Monday, January 21, 2013
One peculiar router …
I decided to poke around a bit with the home router, a Cisco WRVS4400N Wireless-N Gigabit Security Router and I must say, it's an odd router from a management point of view.
So I get a list of interfaces (via SNMP) on the device:
| Status | Interface | Bytes In | Bytes Out |
|---|---|---|---|
| up | lo | 207454 | 207454 |
| down | ipsec1 | 0 | 0 |
| down | ipsec2 | 0 | 0 |
| down | ipsec3 | 0 | 0 |
| up | br0 | 304475952 | 467833506 |
| up | ppp0 | 100525553 | 80535424 |
| up | sit1 | 0 | 0 |
| up | eth0 | 246917723 | 273606969 |
| up | eth1 | 119391487 | 88802941 |
| up | eth2 | 109882441 | 191904431 |
| down | teql0 | 0 | 0 |
| up | sit0 | 0 | 0 |
| down | tunl0 | 0 | 0 |
| down | gre0 | 0 | 0 |
| up | ipsec0 | 0 | 0 |
Okay, lo is the local loopback device, I have no idea what
br0 is, but I see eth0, eth1 and
eth2 which are obviously the Ethernet ports in use. So, what
do I have plugged in where? Okay, that's easy to determine—unplug a
device, see which interface is marked as “down”. This is typical Cicso
behavior, right?
Okay, I unplug the Mac from the network and I see:
| Status | Interface | Bytes In | Bytes Out |
|---|---|---|---|
| up | lo | 207454 | 207454 |
| down | ipsec1 | 0 | 0 |
| down | ipsec2 | 0 | 0 |
| down | ipsec3 | 0 | 0 |
| up | br0 | 304488023 | 467841666 |
| up | ppp0 | 100526059 | 80536312 |
| up | sit1 | 0 | 0 |
| up | eth0 | 246926120 | 273617295 |
| up | eth1 | 119393091 | 88804157 |
| up | eth2 | 109888649 | 191905881 |
| down | teql0 | 0 | 0 |
| up | sit0 | 0 | 0 |
| down | tunl0 | 0 | 0 |
| down | gre0 | 0 | 0 |
| up | ipsec0 | 0 | 0 |
So. It's not going to mark one of the Ethernet ports as being down. Lovely. Looks like I'm going to have to do this the old fasioned way:
![[Physically tracing the wires]](/2013/01/21/checking-the-router.jpg "ROUTER-CAM!")
Physically trace each Ethernet cable. Okay, in the above image, the left-most cable goes out to the Intarwebs. The right-most cable (the blue one, in the port labeled “4”) goes to the Mac. The one to the left of the blue cable (in port “3”) goes to my Linux system. The one in port “2” goes to a computer that is currently turned off. And the one in port “1” (the second on the left) wraps around and is hanging in front of the shelves (I use that one for the laptop).
Wait a minute … let me look at the front again …
![[Cisco WRVS4400N]](/2013/01/21/router-front.jpg "Oooh! Blinkenlights!")
We have the Internet; Mac is at gigabit speed; my Linux system, and … the turned off system? Really?
Okay, it appears that the Ethernet card in the currently off system receives just enough power to maintain a connection status; there's probably a “wake-on-LAN” feature on its Ethernet card.
Okay, now that's that's straightened out … um …
eth0, eth1 and eth2 …
Um …
The external ports don't match up with the internal ports. And given
that there's a computer that is turned off, shouldn't one of the
Ethernet ports return no data? And where's eth3?
What exactly is going on?
Okay, put that aside for now. What's the routing table look like?
| Dest | Mask | NextHop | Proto | Metric | Age | Interface |
|---|---|---|---|---|---|---|
| 0.0.0.0 | 0.0.0.0 | 70.XXXXXXXXXX | local | 0 | 0 | ppp0 |
| 127.0.0.0 | 255.255.0.0 | 0.0.0.0 | local | 0 | 0 | sit1 |
| 192.168.1.0 | 255.255.255.0 | 0.0.0.0 | local | 0 | 0 | br0 |
| 239.0.0.0 | 255.0.0.0 | 0.0.0.0 | local | 0 | 0 | br0 |
| 70.XXXXXXXXXX | 255.255.255.255 | 0.0.0.0 | local | 0 | 0 | ppp0 |
Um, 70.XXXXXXXXXX isn't my IP address; it's 74.XXXXXXXXX (I pay extra for a static IP address because of work issues).
Okay, it appears that 70.XXXXXXXXXX is
the remote side of my connection, but that routing (while it works) just
looks odd to me. So, what IP addresses are assigned to which interfaces?
| Destination | Mask | Interface |
|---|---|---|
| 127.0.0.1 | 255.0.0.0 | lo |
| 192.168.1.1 | 255.255.255.0 | br0 |
| 74.XXXXXXXXX | 255.255.255.255 | ipsec0 |
Okay, there's my IP address,
but it's … ipsec0? Weird. And it seems that
br0 is a grouping of all the Ethernet ports.
But really, the mislableled Ethernet ports, the turned off computer sending and receiving traffic, it just has me skeeved out a bit. And the whole mess makes it difficult to monitor the network (not that I need to monitor my network, but Cisco is selling this as a “Small Business” device and a “Small Business” might want to monitor its network).
Oh, I just thought of something … the wireless interface—it's missing! I mean, it's missing in the interface list; physically it's there or Bunny wouldn't be able to use her laptop on the Intarwebs.
This is one strange router …
Update on Tuesday, January 22nd, 2013
My friend Mark fills me in on what might be happening …
