Recommended Posts

hello all. i hope someone can help me with this.

at my we have a comcast business class router plugged into a linksys SRW248G4 switch.

everything runs fine for a while but at times during the day i am locked out of our comcast router.

we have had comcast come out and look at it many times. they have replaced the router 3 times.

comcast tells me that it must be the switch.

the problem is that when i log into the router. 192.168.1.1 i get an error message

Document Error: Data follows

Access Error: Data follows

Can't get memory

if i go and unplugg the router and plug it back in, than i can log into it.

so, is it possible that the linksys switch has something to do with this? i have not changed any settings. the switch is just plugged in right out of the box.

is there something i can change or try?

Link to comment
https://www.neowin.net/forum/topic/782048-router-problems-with-linksys-switch/
Share on other sites

"the switch is just plugged in right out of the box."

Thats a shame -- thats a $300 "managed" switch - why would you spend $300+ on managed switch if your just going to plug it in and not use any of its managed features??

It seems highly unlikely that switch could be causing any issues.. What router do you have? Does it have more than 1 lan interface? If so plug into the one its lan ports -- do you still have the problem? Then its not the switch.

Again -- its is VERY UNLIKELY that the switch would be causing you any issues -- especially if your not using any of its managed features, vlans, etc.

Well depends on what your doing - if your not using any vlans, or don't want to monitor any ports or setup aggregated connections between any other switches, or setup any type of ACLs or QoS then no.

But since your rebooting the router to fix the issue -- how does that point to the switch?

i don't know. i don't really think it does.

that's just what the tool at comcast was saying. he was trying to tell me that the switch is sending data back through the router. or some crap like that.

I didn't believe him but what was i going to say.

we have a static ip address and the switch is also set with a static address. if that means anything.

What router do you have? And how many users? Thats a 48 port switch -- do you have 48+ users?

If he is saying its sending crap to the router - its a managed switch, so you can take a look at the amount of traffic is being sent to the router (port router is connected too) and look at your other ports and see if its coming from one of your machines, etc.

What crap would it be sending that would crash the router? Internet Traffic ;) hehehe

If I had to take a wild ass guess, I would think your routers not able to support the amount of users you have, etc. Can you post the model number of your router.

But sure take a look on the switch to see how much traffic is being sent to the router -- you should also be able to setup a span or monitor port and watch all the traffic going to and from the router -- use your fav network analyzer -- say wireshark and see what could causing you problems.

Off the top -- the only thing I could think of that a managed switch would be sending to the router -- other than traffic the users are sending to the gateway would be spanning tree. You could always turn that off, or at least turn it off for that port connected to the router. You could also block IGMP (multicast) from going to the router, etc.

edit: hmmm other thing you could look at I guess would be the speed of the port connecting the switch to the router compared to your internet connection speed. Let say your wan side is 10mbit and your lan side is 100mbit -- with lots of users talking to the internet -- they could could just be overloading the router. Not much point to talking to the router at 100, if its wan is only 10, so you could adjust that.

Again these are just wild ass guesses.. If they are saying its the switch -- have them tell you what its doing that the router does not like ;)

Edited by BudMan

I had a similar issue at one of my clients. It ended up being a spywared up computer that was sending a ton of traffic to the pos crapcast modem. crapcast blamed it on everything under the sun. Unfortunatly I couldn't properly troubleshoot it being that the users laptop was never there when I was and everything was working properly. They (crapcast) were called out and they (crapcast) found the issue.

the router is....

