+ Reply to Thread
Results 1 to 18 of 18
  1. Senior Member
    Join Date
    Jan 2014
    Location
    SO. CAL
    Posts
    221

    Certifications
    A+, N+, CCENT, CCNA, CCNP
    #1

    Default dont let this be you please (network people)

    So i helped someone out recently, after 2-3 other people had already spend 1-2 hours each on fixing the issue. The person argued with me that the issue they were having wasn't relevant to what i said would fix it. I didn't argue, i just showed the fix and let that do the talking.
    Long story short, no internet out one of the wan connections.

    Can you tell what i fixed? lol
    Don't do this!!!thischit.JPG lol
    Last edited by Codeman6669; 12-01-2017 at 12:25 AM.
    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Mar 2016
    Location
    North America
    Posts
    74
    #2
    That screenshot looks interesting, I haven't thought about it long enough... what was causing the issue? The DMZ is set incorrectly?
    Or the 168's subnet set incorrectly? Haha, you mentioned "one" of the wans, so that 168 subnet shouldn't cause issues... *can't think, dinner time*
    Reply With Quote Quote  

  4. Senior Member Nightflier101BL's Avatar
    Join Date
    May 2013
    Location
    Northern VA
    Posts
    119

    Certifications
    CCNAS, CCNA, Security+, Network+
    #3
    Rfc 1918
    Reply With Quote Quote  

  5. Senior Member joelsfood's Avatar
    Join Date
    Sep 2014
    Location
    Chicago, IL
    Posts
    983

    Certifications
    CCIE:DC, CCNP:DC, CCNA:DC, CCDA, VCP:DCV, VCP:NV, JNCIA-JUNOS
    #4
    Yeah, I can see several things that might be wrong there, depending on the particular hardware and topology, but the non-private subnets were first thing that made me twitch.

    Years ago when I was relatively new in IT, I was doing contract work for a small shop. Went into one of their client sites, and found that whole network was using public IPs. But NOT that company's IPs, but instead some random block of IPs owned by a company in Spain. Is a non-profit in OKC likely to need to access system's owned by the Spanish company? Probably not. Still made me twitch though. I don't remember if I ever pointed out the issue. I might not have, being so new to IT, but on the other hand, I tend not to be very good at biting my tongue.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Dec 2015
    Location
    USA
    Posts
    543

    Certifications
    CISSP, B.S.-IT, A.A.S.-Computer Forensics & Security, CSA+, A+, Network+, Security+, Six-Sigma, Solarwinds SCP
    #5
    My last job the IP schema was 192.9.200.***. I questioned this my first day and was told that whoever set up the network was following an example and that was the range they used in the example??? Highly doubtful but ok. So I told my manager that we needed to correct this and his response was that he didn't want to break anything.

    But as to the OP, I see some improperly assigned IP's being used here too.
    Reply With Quote Quote  

  7. Senior Member shoey's Avatar
    Join Date
    Jun 2016
    Location
    Knowhere
    Posts
    108

    Certifications
    Life
    #6
    Great file name!
    "I have missed more than 9,000 shots in my career. I have lost almost 300 games. 26 times, I've been trusted to take the game winning shot and missed. I've failed over and over and over again in my life. And that is why I succeed." - Michael Jordan
    Reply With Quote Quote  

  8. Senior Member dontstop's Avatar
    Join Date
    Dec 2011
    Location
    ::1/128
    Posts
    543

    Certifications
    CompTIA IT Fundamentals, CCENT, CCNA:R&S, JNCIA, BInfoTech
    #7
    My first job was at a small computer store and instead of using RFC1918 addressing the owning decided on using a range that was owned by Adobe. For weeks/months we struggled with not being able to update or download any of the Adobe technologies (Flash/Reader). I think BCP and standards are in place for the reason of not being behind the 8-ball before you even start.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Jan 2014
    Location
    SO. CAL
    Posts
    221

    Certifications
    A+, N+, CCENT, CCNA, CCNP
    #8
    Quote Originally Posted by joelsfood View Post
    Yeah, I can see several things that might be wrong there, depending on the particular hardware and topology, but the non-private subnets were first thing that made me twitch.

    Years ago when I was relatively new in IT, I was doing contract work for a small shop. Went into one of their client sites, and found that whole network was using public IPs. But NOT that company's IPs, but instead some random block of IPs owned by a company in Spain. Is a non-profit in OKC likely to need to access system's owned by the Spanish company? Probably not. Still made me twitch though. I don't remember if I ever pointed out the issue. I might not have, being so new to IT, but on the other hand, I tend not to be very good at biting my tongue.
    Im glad others cringe on the sight of this, i cant stand when this is done lol.
    Odd thing here was that this actually worked for a year or so. Then it just stopped working. I never checked to see if the devices were trying to reach any of the 192.1.X.X subnets, but I couldn't even ping out to the next hop from the devices on those interfaces. (though the router ping'd out no prob) I would like to say the ISP was doing some filtering? But if these addresses are behind NAT they shouldn't see the IP's. Yet changing the subnet to 192.168.11.X instantly let the traffic pass.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Jan 2014
    Location
    SO. CAL
    Posts
    221

    Certifications
    A+, N+, CCENT, CCNA, CCNP
    #9
    Quote Originally Posted by dhay13 View Post
    My last job the IP schema was 192.9.200.***. I questioned this my first day and was told that whoever set up the network was following an example and that was the range they used in the example??? Highly doubtful but ok. So I told my manager that we needed to correct this and his response was that he didn't want to break anything.

