Slashdot Mirror
Duke Wireless Problem Caused by Cisco, not iPhone
jpallas writes "Following up to a previous Slashdot story, it now turns out that the widely reported problems with Duke University's wireless network were not caused by Apple's iPhone. The problem was actually with their Cisco network. Duke's Chief Information Officer praises the work of their technical staff. Does that include the assistant director for communications infrastructure who was quoted as saying, "I don't believe it's a Cisco problem in any way, shape, or form?""
Still others seem to imply that Duke's network was deficient in some way because the problem had not been encountered more broadly.
I would say that the network was deficient until the patch was applied. For him to say otherwise implies that there was no problem to begin with.
this is just another example of hair trigger IT morons with nothing but an MIS (Management Information Systems) degree and experience working on their mom's computer. I can hear it now, "but they are cisco certified!!!". Yeah- certification.. spend a few hours studying some high level networking material, take a test-- now your an *expert*. always blaming whatever is new touching their "pristine" networks.
...for the poor guy who said it wasn't a Cisco problem when he starts getting those Apple fanboy death threats.
"Beware of he who would deny you access to information, for in his heart he dreams himself your master."
I'm curious to find more information on this. TFA just says "Cisco has provided a fix". What nature of fix was this? Was it actually a flaw in the routers, or did someone just configure them wrong?
Given the widespread use of Cisco routers compared to the isolated nature of the problem, it sounds a bit like Duke is just trying to save face.
This is unfortunately a common issue with people. When two events happen at about the same time, people assume they're somehow connected. The autism and vaccine link, for example, is one of those things where they get their shots and soon afterwards, they notice their child is acting strangely. Then there's the old "this coincidence must be a sign of the divine" theory.
We run into this all the time when doing server administration. For example, one of our developers found that web pages were slower on our new virtual servers. The obvious thought is that virtualization=slow. It turns out that compression hadn't been turned on for those servers. Since he was going over a slow VPN connection, it made a fairly significant difference. Once switched on, they worked about the same as real servers.
I read in another article that some Gartner group guy speculated that it was a problem with the wireless network at Duke's security settings, that they were using LEAP (Lightweight Extensible Access Protocol). Since that was an unusually technical speculation by a Gartner-ite, I'm curious if anybody can confirm/deny that.
So it wasn't Apple's iPhone but Cisco's Linksys iPhone that was causing problems, am I right?
Many network IT folks just understand how to change settings on routers (what you learn to do in a "certification" course on a router) and understanding networking. Networking is more than just some router settings, and understanding the organic interdependent flowing nature of a network is critical to debugging problems. Just knowing something is causing a problem, and blaming the most recent change as the cause (as opposed to some underlying problem that this change simply brings to light). A senior IT official should, even if he doesn't know the exact problem, know that weird entworking problems are often way more complex than they seem, and should not jump to knee-jerk conclusions (especially based on some 1994 anti-mac bias about networking)
Isn't that the entire basis for wikipedia?
Have a look at soylentnews.org for a different view
I heard a *story form some one that was an old GECO programmer way back when. In the midst of telling me stories about 3 foot diameter platters on huge racks and resistors the size of fists, he went on to tell a story of Cisco and and imminent wireless network failure.
It seems that years ago, some where in Europe, there was an issue with Cisco equipment failure at intervals. Massive wireless network failures and completely indeterminable. After bringing in a team of engineers for some thing like 9 months to assess the situation, they were still unable to determine the cause of failure. Until some one had peered in the way packets were being labeled under VLAN. Apparently Cisco had a number algorhithm issue, by which, say, every 10,000th packet, was getting dropped after being mislabeled and misdirected. After a so many identifying packets were getting dropped, total failure would ensue. I believe there was speculation of a Linux hardware and Cisco compatablity thing happening. Same protocols, just one was taking the shorter route to completion and it just happened to be Cisco to which all fingers pointed.
*The details of this may not be exact, but the ideas and names will remain the same to point out the guilty.
Cool. Cisco screws up, iPhone gets blamed, but nobody minds, because iPhones are so cool.
... (smiles) iPhones are cool aren't they!"
Boss: "Did you get those reports done?"
Underling: "Sorry Boss, I Couldn't. iPhone Congestion."
Boss: "iPhone?
Underling: "They sure are boss!"
Boss wanders off feeling good.
Underling returns to screwing around with his iPhone.
I think that after spending a number of years working in Cisco only networks, I'm constantly amazed at the generally poor compatibility and functionality of Cisco equipment.
This ranges from critical recovery steps being removed from the 7200 series G2 NPE (NEVER make one of these crash to ROMMON on boot. The fix is to RMA the NPE) for Xmodem recovery of bootloaders - something a basic 827 router has to their latest 7961 VoIP SIP phones that are apparently RFC compliant for SIP communications - but aren't.
There are MANY things that make Cisco equipment worse and worse as the years go by. Part of it I believe is the outsourcing of the people who write the software for these things now. Chances are that they weren't even around with Xmodem was in use - and I bet a lot of the coders have NEVER admin'ed a network of Cisco gear. This is the only thing I can think behind removing essential recovery procedures for $35,000AU routers.