Comcast business IP Gateway. model # SMC8014

we have about 25 to 30 users. most of the computers are just time clock in machines. they are on the internet but not much goes on with them. and i clean them from spyware if any whenever i can.

i have to say that i don't really know how to monitor the traffic on specific ports. i am not familiar with managed switches.

we have a bunch of dell machines. a lot of them have gigabyte nics in them. some also have 10/100 nics.

if you have a small hub and/or switch put it between your modem and your switch. hook up a computer/laptop to monitor traffic between the two. what ever is sending the most traffic to the modem disconnect it and see if the issue goes away, if it does look at the logs and see what it is connecting to and clean it up if they are malware related sites.

http://www.wireshark.org

  sc302 said:
if you have a small hub and/or switch put it between your modem and your switch. hook up a computer/laptop to monitor traffic between the two. what ever is sending the most traffic to the modem disconnect it and see if the issue goes away, if it does look at the logs and see what it is connecting to and clean it up if they are malware related sites.

http://www.wireshark.org

Just a note on this, this will only work if its a hub. Unless you configure a managed switch to forward a copy of all traffic out a specific switchport (the one your laptop is connected too)

  sc302 said:
works with unmanaged switches and out of the box managed switches. this would hold true for vlan'd switches, or switches that have been locked down only allowing certain traffic to pass between ports.

I could be wrong on this, and Budman can correct me. But it has always been my understanding and I have always been taught that a switch even a dumb switch forwards traffic out the appropriate port only (based on the dest MAC address that the switch learns). However a hub will broadcast traffic out all ports regardless of destination.

look at your endpoints. see who is transmiting the most. look at your conversations see who is communicating to what.

  Sophism said:
I could be wrong on this, and Budman can correct me. But it has always been my understanding and I have always been taught that a switch even a dumb switch forwards traffic out the appropriate port only (based on the dest MAC address that the switch learns). However a hub will broadcast traffic out all ports regardless of destination.

you are absolutly right.

doubtful doubter, why don't you try wireshark and see what spits out.

  sc302 said:
look at your endpoints. see who is transmiting the most. look at your conversations see who is communicating to what.

you are absolutly right.

doubtful doubter, why don't you try wireshark and see what spits out.

With a switch, unless it is configured otherwise, you should only be seeing the traffic destined for the client that is running wireshark itself.

  Sophism said:
With a switch, unless it is configured otherwise, you should only be seeing the traffic destined for the client that is running wireshark itself.

extremely untrue. again, it is simple to see for yourself so why don't you.

  AOXOMOXOA said:
well just to check it out i installed wireshark on my machine. it is running and putting up all kinds of data. but i don't know how to read this or what i'm even looking for.

i am running wireshark.. but i don't know what it is telling me.

i just got this

wirelog.jpg

  sc302 said:
extremely untrue. again, it is simple to see for yourself so why don't you.

I did, and I see traffic destined for my machine only.

Here is a description of methods for capturing traffic from machines other then your own.

http://wiki.wireshark.org/CaptureSetup/Eth...65ffc8160f6f3a6

As for reading the output of wireshark...

http://openmaniak.com/wireshark.php

Another really good link:

users.rowan.edu/~shetty/classes/ece402/tutorial/Wireshark-Tutorial.pdf

Edited by Sophism

"Switched Networks

A switched network is also a good deterrent. In the non-switched environment, packets are visible to every node on the network, in a switched environment, packets are only delivered to the target address. While more expensive than hubs, the cost of switches have fallen over time, bringing them within reach of most budgets. Unlike hubs, switches only send frames to the designated recipient; therefore a NIC in promiscuous mode on a switched network will not capture every piece of local traffic. But programs such as dsniff, allow an attacker to monitor a switched network with a technique known as arp-spoofing. Although it uses different methods, arp-spoofing can provide results similar to sniffing, i.e. compromised data. Is there anything that can truly protect your data once it reaches the network?"

Edited by sc302

This is just a guess, but I am thinking that your router cannot handle the traffic that is comming from your network.

What kind of connection do you have?

WHen you did that wireshark capture... Did you place a hub between the router and the switch and then plug your computer into that hub? How long did that capture run before you ran into issues.

  sc302 said:
Switched Networks

A switched network is also a good deterrent. In the non-switched environment, packets are visible to every node on the network, in a switched environment, packets are only delivered to the target address. While more expensive than hubs, the cost of switches have fallen over time, bringing them within reach of most budgets. Unlike hubs, switches only send frames to the designated recipient; therefore a NIC in promiscuous mode on a switched network will not capture every piece of local traffic. But programs such as dsniff, allow an attacker to monitor a switched network with a technique known as arp-spoofing. Although it uses different methods, arp-spoofing can provide results similar to sniffing, i.e. compromised data. Is there anything that can truly protect your data once it reaches the network?

If the switched is configured in a way that blocks arp spoofing and broadcast traffic being sent to other ports then you are absolutly right.

Of course, you can also do MAC flooding as well. But both subjects our probably outside the scope of this user, therefor, recommending him to use a switch is a bad idea because he would run into issues. If your switches are spamming traffic (including unicast which is what we are most interested in) then you have some serious configuration/security issues on your network.

I dont know how his network is configured but most likely he is going to be receiving broadcast traffic anyway. Unicast is what you would want to look at.

  Sophism said:
This is just a guess, but I am thinking that your router cannot handle the traffic that is comming from your network.

What kind of connection do you have?

WHen you did that wireshark capture... Did you place a hub between the router and the switch and then plug your computer into that hub? How long did that capture run before you ran into issues.

no hub. i just ran it from my machine. my machine plugs in to the router and not the switch.

My vote is on a crappy router although I would wait on a second opinion from budman.

FYI looking at that screenshot you have users on your network who are downloading with Bittorrent. Probably a good idea to squash that if its not being used for legal purposes.

from that picture i would look at x.200. I would recommend getting a $10 hub and put it in between. it seems that you are getting a lot of data to that modem in a short amount of time, overloading it.

save a log, zip it, post it and lets see what we can help with.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • This super-powerful GaN charger with four ports is 50% off by Taras Buria Some time ago, I reviewed the Cuktech 10, a powerful 100W GaN charger with three ports. It left positive impressions, and since then, it has served me as my primary charger for my phone, watch, laptop, and tablet. Recently, Cuktech offered me the opportunity to take a look at the model 15, a more powerful 140W GaN charger, this time, with four ports. Right now, this powerful charger is available with a massive discount at just $50.99 (with coupon applied). The Cuktech 15 is the same as the Cuktech 10, just slightly bigger, more powerful, and with one extra port. It has a light metallic finish, but overall, it retains the brand's identity and features. The four ports are well spaced out, and the black plastic insert with a cyan rim has a ribbed texture for better grips. Although I live in Europe, Cuktech sent me a US variant with a retractable plug. Okay, I guess. The ability to retract the plug makes it extra portable, which is nice. A high-power 240W five-foot cable is also included. The charger measures 3.11 x 2.56 x 1.26 inches and weighs 0.737 lbs. The Cuktech 15 has four ports: two high-power Type-C ports, one Type-C port with a lower output, and one Type-A port. The first two Type-C ports can deliver a full 140W in single-port mode (PD 3.1 supported), which is nice—no asterisk or caveats here with combined power or something. If you need the full 140W for one device, you get it. Ports are capable of working in the following modes: Single-port Type-C1 / C2: 140W max 5V 2A, 5V 3A, 9V 3A, 11V 6.1A, 12V 3A, 15V 3A, 20V 5A, 28V 5A Type-C3: 33W max 5V 2A, 5V 2.4A, 9V 2A, 12V 1.5A, 11V 3A Type-A: 18W max 5V 2A, 5V 3A, 9V 2A, 12V 1.5A Multi-Port Type-C1 + C2: 100W + 33W or 65W + 65W Type-C1/C2 + Type-C3: 100W + 33W Type-C1/C2 + Type-A: 100W + 18W Type-C1 + Type-C2 + Type-C3: 65W + 60W + 7.5W or 45W + 45W + 18W Type-C1 + Type-C2 + Type-C3 + Type-A: 65W + 60W + 7.5W As you can see, the charger is pretty robust, and it can power two pretty powerful laptops at once and even have enough oomph to charge a smartphone, albeit at a lower power. Another thing worth mentioning is that the Cuktech 15 delivers "clean" power with pretty low pulsations at about 25-50 mV. The rule of thumb is that the lower the pulsations, the better the charger is for your device's battery health. In this area, Cuktech's charger does not disappoint, and they deliver way better results than 100 mV, which is considered a standard for a good charger. Cuktech uses gallium nitride