Nothing is more frustrating than trying to get a balky network connection up and running. Everything looks fine, you see a link light, and the computer acts as if it is connected to the network. However, you are unable to access servers on the network or connect to the Internet. In some cases, you can see local servers, but you cannot access the Web. If using a wireless connection, you may be unable to access the Internet, even though things worked just a few minutes ago. What's going on? Why is Internet connectivity so hard sometimes?
Ethernet technology is pretty straightforward. By now, most people know how to get a connection to work. But sometimes establishing a connection can be devilishly tricky, and there are several things that have to work correctly to establish connectivity to the Internet. This month's article will help you troubleshoot some of the most common connectivity problems.
Your first step is to see whether there is a link light illuminated next to the Ethernet connector. If there is a light, it means that the base physical and electrical connections are completed between your computer and the switch it is connected to. You can verify that a connection exists using either the ipconfig command on Windows machines, or ifconfig on Mac and UNIX systems. As Figure 1 shows, my computer is not physically connected to a network, as signified by the words “Media disconnected.”
As soon as a connection is made, assuming your computer does not have a permanently assigned IP address, it requests an IP address from a Dynamic Host Configuration Protocol (DHCP) server. In most networks, the DHCP server is part of the network routing technology (probably residing in your network switch). If everything is functioning normally, within a few seconds, the computer will receive an IP address lease from the DHCP server. DHCP servers are configured to provide IP addresses from a predefined address pool. The server leases IP addresses to clients on the network for a period of time. As Figure 2 shows, you can see the lease statistics by entering ipconfig/all.
Before the lease expires, the client automatically renews the lease to keep the IP address. Remember this key point: The number of IP addresses in the DHCP pool is limited. If all of the DHCP addresses have been leased out, when your computer contacts the DHCP server, it will not be able to get an IP address. In this case, it can't talk to other computers on the network. As Figure 3 shows, if this happens, the output of an ipconfig command will show that an IP address has not been obtained from the DHCP server. If all DHCP IP addresses are leased out, you will never receive an IP address.
If all goes well, after a few seconds, the computer will receive an IP address from the DHCP server. At this point, an ipconfig command will show the IP address assigned to your machine along with the default gateway. (See Figure 4.) The default gateway is the path from your computer to the Internet and to other networks.
Your computer has an IP address, and it knows how to get from the local network to the Internet via the default gateway. But let's say you fire up a Web browser and still can't connect to the Internet. What's the next step?
Check to see if you can get to the default gateway. To do this, you can use either the ping or tracert command (traceroute on Mac and UNIX systems). If all is working normally, a ping command should yield the output shown in Figure 5.
If you are unable to ping the default gateway, try the tracert command. Some system administrators set equipment up so that it does not reply to ping commands. If both ping and tracert are unable to communicate with the default gateway, you may be able to communicate with computers on the local network, but you will not be able to access anything beyond this. At this point, it is probably time to ask the network system administrator for help. If you are the system administrator, break out a packet sniffer. Packet sniffers capture traffic on the network and help users identify problems.
Recently, I had a situation similar to this. Most of the time clients were working normally. But not infrequently, sometimes, computers were unable to get a DHCP IP address, or if they were, they were then unable to access the Internet. Figure 6 shows a partial capture from Ethereal, a free packet sniffing program. Something called “AsustekC” was sending out broadcast packets every 250ms to all the computers on the network. (The destination is listed as Broadcast, causing every computer on the network to try to read the packets.) This constant dribble of traffic interfered with normal communications on the network. When traffic became too heavy, computers couldn't communicate with DHCP servers and the gateway, making it appear that the network was unavailable. In the end, the culprit was a bad network interface card in a music library computer.
Assuming that you are able to ping the default gateway, but still unable to see a Web site on the Internet, the next step is to check whether Domain Name System (DNS) is available. DNS translates the domain name you type in to the actual IP address of the system you are trying to reach. Let us assume that you are trying to reach www.cisco.com. You open a Web browser and type in www.cisco.com. The first thing the computer does is ask a DNS server on the network to give you an IP address for www.cisco.com. This is the IP address your computer will use to reach the Cisco Web site. However, if the DNS server on your network is down, the computer will not be able to resolve the Cisco URL, and you won't be able to connect to the Web site.
You can see DNS at work by using the nslookup command. Enter nslookup www.cisco.com. On my computer, www.cisco.com resolves to 126.96.36.199. Because your Web browser finds Web sites by using IP addresses, this domain name resolution is performed automatically every time you enter a domain name in the Web browser.
Once you have the IP address of the site you are trying to access, enter this IP address directly in the Web browser. If you can see the Cisco home page, your Internet connection is working perfectly. The problem is not the Internet connection; it is the DNS. (Of course, if DNS is the problem, nslookup will not work.) Because DNS is such a critical function, many people operate multiple servers. Unfortunately, DNS servers go down more often than you might think. In many cases, DNS is provided by the Internet service provider (ISP). If the ISP's DNS servers go down, then it will look as if you are unable to connect to the Internet, even though everything except DNS is working fine. If you operate a personal DNS, be sure to provide a backup DNS server because without it, your clients will not work correctly.
If you are having problems with wireless connectivity, be aware that access points, the pieces of equipment that are sources of wireless connectivity, can become overloaded with association requests. This problem is created when many people try to connect to an access point simultaneously. (Think about conventions or hotel lobbies, where many people try to connect at the same time.) Unfortunately, there is no quick fix to this problem. If this happens frequently and you own the access point, you can install multiple access points to improve the situation.
As Internet security has become more of an issue, many network administrators are restricting access to their networks. If you cannot obtain a network connection, it may be that a network administrator has restricted connectivity on the network. If you are trying to connect to a foreign network, check with someone who is familiar with the facility to be sure that connections to visiting equipment are permitted.
Brad Gilmer is president of Gilmer & Associates, executive director of the Video Services Forum and executive director of the Advanced Media Workflow Association.
Send questions and comments to: firstname.lastname@example.org