Good Networking Model

[mateenmohd]

Please help us to provide necessary informations / configurations regarding to
implement Good Networking Model ?

We are daily facing networking problems in our office. we are using HP windows server 2003 R2 standard edition intel xeon CPU E5320@ 1.86 GHz 1.87 GHz  3.25 GB
RAM and cisco catalyst 2960 series, cisco ASA 5510 serices. and switches.
, 10/10 switch. approx 70 client users. we make bridges. when one connection down,
other connection activate.

our problem is that users complaint us that he is unable to access internet. we
check lan setting and repair the LAN, after that users can access the internet BY
LAN . But after few hours users again complaining that
he unable to access internet, again we repaire the LAN,
mostly we unpluge the cable and re-pluge with network point his LAN connection
working. some time client user LAN connection status showing that it is connected,
but it not open / browsing the internet site. why ?

Please help us how we can improve our network configuration / LAN setting ?
any body can provide us what is the best configuration network model  should be use  for the networking ?

1. Maximum Bandwidth speed ? (for 70 users )
2. Latest cisco model switches model number ?
3. Server configuration ?
4. why cable point waltage drop ?
5. how to increase cable point waltages ?
6. how to maximized LAN speed ?

Thanks for your help and support to improve networking problem ?

Regards
Mateen



 

[viking]

"We make bridges. When one connection down, other connection activate" - I don't understand: WAN connection going down or LAN connection (inside your LAN I mean) going down? You make bridges? What do you mean, you bridge 2 connections?

I suppose you use DHCP. What are the settings for users? IP Lease time? IP scavenging time? They loose only internet connection? LAN connection remains?

"after the users can access the internet BY LAN" - I don't understand.

"we unpluge and re-pluge with network point" - please rephrase... I don't understand what you want to tell. You unplug and plug the cable to the network socket?

What are the normal IP settings? (ipconfig /all when the connection works fine). What are the wrong IP settings? (ipconfig /all when the connection is malfunctioning).

1) It depends in what those users are doing, for what do they need internet? Browsing, VoIP? Database mining?
2)
3) To me it seems your server is just fine.
4) Cable voltage drop? When? Where? Why do you say that? You measured and observed a voltage drop? What equipment has these problems with voltage drop? (what do you mean by "cable point"?)
5) Why do you want to INCREASE voltage? (what do you mean by "cable point"?)
6) Long discussion here; before I try to give an adequate response I would need to know what those users do with the network, what services are needed, how many users use the network in the same time, what applications are used etc.

I "love" your problem, but to be able to do something useful (to advise right) I need more informations. Latest Cisco equipment? You don't need something like this, you need something designed for your network demands. If you place here more informations I will try to help you.

[mateenmohd]

Thanks for your response.

1. one server two connections, I want to ask when we have two connection if one down why other does not
    active ? what is the reaonse for this ?
2. This is my confirm experience that when client computer is not browsing the internet, I physically
     un-pluge the cable from the point, (computer cable connected with the wall point)
     after that it activate the connection and it start opening the internet site and it working,
     I want to known what is the reasons when un-pluge and pluge the cable connection with the point
     it status show connected ? this is usally practices in our office.
3.  ip setting is auto
4.  server configuration as above, I  want to know above server configure will be suitable configuration
     for the approx 60 users network ?
5.  cable voltage , basically I am not a networking guy, but I know that due to voltage drop, connection
     can be disconnect. I want to know more information about the why voltage drop ?

6. our main problem is that frequently connection dis-connect we repaire the connection but after
    few hours connection again dis-connect.

Can you help us how we can improvement our network ?
can you send us what hardware and software configurations we should use for the good network ?

1. what Maximum Bandwidth speed  we should implement in our network ? (for 70 users )
2. which Latest cisco model switches we should use  ?
3. what best Server configuration  we should use ?
4. How we can maximized LAN speed ?

Thanks and regards
Mateen


 

[viking]

Router, routing. The connections should be both active all the time OR they should be able to be active all the time (BUT this depends on type of connection, settings for connections, contracts with ISPs etc). What connections do you have on the server? Those 2 connections are not from the WAN to the router? They are redundant connections between your server and router? There is not a switch (or more) between server and router?

On how many computers appear these events? They are connected to the same switch? (I need something called "network map" on which are marked the equipments internetworked and the connections between them - in fact all the connections and possible connections).


