Network Basics Technical Documents: NiagaraAX Networking and IT Guide; NiagaraAX 3.x Drivers Guide; NiagaraAX SNMP Guide; NiagaraAX SMS Guide
Network Types Network Type Description LAN Local Area Networks (LANs) are typically node-to-node communications within building or facility. Ethernet over twisted pair cabling and Wi-Fi are the two most common technologies to build LANS. RS-485 multidrop LANs are common with BACnet architectures. WAN Wide Area Networks (WANs) are used where nodes are separated by large distances (ie, region-to-region). WANs are often built using private leased lines. A Virtual Private Network (VPN) is a form of WAN where the difference is the ability to use public networks rather than private leased lines (eliminates long-distance charges). The user VPN initiates a tunnel request through the Internet Service Provider (ISP). The VPN software encrypts the data, packages it in an IP packet (for compatibility with the Internet) and sends it through the tunnel, where is it is decrypted at the other end (the server). There are several tunneling protocols: IP security (IPsec), Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP).
Network Architecture LAN Type Description Polling DDC Controllers cannot pass information directly to each other. Data must flow to a “Bus Supervisor” then to the controller. Typical cabling is RS-485 multi-drop LAN. Peer-to-Peer DDC Controllers are able to pass information directly to each other. Typical cabling is twisted- pair. Protocol examples are BACnet RS-485 MS/TP (Master-Slave/Token Passing) and LON. Client-Server Niagara Web Controllers (JACE) are client-server hosts where the Java, TCP/IP, Http and XML technologies that permit internet connectivity are hardware and O/S independent. As a client, the JACE makes a request to a server. As a server, the JACE waits for a client application to initiate contact. Web Controllers permit multiple user access using a web browser.
Network Devices Network Device Description IP Router An IP router routes TCP/IP packets from one network to another. By default, IP routers do not propagate broadcast packets. LON IP Router/Server – Building industry name for an EIA-852 compliant, LonTalk-to-IP router that allows IP to be used as a LonWorks channel. LON IP ‘servers’ are routers with web server capabilities (Echelon iLON 1000), while others are just Layer3 LonTalk routers (Echelon iLON LON IP 600, Loytec 709 IP Router). “Lon Over IP” (EIA-852) is not “Lon over Ethernet”. Like BACnet, “Router” “Ethernet” is MAC address communication and has no routing capability. IP is IP address or communication and was invented to allow routing. “Server” Configuration Server (CS) management is either software-based (iLON 600) which resides in the BMS server or ‘Point Server’ (Honeywell), or is hardware based (Loytech’s LIP ‘IP Router’). The Config Server collects address information from each of the members of the Lon-IP channel, and then updates all the other members with the collected information. It necessary to have one central device responsible for member information since the EIA-852 protocol does not provide a mechanism for members to discover each other. Packet Assembler/Dissembler. Wraps an IP ‘frame’ around an BACnet/Ethernet packet so it PAD can be routed through a IP network. BACnet device object instances (how Bacnet devices reference each other) are translated into the IP address of the PAD. BACnet Router Converts BACnet/Ethernet to BACnet/IP (Layer 2 to Layer 3). BACnet Broadcast Management Device. Since, by default, IP routers do not propagate broadcast packets, a BBMD intercepts a BACnet/IP broadcast packet (message) on a physical BBMD subnet and ‘forwards’ it to the BBMDs located on each physical subnet with BACnet devices. The BBMDs then ‘recreate’ the broadcast packet on their respective subnets. A computer, router or other communication device that controls data flow between networks. It Firewall is the first-line of defense against attacks from the outside world. A firewall can hardware-based or software-based. A h/w firewall is a special router with additional filter and management capabilities. A s/w firewall runs on top of the o/s and turns the PC into a firewall. Gateway A gateway performs routing functions and protocol conversions from one network to another. 1
