Solved

Help! New Switch = IT Disaster

Posted on 2013-05-31
13
357 Views
Last Modified: 2016-11-23
Hi, On a small Windows 2003 Domain with about a dozen XP Pro SP3 clients, I replaced a TP Link unmanaged 24 port GB switch with a Dell PowerConnect 2824 Web Managed switch. After installation I was able to log into our server, our firewall, the switch itself, and was working from a nearby workstation client. All seemed in order. The lights on the switch indicated good connections from those clients which had been moved to the new switch that I had not actually visited and checked.

This morning several workstations were unable to access the network. Each one indicated Limited or No connectivity, and assigned a private IP address, though the lights on the switch indicated a good connection. Long story short, I checked the switch configuration (where I had done nothing fancy but the interface showed up and active connections on the port with affected clients), cables, tested connections between office data ports and the wiring closet with a tester. After a couple of hours and still no clue what the problem was, I attempted to go back to the beginning and removed the new switch and reconnected the previous unmanaged switch. This caused no change in the situation.

Finally, I took a functioning workstation that was able to access the network and moved it to an office with a client that was unable to access the network. When the workstations were switched, the workstation was able to access the network. So that indicated the connection between the office and the wiring closet was good and the problem was with the workstation, as unlikely as that was under the circumstances.

I replaced the NIC in two of the affected workstations. No change. I ran "netsh int ip reset" on two of the workstations. No change. Everything has been rebooted at least once. Where do I go from here? I have replaced switches before and never run into any issues such as this. Initially I thought perhaps I had caused a surge on the LAN while connecting the new switch, but that appears not to be the case. All suggestions much appreciated. Thanks!
0
Comment
Question by:westone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
13 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39211433
Have you checked DHCP?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39211463
You may also want to check the port based authentication.  

The Port Based Authentication page contains fields for configuring port based authentication and for enabling Guest VLANs. To open the Port Based Authentication page, click Switch / Network Security / Port Based Authentication.
0
 

Author Comment

by:westone
ID: 39211493
Not specifically. DHCP is run on our firewall. All clients are set to automatically get network settings from DHCP, no static addressing. The functioning workstations appear to be getting their numbers okay, and can access the internet, meaning the firewall is available, where the DHCP server resides.

If a workstation is rebooted it refreshes its settings with the DHCP server, correct? Though if that's not the case, it would fit the circumstances: Leases run out at different times, and if DHCP is not available they are unable to access the network.

I just took a look in the firewall and see nothing out of the ordinary with the DHCP.
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 

Author Comment

by:westone
ID: 39211503
@ pony10us: The Dell PowerConnect switch is not connected to the network. I took it out of the loop and went back to the previous switch in the course of troubleshooting this problem. The power connect switch is out but the problem remains.

While still running the PowerConnect switch, I looked at the Port based authentication page, but did not set anything up there.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39211511
On a workstation with the "problem" try doing a release/renew.

ipconfig /release

ipconfig /renew
0
 

Author Comment

by:westone
ID: 39211526
Release & Renew, and Repair in the Network connections interface yielded no change.
0
 
LVL 26

Accepted Solution

by:
pony10us earned 250 total points
ID: 39211608
Are the offending workstations obtaining a valid IP address after doing the release/renew? If not then my next thought would be to look at the firewall log for any issues.
0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 39211670
Can you confirm the DHCP scope size is large enough for the number of clients you have?
0
 

Author Comment

by:westone
ID: 39211671
No, the OS on the offending workstations is assigning a private address, such as when DHCP is not available. As mentioned previously, from the steps I have taken I am satisified that the physical connection between the office data port and the wiring closet is okay (as shown by installing another workstation without the problem in place of one with the problem, and the replacement workstation operates okay in that location).

I will look at the firewall log.
0
 

Author Comment

by:westone
ID: 39211691
Okay, a look at the logs revealed the issue, which is exactly what craigbeck suggested as I was increasing the scope.

The pool of available addresses was more than adequate for what we have here, but far less than twice what is needed. The log was full of "No Available Leases" messages.

I thought the client was recognized by the MAC address of the NIC. Obviously the new switch triggered new leases for each client while existing ones remained in effect. What happened? Something about the new switch caused the clients to be seen as new clients by the firewall?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39211773
What sounds like happened was during the swap of the switches the workstations were placed in what was considered a different subnet.  This could be caused by the configuration of the managed switch.

The DHCPNak message occurs when the IP address requested is not available or the client has been physically moved to a different subnet that requires a different IP address. After receiving a DHCPNak message, the client returns to the Initializing state and begins the lease process again.

If the lease expires or a DHCPNak message is received, the DHCP client must immediately discontinue using its current IP address. If this occurs, communication over TCP/IP stops until a new IP address is obtained by the client.

A good source for understanding DHCP is:  http://technet.microsoft.com/en-us/library/cc958935.aspx
0
 

Author Comment

by:westone
ID: 39211798
Well, something along those lines happened. I had configured the switch with the same subnet, etc. before placing it on the network. Anyhow, Thanks for the help I had used up all my knowledge, and I learned something new.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39211809
The clients weren't on a different VLAN - they were just on a new switch.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Changing the default VLAN on a Cisco switch? 9 97
Connectivity drops 9 73
Mac address in Nexus7K fex port 5 42
Windows Server 2003 2 37
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question