the future for sure.  I run it on my network for certain clients.. But to be honest IMHO its not quite ready for prime time in many setups.  MS with their 3 different methods to tunnel it over ipv4 does cause some issues, I really don't understand why 3 of them need to be on out of the box...  How about just letting the user pick which one they need to use..

 

As per my PM why don't you disable this and see if it clears up your issues.  Can be done with simple reg key added, or can disable the isatap, teredo, 6to4 via netsh cmds on their own.

 

netsh interface teredo set state disabled
netsh interface ipv6 6to4 set state state=disabled
netsh interface ipv6 isatap set state state=disabled

 

 

[BinaryData]

I've disabled it, and it still hasn't been resolved. Once you respond to the PM I sent you, we can check it out that way. 

[sc302 Veteran]

14 hours ago, BudMan said:

Pretty much any smart/managed switch supports span ports so why would you want/need a hub?

 

 

 

not everyone has a smart switch at home.  it is the next best thing otherwise it is poke and hope.  Just because you and I have one, doesnt mean the next guy does and they probably don't.  9 bux for a hub to help troubleshoot issues between a switch and a router...I can think of 9 bux for things that wouldn't give me the return of a hub.

[Circaflex]

1 hour ago, BinaryData said:

I've disabled it, and it still hasn't been resolved. Once you respond to the PM I sent you, we can check it out that way. 

Just for the sake of this thread, it would be nice to know what you do to eventually fix it, or what steps you took in case someone else has these issues. I get the idea of bouncing things off of each other in private, but it almost defeats the purpose of this thread if you do a lot of behind the scenes messaging and troubleshooting. Just some food for thought.

[BinaryData]

1 minute ago, Circaflex said:

Just for the sake of this thread, it would be nice to know what you do to eventually fix it, or what steps you took in case someone else has these issues. I get the idea of bouncing things off of each other in private, but it almost defeats the purpose of this thread if you do a lot of behind the scenes messaging and troubleshooting. Just some food for thought.

Well, we spoke about something other things in the PM, and I gave some personal information out. I understand your point completely, I just don't feel comfortable posting my IP, open ports, configurations, RDC information and the likes. I hope you can understand that.

[Circaflex]

I didnt ask you to post any personal information, more just in general that if he is giving you advice in the PM let us know what you are or are not trying is all that I really meant.

[BinaryData]

6 minutes ago, Circaflex said:

I didnt ask you to post any personal information, more just in general that if he is giving you advice in the PM let us know what you are or are not trying is all that I really meant.

I'll post that information after it's resolved, or I'll do a full post work up of everything attempted.

[binaryzero]

TL:DR Pretty much figured it was your desktop. 

[+BudMan MVC]

He is suppose to be giving me remote, will take a look at what is happening or not happening..

 

Per PM he can not even seem to change is machines dns...

[BinaryData]

On 2/10/2016 at 3:16 AM, BudMan said:

He is suppose to be giving me remote, will take a look at what is happening or not happening..

 

Per PM he can not even seem to change is machines dns...

Nah, I did change it. It didn't change anything. It still does what I said it does. Every 10 - 15 minutes, internet drops out. No webpages will load, except locally hosted ones (I think), games disconnect, files stop downloading, torrents die. Internet literally dies. I'll mess around with it more on Monday or Tuesday.

[+BudMan MVC]

well if the net dies,, that could be your isp... Or could be that crap router you have??  Lets see what happens when you put in your new firewall/router

[binaryzero]

lol, you didn't happen to add any persistent routes, did you? 

[BinaryData]

24 minutes ago, Jared- said:

lol, you didn't happen to add any persistent routes, did you? 

I don't even know where I would even add that. So probably not.

15 hours ago, BudMan said:

well if the net dies,, that could be your isp... Or could be that crap router you have??  Lets see what happens when you put in your new firewall/router

They said they weren't experiencing any problems. I'll give 'em a call again on Sunday, might get the intelligent tech and not the secretary with a note book with answers. I'm not kidding either.

 

Getting the 10port SG300, I'd like a 20, but I'd have about 12 open ports. As for the WAP, I can't afford a Pro right now. That's $200 for it. I just need a simple WiFi for my laptop, and cellphones. I'm looking at the $70 one. After this upgrade, I'm not going to be doing anymore upgrades for awhile. Unless my desktop needs a new NIC. But that will be it.

