Alcatel Unleashed

Hello;

I have a weird problem with connecting TCP traffic to a particular port (10001) on an OS6850E. I use telnet to create a session and if I am on the same wire the session is established.
If I am on any port of the switch - even of the same vlan - the handshake times out. I can make a connection to a different port (9999) of the "server" regardless of the relative location of those two devices.
I can ping the "server" device all the time at any setup.
The STP and QOS are turned off on the "server" vlan.
Nothing in the switch logs with the port number in question (10001), at least that I could find.
The switch is a stack of 3xOS6850E-P48X, 6.4.6.440.R01

Thanks.
M.S.

PS: forgot to mention that all that behavior started yesterday; no modifications to config, no updates have been done...

Hi,
the PS is the importest information.
I understand that there is no impact to the "normal" traffic in the network - only the session to the switch itself is effected?
What do you mean with "on the same wire"? And with "on any port" (phyisical port or tcp-port)?
Because it works before: If possible you can reboot the stack. If this doesn't solve the issue than you can "isolate" the switch from the rest of the network and try the connection in a very easy environment. This is always helpfull to find out the source of the problem: the switch itself or other parts in your network.
regards Silvio

Hi Silvio;

The switch is blocking TCP traffic to the TCP port 10001 - that's a Paxton door access device, which I call above a "server" - starting last Friday, so it does affect packets forwarding.

It's not the "server", because when I am connecting my laptop via cat5 w/POE injector directly to the "server" everything works fine.
If I move the "server" wire to the switch port and plug the laptop to another port on the same VLAN, the session on port 10001 never happens.
If I use instead the TCP port 9999 - another communication port for Paxton devices - everything works.

I am testing this by telnetting to the "server" on ports 10001and 9999.
I can ping the "server" all the time, so it's not an addressing problem.
There were mobile ports allocations and corresponding VLAN rules, but I believe I've deleted them all.
The question is: what could possibly block a particular TCP traffic on a OS6850E?
I am planning to reboot the stack - situation permitting, - and, before that, to place an intermediary switch/hub between laptop/switch port and "server"/switch port; I've had a problem in the past when a proprietary internet router wouldn't talk to an OS6850 without another switch in between.
But then there were thousands of errors on the port - in this case, not a single one...

Thanks!
M.S.

Hi,
now the situation is more clear to me - thanks for the detailed explanation.
Normaly there is no reason that the switch dropes this packets.
There are in my opinion only two possible reasons: the switch listen for the port by itself (you can check with "show ip services") or there is a policy created (but you have already disabled qos). You can also create a new vlan with two (physical) ports as default vlan (without mobile) - connect the Paxton and a laptop at both the ports and test again. If the issue is still happens than there is a problem with the switch - try to reboot.
regards
Silvio

Hi Silvio;

Here is the update of the 2 things I've done:
1. Created an isolated VLAN on the switch in question, connected to it both PAxton and laptop - no traffic on 10001, everything else is fine.
2. Rebooted all the switches involved (the topology is a bit more complex that I've described) - same result.

Do you know if ALE still has a "pay-as-it-goes" hourly support option?
Thanks!
M.S.

Hi,
do you mean advanced service (AVR) - where you get a new switch before returning the broken one? Not realy sure if this is still possible. But this service costs (if possible) for this very old switch (out of support since a lot of years) nearele like a new switch. So I would recommend to buy a new 6860-switch (or all the members in the stack). Now is it the first switch that is broken. It is very likely that the next switch will have failures soon.
Have you seen the same behavior also at other omniswitches (and also at other ports of the same switch)? If the issue is the same at all the alcatel switches you should look further to find a reason.
regards
Silvio

You might be right about that; it's been out of support since 2016.
That stack is a part of the larger network uplinked to a 6900 core switch and there is a chance that blocking came from it (DDOS, flooding, etc) of which I couldn't find traces in there either.
I haven't tested the problem with a brand new, out of the box Alcatel switch yet; will do it first thing I get into office. If that works then I might need to troubleshoot the OS6900 instead...
As for buying 6860's, that's in the plans, but we use hundreds of 6850's of many flavors, and replacing them all at once is out of the question.
Thanks,
M.S>