Hey everyone. Starting on Monday, my network has been experiencing some weird issues. The problems seem unrelated, except they all started cropping up at once after 2 weeks of smooth sailing. Hoping that I can find some insight here.
I have an ER PoE5, ES48 Lite as my core switch, two ES24 Lites and two unmanaged switches connected via TP Link Media converter/fiber running on the edge. One VLAN for VoIP, otherwise a flat network.
First, my running config:
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.1.1/24
description Local
duplex auto
poe {
output off
}
speed auto
traffic-policy {
out DownStream
}
vif 2 {
address 192.168.3.1/24
description VoIP
mtu 1500
}
}
ethernet eth1 {
address xxx.xxx.xxx.xxx/30
description Internet
dhcp-options {
default-route update
default-route-distance 210
name-server no-update
}
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
poe {
output off
}
speed auto
traffic-policy {
out UpStream
}
}
ethernet eth2 {
description Local2
duplex auto
poe {
output off
}
speed auto
}
ethernet eth3 {
description Local2
duplex auto
poe {
output off
}
speed auto
}
ethernet eth4 {
description Local2
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.2.1/24
description SwitchLAN
mtu 1500
switch-port {
interface eth2
interface eth3
interface eth4
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN1 {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.50 {
stop 192.168.1.250
}
}
}
}
shared-network-name LAN2 {
authoritative disable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.2.1
lease 86400
start 192.168.2.21 {
stop 192.168.2.240
}
}
}
shared-network-name VLAN2 {
authoritative disable
subnet 192.168.3.0/24 {
default-router 192.168.3.1
dns-server 192.168.3.1
lease 86400
start 192.168.3.249 {
stop 192.168.3.251
}
}
}
}
}
dns {
forwarding {
cache-size 350
listen-on eth0
listen-on switch0
listen-on eth0.2
name-server 129.250.35.251
name-server 208.65.160.3
}
}
gui {
https-port 443
}
nat {
rule 5010 {
outbound-interface eth1
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
gateway-address xxx.xxx.xxx.209
host-name ubnt
login {
user TataHarperIT {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
}
name-server 129.250.35.251
name-server 127.0.0.1
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
traffic-analysis {
dpi disable
export disable
}
}
traffic-policy {
shaper DownStream {
bandwidth 45000kbit
class 10 {
bandwidth 5%
burst 15k
ceiling 100%
description RTP
match VOIP-RTP {
ip {
dscp 46
}
}
queue-type fair-queue
}
class 20 {
bandwidth 5%
burst 15k
ceiling 20%
description SIP
match VOIP-SIP {
ip {
dscp 24
}
}
queue-type fair-queue
}
default {
bandwidth 70%
burst 15k
ceiling 100%
queue-type fair-queue
}
description "DownStream QoS policy"
}
shaper UpStream {
bandwidth 45000kbit
class 10 {
bandwidth 5%
burst 15k
ceiling 100%
description RTP
match VOIP-RTP {
ip {
dscp 46
}
}
queue-type fair-queue
}
class 20 {
bandwidth 5%
burst 15k
ceiling 100%
description SIP
match VOIP-SIP {
ip {
dscp 24
}
}
queue-type fair-queue
}
default {
bandwidth 40%
burst 15k
ceiling 100%
queue-type fair-queue
}
description "UpStream QoS policy"
}
}As you can see, I have DNS forwarding and some traffic shaping in place. Otherwise, very straightforward (I think).
The issues are as follows:
1. I came into work on Monday and, while my router and switches were all on, I was unable to access the internet or the router GUI. A power cycle solved this problem, but this was the first outage I've had of this nature.
2. I set up the DNS forwarding two weeks ago. Yesterday, the four machines on my network running Windows 7 were unable to access the internet. I set the DNS server manually in the network adapter settings on each machine to my router. This solved that problem.
3. At the same time, some wireless issues started popping up. I'm running all UniFi AC Lite with the 3.4 firmware. One of the APs (running off of one of the unmanaged switches) won't connect at all. The blue light is on, but I can't ping and my controller (running on an AWS instance) does not recognize it. Trying a hard reset. Another AP, running off one of the ES24s, keeps dropping in and out. Also, one of my workstations cannot access the internet while connected to this AP, but can access the internet while connected to a different AP on the other end of the building on the same network.
4. Finally, whenever I ping anything (AP, switch, workstation), I get this response, which is in red text and different from what I'm used to seeing when using the ping tool in the GUI:
Invalid ping data (13 bytes from 192.168.1.2: icmp_req=1 ttl=64) Invalid ping data (13 bytes from 192.168.1.2: icmp_req=2 ttl=64) Invalid ping data (13 bytes from 192.168.1.2: icmp_req=3 ttl=64) Invalid ping data (13 bytes from 192.168.1.2: icmp_req=4 ttl=64) Invalid ping data (13 bytes from 192.168.1.2: icmp_req=5 ttl=64)
Everything was running smoothly until Monday. The last update I made was adding the traffic shaping rules on Friday. Not sure how this would make everything go bellyup.
Does anyone have any suggestions? I'm a novice. Definitely in over my head, but eager to figure out what the issue is.
Thank you.