During the summer season, there are information kiosks near the entrances to our parks, whose employees communicate with visitors in different languages and resolve their issues. To make it easier for the employees of these kiosks to work, they are given laptops with Internet access.
The problem is that information kiosks are located next to ticket offices on the street. In order for them to have the Internet, you can go in several ways:
Install a 4G modem in each info kiosk.
Carry out a local area network to the information kiosks.
We love the second way more. This is due to the fact that the ticket offices are connected by fiber-optic lines to their servers. And in the optical cables there are unused fibers after that, which we use. Optics are used because they are better suited for outdoor applications, especially over long distances. Optical cables have very reliable mechanical protection against damage and breakage. In addition, they provide stable connection quality over time (while twisted pair connectors can oxidize).
During the prepararation for the opening of the 2021 summer season, among other things, we are checking the operation of equipment in info kiosks. This check revealed the lack of connection of one of the kiosks with the core network. This is a critical issue and we only had two days to solve it. If we fail to "raise" the connection, we will have to connect a 4G modem, which is not very good (yes, we have a "plan B"). I move to the Palace Square.
Pravlenskaya street
What I see is the outdoor TV working next to the info kiosk, which shows our advertising pictures. I remember how we connected it to the local network a couple of years ago to update information on it remotely.
Info kiosk and outdoor TV near it
Let's start checking. The first thing I do is try to turn on the laptop of the info kiosk and check the connection. The result is sad, the laptop cannot get an IP address, but there is a physical connection. For further analysis, I connected my laptop. Using a second laptop allows you to immediately eliminate the possibility of a breakdown of the network card in the first. But this is not the main goal.
If a laptop ends up in a local network, then regardless of whether it received an address or not, broadcast packets from other devices will "fly" towards it. This is not important to us in normal operation. But now it makes it possible to diagnose what segment of the network is available to the laptop. In order to see which packets reach the laptop, I use the Wireshark program, which is what I wish everyone.
Wireshark captured the Samsung packets
As we can see, packets from a device made by Samsung reach the laptop. This is an outdoor TV. But apart from it and the laptop itself, no one sends anything. This means that the kiosk is cut off from the main part of the network.
In preparation for the installation of a container data center, we laid a new optical cable to the optical distribution frame, from which the info kiosk is connected. In addition to laying optics to the location of the data center, we have solved the problem of lack of optical fibers on the communication line with Alexandria. But when this was done last year, the info kiosks did not work, so then it was not completed switching to a new communication line, and the old one was already cut off. Well, this is the most likely point where there is "no contact" - I go there.
Optical distribution frame is located in the building to the left of the square
I connect the optics to the SFP module in the switch, check that the LED is blinking, and go back to the info kiosk. I plug my laptop back in and watch what happens. The laptop again cannot get an IP address. Watching what's happening on the network with Wireshark. On the one hand, packets from the core network appeared, on the other hand, the address still does not work.
DHCP packets captured by Wireshark
The DHCP filter indicates that requests for an address are being sent, but no responses from the DHCP server are received. It is assumed that the port of the switch, which is currently connected to the info kiosk, is configured in the wrong mode. I make the heroic decision to go out to lunch and check all the settings remotely at the same time.
I turned out to be right - the port was configured in Trunk mode, that is, it sent and received tagged traffic. I reconfigure it to work with untagged traffic of the VLAN I need and go back to the info kiosk.
I go the info kiosk
Going to the info kiosk, I turn on the "regular" kiosks laptop and check the availability of the network. And it is not available. Shock. Trembling. Negation. Negotiation. I take out my laptop and see what Wireshark shows. Packets come from the core network, but for some reason they are not from the required VLAN. I check the protocols of information exchange between switches. This allows you to understand with which switch there is a connection. To begin with, I look at the STP protocol, which is designed to eliminate loops in the network.
Filter Wireshark captured packets by STP protocol
It can be seen that the packages are arriving. And they come from the Huawei switch. This is a good sign. We check further. The next protocol is LLDP. It gives more information about neighboring network devices.
Information from the LLDP package
Now we can say for sure that the info kisk is connected to the switch I need through the interface I need. Behind the scenes, there is still the fact that LLDP showed the VLAN number that is configured on this interface. And it is also correct. I assume that this VLAN does not reach the switch from its neighbor, which is connected to the network core switch. I want to note that when I set up the connection to the info kiosk, I checked for the presence of a VLAN in the configuration, that is, it was definitely created there. In order to quickly rectify this situation, I decide to change the VLAN to another, which is most likely configured on the entire chain of switches. In order to do this, I need to connect to a switch in the Royal Church Museum. It is physically inconvenient to connect to it directly, and even go to it... I decide to try to connect to it remotely. Unfortunately, the laptop refused to do this, because it was not at all the VLAN in which the switch has VLANIF, so I had to use the VPN from the phone.
It is quite convenient that you can connect to Huawei USG using a smartphone and get into the local network. Next, I launched the RDP client and connected to my work computer. Then I launch eSight, right-click on the required switch, then telnet. Then I type "sys" to go into system view, but the Android on-screen keyboard cannot send characters to the terminal in eSight. Inconvenient, but not critical.
I start PuTTY, enter the switch address, connect to it and can work correctly with it using the on-screen keyboard. This, of course, is not very convenient, but it allows you to do everything remotely. I change the VLAN of the switch interface and check the network availability. Not immediately, but the address is obtained. It all worked!
We are waiting for you in the new summer season!