technology, which enables smaller, more powerful and efficient charging. Speaking of efficiency, the charger is rated for 78% average or 64% at a 10% load. When charging at 120W, I received an average of 80-85%, which is good. Of course, when charging at peak power, it gets hot, but not too much. The Cuktech 15 140W usually costs $99.99, which is undoubtedly not cheap. However, right now, you can get it for half the price, which is a very good deal, considering you get a high-quality charger with plenty of ports and very high power output. Like with the Cuktech 10, you cannot go wrong with this one. CUKTECH 15 140W four-port GaN charger - $50.99 | 30% off + a 20% off coupon As an Amazon Associate, we earn from qualifying purchases.
    • Awesome book, just hope they don't screw up Rocky and the story
    • KDE's KClock is getting Wayland Picture-In-Picture support by David Uzondu The KClock app for KDE Plasma over the years has received a number of updates, like better integration with KRunner and a dedicated background service (kclockd) for managing alarms. Now, it looks like KDE devs want to add something cool: pop-out timers using the new Picture-in-Picture protocol for Wayland. Image: Kai Uwe Broulik This all started from a simple observation. Kai Uwe Broulik, a KDE developer, saw someone using a small timer window during a presentation and thought it was a good idea. The problem is that achieving this kind of "always on top" behavior is handled differently between the old X11 display server and the newer Wayland. With X11, an application could pretty much do whatever it wanted. If a program wanted to draw a drop-down menu, it would just create a borderless window, place it in a specific spot, and grab all user input. Wayland operates on a different philosophy. As Broulik notes, under Wayland, the application describes what it wants, and the compositor gets to decide how to handle it. A drop-down menu is an XDG Popup. The application tells the compositor which button spawned it, and the compositor handles the placement and behavior. This is much more secure and consistent. It also means an application cannot just decide to keep its window on top of everything else. This restriction prevents a web browser from implementing an overlay video player under Wayland. To get around this in a standardized way, a proper Wayland support model for Picture-in-Picture, or PiP, was needed. Enter the xx-pip-v1 protocol. It is a new protocol designed specifically for creating floating PiP windows, and KWin, Plasma's compositor, recently gained support for it. Because it is an experimental protocol, its use is gated behind an environment variable, KWIN_WAYLAND_SUPPORT_XX_PIP_V1. A new protocol is fine for demos, but it needs a real application to find its weaknesses. So Broulik implemented it in KClock. This work allows KClock to offer pop-out timers and even a pop-out stopwatch in a small PiP window. The user could get system-wide options to control where the PiP window appears, or if it appears at all, and have that setting apply to every single application that uses the protocol. You can check out the merge request on GitLab for more technical details about this feature.
    • Nothing of course; it is just a classic syndrome of MAGA pathology.
    • They use it to assessment's in the UK already. Have a friend who said they basically feed response's and prompt during assessment's for many mental health conditions now (essentially tick boxes these days enough ticks and you got it) the AI can prompt questions to ask if its unsure how to score something. It's really good at recognising fractures and broken bones also.
  • Recent Achievements

    • One Month Later
      CHUNWEI earned a badge
      One Month Later
    • Week One Done
      TIGOSS earned a badge
      Week One Done
    • First Post
      henryj earned a badge
      First Post
    • First Post
      CarolynHelen earned a badge
      First Post
    • Reacting Well
      henryj earned a badge
      Reacting Well
  • Popular Contributors

    1. 1
      +primortal
      477
    2. 2
      +FloatingFatMan
      196
    3. 3
      ATLien_0
      164
    4. 4
      Xenon
      81
    5. 5
      Som
      77
  • Tell a friend

    Love Neowin? Tell a friend!