Good Networking Model

[viking]

I will answer accordingly to your notation.

3) maybe hardware - I have to check before giving you an advice

4) It is enough. 4 Mbps is enough. I will check on their site (that you mention) to see more details.

5) Yes, it is completely optional, it will not change your situation if you upgrade. The problems will remain.

6) Absolutely optional, no need for that unless it was decided that you will change that server (hardware) this year.

7) No. It's fine as it is now.

8 ) I have to check.

9) More details.

10) Are you sure they are switches 10/10 and not 10/100? (I will also re-read your previous posts.). The 1 Gbps link is useful for connections between switches. If you don't have switches 10/100/1000 there is no problem, the 100 Mbps between switches should work just fine - of course, the 1000 Mbps would be faster.

11) What network cards do you use?

12) "Lan configuration" - I don't understand what are you trying to tell me.

I think your disconnection problem is caused by one of the following: router, firewall or a switch. I will check thoroughly before trying to advice you.


13) When you manage a network you are talking about many things. You have to check network performances, to "measure" network usage, to solve problems, to "guess" before the problem arises and so on.

14) Standard configuration should work just fine. Exception: you have to check the speeds that the switches auto-negotiate (between them and other switches, between them and computers). You have to be sure that everything works at 100 Mbps at least.

[viking]

I visited your ISP site. I found this: http://www.etisalat.co.ae/assets/docs/BusinessOne/pricecomparison.pdf .
This paper tells me that you may use "up to 4 Mbps" download bandwidth. There is no mention of minimum bandwidth guarantee. You need to know that, ask them.

Your disconnection problem could have many reasons. I will check network components you described to me. I am asking again, do you use 10/10 switches? Are you sure? They are not 10/100 switches? 10/100 means that those switches could connect with speeds of 10 Mbps or 100 Mbps; only 10 Mbps switches are really-really old models.

[viking]

You don't need modular switches (6500 series are modular). You need a "basic" switch that works well. What Cisco 2960 models are used in your company?

When we are talking about advanced switches, we are talking also about knowledge to use them. This means your company need a network administrator/system engineer that should know to use those switches.


Conclusion about switches: you don't need cisco series 6500. Your actual switches (if all are 2960) are fine.

[mateenmohd]

Thanks for your response.

1. Yes, we are using 10/10 switches.
2. we are using Cisco Catalyst 2960 Series, Cisco ASA 5510 Series Switches with LAN
    base  Software   
3. if our problem could be solve by  using 6500 series model, our company
    can hire system engineer to use those switches.
4. We have to find out our actual problem and it should be solve if company
    hire system eng / administrator, if those problem could not solve by using
    latest model switches 6500 and hiring system engineer what we should
    do to solve the problem ? this is the query ?
5. company want concentrate on solution not expenses.

6. The current network do not have enough capability to upload the intensity of 
    current network traffic.
 
7. Internet Line does not have the capability to provide internet service to approx 70-
    80 users.

8. With the help of your experiecnes comments,  it is difficult for me to explain
    situation in networking language. how we can manage Bandwidth to equally
    distribute to each users ?
9. As I explain that we are using above hardware and software configurations
    it means that we have network management problem ?
10. we could not properly manage networking i.e. we are not properly distribute
     bandwidth to each users, not properly disbtribute the LAN speed ?

11. I also provide networking support to other  three site offices, there are no
      problem  in networking. But this only one site office we have LAN disconnection
       problem.
12. But different is only VPN connection. other three site office are no VPN
      connection. only this site office some users have VPN connection.

Thanks and regards
Mateen




     



         

[viking]

With pleasure, I will try to help you if I am able.

1) I never heard about 10/10 switches. There are 10 Mbps switches (only one number), 10/100 Mbps switches (it means that the switch is able to work with 10 Mbps connections and 100 Mbps connections) and 10/100/1000 (1000=gigabyte ethernet).

2) You said that you are using Cisco Catalyst 2960 switches. What is the exact model of the switch? 2960 is
a family of switches. In your network there are only Cisco 2960 switches or there are other switches as well?

Here: http://www.cisco.com/en/US/products/ps6406/prod_models_comparison.html
you can see they offer many models named 2960. They differ mainly in number of ports and type of ports.
If your company uses only 2960 switches then the switches are very good, you don't need to change them. They are very good switches. Forget about the 6500 series model, you don't need yet something like those.

3)I don't think it's a switch problem. I do not know the network organization (network map), but I assume that the one who built the network placed very good switches on the network "backbone" - 1 Gbps or at least 100 Mbps.


The bandwidth is distributed equally between network users. You may "unbalance" their bandwidths. By default, I repeat, all the users have the same rights, they have the same network bandwidth available.


I am thinking this way: you have disconnection problems. They could appear because:
 - a firewall is too weak to be able to filter all the packets that go through it. So, at some time it will "fill up" and get blocked.
 - an important network equipment gets blocked as in previous explanation (switch on network backbone, router)
 - your WAN bandwidth (between your company and ISP) is not what they say, it's not 4 Mbps but much less (less than 1 Mbps for example) and when a few VPN connections are working, your WAN bandwidth becomes much too overloaded and anything you do on the internet seems to be stopped. (When you disconnect the cable the connection is finished, some bandwidth becomes available and everything seems to work again without doing anything). Or the VPN connections "eat" more than those 4 Mbps available.