    But as to the OP, I see some improperly assigned IP's being used here too.
    That's how it always seems to go. "some one else set it up for this or that not good reason, and it cant be changed". This was the same case. Except the person i was helping was intent on not changing this, and didn't even recognize the potential of the issue. Its kinda crazy to me, there is this entire RFC, entire system of how subnets should be assigned world wide, and then you got these ass's that just want to watch it burn lol
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Dec 2015
    Location
    USA
    Posts
    543

    Certifications
    CISSP, B.S.-IT, A.A.S.-Computer Forensics & Security, CSA+, A+, Network+, Security+, Six-Sigma, Solarwinds SCP
    #10
    Quote Originally Posted by Codeman6669 View Post
    That's how it always seems to go. "some one else set it up for this or that not good reason, and it cant be changed". This was the same case. Except the person i was helping was intent on not changing this, and didn't even recognize the potential of the issue. Its kinda crazy to me, there is this entire RFC, entire system of how subnets should be assigned world wide, and then you got these ass's that just want to watch it burn lol
    Yep. This was the same manager that didn't think you could have 2 DC's on a network when I asked why there was only 1 DC. And told me we didn't need A/V on our servers because we don't surf the internet with them. I went to upper management with my concerns but they just went back to him and he convinced them he was right and I was wrong. Couldn't wait to get out of that place!
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Sep 2015
    Location
    Myrtle Beach, SC
    Posts
    214

    Certifications
    MCP, A+, Net+
    #11
    I can remember way back in the `90's working at a small shop and the local town got a wirefire system via one of the the ISP's. One day I was messing in our shop after they sold us a connection and I found that we could browse the folders of everyone on the entire network. I called their service manager and he didn't really care until while I was talking to him I was browsing his computer and moved his desktop icons to another folder. I didn't know a lot about how that stuff worked at the time, but I knew that couldn't be right.

    They fixed the problem pretty quickly.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Mar 2017
    Location
    Phoenix, AZ
    Posts
    246

    Certifications
    CISSP, C|EH, C|HFI, MCSA 2012, MCSA 2008, Security +, Net+, A+
    #12
    Worked at a call center that started out as a mom and pops shop. They had hundreds of workstations at this location which was still using the 192.168.1.1 network. Caused VPN issues and management wouldn't let us fix anything for fear of "if it ain't broke".
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Jul 2016
    Posts
    309

    Certifications
    CCNA R&S
    #13
    What's wrong with using 193.168.1.x?
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Jul 2016
    Posts
    309

    Certifications
    CCNA R&S
    #14
    Oops meant 192.168 1.x
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    May 2016
    Location
    UK
    Posts
    118

    Certifications
    A+, Network+, Sec+
    #15
    Quote Originally Posted by Welly_59 View Post
    What's wrong with using 192.168.1.x?
    I also want to know this. All I'm aware of is that private address ranges cant be routed onto public networks without NAT.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Dec 2015
    Location
    Quebec, Canada
    Posts
    325

    Certifications
    A+, Network+, Linux+, HP APS, VCP 3-4-5-6, VSP,VTSP, SSCP, Veeam VMCE, CISSP (endorsement in progress)
    #16
    Quote Originally Posted by dhay13 View Post
    My last job the IP schema was 192.9.200.***. I questioned this my first day and was told that whoever set up the network was following an example and that was the range they used in the example??? Highly doubtful but ok. So I told my manager that we needed to correct this and his response was that he didn't want to break anything.
    I agree with you it must be an example somewhere. Many years ago, I had a customer whose range were the same number.. quite a coincidence!
    Reply With Quote Quote  

  18. Senior Member joelsfood's Avatar
    Join Date
    Sep 2014
    Location
    Chicago, IL
    Posts
    983

    Certifications
    CCIE:DC, CCNP:DC, CCNA:DC, CCDA, VCP:DCV, VCP:NV, JNCIA-JUNOS
    #17
    Nothing is wrong with 192.168.1.x. Problem is above that, 192.1.x.x
    Reply With Quote Quote  

  19. Senior Member olaHalo's Avatar
    Join Date
    Jul 2012
    Location
    Las Vegas
    Posts
    737
    #18
    The bigger issue here is that youre running a FortiGate
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks