Link to home
Start Free TrialLog in
Avatar of Sheldon Livingston
Sheldon LivingstonFlag for United States of America

asked on

Something is closing ports on our network.

I've set up 7 RFID readers on our network.  They are generating more traffic than normal as I am polling them one a second to grab any RFID tags they may have read.

All of a sudden, after 15 hours or so, all readers stopped working with a "socket" issue.

All readers have a static IP address and operate on the same subnet as the reset of the network.

I though that maybe our firewall detected this extra activity and, perhaps, shut down the ports.  I reached out to our firewall people and they said that this wouldn't be a firewall issue as this is all internal traffic.  

I changed the IP address of one of the readers and it started working again.  Changed it back and it quit.

The firewall people stated "This would be more so pointing to the switch than the firewall as all local broadcast traffic takes place on the switch and would't be touching the firewall. You may check in to broadcast storm or some kind of switch setting that would be dropping the traffic. You may even consider peeling this system out on to its own network / interface and decrease the size of the broadcast domain to help improve performance. Hope this helps steer you in the right direction."

The switch shows "Ingress Control Mode", under Storm Control, as Disabled.

Any thoughts here?
Avatar of Nick Upson
Nick Upson
Flag of United Kingdom of Great Britain and Northern Ireland image

does the network have an intrusion detection system?
Avatar of Sheldon Livingston

ASKER

No IDS but I did find a second switch... an HP 1820 that I, of course, don't have the correct password for, that could be the culprit.
ASKER CERTIFIED SOLUTION
Avatar of Wayne88
Wayne88
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I believe this now to be an HP 1820 switch issue.  But alas... I don't have the password to it.  The switch doesn't have a "clear password" method.
Avatar of noci
noci

It should be able to be reset to completely empty..., then you loose the complete confiiguration incl. VLAN's...
The exact procedure depends on model, firmware etc. See here:
https://theitbros.com/reset-a-hp-procurve-17001800-switch/
Yea... just not sure of the config...
I have seen issues with HP Procurve switches loosing UDP traffic with non standard priorities. ( SIP traffic).with loop control enabled.
But i haven't seen them loose TCP traffic.

Can you make traffic traces (tcpdump/tshark/wireshark from a copy/mirror port?) that might show more then just trying to guess.
 reset, icmp ... etc. should be visible.  (Try to get as close as you can to your RFID reader (network topology). and log on your server.
If there are differences in traffic patterns it should show. (ie. a device in between interfering). If traffic patterns are equal  it is within the endpoints...) as seen from the point of view from you measure points.
Turned out to be the switch.  I had to reset/reconfigure the switch and now all is good.
Glad you were able to solve it and thanks for getting back. Cheers!
thanks for the update.