Ports A port is a communication channel that allows different applications on the same computer to use network resources without interfering with each other. To use the telephone analogy, a port is like a telephone extension. While the main telephone number (the IP address) is used to direct a call (the data) to the particular company (the computer), the extension (the port) directs the call to the particular person (the application). Port numbers fall into two groups, as defined by the IANA: 1. Well-Known: ports 0 to 1023 2. Registered: ports 1024 to 49151 Windows listing of IANA ports: c:\Windows\System32\drivers\etc\services IANA listing of registered ports: http://www.iana.org/assignments/port-numbers
Port Type Port # / Listening Application 7 – Echo request. 20 – FTP (data), 21 (control) - File Transfer Protocol. 23 – Telnet - command-line interface for remote host configuration. 25 – SMTP - Simple Mail Transfer Protocol – send email to a remote server. Well-Known 53 – DNS - Domain Name System - translates domain name to IP address. 80 – HTTP - Hypertext Transfer Protocol (world wide web). 110 – POP3 - Post Office Protocol v3 – retrieve email from a remote server. 161 – SNMP, 162 (trap) – Simple Network Management Protocol. 389 – LDAP - Lightweight Directory Access Protocol. 443 – HTTPS - HTTP Secure - HTTP over TLS/SSL encryption. 465 – SMTPS - SMTP Secure – SMTP over SSL encryption. 8080 – HTTP alternative. Commonly used for Web proxy and caching server, or for running a Web server as a non-root user. The 8080 port can be used to view a router’s configuration web page: http://
Internet Protocol (IP) Suite The Internet protocol suite is the set of communication standards used for the Internet. It is the most popular protocol stack for WANs. It is commonly known as TCP/IP because of its important protocols: Transmission Control Protocol (TCP) and Internet Protocol (IP). TCP/IP provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination.
IP Suite has four abstraction layers, each with its own protocols: 1) Application, 2) End-to-End, 3) Network, 4) Link. Abstraction layers can be thought of as the assembly line in the computer. At each layer, certain things happen to the data that prepare it for the next layer.
IP Suite 4-Layer OSI 7-Layer Protocols Purpose Allows access to network resources. DNS, DHCP, FTP, Troubleshoot: 1) application program, 2) resource HTTP, LADP, Application (4) Application (7) device, 3) DNS server, 4) DHCP server, SMTP, SNMP 5) C:/> ping or ipconfig /all or tracert, 6) Host File; BACnet 7) NTFS permissions Presentation (6) TLS (6) Provides reliable process-to-process message End-to-End (3) Session (5) SOCKS (5) delivery and error recovery. Transport (4) TCP, UDP (4) Troubleshoot: 1) Port #’s, 2) Windows Sockets Moves packets from source to destination. Network (2) Network (3) IP Troubleshoot: 1) Router, 2) C:/>ping or tracert. Data Link: ARP, Data Link: organized bits into frames. Provides hop- Data Link (2) Ethernet, LonTalk, to-hop delivery. Troubleshoot: NIC cards/drivers, Token Ring, VLAN switches.
Link (1) Physical (1) Physical: TP, CAT5, Physical:: transmission over medium (‘circuit’). radio, cellular, fiber Troubleshoot: CAT5 cable, connectors, hubs. 1) C:/> Ping 127.0.0.1 (NIC card/driver test), 2) C:/> ipconfig /all; "media disconnected" = check CAT5 cable, WiFi card.
2
OSI Layer Definitions
(7) - Application DNS – Domain Naming System. DNS translates the domain name (google.com) to the numerical IP address. DHCP - Dynamic Host Configuration Protocol. The protocol that delivers to the computer (host) its IP address, DNS server, gateway IP address, and subnet mask. HTTP - Hypertext Transfer Protocol. HTTP is the protocol to exchange or transfer hypertext data communication for the World Wide Web (www). LDAP - Lightweight Directory Access Protocol. LDAP is a protocol that accesses and maintains distributed directory information services over an IP network. SNMP - Simple Network Management Protocol. SNMP is an Internet standard protocol for managing and authorizing users and devices on IP networks (routers, switches, servers, workstations, printers, modem racks, etc).
