I have recently started working in a NOC role, and whenever I get an incident raised that a particular user cannot access a certain application the senior engineers ask me to obtain the source & destination IP addresses and the source MAC address.
My question is or why do they need that information? How are they able to investigate the issue knowing the above?
I know this is a very general question, any help is appreciated!
because they most likely want to check the port the user is connected to for issues (mac enables them to find it) and with the IPs verify the path through the network and/or firewall rules are not blocking the traffic somewhere between the source and the destination.
If you want to endear yourself to them, gather this information from the user/user’s PC before you escalate the ticket. Saves everyone time in the end.
Asking this question without a source and a destination address is like asking a plumber to “fix a leak in my house”. Regardless of how helpful, cooperative, or talented anyone is, they still need to know what your address is and what room of the house the leak is in.
Users lie. Yes, even when they don’t mean to. “I can’t access ” is a statement that’s mutated and filtered by the user’s knowledge level. There are a bunch of assumptions in that statement which can only be cut through by reducing the problem down to it’s minimum, technical truths.
you start with the source and then trace to the destination and check every ingress/egress interface for errors and also check each device in path for any abnormalities like cpu or mem spikes or bridge loops and routing loops. Then goto destination and trace back to source.
then to top it off the network engineer has to do a bug scrub on each device if no problems found at L1/L2/L3
That’s a pretty long list of possible options which takes a considerable amount of study to understand. There are literally thousands of commands available on routers and switches. Sounds like you need to start at something like TCP/IP for dummies and work your way up from there, but at the very least of those is ping and tracert.
You probably don’t have access to look at the kind of things that they will be looking at. But one thing you can do is verify that the user’s PC can ping the destination IP. You can also try to determine the port used by whatever app you’re troubleshooting. Then if it’s a TCP port you can use telnet to try to connect to the destination on that port. If you get a connection, then you can be reasonably sure that you aren’t being blocked by a firewall.
Thank you. Just a last question - if I obtain the users MAC address and do a “show mac address-table “address” and able to see the machine there (so the switch IS learning the MAC) , does that mean it could potentially be a L3 issue?
I have tried btw and I thought you can ask anything on Reddit. If you don’t know the answer or annoyed by the question then not sure why you are here commenting