What are the DHCP settings?

Disconnect cable, reconnect cable => the operating system checks again for the IP validity. Probably when the error appears there is a problem with the IP renewing. To see if I am right, you may try the following: when one computer looses it's connection, go to it and enter in command prompt window (start->run->cmd (ENTER)); type what I write between the " signs (SPACE means space key on the keyboard and ENTER means Enter key):

"ipconfig SPACE /release ENTER"

and then:


"ipconfig SPACE /renew ENTER"

If this solves the problem and you don't have to unplug-plug the network cable then something is wrong with DHCP options or communication (firewalls on the computers blocking the DHCP traffic? Faulty firewalls? There could be a few causes...). If this does not solve the problem the DHCP server has to be checked, even if it might not be it with the problem.


You observed the symptoms when? From the beginning? Aggravating in time? After equipment addition to the network? After modifications to operating system? (or the worst case: you don't know?)


I can't recommend you a network server without knowing the services that should be provided for the network users by that network server: domain controller, backup file server, dns server, router, proxy, e-mail server, file server, database server etc, what applications should run all the time and so on. I can't recommend because if I tell you "go and buy the most expensive server you can afford" it won't solve your problems and more important YOU can't justify the costs. For me, now, your server it's more than you need. But I don't know a thing about your network requirements. And don't be hasty, you have to know well what are you demanding and what are you modifying in network, what are the results to be observed, for what do you need those modifications and we can talk a lot about what you can, what you must, what you want (you got the point). For example I can tell you that a personal computer used with a server operating system (and hence being a server in your network - the software defines the computer role) could supply resources for authenticating to network of thousands of users. But every situation is unique and has to be tackled uniquely.

Leave the cable voltage alone. If voltage drops, change the network card or the switch that causes the problem. (I really hope that you have grounding to your electrical network).

I can't give your right answers to your problems. To me your problem is like you are saying "I have a mathematical problem. What is the answer?" but you actually don't say the problem, you only say that you have to solve a mathematical problem.

Don't be scared by all the things I am writing here. I don't understand why do you try to solve a network administrator/system engineer tasks. I try to help you but you don't give me clues, you just tell me that you have a problem.

Let's take it one by one and try to solve. First that computers disconnections.


[LE]
(I can give you principle answers to your questions, but for those you don't need me, you just take a networking book and see there "less services, increase bandwidth, buy better equipment" and others.)
[/LE]

[mateenmohd]

Thnaks you very much for your details response and comments.

Regards
Mateen

[viking]

You're not satisfied by my answers... I'm sorry Mateen, I can't do more

You're welcome, anyway

[mateenmohd]

Thanks for your response.

You are good network experiences. you discussion about the technical
questions. on the other hand, I could not success to explain our network
problems properly. Basically I am database programmer. I also handle network problems when reqired.

You can help us, It will be very helpfull for us that which network hardware and
software configurations required for smoothly running the 70 or 80 users network ?

Our exiting Network Hardware and Software configurations is
-----------------------------------------------------------------------------
1.   Windows Server 2003 R2 Intel Xeon CPU E5320 @ 1.86 GHz 1.87 3.25 GB
                RAM. Standard Edition Service Pack 2.
2.   Cisco Catalyst 2960 Series, Cisco ASA 5510 Series Switches with LAN base
                Software   
3.   Internet Line  ISDN
4.   Switches Port capability  10/10

I want to know that above configuration is not good for smoothly running
the network, I want to know the reasons ?

1. we have to change/upgrade  our internet line  to Lease Line ?
2. we have to change/upgrade  Cisco Catalyst 2960   to Cisco 6500 ?
3. we have to increase switches port capability 10/10   to 10/100/1000 ?

don't care the prices. we want to know the reasons,
for solve the network reasons we will expense more
 
Thanks and regards
Mateen

[viking]

I want to know that above configuration is not good for smoothly running
the network, I want to know the reasons ?

3. we have to increase switches port capability 10/10   to 10/100/1000 ?