(4) – Transport TCP - Transmission Control Protocol. TCP provides reliable, ordered and error-checked delivery of a data stream of octets within computers on the internet. It preserves the sequence of messages sent on the same connection to ensure reconstruction of the message. Applications that do not require the reliability and error checking of a TCP connection use the connectionless User Datagram Protocol (UDP) which emphasizes low-overhead operation.
(3) – Network IP - Internet Protocol. In layer 3 a logical network of IP addresses is established. Each network consists of a collection of hosts where the job the IP address is to deliver packets between the source host and destination host. The IP address role involves: 1) a name (what we seek), 2) an address (where the device is) and 3) a route (how to get there). IP is sometimes referred to as a connectionless protocol because it has no concept of a sequence. Each bit of data is contained in a packet which has no knowledge of other packets. Therefore, it is an unreliable protocol and must be teamed with another protocol (such as TCP) to increase reliability. IP addresses are configured either manually by a static IP address or automatically by the mechanism of DHCP (Dynamic Host Configuration Protocol). Sometimes Windows uses a HOST file to map the computer name to its IP address (Host file path: c:\Windows\System32\drivers\etc\hosts). ICMP - Internet Control Message Protocol. ICMP is used by network devices (routers) to send error messages indicating that a requested service is not available or that a host or router could not be reached. Diagnostic tools like ‘ping’ (echo request) and ‘tracert’ (information request) are examples of ICMP.
(2) – Data Link ARP - Address Resolution Protocol. ARP converts an IP address to the physical address of the NIC card (Network Interface Controller). The physical address is typically known as the MAC address or Ethernet address. NIC cards listen to (2) things: 1) all F’s broadcast, 2) directed broadcast (to one MAC node). Ethernet – Ethernet is the most widely used data link layer protocol. It receives the datagram from the network layer and wraps it in its own frame format, which includes a header with source and destination MAC addresses and a trailer that contains checksum data. Ethernet then broadcasts the frame onto the wire using the CSMA/CD (carrier sense multiple access/collision detection) collision avoidance methodology. The original coaxial Ethernet cabling has been replaced with twisted-pair (4-pair) and fiber optic links. Ethernet has largely replaced competing wired LAN technologies such as token ring, FDDI, and ARCNET. WiFi. IEEE 802.11 is a set of media access control (MAC) and physical layer specifications for implementing a wireless LAN. The standard provides the basis for wireless network products using the Wi-Fi brand (2.4 GHz UHF and 5 GHz SHF).
(1) – Physical The physical layer addresses the hardware used to transmit data over the network. It defines the criteria for an acceptable signal, the voltages used, the timing of signals, the requirements for establishing the initial communications connection, connectors, and interfaces to transmission media. Serial Networks – RS-232 (single-end, P2P), RS-422 (balanced, 4-wire duplex), RS-485 (balanced, 2-wire, half- duplex & 4-wire duplex). “Master-Slave” protocols. The ‘Data Link’ is the UART. Commercial RS-485 networks include: Modbus (Modicon, 4-wire); Data Highway (AB, 2-wire); Profibus (2-wire); Optomux (Opto22, 4-wire) USB - Universal Serial Bus. USB was designed to standardize the connection of computer peripherals. It has largely replaced the earlier serial and parallel computer ports. Bluetooth - Wireless technology standard for exchanging data over short distances from fixed and mobile devices (2.4 GHz) and building personal area networks (PANs).
3
OSI – Field Bus
OSI – Serial Communications
4
Network Host A network host is a computer connected to a computer network. Computers participating in networks that use the Internet Portocol Suite are called IP Hosts (or Internet Host).
Niagara Hosts H = Host = Hardware A Niagara Host is a platform (hardware system) that provides the operating environment for a Niagara application. In the first level of the navigation tree, the host node is used to depict the platform. Hosts always represent a physical piece of hardware which is either a Localhost ('My Host'), which indicates the local machine, or a Remote host. In the navigation tree, remote hosts are always shown with an IP address. There is usually a one-to-one correspondence between stations and host machines. To run additional stations on a host, the host must be configured to use different IP ports.