 

As for the monitoring software, I think I could get away with running it on my storage box or run it specifically on my brothers PC, which is crappy.

[binaryzero]

So instead of trying to trouble shoot your existing setup, you're going to buy new hardware? Ok... 

[Circaflex]

Before dropping the dough, give ddwrt a shot. I just went through a few reddit threads and people have used it without issue. Possible the stock firmware on that thing is just crap, but to just throw money at the situation without really finding the cause seems crazy to me, but it is your money not mine.

 

the one negative I have read about tplink routers is the lack of firmware updates and below average firmware to begin with.

[BinaryData]

4 minutes ago, Jared- said:

So instead of trying to trouble shoot your existing setup, you're going to buy new hardware? Ok... 

No, this is planned. Family is moving away, I'm giving her this router (setup for remote access), and I'll have this network setup at home.

 

I'm beginning to think it's less of a router problem, and more of a desktop problem. I'm going to have more time this week to fiddle with things. Tonight I'm going to install a new NIC, and see if that changes anything.

 

1 minute ago, Circaflex said:

Before dropping the dough, give ddwrt a shot. I just went through a few reddit threads and people have used it without issue. Possible the stock firmware on that thing is just crap, but to just throw money at the situation without really finding the cause seems crazy to me, but it is your money not mine.

I may do that with my old Linksys, however my WRT54G doesn't support Gigabit speeds. I get capped at 20-ish, so thats 1/5th of my net speed, lol. The current router will go to my mom's new place, to provide internet. The FW, Switch, and WAP will be for my house. Sort of a future buy. I won't be at my current address in 2017, I'll have bought my house. This is will suit me well there.

[binaryzero]

Ask yourself this: Is the problem happening on other devices? No? It's your computer... 

 

But then again, who knows with how much dicking around you do, haha. 

[BinaryData]

Just now, Jared- said:

Ask yourself this: Is the problem happening on other devices? No? It's your computer... 

 

But then again, who knows with how much dicking around you do, haha. 

It happens on all devices. Even my mom's tablet has it happen. Though, not as much as my Desktop. I'm going to nuke it next week, if I can't figure things out.

[binaryzero]

Well if it's happening on your mum's tablet, then yeah points to a network issue. 

 

Did you ever try factory resetting your router?

[Circaflex]

13 minutes ago, BinaryData said:

No, this is planned. Family is moving away, I'm giving her this router (setup for remote access), and I'll have this network setup at home.

 

I'm beginning to think it's less of a router problem, and more of a desktop problem. I'm going to have more time this week to fiddle with things. Tonight I'm going to install a new NIC, and see if that changes anything.

 

I may do that with my old Linksys, however my WRT54G doesn't support Gigabit speeds. I get capped at 20-ish, so thats 1/5th of my net speed, lol. The current router will go to my mom's new place, to provide internet. The FW, Switch, and WAP will be for my house. Sort of a future buy. I won't be at my current address in 2017, I'll have bought my house. This is will suit me well there.

nice man, owning a house is a huge leap in adulthood, that is pretty rad.

[binaryzero]

1. Download the latest firmware for your router.

2. Flash and reset your router to default.

3. Setup basics, test.

 

I highly doubt it's a nic issue - it was working fine previously.

[BinaryData]

13 minutes ago, Jared- said:

Well if it's happening on your mum's tablet, then yeah points to a network issue. 

 

Did you ever try factory resetting your router?

Not yet, life got a little busy. It's what I'm doing Sunday night after I move my mom to her new apartment.

2 minutes ago, Circaflex said:

nice man, owning a house is a huge leap in adulthood, that is pretty rad.

It is, and I'm a little nervous about it. I want to get enough for the down payment, and then a little bit more for a extra month or two for the bills. Life doesn't always do what we want it too, y'know?

1 minute ago, Jared- said:

1. Download the latest firmware for your router.

2. Flash and reset your router to default.

3. Setup basics, test.

 

I highly doubt it's a nic issue - it was working fine previously.

I'm just trying to eliminate everything I can. I'll destroy it Sunday night. I'm not going to buy the equipment just yet, I have it in my Amazon cart. I'd prefer to buy the AC Pro, but I just can't part with $200-ish on the AP. =/

[binaryzero]

Right, resetting the router should've been done a week ago.