Solved

Telnet IP/port - Testing for connectivity question

Posted on 2016-07-25
11
100 Views
Last Modified: 2016-07-27
I'm trying to install some timeclocks at a site, and the clock is having connectivity issues.  I'm thinking it's the clock because we've already installed 15 of them at different sites, but need to confirm why its the clock.  This switch is sitting behind a firewall and needs to go out the internet into the vendor's server in their DMZ (172.156.69.22, port 443).  

I did a telnet 170.146.69.22 443 from the switch and get the following output:

Core_Switch>telnet 170.146.69.22 443
Trying 172.156.69.22, 443 ... Open


Does this telnet test prove that the routing is good from my switch out to their server and back?  

Another question:  If I see traffic leaving my FW, but no hits on return traffic, what are some possible root causes?
0
Comment
Question by:PeraHoman
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
It looks like connectivity is okay from the core switch if the telnet was successful
Is the vendor using a NATed address for the clock (verify address is typed and mapped correctly)
Verify the vlan on the port switch the clock is connected to as well
0
 

Author Comment

by:PeraHoman
Comment Utility
To make sure, the telnet test is proof that the vendor's server is reachable and has a route back into my network.



We are using a private address in our network for the time-clock.  It then gets routed through our shared internet circut we use for small sites.  The clock is pingable within our network, but there's an issue reaching their server.  Our security guy said he sees traffic leaving, but not returning (not sure how this is happening)
0
 
LVL 13

Assisted Solution

by:frankhelk
frankhelk earned 250 total points
Comment Utility
The classic test for routing issues would be PING, if that failes, traceroute would be the next stop on the road.

If traffic goes out, but didn't come back, I presume the returning route is affected. Keep in mind:

Setting a route tells a station who will accept packets to be transported to a remote destination. That doesn't include information for the remote destination's station how to send packets back to you, so the clock on the other side needs routing info, too. And that's not a weakness, it's one of the strongest powers of the internet.

So be sure that the clock on the other side has a ruting entry that tells it how to reach your system .... most routing problems I stumble upon emerge from such config errors.
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
The telnet results eliminates routing issue from core to the server as well as confirm that the port is open. If the test had failed, then a trace route or port testing would be necessary.

With that said, can you ping the clock from the switch?
0
 

Author Comment

by:PeraHoman
Comment Utility
Ping and trace routes won't work on my case because they are disabled at the FW whenever traffic is trying to leave the network and out to the Internet.

I don't think routing is an issue because we are able to open a telnet session to the ADP server at the switch where the clock is hanging from. What I really wanted to know is: if I'm able to telnet from my switch to the vendors clock server then is it justifiable to say that IP routing is good between the two and the issue lies elsewhere.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:PeraHoman
Comment Utility
Yes. I can ping the clock. It's confusing because  the FW guy said he sees traffic leave but no return traffic. If it's the clock then shouldn't we see a hit on the return traffic at the firewall or does it have to hit the clock to count it as a hit?  The FW guy did say there was no NAT involved, but the ADP server is located out through the Internet so there should be NAT...right? -- maybe he doesn't know what he's saying?
0
 
LVL 18

Accepted Solution

by:
Akinsd earned 250 total points
Comment Utility
Yes, from the core to the server.
It doesn't include connectivity from the clock to the switch - That wouldn't be a rout issue but a layer 2 issue
0
 

Author Comment

by:PeraHoman
Comment Utility
The clock to the switch is fine. We can ping it and it shows up on the arp table. I'm thinking it's the clock -- maybe that clock doesn't have certain ports opened or faulty.
0
 
LVL 18

Assisted Solution

by:Akinsd
Akinsd earned 250 total points
Comment Utility
Ok
Was the clock pre programmed?
Check the configuration on the clock and maybe compare with one of the ones that are working.
There' a chance something is wrong on the clock config

If a known working clock is available for testing, it won't hurt to try that from that location as well
0
 
LVL 9

Expert Comment

by:Ian Arakel
Comment Utility
Hi There,

A confusion.
i)

This switch is sitting behind a firewall and needs to go out the internet into the vendor's server in their DMZ (172.156.69.22, port 443).

Is 172.156.69.22 IP of the clock server that you refer to?

ii)
Core_Switch>telnet 170.146.69.22 443

The IP that you have updated out here is incorrect.


I somehow feel that there is some IP mismatch since the routing is appropriate and return traffic would fail primarily during routing issues.
0
 
LVL 9

Expert Comment

by:Ian Arakel
Comment Utility
Hi Author,

Could you share what exactly fixed your issue?
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now