Results 1 to 8 of 8

Thread: Apex Networking Issue - A little beyond my skill set

  1. #1
    Frequent Visitor
    Join Date
    Jan 2013
    Location
    Encino, CA
    Posts
    57

    Apex Networking Issue - A little beyond my skill set

    Hi Guys,

    This is a complicated Networking issue, and I am wasn't sure where else to post it.

    In the past my Apex had issues because I have a high tech house. Neptune determined there was too much network noise in my house and it was upsetting the Apex . Back then I had about 75 things on my home network.

    I upgraded my network Firewall to a Zyxel USG-40, My house is connected via one lan port on a subnet of 10.10.1.xx

    My Apex is hardwired from the Apex Unit directly to the Zyxel into a secondary Lan Port and is on a Subnet of 192.168.2.xx.

    Only 2 IP addresses from the 10.10.1.x.x subnet are allow to chat with the Vlan.

    Most devices in the house have static IPs.

    The Apex has a static IP of 192.168.2.100.

    The Vlan port the Apex is on has DHCP turned on but only an address pool of 5 IP addresses starting at 101.

    On Saturday Fusion emailed me it had lost heartbeat with my Apex. I waited awhile but the connection didn't fix.

    I went to ping my Apex and there was no ping to the Apex. I checked the Apex from the display and the Apex was running but said Fusion Comm Down.

    I went to the Zyxel admin page and was checking the port stats.

    On the Vlan the Apex was on - There was lots of traffic in and out on the Apex ip address.

    And then there were a whole list of other IP addresses on the VLAN where little bits of data had gone - 192.168.2.19 / 192.168.2.26 /192.168.2.20 etc etc etc

    I couldn't figure out where all these unknown IP addresses came from.

    I monitored for a few minutes and the data going to (TX only no RX) these ports was going up in tiny little bits randomly.

    I went downstairs and unplugged the Apex and let it sit for 5 mins.

    The Apex rebooted, and was back on Fusion in 2 mins. Since then when I check the VLAN traffic, only the Apex IP address shows traffic.

    Any idea what happened. I don't understand where the stray IP addresses could have come from.


    Thanks

    Dave B

  2. #2
    Frequent Visitor riverchemistry's Avatar
    Join Date
    Jan 2014
    Location
    under the sea
    Posts
    91
    Networking is really tough to work with when it get's this way. What's the port the APEX is on? Maybe perhaps give it a different port. Is the APEX on default port 80? Try something else, like 1440 or 3000.

  3. #3
    Frequent Visitor Justin L's Avatar
    Join Date
    Jan 2013
    Location
    Birmingham, AL
    Posts
    541
    Ok, little bit of confusing terminology here. I don't think you mean vlan. I think you mean subnet, or possibly physical port. Anyway, with this 10.x.x.x. and the 192.x.x.x what you're getting here is what's called a "double-nat". Meaning your router is delivered an internal ip address, as apposed to a real world ip address. This is becoming increasingly more common and can cause some unique networking issues. HOWEVER, with fusion a double-nat _shouldn't_ matter in most applications.

    Riverchemistry might be on to something regarding local access, but a http port issue woulndn't cause you to be unable to ping the apex. Is the device you're attempting to ping from (latpop?) on the same subnet as your apex? IE, does it have a 192.168.2 address?

    If you're DHCP range is only setup to provide address in the 192.168.2.101-105 range then those other addresses must be devices with staticly assigned ip addresses. Out of curiousity why did you restrict your DHCP range? Typically you want to have most of your in home "smart" devices to use DHCP, it's just simplier and less error prone. IE, smart TV's, cable boxes, home control devices, etc. etc.

  4. #4
    Frequent Visitor MatroxD's Avatar
    Join Date
    Jan 2013
    Location
    Wyandotte, MI
    Posts
    420
    Sounds like either, and I could be wrong here, but someone is either "trying" or is listening in on your network.. Because, if your behind your firewall, and there aren't addresses from known components, at least to and for me, it would sound a bit strange.. Did you try and trace or and arp the addresses? And also, get the mac from those devices? If you also don't know what those are, I'd kick them off.. Pronto! And then do some hardening.. And I really do understand why you don't use a ton of dhcp (I really do, but you have to be careful these days honestly.. Which I'm not saying you aren't, but just worth saying)..

    Also, change the port(socket) the apex is on.. Turn that dhcp off of the apex.. And give it a new allocated address.. If you can, and I know it's a pain, but create new subs, and do(I have been thinking about this myself, but I haven't tried it as of yet), maybe add in a dedicated firewall (hardware, and I can't remember after typing if you said you had one).. Because, I'm paranoid(and security specific) , and anything like what your describing, would make the hair on the back of my neck stand in fear.. But you sound like you know what your doing..

    I wish you the best of luck my friend..