Niagara Station Network Architecture A Niagara Station uses a driver network to fetch real-time data which are modeled with proxy points. To support proxy points the Station must have that’s drivers network architecture. Typically, there is one host communication port per network and a specific communications protocol. A Bacnet Network is an exception since it can support multiple logical BACnet networks, which sometimes use different comm-ports (see Bacnet Guide).
Ethernet-Connected Driver JACE Ethernet-connected drivers use the TCP/IP protocol for transport. It basically “wraps” the driver protocol within the TCP/IP protocol. Examples include the Modbus TCP driver (ModbusTcpNetwork) and the SNMP driver (SnmpNetwork). Supervisor Ethernet-connect drivers provide “direct device integrations” (require special Supervisor license).
Serial-Connected Driver Serial-connected drivers use a specific serial comm-port on the JACE. Only one network can be assigned to any one serial port. The driver “owns” the assigned comm-port (COMn). Serial driver examples include: Honeywell C-bus, Johnson N2, Siemens P1, TAC I/A (Robertshaw) Microsmart, Carrier CCN, Trane CommFour and Modbus.
Special-Port Driver Currently, the “special port” driver is the Echelon LON FTT-10 port. The Lonworks driver is associated with a specific LONn port. (see Lonworks Guide).
Non-Field Bus Driver The NDIO (Niagara Direct I/O) and NRIO (Niagara Remote I/O) drivers are ‘non-field bus’ network architectures.
Database Driver The ‘rdbSqlServer’ driver is a database driver (only applies to Supervisor or AX SoftJACE hosts).
5
IP Address: Class Structure To permit various large and small networks of hosts a 3-class network architecture is used: classes A, B and C. An IPv4 address consists of 32 bits. In Dotted Decimal notation it is represented as 4 ‘octets’ (8-bits per octet)
Notation IP Address Binary (32 bits) 10101100 . 00010000 . 11111110 . 00000001 Dotted Decimal (4 Octets) 172 . 16 . 254 . 1
The original IP address structure consists of two parts: 1) Network ID (network bits), 2) Host ID (host bits).
IP Subnet Today IP addresses are associated with a subnet mask. This was not required in a classful network because the mask was implicitly derived from the IP address itself. Any network device would inspect the first few bits to determine the class of the IP address.
Subnet Addressing or ‘subnetting’ is a scheme to allocate address space and routing more efficiently. The subnet process designates some high-order bits from the Host ID part and groups them with the network address to form the subnet mask. This divides a network into 2 or more subnets. For example, if a network is divided into 14 subnets, the 1st four bits of the Host address is reserved for identifying the subnet.
Subnetting divides the IP address into three parts: 1) Network ID, 2) Subnet ID, 3) Host ID. The parts are determined by the bitwise logical AND operation of the IP address and Subnet Mask:
Example – Class A Address with 255.255.255.248 Subnet Mask
Subnet Calculator: www.subnet-calculator.com/
6
Special IP Addresses The following IP address (and ranges) have been reserved for special use.
Address or Range Function Used to indicate the network ID. Never assign an address ending in 0 as a host Addresses ending in 0 address. Broadcast address. Any data sent to this address would be picked up by all the Addresses ending in 255 machines on the local network. Never assign an address ending in 255 as a host address. Logical network used by the localhost to address itself (loopback address). Pinging the localhost tests the TCP/IP stack, not the NIC. If a computer has been 127.0.0.1 (localhost) configured to provide a website, directing its web browser to http://localhost may display its home page. Class D addresses. Used for multicasting. Multicasting is a form of broadcasting 224.0.0.0 to 239.255.255.255 in which only participating hosts receive the broadcast. Never assign an address from this range as a host address. Experimental addresses. Never assign an address from this range as a host 240.0.0.0 to 247.255.255.255 address.