I will look forward to better understand your problem.
Changing the switches from 10/10 to 10/100/1000? Yes. With no thinking I can say yes. 10/10 is very old equipment. It could be good equipment (they are also Cisco series?), but for a more "central" switch, to which other switches converges, it is demanding to offer more than 10 Mbps. 100 is so-so, and 1000 is ok. BUT take care, the opposite equipment should be able to sustain that transfer speed, otherwise it will be slowed down to a common speed. So, if you want a link to be 100 Mbps, at both ends of the link (switch-switch, switch-computer etc) there should be 100 Mbps able equipments.

Today or tomorrow I will give you a more concise answer.

[LE]
Internet line - ISDN

Here you may need also to upgrade. You have a T1 link? For 70 users you need some WAN bandwidth... BUT it depends on the services that have to be provided to users. I mean, what applications need internet access? How many users are allowed to use them?

Of course, there might be needed something more that an 1.44 Mbps or 2.048 Mbps, but let's take it a step at one time. What agreement do you have with your ISP? What is your WAN bandwidth that you agreed with ISP?

The most important question remains: what WAN services do network users require?
[/LE]

[viking]

Ok.

Some simple thoughts:
- your switches are fine. Here is a product sheet: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/product_data_sheet0900aecd80322c0c.pdf
and here is a product comparison between the switches in that class:
http://www.cisco.com/en/US/products/ps6406/prod_models_comparison.html

What WAN bandwidth is agreed with your ISP? Do you have a T1 link or more? Or less? What is the minimum bandwidth guaranteed by your ISP?

Your firewall (I assume that is what you use ASA 5510 for) is also fine.

Your server is very good, you don't have to change it.

You don't have to change any hardware component unless it is defective. Your network has very good networking components. I hope that the uplink ports on switches are used, because they can work at 1Gbps (what particular type of switch do you have there, what exact model number?) I checked on their site (cisco's site I mean) and now I have a very good opinion about what that network uses. There are other types (models) of switches? How many switches do you have? Do you have spare switches? Of the same type?
When were made the network cables? Are they Ethernet cat 5e each? They were changed or fixed? Are they in good shape? How many years old are the cables?

What problem (particular problem; if you have more network's problems let's solve them one by one) do you have now? How many times a day, how often does it appear? It appears on all computers in the network or just to a few of them?  (I have one million questions in my mind, but I am expecting you to give me more informations).

What problems do you still encounter? Have you checked what I told you earlier? It works?
You will have to draw the network map if it isn't already. You have to mention computer positions, port of switch and switch that they connect, everything.

For example I was a network administrator at a small company, 60 computers. I had notes about each computer position, what network connection point is connected that computer, what electrical sockets were used by that computer, what fuse was responsible for that computer, how long was the network cable, at which switch and at which port number was connected. I had a drawing showing all of these, I had a few tables with the information detailed about each one; I had tables and drawings that I could use "instantly".
I had problems? I solved them starting from network connectivity and hardware malfunctioning and stopping to software related problems, server settings etc.

Good networking model? You have to be very careful at details. You have to make notes of problems, reports more exactly. Detail everything, how the problem appeared, check to see if it reappears, how did you solved it, it was a good solution? If the problem reappeared, it was not a good solution, it was only partial at best.

Oh... What do you mean by lease line? Also only through phone lines? It would be better a WAN connection through optic fiber, but this depends on costs and your ISPs possibilities.

mateenmohd, when you are trying to fix something you have to be very careful: you have to be sure that you are solving the problem and you are not creating a new one. Don't be in a hurry, think well, note the problem symptoms, try to search (ask, read) for information about that particular problem and then think to a possible solution. It would be best if you have a "test case laboratory", but this is not always possible.

I am waiting for your further informations. Tell me one problem and let's try to solve it. Have you checked my previous method? Any result?

[mateenmohd]

Thanks for your details response and taking interest in our problem.

1. I am trying to find out wan bandwidth is agreed with our IPS.
    I also send e.mail to our IPS that what bandwidth is supply to our site office,
    I just recived the e.mail from our IPS, bandwidth informations is following
    BANDWIDTH IS 4 MB with following features

The main features of BusinessOne - 4Mbps Multi User are:

•          Download speed 4Mbps

•          Upload speed 512Kbps

•          1 Dial Up account

•          60 Virtual Mail Box

•          1GB quota per Email

•          Web hosting 4GB space

•          20 Norton Internet Security Licenses

•          60GB Standard monthly volume CAP per month


2. we have internet line ( ISDN Line ) , we don't have Lease Line (T1 Link)

3. Network cabling just new, two three months old. we just start our site office
    with new network cabling.

4. our network problem is daily. we have approx 80 users in our site office.

