randombio.com | computer notes
Saturday, February 13 2021

Getting Linux to talk on a corporate network (solved)

A simple solution to a common IT-created problem

We could not get a Linux box to connect to a corporate router, even though Windows machines had no problem. This seems to be a very common problem with Linux and many people on the Internet have asked how to solve it, without apparent success.

Problem: Our Linux box has three network interfaces: an onboard wireless interface, a USB-network adapter, and an onboard wired ethernet interface called eno2. The USB adapter connects to a Windows machine on the same desk through a 5-port switch using static addresses. The IT department actually sent somebody out once, but they were never able to get a functional connection on the wired interface. Internet access was available only by wireless until one day when the building power went out. When power was restored, the Linux box was unable to connect to the corporate network on any interface.

What was tried: IT controls network access by putting the MAC address of a computer's interface card in their Approved List. Once approved, the computer is allowed to request an address through DHCP and allowed on the Internet. They did this about two weeks after I opened a ticket (I am not kidding—they needed a ticket for this. Their main concern was to find out who was going to pay for all that work). But it didn't help: we got an IP address but we were still blocked. IT claimed they are doing nothing special to block Linux machines, as they shouldn't, as Linux is essential for doing science.

The problem wasn't caused, as you might think, by some setting that IT forgot to write to their startup config, but to some peculiarity of ARP on their router.

Solution: This problem was highly repeatable. The Linux box routinely gets cut off whenever there is a power failure. Here is a solution that we apply routinely, and it works for us.

  1. Swap the USB and the onboard wired ethernet cables. This will disable the USB connection, so it is no longer possible to talk to the Windows box (because it's configured for a different network). It will also disable the onboard wired interface, which now does not get an IP.
  2. Swap the two RJ45 cables back to their original jacks. The onboard one (eno2) now has Internet access, but the USB one can't connect, so the Windows machine can't read files on the Linux one.
  3. Move the USB cable to a different USB port (swapping it with the USB keyboard if necessary). Now the Windows one can ping the Linux one and everything works.

Explanation: ARP caching is going on somewhere. Plugging everything into different ports, then putting them back, snaps the computers out of it. The question is: is the culprit in Linux or in their router? I will have to investigate after the weekend. Yes, their VPN doesn't work either.

Note that if you have two or more network interfaces, it's sometimes necessary to use the -B option to tell sftp and ssh which one you want. Otherwise it may try to use the wrong network and fail to connect.

On the Internet, no one can tell whether you're a dolphin or a porpoise
feb 13 2021


to top