Networking Questions

[soul .gc]

Ok all - let's see if anyone knows anything about this please:

 

Satellite Broadband connection enters building -

 

Runs to a Cisco 1721 router

 

Router connects to a Netgear FS308 10/100 switch

 

All PC's connect to the switch.

 

 

In the network there is a Domain controller (2003 Server)with IP 192.168.1.3

There is a Terminal Services Server (Win 200) with IP 192.168.1.2

There are 4 local PCs(XP) that connect to the Domain in the local office

 

 

The Domain Server (CAPC) has an IP of 192.168.1.3, gateway of 192.168.1.1 and a DNS of 192.168.1.3.

 

The local machines and the Terminal Server have the same gateways and DNS.

 

QUESTION 1 - Shouldn't CAPC have the actual DNS addresses listed instead of its own IP?

 

Also - No one knows who installed the Cisco Router or the passwords or the configurations. I can connect to it via Hyperterminal but when I use "enable" it wants the user/pass and I have no clue on the password. We have checked with the local office, the Internet company and the server company and no one knows anything about the router - yet it is integral to the setup.

 

QUESTION 2 - Does anyone know if there is a generic Admin logon for Cisco 1700's and what it is?

 

Thanks much if anyone knows this.

[mookie]

See if you can find a manual for it online somewhere. There might be a way to reset it to factory defaults.

[mookie]

This may or may not help:

http://www.cisco.com/en/US/products/hw/rou...080094773.shtml

[stutters]

ANSWER 1:

win server 2000+ likes to do things on its own...like run its own local DNS service. you could disable that service, then it SHOULD accept the DNS from DHCP. but then again, we all know that it's best to let windows do what windows wants. is there a DNS lookup issue from the PDC, or is it just a matter of covergance?

 

ANSWER 2:

no idea. but for the next gen, save your money, buy sonicwall .

[soul .gc]

The issue with the DNS is that it takes FOREVER to resolve names. You type in www.yahoo.com and it takes 30-60 seconds to resolve the name, let alone load - half the time it times-out. The Sat company has tested it several times and everything is fast plugging directly to the port - just the router/server is bottle-necking it somewhere.

 

Thanks Mookie - reading it now.

[NOFX]

QUESTION 1 - Shouldn't CAPC have the actual DNS addresses listed instead of its own IP?

<{POST_SNAPBACK}>

 

No I dont think so, it is the domain controller right? It is setup to control the DNS information. It is just using itself instead of another machine.

[appalachian_fox]

The issue with the DNS is that it takes FOREVER to resolve names. You type in www.yahoo.com and it takes 30-60 seconds to resolve the name, let alone load - half the time it times-out. The Sat company has tested it several times and everything is fast plugging directly to the port - just the router/server is bottle-necking it somewhere.

<{POST_SNAPBACK}>

 

Weird. Are you sure the DNS server is configured properly? Is it slow only for resolving external names or for both external and internal? Also, do you experience slow logons in the office? That could be related to this.

 

Check your stub zone and your Non-Authoritative query response settings for all the external zones and make sure they're doing what they're supposed to be doing.

[soul .gc]

Thanks Fox -

 

Could you explain the last sentence a bit better? I am not quite sure what those are

[appalachian_fox]

Hehe, maybe. You said Windows 2003 server, right? Upon further inspection, Win2k3 doesn't set up a stub zone for the external namespace, or at least it doesn't show it to you. So, my bad, sorry for the confusion.

 

Open your DNS management window, right-click on the computer and select Properties. Check the settings in your tabs, particularly in the Forwarding tab. Make sure you have valid name servers in the list. Try pinging them or using nslookup and querying them directly to make sure they respond quickly. Also, check the Advanced tab. You may want to choose to disable recursion and see if that fixes things.

 

The reason I ask about slow (1+ min) logins is that DNS has become an inextricable part of the Windows 2k3 domain login procedure, and if the DNS service is not configured properly it can (and will) cause slow logins. If the logins are not slow, it is likely something with the external zones only.

 

Hope this helps some, I am not a Microsoft DNS guru but sometimes I have to play one at work, so I can probably give some good advice on what NOT, under ANY circumstances, to do

[stutters]

also, "the sat company tested it." how did they test it? if possible, hookup a laptop directly into the cisco (or whatever device directly handles sat signal termination). set the laptop as a static ip (192.168.1.20), gateway 192.168.1, and hardcode the external DNS. i've always been nervous of the inherent latency of satellite, but 60seconds seems a tad excessive.

[Nox]

In a Windows2000 active directory domain, ALL domain controllers are their own DNS servers. they must NEVER have secondary DNS. However, in the DNS forward lookup zones, you can specify public DNS so that your domain controller will look to the internet for its non-authoritative lookups.

 

Also, if you have more than 1 Domain controller, each one must ONLY point to themselves for DNS. You must use replication to have them share records with each other.

 

I agree with john, check your connection by setting up a laptop and specifying public DNS. I use verizon because my comcast DNS sucks the big one:

 

4.2.2.1

4.2.2.2

4.2.2.3

4.2.2.4

 

If you are still getting really slow resolve times, you may have other issues going on. Also, check websites by IP like google:

 

www.google.com = 72.14.203.99

 

http://72.14.203.99

 

As for your second question, try:

 

admin : cisco

administrator : cisco

cisco : cisco

 

If you are needing to break into the router, I can show you how to do that too, you just have to have physical access to the device, then you can go around the password and change it to what you want it to be. If this is a vendor device and not owned by the company, I would advise against it because there are serious legal implications of breaking the security of a device which are more costly then they are worth.

[soul .gc]

Thanks guys.

 

I tried something new.

 

I Remote in the the Terminal server above (Win 2000) and from there I RDP to the Domain controller (2003 Server). From this machine the internet is fast. I checked the DNS forwarding and it has the correct DNS for the Internet company. I was able to browse quickly and efficiently.

 

When I go to the Win 2000 machine, it is slow browsing. I checked DNS forwarding and there were no entries. I added in the 2003 IP as well as the DNS numbers and it seems to work faster. The only problem now seems to be no FTP is allowed so I am trying to track that down.

[appalachian_fox]

Yay! Figured it had to be something silly like that. Glad to hear that's fixed.

 

Here's some good resources primarily on security, but they serve as an introduction to topics (such as DNS under Windows 2k3) and they're free:

http://www.nsa.gov/snac/

 

Good luck with the FTP. We're here for any generic questions you might have.