5. some of users are using VPN connection.   (approx 20 or 25 users use
    VPN connection when required.)

6. site office users connect by VPN connection with the main office server 

7. I just know that Lease Line is more better / powerful more bandwidth
     then other ISDN Line. But you better know about the Lease Line.

8. our network problem is that LAN connect automatic disconnect.
    We login as local administrator and repair / enable the connection.
    it connected with the network.

9. Sometime, it don't connected wehn we click the repair option in network
     connection 10. Then we remove the network cable from the network point and 
     again  fix the network cable with the network point then it connected.
      I.e. then LAN status showing connected.

11. We also instruct the users that please don't use VPN connection,
       when more users are using VPN connection, then more user’s complaints
       that our internet is not working.

12. First thing, we want to find out what is the bandwidth use when
      one user use VPN connection?

13. Second, as your ask me, that what is the bandwidth provide by our IPS
      to our site office server by ISDN ?
      (we will find with our IPS)

14. Third, how can monitor our site office server how many users are using
      VPN connections ?

15. I also check information at CISCO site that for monitor the vpn connection
     we need to installed VMS 2.2 software updated version.

16. I will download the VMS software.
17. site office users connect with the vpn connection with the main office
      I want to know that from site office Server we can Monitor the
      VPN connections ? this time how many users connected with the VPN ?

18. With the help of your support, one thing clear that We have BANDWITH
      problem.  our network bandwidth is very low .ie. 4 MB
      we need to increase  our BANDWIDTH and also trying to find
      how can we managemet our netork which will distribute proper
      bandwidth to each users ?

19. 4 MB BANDWIDTH will be sufficient to approx 80 users network  ?

20.  or what will be suitable / good bandwidth required for 80 users network ?


Thankd and regards
Mateen

(updated by 3rd Feb 2008, 11.15 am)

     

[viking]

If it's basic ISDN then you have a 128 Kbps connection. You need more. I will study your problem and I will give you some approximations.

[viking]

4 Mbps is a good connection. You didn't specified if this bandwidth is guaranteed or the maximum. What is the guaranteed bandwidth? The minimum bandwidth guaranteed no matter what - if the network - WAN network - is overcrowded you will still have available the minimum guaranteed.

I am reading some things before answering your question. But I have a question too: who is complaining about loosing internet connectivity, the user (or users) that is (are) connected through VPN or other users?

[mateenmohd]

Thanks for your response.

1. 4 MB Bandwidth provided by ISP, I am not sure about the guaranteed bandwidth.
    you menas that bandwidth may be up and down during overcrowded ?
    We have to ask about what is our guaranteed / maximum  bandwidth from our ISP ?
    Our ISP is ETISALAT,   (country UAE, site office in an Island)

2.  both users complaining about the loosing internet connectivity.
     that users wo have vpn connection and also  that users who don't have vpn connection

3. only approx 20 users have vpn connection out of 80 users.
    mostly not all vpn users work at a same time, they mostly out of office,

Thanks and regards
Mateen

[viking]

Ok. Guaranteed bandwidth.
If I want to use some sites, I make downloads from different places, then summing all the transfer rates I should obtain something above or very close to 4 Mbps (if this is the minimum bandwidth guaranteed). To make tests you must use different servers, not only one or two, because one server could have available less than 4 Mbps and the transfer rate is dictate by the lower speed (if you have two pipes connected, the flow of liquid is determined by the smallest pipe - the same principle in network transfers). For 4 Mbps I would use something like 20-30 simultaneous downloads from different places. Note: if there are many users using the same connection at the same time you have to sum all the transfer rates from all the users. As you said, when there are many users on-line, those with lower minimum bandwidth guarantee will be limited to their minimum; for those with larger minimum bandwidth guarantee... Well, they get their minimum bandwidth guaranteed also, but because it's larger... Let me tell you an example: you and your friends are going to a game, to be supporter (football - soccer in America). You have an agreement for seats with a transport company: you are guaranteed you can use 40 seats, but you can use more seats if they are free. That's your minimum guaranteed, 40 seats. If there are many other supporters (not from your group) who use the same transport company, or many passengers that use that company, than there will be available to you and your party only 40 seats. If there are few other passengers, then you may use more then 40 (50, 60, how many are available). In network transfers it happens a "strange" thing: the transfer tends to use the whole available bandwidth available. It's like saying that if you use a bus/train with 100 seats, you will use all the empty seats.