Non-Routable IP Addressees RFC 1918 (Address Allocation for Private Internets) specifies the following reserved IPv4 addresses for local communications within a private network:
Class CIDR Subnet Mask Host Min Host Max # of Hosts A 10.0.0.0 /8 255.0.0.0 10.0.0.1 10.255.255.254 16,777,214 B 172.16.0.0 /12 255.240.0.0 172.16.0.1 172.31.255.254 1,048,574 C 192.168.0.0 /16 255.255.0.0 192.168.0.1 192.168.255.254 65,534
Companies and organizations use the above IP ranges on their inside networks to prevent unwarranted internet connections or attacks (hackers/spammers/trolls). Hardware protection (router) is harder to hack than software (Windows). A non-routable IP address (“internal IP”) means internet people can't reach you, but “Intranet” people can. An internal IP keeps traffic from the Internet from being routed to the JACE. This is favorable, for it cuts down on billable data charges or airtime (if any) by making it so that the only packets to the JACE will be responses from request that it sent out. If a JACE (with an internal IP) needs to connect to the Internet, a VPN (Virtual Private Network) client must be established. The VPN connects the private network to the public network (the Internet).
NAT - Network Address Translation Network Address Translation (NAT) is a technique that hides a private network IP addresses behind a single IP address. Typically, some device (such as a router, firewall, or proxy server) has a supply of legitimate addresses and translates between a private address and public one for a host that needs access to or from the Internet. NAT is sometimes known as IP masquerading.
7
Network Security 1. Development Sandbox. Setup a JACE in a ‘sandbox’: 1) an isolated network without any connections to the client’s network or outside world or 2) the JACE is shipped to the site with the default Platform account and temporary IP address + no Station software. Station software is developed at the Local Host and later downloaded to the remote JACE. Final IP address and passwords are also updated.
2. Keep Telnet and FTP disabled. By default, telnet and ftp are disabled on JACES. Since they can be easily hacked, disable them after using them.
3. Use SSL. Enable SSL for Fox and Niagarad (AX 3.7 and greater).
4. Firewall. Install a 3rd party h/w firewall between the Niagara segment and the rest of the client network. Open ports in the firewall to specific Niagara components (ie, Platform, Station) and restrict specific clients (eg, IP address, MAC, etc).
5. Strong Passwords. Set the ‘require strong passwords' on the property sheet of the Station’s user service. Use passwords with upper and lower case and symbols (don’t begin a password with a number or symbol). Create a layer of password types with appropriate restrictions: 1) Platform Password, 2) Station Admin Password (superuser), 3) Disposable Admin Password (User Name: disposable), 4) Station Client Password, 5) Web Logon Password. DO NOT enable the guest account.
6. Restrict Program Object Service. Program objects provide access to the entire java API. If you don't use any program objects, remove the service. If you use them, restrict them to only being installed and managed by admin accounts.
7. Physical Security. Secure the JACE in a locked enclosure to prevent unauthorized access. If this is not possible or practical, try to secure the serial port and shell setting. Very easy for someone, using a notebook and serial cable, to reset the default system account.
8. Monitor Logs. Monitor Niagarad, Station and Audit logs for questionable behavior.
8
IP Security VPN Tunnel
IPSEC External hosts can only access privately-addressed internal host through a virtual private network (VPN). A VPN is an encrypted IP connection between hosts over a public infrastructure such as the Internet or the public telephone network. A VPN embeds a special protocol with the TCP/IP packets carried over the Internet. A second network protocol within a primary protocol is called tunneling. IPSec (IP security protocol) is a type of tunneling protocol that, along with encryption, includes strong authentications of remote users or host and ways to hide information about the private LAN from hosts on the public network. In an IPsec VPN link the client and server must establish the tunnel connection through the intermediate networks in a separate transaction before they can exchange data.
For a detailed explanation of VPN operation, refer to Microsoft’s white paper entitled “Virtual Private Networking in Windows 2000: An Overview” (http://technet.microsoft.com/en-us/library/bb742566.aspx).