You need to do some research in that network, to check the available bandwidth, to see the firewall settings, to check if fine network equipment is placed in important places. It's a lot to talk about.
When the computers are blocked they can communicate in LAN? Can you ping from one blocked computer another computer in your LAN?

You have a network management problem with the following characteristic: it seems that you (you = your company, I don't know who) don't check your network thoroughly, you don't measure the network's performance. You have to have a network map, with everything clearly described.
When you say "network management" you say a lot of things... Maintenance, prediction, checking the network, failure saving plans. Their software is useful only if you know (or learn) to understand it, to use it. Otherwise... It sums up on the burden's complexity level.
But there is right and your management method (though I would not recommend it), "if everything works fine leave it as it is and we will see later if we have something to change/fix".

[mateenmohd]

1. yes, your are right, we check the switches / LAN speed it showing 10/10.
    why it showing 10/10 speed ? These switches will be 10/100 ,  but it is
    showing 10/10 LAN speed why ? we have to find reasons behind this ?

2.  How can make firewall strong ? we need to upgrade with latest model firewall ?
     or manually can flash / clear the packet from firewall ?

3. your experiences / observations regarding WAN bandwidth becomes much too overloaded or
    VPN connection "eat" more than those 4 mbps available. you are very close to find our problem.
    This may be strong reasons of LAN disconnection.
    But question is how to solve / handle this ?

4. I want to know that how we can calculate / find the Bandwidth ?
    our IPS saying that it is 4 mb, how we can proof that we are receiving less than 4 mb ?

5. when LAN disconnect, users unable to access web e.mail,  but users can access server folders etc..
     local network  work fine. all computers mapping of servers working fine.

6. We are Parsons. which are providing main consultancy services to clients.

7. would you like to send information’s about the software’s?.  which software is to be useful?
    to maintenance / monitoring check the network failure saving plan etc....?

8. One more thing I want to ask that our users are   80,   In which category this 80 users site office
    network  size belong,
    80 users it is small network ?
    80 users it is medium network ?
    80 users it will belong to large network category ?

    Thanks and regards

Mateen

   

[viking]

1. If the switches are left to auto-negotiate the connexion speed, they are trying to find the biggest speed at which they can communicate with the device at the other end of the cable. IF your switches have the possibility to function at 100 Mbps you have to check the reasons for which they work at 10 Mbps (10 times slower). They could be a setting on the switches, a "noisy" environment (lot of EM radiations - radio waves, powerful electric engines near the network cables, network cables running parallel and close to normal electric cables, bad network cables or other reasons), old network cards at the computers, a setting on the computers. You have to find the reason and you have to be sure that the switches are working at their highest speed possible: at least 100 Mbps. Not 10 Mbps, it's too slow, far too slow for a modern network.

2. A firewall runs on a computer (server, desktop) or it's a specialized computer with the main objective of being a firewall. The specialized computer dimensions are reduced (usually) compared to a normal computer, but this depends on its performances and other attributes. But as I said, usually they are much smaller than a normal computer/server, they don't have a display or keyboard, they have only network ports or other ports. Just like a switch.
You want to upgrade a firewall? Tough decision. You have to remake the firewall settings from the old firewall (at least). I don't know what firewall do you have. Maybe is that Cisco ASA 5510 you mention, maybe it's other equipment. Before advancing on this issue I apologize before and kindly ask you to be very careful on what are you suggesting to your superiors. You have to be sure the firewall it's the problem before any other actions.
What firewall do you use? What are it's performances? It's a computer? A normal computer with a firewall software? Or it's a specialized firewall?

3) In the contract with your ISP are mentioned all the details. How much bandwidth they guarantee to you is one of the most important mentions in that contract. I will try to find out how important as ISP is Etisalat. Someone in your company has to have those documents, the contract with ISP.
I think that the minimum bandwidth guaranteed is less than those "up to 4 Mbps".  But this is only my assumption, I might be wrong.
Before checking the ISP rightness you have to check if the LAN is operating at the right standards, you have to check that the firewall is powerful enough, you have to check that the company router is not a brake to WAN connections. After everything is checked as being right, you have to check the honesty of your ISP, if they respect their agreement, if they are able to offer you what you bought.
Check the contract between your company and your ISP before taking further steps in this direction. After you find that guaranteed bandwidth we may consider what is needed to upgrade your WAN connection or to better use the one your company has now.

4) You have to add all the transfers between WAN and LAN in a particular moment, for different moments in a day. You have to be sure that there are transfers that need more than 4 Mbps (make big downloads from several servers - 20-30 servers - and get things that are not usually found on ISP cache servers). You may find the answer on the router or the firewall.

6) I don't know who is "Parsons".

7) No, I won't send you such things. When your network was made, someone most surely thought about how to manage that network. Or thinks now. My opinion on this matter is completely irrelevant and not founded right, basically I don't know a thing about what is working in your network, how is working etc. More than that, I don't know much (anything?) about those applications.

8 ) It depends actually on what are those 80 users doing. "Statistically", 80 users mean a medium enterprise network.

You're welcome, I hope I am helping you and not making your task more difficult.

If someone here has more experience regarding the subject, or has opinions about, please help.