What are doing those users when they use vpn? They use VPN to connect to other networks - what exactly are they using there? Based on that information they might need something like 64 Kbps for 3 users (almost 22 Kbps per user). But they also might need 128 Kbps for 3 users. It depends on what they are doing, what are they using.

If both types of users complain of network connections interruption then it might be a network equipment that can't stand the transfer rate. I will check to see... (I'm thinking at switches and router or firewall, maybe they are not powerful enough to sustain those transfers - maybe too small work memory, maybe there is a weak processor in them).

[mateenmohd]

1. vpn connection use for downloading the e.mail from the main office server.
   some users are connected with the main office exchange server.

2. mostly users use LAN connection for web base e.mails and internet browsing.

3. It means that our network need to upgrade hardware and softwares ?

4. Bandwidth -> 4 MB bandwidth is not enough for 80 users network ?
    it is most important to increase the bandwidth  recommended ?
5.  Server 2003   upgrade to Server 2008  it is optional ?
6. Server process speed upgrade optional ?
7. Server RAM speed   upgrade recommended ?
8. Cisco switches 2960   upgrade to 6500 Series recommended ?
9. Internet Line   upgrade to Lease Line (Lease Circuit) with high bandwidth
    recommended ?
10. Switches port 10/10   upgrade   to 10/100/1000  recommended ?
11. LAN network card  upgrade to higher bandwidth recommended ?
12. LAN configuration setting upgrade with latest version software ?

One query is that if we upgarde above hardware and software configuration
it is guarranty that after that LAN disconnection problem will solved ?

When as we are still unable to find out what is our exact problem  to frequently
disconnect the LAN connection ?

13. one more thing, What is network configuration management ?
      We develop our network with the professional network installation guys.
      they configure all necessary networking configuration.
14. there is some special LAN network configuraion Management which
      should follow ?  or standard configuations is also enogh to smoothly
      running the 80 users network ?

Thanks and regards
Mateen
 

[viking]

I will answer accordingly to your notation.

3) maybe hardware - I have to check before giving you an advice

4) It is enough. 4 Mbps is enough. I will check on their site (that you mention) to see more details.

5) Yes, it is completely optional, it will not change your situation if you upgrade. The problems will remain.

6) Absolutely optional, no need for that unless it was decided that you will change that server (hardware) this year.

7) No. It's fine as it is now.

8 ) I have to check.

9) More details.

10) Are you sure they are switches 10/10 and not 10/100? (I will also re-read your previous posts.). The 1 Gbps link is useful for connections between switches. If you don't have switches 10/100/1000 there is no problem, the 100 Mbps between switches should work just fine - of course, the 1000 Mbps would be faster.

11) What network cards do you use?

12) "Lan configuration" - I don't understand what are you trying to tell me.

I think your disconnection problem is caused by one of the following: router, firewall or a switch. I will check thoroughly before trying to advice you.


13) When you manage a network you are talking about many things. You have to check network performances, to "measure" network usage, to solve problems, to "guess" before the problem arises and so on.

14) Standard configuration should work just fine. Exception: you have to check the speeds that the switches auto-negotiate (between them and other switches, between them and computers). You have to be sure that everything works at 100 Mbps at least.

[viking]

I visited your ISP site. I found this: http://www.etisalat.co.ae/assets/docs/BusinessOne/pricecomparison.pdf .
This paper tells me that you may use "up to 4 Mbps" download bandwidth. There is no mention of minimum bandwidth guarantee. You need to know that, ask them.

Your disconnection problem could have many reasons. I will check network components you described to me. I am asking again, do you use 10/10 switches? Are you sure? They are not 10/100 switches? 10/100 means that those switches could connect with speeds of 10 Mbps or 100 Mbps; only 10 Mbps switches are really-really old models.

[viking]

You don't need modular switches (6500 series are modular). You need a "basic" switch that works well. What Cisco 2960 models are used in your company?