IP Security Process (JACEs installed)
1. IPSec VPN Tunnel template sent to the client's IT staff. Typical IT correspondance: “The IPsec endpoint and protocol information has been summarized in the attached template. Please review and add your endpoint information. The encrypted domain was reduced to the single IP address since only one JACE controller will be in use initially”.
2. Protocols are selected per firewall hardware compatibility and security preferences.
3. Shares key are only passed verbally (eg, over the phone).
9
Job: XYZ Company Job # : IPSEC Sample
IPSec Site-to-Site VPN Tunnel Properties
IT Contacts Name Title Phone Email
Contractor XYZ Company
VPN Gateway device Type Cisco ASA 5510 Cisco ASA 5540 VPN Gateway device IP (Peer) xxx.xxx.xxx.xxx X.X.X.X JACE LAN1: xxx.xxx.xxx.xx/xx Encryption Domain/ Network/ Host xxx.xxx.xxx.xxx/xx
Negotiated Ports: 1911, 3011 Bidirectional Traffic
Exchange Mode Main Main Authentication Method Pre-shared Key Pre-shared Key Encryption 3DES 3DES PHASE 1 Hash SHA SHA Diffie-Hellman Group Group 2 Group 2 Lifetime (Seconds) 43,200 43,200 Perfect Forward Secrecy Disabled Disabled
Encryption 3DES 3DES Hash SHA SHA PHASE 2 Diffie-Hellman Group Group 2 Group 2 Lifetime (Seconds) 36000 36000 Perfect Forward Secrecy Disabled Disabled
JACE 1 Addresses LAN 1 LAN 2 NAT IP xxx.xxx.xxx.xxx Not Used xxx.xxx.xxx.xxx Subnet 255.255.255.xxx 255.255.255.xxx Gateway xxx.xxx.xxx.xxx n.a. BACnet Device 101 n.a.
10
Job: ______Job # : ______
IPSec Site-to-Site VPN Tunnel Properties
IT Contacts Name Title Phone Email
VPN Gateway device Type VPN Gateway device IP (Peer) Encryption Domain/ Network/ Host
Negotiated Ports: 1911 or ______, 3011 or ______Bidirectional Traffic: Yes / No
Exchange Mode Authentication Method Encryption PHASE 1 Hash Diffie-Hellman Group Lifetime (Seconds) Perfect Forward Secrecy
Encryption Hash PHASE 2 Diffie-Hellman Group Lifetime (Seconds) Perfect Forward Secrecy
JACE: Addresses LAN 1 LAN 2 NAT IP Subnet Gateway n.a. BACnet Device n.a.
11
Port Forwarding Typically, a JACE is set up with two ports forwarded - one for the station connection (port 1911) and the other for the platform connection (port 3011). It is possible to setup different ports on the JACE. Workbench permits you to specify which port you want to use when doing either a station connection or a platform connection. The obvious advantage of staying with the default ports is that you don’t have to remember what ports you changed them to.
Step-by-Step support on port forwarding a router: http://www.portforward.com/
Cellular Broadband Router A Cellular Broadband Router (or Gateway) provides Ethernet LAN connectivity from a cellular network. Cellular router manufactures include CradlePoint, Sierra, Moxa.
Reasons for using a Cellular Router include: 1) Primary Connection: 1) LAN drop is not available at the facility or site or is impractical to provide; 2) the client’s IT security policy prevents a JACE connection to the facilities LAN network (eg, Federal gov’t facility). 2) Temporary connection: When LAN service is temporally unavailable (eg, construction projects). 3) Failover Service: provides 100% uptime in case of a failed LAN connection (CradlePoint’s ARC MBR1400 series)
Some Cellular Routers have dedicated built-in cellular transceivers (eg, Sierra) while other wireless routers use a removable PCMCIA “data/air card” to connect to the cellular network (eg, CradlePoint).
