Fixing a network driven to disaster
Results 1 to 6 of 6

Thread: Fixing a network driven to disaster

  1. #1
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    742

    Fixing a network driven to disaster

    Network admins Unite and help poor old me....

    Just recently I was been given the privilege of fixing the mess...

    Nothing is labeled, we have separate VLANs setup but almost everything is running on VLAN 1. There is no documentation, most of our switches are at capacity, with a need for more drops. Almost every drop in our plant is beyond recommended length (some in the 500+' range). Our wireless is all screwed up as well. 3 SSID's, 128 WEP(doesn’t reach outside the building), not all work, DHCP doesn’t always work on them, etc.

    I am in the process of starting in our data center and rewiring all of our servers through an overhead wire tray. I am moving all of our servers to dedicated switches (currently on a 6000 series Cisco with users) I am going to put in 2 racks so each server has a cable from its pair to each switch. All servers will be on a single VLAN.

    We are also incorporating a database that will keep all the information on each cable that is patched into a switch by a UID.

    I am looking for standards or guidelines from everyone who might know. My switch experience stops at changing ports, naming them, and changing VLANs. So let me know what to do. Thanks in advance..

    Some background Information:
    All our switches are Cisco... at our level we don't have the firewalls (they are at corporate). We have 2 Cisco Routers (redundancy). I am not sure of the model numbers on these.

    Switches:
    6000 series
    4000 series
    2500 series
    3750 series
    others I dont know of

    Prolly around 30 switches and 10+ AP's

    --Spy
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Posts
    119
    I would check with your corporate office as they may have a preference as to how things are setup. No sense in doing the same work twice. I would decide if I was going to segment users based on function or by location. Meaning you can either segment them based on their job, or by where they are located in the building. I have used switchmap http://switchmap.sourceforge.net in the past to help me get my hands around a network.

  3. #3
    Junior Member
    Join Date
    Aug 2006
    Posts
    7
    Go by the 80/20 rule. Divide the vlans by keeping 80 percent of the traffic within that vlan (ie accounting has a server, so all the accounting computers and the accounting server are on the same vlan). Connect the vlans via router on a stick using one of those redundant routers. Make sure you set your VTP domains up.

    Commands your going to love:
    sh vlan
    sh vtp

    Sounds like a mess... good luck

  4. #4
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    742
    Net2-

    I started to install and try and use that application you had posted and albeit I was a little hesitant at first but this is definitely going to help me get a handle on where everything is without having to login to each swich and blah blah...

    The instructions for running it on windows need a lot of help but if anyone else plans on using the application I can point you in the right direction after fumbling through all of it.

    Thanks

    Anyone else?
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Posts
    119
    Yeah, its perl based so it should run on anything, but I installed it on Solaris 10 so I didnt have those issues. The only way to get organized is to do so wiring closet by closet. Do not use your user ids to map out your cable runs. The user will quit , or be fired, or transfer deptartments and then you wont have a clue. Instead call your wiring closets A, B, C or whatever works for you. Then label the patch panel and the wall jack by sequential number. For example Jack 1 in switch closet A would be A-1. Invest in a labeler and label each wall jack.

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Originally posted here by dcarveror
    Go by the 80/20 rule. Divide the vlans by keeping 80 percent of the traffic within that vlan (ie accounting has a server, so all the accounting computers and the accounting server are on the same vlan). Connect the vlans via router on a stick using one of those redundant routers. Make sure you set your VTP domains up.

    Commands your going to love:
    sh vlan
    sh vtp

    Sounds like a mess... good luck
    Well, it's totally debateable, but I disagree...

    The 80/20 rule doesn't stand much nowadays. Routing is fast enough that you're much better off segmenting your servers inside server vlan(s) and keeping your users in user vlans. This makes the creation of "security zones" much easier and is better down the road. Other wise you end up with multiple (virtual) flat networks...

    Do you have an MSFC on that cat6000 ? Use it as your core switch/router. Do you run hybride (catos & ios on msfc) or natvie ios (ios & ios on msfc) on it? I prefere native IOS...

    I'd advise against using VTP (ie: set it to "transparent" and configure vlans+allowed vlans/per trunks manually on all switches; vtp is a double edge with the back side being the sharpest...

    You might want to consider using something like netdisco (www.netdisco.org) to map out your network first. It maps connections & equipment using CDP. Not that CDP is perfect, but in your situation I'd go for it.

    If you're not to budget constrained, go fiber between your access switches and distribution/core layer.

    Keep us posted; these project can be rather exhausting but soo satisfying when everything is finished and well!


    Ammo
    Credit travels up, blame travels down -- The Boss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides