Tech Savvy
Active Member
- Reaction score
- 211
- Location
- New Jersey
Hello fellow technibblers,
I am stumped on a networking issue that is said to have started when a Cisco catalyst 2960 and two virtual dns were installed (replaced some older equipment) at a local police department.
Before I get into the issue let me explain the network. There's about 15-20 pcs and two servers with a couple of virtuals on each (vSphere) there's two Fortigate 60Ds running in HA mode connected to the cisco switch and from there all machines are hard wired. Most machines are running Windows 7 Pro with some running 8 and 10, two of the "decommissioned" pcs in the dispatch area are running... dare I say, Windows 2000.
Also connected to the Cisco switch is a gateway that connects to the county prosecutors office. This gateway has the local ip of 10.10.10.200/24 and only allows 4 local IPs through .17, .18, and I forget the two others. Those (static) IPs belong to the detectives computers. (17 and 18) the other two belong to the two windows 2000 computers. Internet access is prohibited through the .200 gateway. So the Fortigate remain as the default gateways and a local HOST file directs the traffic to the county's (.200) gateway. This works... Sometimes! It's intermittent with it, however, same host file, works 100% of the time on the old dispatch computers that run win 2000.
A couple of things to note:
- the Cisco switch is pretty much a dummy, no VLans or anything, just a static ip, all ports turned on
- I thought I solved the issue about a month ago because when I ran an ip scan, the .200 address was leased to a different device. (DHCP pool was including .200 without a reservation) so I removed it from the pool completely, but the issue came back less than a week later. Most computers are static, the DHCP range is now .205-.240 and an IP scan shows everything is the device it should be and I don't see any extraneous devices that could be giving our ips.
-DHCP on the two fortigates are turned off.
-during the outage I can ping .200 gateway most of the time. With the rare occasion where it's Unreachable.
- there aren't any other network issues, Internet works fine, printing ...etc
-checked the ACLs on the fortigates and there is nothing that should be preventing it.
-lastly I the .200 gateway is not the local pds gateway and therefore I'm not authorized to touch it/check the config, but they have been very good in responding to requests to check things.
I am honestly stumped. I'm at the point where I want to request to nix the gateway from the switch to county and have a direct connection to the fortigates. And take my own control for NAT and ACL from the detectives computers to the county.
I would really like to run a packet sniffer and see where the packets are getting dropped... I haven't used one in about a year or two so I'm rusty to say the least... Any tips on sniffing properly?
Tomorrow I'm going to try to examine the OS side of things, sfc/scannow and maybe a reimage.
Help nibblers! Pleaseeeeeeeee
Sent from my iPhone using Tapatalk
I am stumped on a networking issue that is said to have started when a Cisco catalyst 2960 and two virtual dns were installed (replaced some older equipment) at a local police department.
Before I get into the issue let me explain the network. There's about 15-20 pcs and two servers with a couple of virtuals on each (vSphere) there's two Fortigate 60Ds running in HA mode connected to the cisco switch and from there all machines are hard wired. Most machines are running Windows 7 Pro with some running 8 and 10, two of the "decommissioned" pcs in the dispatch area are running... dare I say, Windows 2000.
Also connected to the Cisco switch is a gateway that connects to the county prosecutors office. This gateway has the local ip of 10.10.10.200/24 and only allows 4 local IPs through .17, .18, and I forget the two others. Those (static) IPs belong to the detectives computers. (17 and 18) the other two belong to the two windows 2000 computers. Internet access is prohibited through the .200 gateway. So the Fortigate remain as the default gateways and a local HOST file directs the traffic to the county's (.200) gateway. This works... Sometimes! It's intermittent with it, however, same host file, works 100% of the time on the old dispatch computers that run win 2000.
A couple of things to note:
- the Cisco switch is pretty much a dummy, no VLans or anything, just a static ip, all ports turned on
- I thought I solved the issue about a month ago because when I ran an ip scan, the .200 address was leased to a different device. (DHCP pool was including .200 without a reservation) so I removed it from the pool completely, but the issue came back less than a week later. Most computers are static, the DHCP range is now .205-.240 and an IP scan shows everything is the device it should be and I don't see any extraneous devices that could be giving our ips.
-DHCP on the two fortigates are turned off.
-during the outage I can ping .200 gateway most of the time. With the rare occasion where it's Unreachable.
- there aren't any other network issues, Internet works fine, printing ...etc
-checked the ACLs on the fortigates and there is nothing that should be preventing it.
-lastly I the .200 gateway is not the local pds gateway and therefore I'm not authorized to touch it/check the config, but they have been very good in responding to requests to check things.
I am honestly stumped. I'm at the point where I want to request to nix the gateway from the switch to county and have a direct connection to the fortigates. And take my own control for NAT and ACL from the detectives computers to the county.
I would really like to run a packet sniffer and see where the packets are getting dropped... I haven't used one in about a year or two so I'm rusty to say the least... Any tips on sniffing properly?
Tomorrow I'm going to try to examine the OS side of things, sfc/scannow and maybe a reimage.
Help nibblers! Pleaseeeeeeeee
Sent from my iPhone using Tapatalk