There's a whole new direction that Cisco is heading, and with the stupid things missing from their new gear, I'm starting to wonder if it's a direction that will have huge impacts for the worse in the network admin side of life.
Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.
No, Wikipedia is peer moderated.
While not perfect, obvious mistakes or blatant lies are eventually picked up and corrected - this is why you shouldnt quote Wiki's, but use the references they cite.
Wow - I think my experiences are quite the same... Check out my post above yours :P
Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.
Shouldn't that be "fuck's sake" or "fucks' sake" - certainly not "fucks sake"..?
To be fair, who hasn't had an issue where you were SURE it wasn't one thing, when it actually was. I would imagine most of you, like me, have seen issues where you still can't explain how you fixed it.
They should still ban iPhones... and all mobile telephones. Annoying junk!
"He who can destroy a thing, controls a thing." --Paul Atreides, Dune
The sick thing is that it was OBVIOUS it was a Cisco problem from the start. If you make the assumption that the iPhones are somehow defective, it's still a Cisco problem because any defective behavior from an iPhone would be indistinguishable from malicious behavior from a student. The fact that the iPhone was involved really was a non-issue all along.
It was terribly irresponsible of them to go off blaming Apple and, worse, absolving Cisco of responsibility.
Why is everyone picking on Sake? I mean, sure it's served slightly warm and in tiny cups, but it's not all that bad to drink, is it?
Everyone knows that Duke's got problems with open access. It's the access point's fault, not the new units that play a little rough with seasoned pros.
Though the expert officials blaming the wrong party should find a new line of work. I suggest politics.
--
make install -not war
and forcing 100/full, you had better be doing it at both ends.
If you aren't, then the devices will come up as half duplex (assuming they properly implement the standards), you have a duplex mismatch, and you _will_ have network problems. 802.3u requires an end which is set to autonegotiate to assume half duplex if the other end will not autonegotiate.
Except, some Suns can not be forced and will only autonegotiate, in which case you MUST set the switch port to half duplex if you're forcing.
"National Security is the chief cause of national insecurity." - Celine's First Law
Typical reaction. Something goes wrong, blame the user.
After all you and your staff would never mess up, your high status, reputation and salaries are at stake. The fact that you have outstanding trouble tickets, perform patches and upgrades without testing are coincidental.
So something goes wrong, you blame the user, remove them and claim problem solved. In the background you quietly find the problem and fix it (as part of routine maintenance). Your reputation is intact and all is good with the world. If only their were no users it would all be perfect.
Whoosh. Sorry, I wasn't being serious.
Have a look at soylentnews.org for a different view
Might want to tag this as an apple story, since the previous article was in the apple section.
I and my group have experienced this at work all the time almost whenever a new person is hired into the network team. Cisco gear do NOT play nice with Sun Microsystems, be it their desktop workstations or their servers. The Cisco gear refuses to properly auto-negotiate with the equipemnt causing issues such as duplex/simplex mis-matches (i.e. the workstation thinks it is connected at 100 Full duplex, while the switch thinks it is connected at 10 Half duplex). Needless to say this causes all kinds of collisions, IErrors, OErrors, etc., on the system and the network. All the Sun gear must have their associate network partner's port forced to 100 Full, and we do the same for the system as well. How do I know the problem is with the Cisco gear? Because the workstation/server works fine if you use a HP, Xylan, Baynetworks, or other switch. The net network engineers immediately believe it is the Sun equipment because they have been brainwashed into believing that Cisco can't make a mistake or a poor product. It usually takes us to demonstrate using 2 or more other switches that the problem only happens on the Cisco. Cisco still denies that there is a problem as well.
Oh and if you don't believe me, do a google "Cisco problems with Sun"...
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
Seems to be all the rage at Duke. One would think they'd learn from their past mistakes.
"It is a miracle that curiosity survives formal education." -Albert Einstein
Depends. If you're telling a story about your friend Forest having sex with alcoholic beverages during a trip to Japan, then "For fucks sake." is appropriate.
obviously no deficiencies vs. no obvious deficiencies
I call BS on this. We have 1000's of HP and Sun boxes on my DC network that all auto-negotiate fine with my 6513's. In the far past there was a Sun bug that broke autonegotiation on certain Sun adapters that was caused by Sun not following the RFC's. I believe this has been fixed in Solaris 9. Chad
https://www.fsf.org/associate/support_freedom
What about a publicity seeking IT hound, then?
If you mod me down, I shall become more powerful than you could possibly imagine.
Man who leaps off cliff jumps to conclusion.
Smelled like a network problem.
;)
rm999, blindbat, Doctor Memory, and Funk_dat69, you all owe me a beer. Go drink it for me and think about what you've done.
This problem isn't restricted to Suns. In the last hosting environment I managed, all of the Cisco gear had to be hard-coded to full duplex/100Mb in the IOS, as auto-detect was busted. All of the Dell networking gear worked like a champ though. Cisco gear is overrated.
Camping on quad since 1996.