    Sent from my SM-N920V using Tapatalk

  5. #5
    Frequent Visitor
    Join Date
    Jan 2013
    Location
    Encino, CA
    Posts
    57
    Riverchemistry,

    The web port was changed to a value in the 1900's years ago.



    Justin L - I may have the wrong terminology between vlan and subnet. The Zyxel router firewall is setup so that each ethernet port on it is an independent 'subnet' You can build multiple networks behind the router that don't have interaction with each other unless you choose.

    My Lan port 1 is the 10.10.1.xx subnet.

    My Lan port 2 is the `192.168.2.xx subnet.

    The only device allowed to communicate from one subnet to the other is my laptop and thats exclusive to one IP address.

    On Lan port 2, the 192.168.2.xx subnet - There are no other devices on that network. The only device connected is my Apex.

    The reason the DHCP on Lan 2 is restricted is because I only need a few computers to ever log onto the network and that's to access the Apex. And if I ever can get my Apex to be reliable and stable then I will add Apexs to my other tanks.

    Matrox - Because of Apex stability issues I had it on it's own physical WAN IP address with it's own firewall. I have 5 static IP's into my house. After getting the Apex working better I got rid of the 2 physical router and slid the Apex onto the Zyxel.

    I didn't trace any of the weird IP's because I was primarily concerned with why the Apex was off line and why I couldnt ping it.


    Dave B

  6. #6
    Frequent Visitor Justin L's Avatar
    Join Date
    Jan 2013
    Location
    Birmingham, AL
    Posts
    541
    Oh, well, then you might be using the correct term, a subnet and vlan can be the same thing, but not necessarily. That's a very strange configuration for a home network! More complex than most of the corporate networks I've seen. Typically you'll do a one to one vlan to subnet relationship of like hardware. IE, servers on a vlan, printers on a vlan, management on a vlan, etc. Also, you'll super-subnet a class A, meaning your subnets will be 192.168.10.X, 192.168.20.X, 192.168.30.X, etc. To split them into separate class A networks is a little unusual, unless that other class A (10.X.X.X) is coming from your provider? Anyway....

    The first thing we should do is eliminate the Apex as the problem. Set your laptop to a static ip address in the same subnet as the Apex, I'd need to know the subnet to be sure, but 192.168.2.101 should be fine. Leave the gateway/DNS settings blank. Connect directly to the apex with an ethernet cable. no router/switches involved. Ping your apex and post the result.

  7. #7
    Master Control Freak RussM's Avatar
    Join Date
    Dec 2012
    Location
    California - US Pacific
    Posts
    22,463
    Justin, the ZyXEL USG series are multiport routers/firewalls. While capable of doing VLANs, what Dave has described is not use of VLANs; instead, he has 2 of the (individually configurable) LAN ports, configured with a unique subnet - hard segmentation, no virtual LANs. His internal addressing is RFC1918-compliant; nothing unusual there. No NAT between subsets (just simple L3 switching/routing) and no double NAT to the Internet.

    Dave - where exactly did you see this "lots of traffic" to/from Apex? There are multiple places in the USG to see traffic. On the page I think you were looking at, those stats are cumulative from the time the last restart of the USG, and may appear quite large. Other places show current/recent activity.

    Where did you see these other 192.168.x.x addresses appearing - what page in the management web interface? That's important to know. You listed a few "stray" addresses, all close together : 19, .20, .26 - were they all contiguous/sequential numbering, or were there gaps?

    At this point, I'd suggest monitoring and if you see those unexpected addresses again, grab screen shots.
    Please do not send me PMs with technical questions or requesting assistance - use the forums for Apex help. PM me ONLY if the matter is of a private or personal nature. Thanks.

  8. #8
    Frequent Visitor Justin L's Avatar
    Join Date
    Jan 2013
    Location
    Birmingham, AL
    Posts
    541
    Good info, thanks Russ. I'm not familiar with those and couldn't make sense of what was going on.

Similar Threads

  1. Question: Issue with newly set up new Apex and probes
    By asulistyo in forum AquaBus Modules, Probes, and Breakout Boxes
    Replies: 0
    Last Post: 06-17-2020, 16:33
  2. Alexa/Apex skill no longer working
    By bvansteyn in forum Apex & Amazon Alexa
    Replies: 6
    Last Post: 12-03-2018, 17:25
  3. Networking issue on Mac
    By jester17 in forum Networking & Internet Connectivity
    Replies: 6
    Last Post: 01-03-2015, 07:58
  4. Networking Issue with Mac and Netgear WNDR3400v2
    By Saltcontrol180 in forum Networking & Internet Connectivity
    Replies: 18
    Last Post: 07-11-2014, 18:09
  5. Networking Set UP HELP
    By Alabamareef in forum Networking & Internet Connectivity
    Replies: 1
    Last Post: 11-05-2013, 17:56

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •