Topic: Solution for subnet mask faults of switches: Fault Phenomenon: Asymmetric Network Access failure, troubleshooting: Firewall and telecommunications? Subnet Mask. Fault Summary: Why can't I access the Internet but cannot connect to the headquarters? fault tips: the important role of subnet mask.
Network connectivity is a common phenomenon. I believe many people will focus on Network cables, Nic drivers, and nic parameters. When checking Nic parameters, they may also focus on key parameters such as IP addresses, Gateway Addresses, DNS servers, and DHCP servers.
In fact, there is also a network parameter-subnet mask, which is also very important. If we ignore the settings or set it incorrectly, it will also lead to network failure. Because the subnet mask parameter is not valued at ordinary times, once this parameter causes a network failure, it is easy to avoid this problem!
Switch subnet mask failure: Asymmetric Network failure
A company and its subsidiaries are directly connected to the local telecommunications department through broadband optical fiber and form the company's internal network through the telecommunications network. In normal times, the networks of subsidiaries can not only access each other, in addition, the company can also access the company's network or even the Internet, while the company can access the networks of various subsidiaries and the Internet.
Recently, Company A responded that it was unable to access the website server of the company, so that they could not report data to the company over the network. After preliminary checks, the head office network administrator finds that the network between the head office and A subsidiary cannot be pinged to each other. However, the head office can not only PING the networks of other subsidiaries, but also access the Internet, although A sub-company cannot PING the networks of other sub-companies and the corporate network, it can access the Internet.
Switch subnet mask troubleshooting: Firewall and telecommunications? Subnet Mask
According to the fault description above, the head office network administrator believes that since the Head Office can PING the networks of other subsidiaries, this indicates that the network on the head office is working normally, the problem may occur in A subsidiary's network or local telecommunications department. A subsidiary's network can access the Internet, this shows that A subsidiary's network and local telecom network should have no problems in physical connection. The Network Administrator also initially thought that A subsidiary's network had no problems in parameter configuration.
However, the network of A subsidiary cannot be pinged to other subsidiaries. This also indicates that the reason for the subnet mask failure of the switch should be in the network of A subsidiary or the local telecommunications department. However, the network administrator is very puzzled: Generally, the company network and A subsidiary network can access the Internet and the same website content at the same time.
They should also be accessible to each other unless they enable the firewall filter function to deny access to their respective networks. However, after the actual check, the network administrators on both sides have temporarily disabled the firewall and still cannot solve the network failure. This indicates that the network failure is irrelevant to the firewall filtering function.
After the firewall is ruled out, the Head Office's Network Administrator believes that the cause of the fault may occur in the routing settings of the local telecommunications department to the subsidiary's network, therefore, the Network Administrator logs on to the background management interface of the local router and tracks the routes of the subsidiary network.
To find out what is tricky, the network administrator tracked the routes of the networks of several other subsidiaries. After carefully comparing the tracing results, the Network Administrator found that there was a significant loop between the 202.102.11.156 address and the 202.102.11.254 address. After finding the address filing information, he found that these addresses were from the telecommunications department. It seems that the key to the problem is here!
Considering that the cause of the fault involves the telecommunications department, the Administrator is very careful because if the Telecommunications Department has an address loop, many users will have to seek help from the telecommunications department for a long time, can't the fault be solved now?
Therefore, the network administrator decided to first find the problem from himself. If the problem could not be found, it would be too late to report a network fault to the telecommunications department, the Network Administrator checked the servers and routers of the company respectively, and asked the network administrators of other subsidiaries to perform the tests. After repeated tests, the Network Administrator confirmed that the company's network did not have any problems.
Before officially reporting A network fault to the telecommunications department, the Head Office's network administrator has not forgotten to inform the network administrator of A's subsidiary about the parameter settings of the local subnetwork, and asked him to report the inspection results in a timely manner so that the company could decide whether to uniformly report network faults to the telecommunications department.
Not long ago, A subsidiary's Network Administrator called and said that when checking local route settings, it was found that "255.255.255.255.192" was set to "255.255.255.0" when the subnet mask parameter was set "; according to the network administrator of Company A, although he sets the parameter table assigned by the company, he accidentally enters the vro subnet mask parameter into the Intranet mask address due to operation habits.
After the address is changed, the network of Company A can access the server of the company immediately. So far, the network failure mentioned in this article has been successfully solved, and the final "subnet mask" of the switch subnet mask fault is not noticed.
Vswitch subnet mask fault Summary: Why can't I connect to the Internet but cannot connect to the headquarters?
After finding the cause of the fault, we can easily explain several strange network phenomena mentioned above. For example, if the subnet mask parameter of Company A is set improperly, the network of Company A can still access the Internet. This is because the router of this subnet has A default route record, this route record can forward network data from Company A to the Internet port, so that Company A can access the content in the Internet.
Company A's network is unable to PING the company's network, mainly because of an error in the subnet mask parameter settings of the company. We know that before a host sends an Internet request, it often determines whether the target host is in a local subnet. If it is in the same subnet, it will directly send the Internet request to the target host, if it is not in the same subnet, the request will be sent to the specified gateway.
How does a local host identify whether the target host belongs to a local subnet or an Internet network? It mainly relies on subnet mask addresses. Assume that, under normal conditions, the network mask address of Company A is 2017100000000192. In this case, when the host of Company A's 202.102.11.87 tries to access the website server of the company, the server address is assumed to be 202.102.11.2 ), the local host considers the 202.102.11.2 server to be on the Internet.
Therefore, it sends an Internet request to the local gateway. In this case, the 202.102.11.87 host of Company A can PING the server of the company. Once the network mask address of Company A is changed to 255.255.255.0, the local host considers that the address 202.102.11.87 and 202.102.11.2 are in the same network segment, therefore, the local host directly sends the Internet request to the target host instead of forwarding it to the local gateway.
In fact, there is no IP address in the local subnet for the target host 202.102.11.2, so the host 202.102.11.87 of Company A cannot be pinged to the head office server. The reason why the company's network cannot PING the network of Company A's subsidiary is mainly because the network mask address of Company A's subsidiary is incorrect, and the data request information from the Internet cannot reach the target host correctly, therefore, the route entry of Company A is considered to be inaccessible.
Tips for subnet mask faults: Subnet Mask plays an important role
Many friends who are new to the network often think that they can determine whether the two IP addresses belong to the same subnet by observing the IP address. In fact, they ignore the important parameter subnet mask. Generally, to check whether two IP addresses are in the same subnet, both the IP address and the subnet mask address are required.
For example, the IP address of a workstation is 10.192.0.1, the corresponding subnet mask address is 255.255.255.0, the IP address of another workstation is 10.192.1.1, and the corresponding subnet mask address is 255.255.255.0, they are not in the same subnet, because the subnet mask address shows that the subnet network number of the previous workstation is 10.192.0.0, And the subnet network number of the next workstation is 10.192.1.0.
For example, the IP address of a workstation is 10.192.0.1, the corresponding subnet mask address is 255.255.0.0, the IP address of another workstation is 10.192.1.1, and the corresponding subnet mask address is 255.255.0.0, they are in the same subnet, because the subnet mask address shows that the subnet network number of the previous workstation is 10.192.0.0.
The subnet network number of the next workstation is also 10.192.0.0. therefore, from the two examples above, it is not difficult to see the two IP addresses of the same. If they correspond to different subnet mask addresses, the two addresses may belong to different subnets, it may also be in the same subnet.