In my experience this is only true with the older interfaces: hme, qfe, eri. The newer ones such as bge, ce, and e1000g work just fine with Cisco equipment using auto-negotiation.
It's kind of funny: most posts here complain about the Duke IT staff, either about their lack of competence or that they didn't wait until they had all the facts before claiming that this was an iPhone related problem.
Some people here who know the IT staff at Duke defended them and objected the claim of lacking competence, and there is no reason not to believe them, since everybody else is just guessing.
So most posters rushed to explain what happened without having seen the whole picture, didn't look into the details and therefore show exactly the behavior that they are attacking the Duke staff for.
memomo: free web based language trainer DE-EN-ES-FR-IT
This problem isn't restricted to Suns. In the last hosting environment I managed, all of the Cisco gear had to be hard-coded to full duplex/100Mb in the IOS, as auto-detect was busted. All of the Dell networking gear worked like a champ though. Cisco gear is overrated.
I just don't get this. Auto-detect has never failed me, except when I messed up myself. When one end is hard-coded to full duplex and the other end is autonegotiating, the other end picks half duplex. That's what the standard says must happen, brain-dead though it is. The fix is to set both ends to autonegotiate, or if you like debugging weird problems, hard code both ends to full duplex. Anyway, the problem is gone with gigabit ethernet, because autonegotiation is enforced.
Finally! A year of moderation! Ready for 2019?
I don't understand why so mach noise around this problem. If your browser crashes on a website it's something wrong with your browser, not a website. If your system goes down because of couple new mobile phone it's something wrong with your network, not a phone.
Dude, you're in the minority... deal with it...
Your micro channel point -- weak, it was never REALLY really standard (think ISA)
CRLF CR LF -- Who cares, character sets are more of a challenge. Should everyone just speak and write English so you don't have to think/code so hard?
And lastly, you're like 2% of the world computer users that use a Mac. When you call up for tech support on something that "no one" uses, you're going to find someone who is clueless when you demand support on your Mac.
Get a life...
(Typed on a MacBook Pro)
-Steve
Cisco is notorious for autodetect failures and some of their equipment has been known to fail to autodetect when connected to other examples of their equipment.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Notorious? You sound like you've done your homework on this one. What are some examples that make these problems "notorious"?
... have been sacked.
As someone in another forum pointed out, and it's a good point...
Cisco provided a NEW patch, or just finally got Duke's IT staff off their ass and over to a patch set that's been readily available for some time?
+++OK ATH
I haven't seen the problems in a while, because I've been on the applications side for some time, but once upon a time you could see this problem just by connecting autodetecting, 100Mbps+FDX ports on two catalyst 5000 switches together. Sometimes they would figure things out and play nice. Sometimes they wouldn't, and bad things happened.
Beyond that concrete example (cat5ks aren't generally even in service any more because the backplane was somehow non-y2k-compliant) I've simply lost track of the number of network admins who have warned me not to do something or who have simply complained about it. So even if it weren't true (might not be any more, maybe they have it figured out now?) it's become one of those computer axioms.
You don't have to take my word for it though; google for "cisco autonegotiation failure" and you'll find more references than you'll ever need. Many of those will track back down to people not following the spec, because that's life, but many of them also go to clear examples of cisco being lame.
Cisco isn't the best. They're like McDonalds. You can get the same burger in any country :P
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Okay, now I'm not being antagonistic, I'm really curious (in a survey sort of way)... Cisco isn't the best, but what is your opinion what is?
Who puts together the best router solution?
Who's switches would run your ideal network?
Who kills at the SANS device space?
Who's VoIP gateways are seen as the best?
Who's Security devices rule?
What manufacturer offers all these type devices?
Who supports their products better?
An understandable, but fallacious, intermediate conclusion.
Free Software: Like love, it grows best when given away.
Adtran, check them out.
Even a Vyatta or other OSS router is as good as or better than all but the biggest, and most horribly expensive, Ciscos.
But you knew that, because you couldn't point to any evidence that refuted my opinion that Cisco has more than just market share in common with MS.
I don't know many Cisco haters, and I know plenty of Microsoft haters. My experience with Cisco gear goes like: unbox the layer 3 switch, connect the serial cable, configure IP addresses on a couple ports or VLAN's, tell it 'ip route', go get some lunch. Setting up a Windows server requires a 60 page guide from the NSA and four days of work to get something that should have been usable out of the box.
Now, their warranty, contracts, support, and pricing are all unreasonable (HP seems to be the better bet), but I've been known to order up a dozen refurbed Cisco VLAN-savvy switches and light up a new office building for pretty reasonable money when that fit the requirements, and the stinking things just work forever.
I'm not aware of any OSS routers that can handle 24 vlan'ed ports for $500, but I'd be happy to learn about them. The case is certainly there for some of their other products - I frequently sell clients a matched set of 1U redundant firewalls (freebsd-based) that beat the pants off PIX on price, reliability and ease of use.
I also have good luck installing WRT-54GL's in schools to get them on wireless. It's all a matter of picking the right tools from the right vendors, and occasionally Cisco has one.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)