randombio.com | computer notes Saturday, February 13 2021 Getting Linux to talk on a corporate network (solved)A simple solution to a common IT-created problem |
We could not get a Linux box to connect to a corporate router, even though Windows machines had no problem. This seems to be a very common problem with Linux and many people on the Internet have asked how to solve it, without apparent success.
Problem: Our Linux box has three network interfaces: an onboard wireless interface, a USB-network adapter, and an onboard wired ethernet interface called eno2. The USB adapter connects to a Windows machine on the same desk through a 5-port switch using static addresses. The IT department actually sent somebody out once, but they were never able to get a functional connection on the wired interface. Internet access was available only by wireless until one day when the building power went out. When power was restored, the Linux box was unable to connect to the corporate network on any interface.
What was tried: IT controls network access by putting the MAC address of a computer's interface card in their Approved List. Once approved, the computer is allowed to request an address through DHCP and allowed on the Internet. They did this about two weeks after I opened a ticket (I am not kidding—they needed a ticket for this. Their main concern was to find out who was going to pay for all that work). But it didn't help: we got an IP address but we were still blocked. IT claimed they are doing nothing special to block Linux machines, as they shouldn't, as Linux is essential for doing science.
The problem wasn't caused, as you might think, by some setting that IT forgot to write to their startup config, but to some peculiarity of ARP on their router.
Solution: This problem was highly repeatable. The Linux box routinely gets cut off whenever there is a power failure. Here is a solution that we apply routinely, and it works for us.
Explanation: ARP caching is going on somewhere. Plugging everything into different ports, then putting them back, snaps the computers out of it. The question is: is the culprit in Linux or in their router? I will have to investigate after the weekend. Yes, their VPN doesn't work either.
Update The problem still occurs when the Linux PC is on a UPS. The router or the local switches appear not to be, so the fault is not in Linux.
Note that if you have two or more network interfaces, it's sometimes necessary to use the -B option to tell sftp and ssh which one you want. Otherwise it may try to use the wrong network and fail to connect.