They used Mikrotik Metals ( the round single pole ) on the Falcons for sending camera back before Starlink terminals were mounted.  I don't doubt they copied some of the circuitry and possibly the protocols and likely they then used Mikrotik gear on the ground.  Once you start using this stuff it's hard to stop...  I certainly believe they don't spend on Cisco when they don't have to...

On 5/4/23 4:49 PM, Adam Moffett wrote:
Hah! I bet they don’t put a Mikrotik switch in their little sats, but I can’t prove they don’t.


Get Outlook for iOS <https://aka.ms/o0ukef>
------------------------------------------------------------------------
*From:* AF <[email protected]> on behalf of Robert <[email protected]>
*Sent:* Thursday, May 4, 2023 6:58:30 PM
*To:* [email protected] <[email protected]>
*Subject:* Re: [AFMUG] Yealink "Forbidden"
Funny, this kinda sounds like what's happening with Starlink and their connections to zoom, but those seem to be fixed by going to a different set of dns servers ( that is what the jungle drums are drumming )

On 5/4/23 1:23 PM, [email protected] <mailto:[email protected]> wrote:

So this actually _was_ my issue.

I had disabled port isolation on 3 switches knowing I was going to move the uplink ports when I changed topology.

Normally if you have port isolation misconfigured then nothing works. Apparently on the CRS226-24G-2S+ if you have the ports assigned to isolation profiles and then disable those profiles then it /sometimes/ drop /some /traffic to that port. This didn’t become apparent until I did a capture onsite with a mirrored port.  I could ping the phone 100% of the time with zero drops, they’d get DHCP, and talk to the Internet, but /some /reply traffic doesn’t make it back to the device.  I assume it’s a bug.  You reboot the phones and they work again for awhile, but then after some period of time they’d just stop working with Zoom.  Two possible fixes are remove port isolation profiles from all ports, or configure it correctly and enable the profile.  What’s funny is there were 20+ apartments on the affected switches for 3 days and none of them reported any issue…..so I assume there was just some general low level packet loss and maybe Zoom was just extra tender about it?  That or the bug is specific to something about the Zoom traffic.  Whatever the case, I have a fix, and I’m moving on with life.  Not gonna test any more thoroughly on an EOL switch.

I’m glad Mikrotik discontinued the 226.  This ain’t the first weird thing I ran into on these.

I never did get an application layer log, so I don’t know why the “forbidden” message.  Maybe Zoom says your connection is shitty and I’d rather block you with a 403 you than let you have a bad MOS?  Or maybe Yealink says “forbidden” for any general connectivity issue?

Again it’s behind me now and I don’t care enough to test more.  I’m just shouting at the wind now.

-Adam

*From:* Adam Moffett <[email protected]> <mailto:[email protected]>
*Sent:* Wednesday, May 03, 2023 8:27 PM
*To:* AnimalFarm Microwave Users Group <[email protected]> <mailto:[email protected]>
*Subject:* Re: [AFMUG] Yealink "Forbidden"

Thank you sir

Get Outlook for iOS <https://aka.ms/o0ukef>

------------------------------------------------------------------------

*From:*AF <[email protected] <mailto:[email protected]>> on behalf of Steve Jones <[email protected] <mailto:[email protected]>>
*Sent:* Wednesday, May 3, 2023 4:34:51 PM
*To:* AnimalFarm Microwave Users Group <[email protected] <mailto:[email protected]>>
*Subject:* Re: [AFMUG] Yealink "Forbidden"

Its a bold assumption that its the bad people i want to eliminate (-:

Im not saying either way

but if there were no "good" people, then "bad" people could only stand to get better. growth like that brings joy

If all the "bad" people were gone, then good people would only stand to get worse. Decline brings sadness.

Call me the harbinger of joy

On Wed, May 3, 2023 at 11:47 AM <[email protected] <mailto:[email protected]>> wrote:

    Apparently Zoom tier1 isn’t helping.  “Check your firewall
    settings” and other basic stuff.  I don’t know if they’re just
    script readers or if this IT guy doesn’t know what to ask.

    I don’t want to be the guy who just points fingers at the other
    guy, so I’m trying.  I just wish I could capture the SIP
    messages….friggin TLS so super secure that I can’t friggin help
    you.  If only the world had no bad people, then we wouldn’t need
    security.

    I want to hear Steve Jones’s plan for eliminating all the bad
    people.  I bet he has one.

    *From:* AF <[email protected]
    <mailto:[email protected]>> *On Behalf Of *Darin Steffl
    *Sent:* Wednesday, May 03, 2023 10:49 AM
    *To:* AnimalFarm Microwave Users Group <[email protected]
    <mailto:[email protected]>>
    *Subject:* Re: [AFMUG] Yealink "Forbidden"

    This is really simple. If they can ping the internet or do
    anything else that requires internet at the same time the phones
    show offline, it's not your problem. They should be contacting
    their phone provider.

    Their voip provider can provide them host names to ping or trace
    to in order to troubleshoot. If you don't sell the voip, you
    shouldn't be troubleshooting it aside from making sure your
    network ping, jitter, and packetloss are normal.

    On Wed, May 3, 2023, 8:13 AM <[email protected]
    <mailto:[email protected]>> wrote:

        I’m trying to help a customer with their Yealink phones. 
        Their provider is Zoom.

        I’m 99% sure this is not my problem, but I’m chronically too
        nice to people so I’m helping anyway.

        So apparently when they go to dial out they’ll get a message
        on the screen saying “Forbidden”.  I’m not sure if there’s
        more to the message because I only know what they’re telling
        me.   When this starts happening their IT guy says the phones
        show up as “offline” in whatever management portal they’re
        using.  They factory reset the phone, it reprovisions, shows
        up as “online” in their portal and works again for some
        period of minutes or hours and then does the same thing
        again.  I asked if a simple reboot works, but the IT guy says
        they factory reset instead of reboot because it’s so easy to
        do 🙄.

        They point at me because the phone is “offline”, and they’re
        tying it to network maintenance that was done on Monday
        morning, but their story is not totally consistent about what
        day it started.  May have been Monday, may have been last
        week, depends who you ask.  I’ve taken packet captures and I
        can see the supposedly “offline” phone talking on port 443 to
        an AWS server (I assume provisioning server) and talking to
        Zoom on port 5091.  That’s all TLS/SSL so I can’t see the
        messages, but they’re definitely still talking to the
        mothership when they’re reported as “offline”.  They also do
        other normal stuff like DNS queries, NTP sync, and normal LAN
        chatter like CDP, ARP, etc.  I also checked for packet loss
        to the phones and there’s none/negligible loss.  So I’m
        telling these guys your phones are 100% definitely _not_
        offline.  I told them they need to check with Zoom to see
        what application layer messages are happening, because due to
        the encryption I don’t have a clue, but I’d wager the carrier
        is sending back a 403 Forbidden for some reason.

        Below is a screenshot of his management tool (customer name
        blocked out).  I don’t recognize it, maybe one of you all does.

        In the meantime I’m wondering if the collective has seen
        something like this with Yealink and/or Zoom.  Any wild-ass
        guesses?

-- AF mailing list
        [email protected] <mailto:[email protected]>
        http://af.afmug.com/mailman/listinfo/af_af.afmug.com
        <http://af.afmug.com/mailman/listinfo/af_af.afmug.com>

-- AF mailing list
    [email protected] <mailto:[email protected]>
    http://af.afmug.com/mailman/listinfo/af_af.afmug.com
    <http://af.afmug.com/mailman/listinfo/af_af.afmug.com>




-- 
AF mailing list
[email protected]
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Reply via email to