When we are talking about advanced switches, we are talking also about knowledge to use them. This means your company need a network administrator/system engineer that should know to use those switches.


Conclusion about switches: you don't need cisco series 6500. Your actual switches (if all are 2960) are fine.

[mateenmohd]

Thanks for your response.

1. Yes, we are using 10/10 switches.
2. we are using Cisco Catalyst 2960 Series, Cisco ASA 5510 Series Switches with LAN
    base  Software   
3. if our problem could be solve by  using 6500 series model, our company
    can hire system engineer to use those switches.
4. We have to find out our actual problem and it should be solve if company
    hire system eng / administrator, if those problem could not solve by using
    latest model switches 6500 and hiring system engineer what we should
    do to solve the problem ? this is the query ?
5. company want concentrate on solution not expenses.

6. The current network do not have enough capability to upload the intensity of 
    current network traffic.
 
7. Internet Line does not have the capability to provide internet service to approx 70-
    80 users.

8. With the help of your experiecnes comments,  it is difficult for me to explain
    situation in networking language. how we can manage Bandwidth to equally
    distribute to each users ?
9. As I explain that we are using above hardware and software configurations
    it means that we have network management problem ?
10. we could not properly manage networking i.e. we are not properly distribute
     bandwidth to each users, not properly disbtribute the LAN speed ?

11. I also provide networking support to other  three site offices, there are no
      problem  in networking. But this only one site office we have LAN disconnection
       problem.
12. But different is only VPN connection. other three site office are no VPN
      connection. only this site office some users have VPN connection.

Thanks and regards
Mateen




     



         

[viking]

With pleasure, I will try to help you if I am able.

1) I never heard about 10/10 switches. There are 10 Mbps switches (only one number), 10/100 Mbps switches (it means that the switch is able to work with 10 Mbps connections and 100 Mbps connections) and 10/100/1000 (1000=gigabyte ethernet).

2) You said that you are using Cisco Catalyst 2960 switches. What is the exact model of the switch? 2960 is
a family of switches. In your network there are only Cisco 2960 switches or there are other switches as well?

Here: http://www.cisco.com/en/US/products/ps6406/prod_models_comparison.html
you can see they offer many models named 2960. They differ mainly in number of ports and type of ports.
If your company uses only 2960 switches then the switches are very good, you don't need to change them. They are very good switches. Forget about the 6500 series model, you don't need yet something like those.

3)I don't think it's a switch problem. I do not know the network organization (network map), but I assume that the one who built the network placed very good switches on the network "backbone" - 1 Gbps or at least 100 Mbps.


The bandwidth is distributed equally between network users. You may "unbalance" their bandwidths. By default, I repeat, all the users have the same rights, they have the same network bandwidth available.


I am thinking this way: you have disconnection problems. They could appear because:
 - a firewall is too weak to be able to filter all the packets that go through it. So, at some time it will "fill up" and get blocked.
 - an important network equipment gets blocked as in previous explanation (switch on network backbone, router)
 - your WAN bandwidth (between your company and ISP) is not what they say, it's not 4 Mbps but much less (less than 1 Mbps for example) and when a few VPN connections are working, your WAN bandwidth becomes much too overloaded and anything you do on the internet seems to be stopped. (When you disconnect the cable the connection is finished, some bandwidth becomes available and everything seems to work again without doing anything). Or the VPN connections "eat" more than those 4 Mbps available.

You need to do some research in that network, to check the available bandwidth, to see the firewall settings, to check if fine network equipment is placed in important places. It's a lot to talk about.
When the computers are blocked they can communicate in LAN? Can you ping from one blocked computer another computer in your LAN?

You have a network management problem with the following characteristic: it seems that you (you = your company, I don't know who) don't check your network thoroughly, you don't measure the network's performance. You have to have a network map, with everything clearly described.
When you say "network management" you say a lot of things... Maintenance, prediction, checking the network, failure saving plans. Their software is useful only if you know (or learn) to understand it, to use it. Otherwise... It sums up on the burden's complexity level.
But there is right and your management method (though I would not recommend it), "if everything works fine leave it as it is and we will see later if we have something to change/fix".

[mateenmohd]

1. yes, your are right, we check the switches / LAN speed it showing 10/10.
    why it showing 10/10 speed ? These switches will be 10/100 ,  but it is
    showing 10/10 LAN speed why ? we have to find reasons behind this ?