The four major U.S. cellular service providers include AT&T, Verizon, Sprint and T-Mobile. Data/Air Cards can access 3G or 4G or combo 3G/4G networks; manufactures include: Verizon, AT&T Sprint, T-Mobile, Franklin, Sierra. When ordering an Data/Air Card, it is important to specify a routable IP address (see ‘Private Non-Routable IP Addresses’ section). Further, is it also important to match the router’s firmware to the Data/Air Card. In isolated areas within the facility, an external antenna (plus adapter cable) may be required (signal strength should be -80dBm or less; -60dBm is ideal).
To connect to the Cellular Router’s configuration web page: http://
CradlePoint Cellular Router: Port Forwarding Setup In the example below, the CradlePoint cellular router has an ‘Internet-side’ IP address (68.25.46.165) and an ‘Ethernet-side’ IP address (192.168.1.1). In the “Port Forwarding Rules” configuration, incoming connections to 68.25.46.165 on ports 3011 and 1911 get forwarded onto 192.168.1.101 on ports 3011 and 1911 respectively. The same applies for the second JACE: ports 3012 and 1912 get forwarded onto 192.168.1.102 on ports 3012 and 1912 respectively.
12
Network Troubleshooting 1) Define the Problem: What caused the problem? (running a specific program?; tried a connection?; other action?) What has changed? (installed new h/w, s/w or f/w?; other changes?) What else happened? (other problems or unexpected events?; problem happen at the same time?) Is this a new problem? 2) Check AC Power. 3) Restart everything. Copy the error messages before turning off the computer. Don’t use ‘restart’, shut the computer completely down (count to 10 before turning the PC back on). 4) ISO Layer Checkout: Layer Troubleshoot 1 – Physical Check cables (kinked?), connectors, hubs. C:/> ipconfig /all (“media disconnected” > check CAT5). 2 – Data Link Check NIC: LEDs/drivers (loopback test); Switches. MAC conflict? > flush ARP cache on the router. 3 – Network Check routers. C:/>ping or tracert. 4 – Transport Check Port #’s; Windows sockets. 7 – Application Check application program; resource device; DNS &/or DHCP settings & server (C:/> ping, ipconfig / all or tracert); Host file; NTFS permissions.
5) Scan for Viruses. Use on-line scanner or antivirus program (Kaspersky, BitDefender, Vipre, etc) 6) Keep Notes. Keep a record of what’s been done: configuration changes; websites that provide useful information; exact location of any options or control programs that caused the problem. 7) System Configuration Checkout. Before a problem happens it’s a good idea to keep a record of a ‘Known Good System’. Configuration setting, passwords for each modem, router, Wi-Fi access point + other devices. IP addresses: Internet connection, DNS servers, default gateway, subnet mask, addresses used by the LAN. Make, model, s/n and MAC address of each hub, switch, router, modem, Wi-Fi access point, network adapter (NIC card) + other devices. List of channel numbers, SSIDs and passwords for the Wi-Fi network. Telephone numbers and other contact information for the ISP, telephone company or cable services that supplies the physical Internet connection; User manuals for each modem, router, access point + other devices. List of network users (names, telephone #s, logins) Network diagram that show how each computer and other devices connect to the network. Passwords for each network server. Account names and passwords for the email service. Location list of the routers and wall-mounted network outlets. Log of repairs and updates. 8) On-line Forum. Use Knowledge Base sites (www.support.microsoft.com; howstuffworks.com; google.com) 9) Software Troubleshooting. Network Magic (www.networkmagic.com); Protocol Analyzers or ‘network sniffers’ (Microsoft Network Monitor, www.microsoft.com/downloads/; Wireshark, www.wireshark.org).
Network Connectivity Test Comments www.whatismyip.com General IP test. C:/> ping 127.0.0.1 ‘Loopback’ test. Tests the TCP/IP stack; not the NIC. (no LAN test) C:/> ping localhost or loopback Test TCP/IP DNS resolution to 127.0.0.1 (No LAN test) C:/> ping
D. Carlson [email protected]
13