2.  How can make firewall strong ? we need to upgrade with latest model firewall ?
     or manually can flash / clear the packet from firewall ?

3. your experiences / observations regarding WAN bandwidth becomes much too overloaded or
    VPN connection "eat" more than those 4 mbps available. you are very close to find our problem.
    This may be strong reasons of LAN disconnection.
    But question is how to solve / handle this ?

4. I want to know that how we can calculate / find the Bandwidth ?
    our IPS saying that it is 4 mb, how we can proof that we are receiving less than 4 mb ?

5. when LAN disconnect, users unable to access web e.mail,  but users can access server folders etc..
     local network  work fine. all computers mapping of servers working fine.

6. We are Parsons. which are providing main consultancy services to clients.

7. would you like to send information’s about the software’s?.  which software is to be useful?
    to maintenance / monitoring check the network failure saving plan etc....?

8. One more thing I want to ask that our users are   80,   In which category this 80 users site office
    network  size belong,
    80 users it is small network ?
    80 users it is medium network ?
    80 users it will belong to large network category ?

    Thanks and regards

Mateen

   

[viking]

1. If the switches are left to auto-negotiate the connexion speed, they are trying to find the biggest speed at which they can communicate with the device at the other end of the cable. IF your switches have the possibility to function at 100 Mbps you have to check the reasons for which they work at 10 Mbps (10 times slower). They could be a setting on the switches, a "noisy" environment (lot of EM radiations - radio waves, powerful electric engines near the network cables, network cables running parallel and close to normal electric cables, bad network cables or other reasons), old network cards at the computers, a setting on the computers. You have to find the reason and you have to be sure that the switches are working at their highest speed possible: at least 100 Mbps. Not 10 Mbps, it's too slow, far too slow for a modern network.

2. A firewall runs on a computer (server, desktop) or it's a specialized computer with the main objective of being a firewall. The specialized computer dimensions are reduced (usually) compared to a normal computer, but this depends on its performances and other attributes. But as I said, usually they are much smaller than a normal computer/server, they don't have a display or keyboard, they have only network ports or other ports. Just like a switch.
You want to upgrade a firewall? Tough decision. You have to remake the firewall settings from the old firewall (at least). I don't know what firewall do you have. Maybe is that Cisco ASA 5510 you mention, maybe it's other equipment. Before advancing on this issue I apologize before and kindly ask you to be very careful on what are you suggesting to your superiors. You have to be sure the firewall it's the problem before any other actions.
What firewall do you use? What are it's performances? It's a computer? A normal computer with a firewall software? Or it's a specialized firewall?

3) In the contract with your ISP are mentioned all the details. How much bandwidth they guarantee to you is one of the most important mentions in that contract. I will try to find out how important as ISP is Etisalat. Someone in your company has to have those documents, the contract with ISP.
I think that the minimum bandwidth guaranteed is less than those "up to 4 Mbps".  But this is only my assumption, I might be wrong.
Before checking the ISP rightness you have to check if the LAN is operating at the right standards, you have to check that the firewall is powerful enough, you have to check that the company router is not a brake to WAN connections. After everything is checked as being right, you have to check the honesty of your ISP, if they respect their agreement, if they are able to offer you what you bought.
Check the contract between your company and your ISP before taking further steps in this direction. After you find that guaranteed bandwidth we may consider what is needed to upgrade your WAN connection or to better use the one your company has now.

4) You have to add all the transfers between WAN and LAN in a particular moment, for different moments in a day. You have to be sure that there are transfers that need more than 4 Mbps (make big downloads from several servers - 20-30 servers - and get things that are not usually found on ISP cache servers). You may find the answer on the router or the firewall.

6) I don't know who is "Parsons".

7) No, I won't send you such things. When your network was made, someone most surely thought about how to manage that network. Or thinks now. My opinion on this matter is completely irrelevant and not founded right, basically I don't know a thing about what is working in your network, how is working etc. More than that, I don't know much (anything?) about those applications.

8 ) It depends actually on what are those 80 users doing. "Statistically", 80 users mean a medium enterprise network.

You're welcome, I hope I am helping you and not making your task more difficult.

If someone here has more experience regarding the subject, or has opinions about, please help.