-
March 31st, 2005, 05:33 AM
#1
Member
Slow Lan-- What will be the reason?
Hi guys,
I am having a Gigabit LAN setup with a Cisco Router for connecting to Internet via Leased line & PIX firewall for protection. Having foure L2 switch (Cisco 2950) connected in ring type network (structure cabling with RJ 45 ). Spanning Tree has been enabled at every cisco switch. We are using D-link 1024R unmanaged switch for connecting PCs of end user. We have total 600 PCs connected in network. No VLAN has been created due to unmanaged swtch hasn't got vlan facility. Main purpose of our network in data sharing between Intrane rather than Internet.
But from las 1-2 months our LAN becom slow.
what will be the reason behind it ? how can I check the available bandwith & used bandwith of our network? will it be any virus problem?
Shall I use Layer3 switch to connect all four L2 switches?
..Viruss
Thanks in advance
Be Cool ..
-
March 31st, 2005, 06:27 AM
#2
chances are you have a bunch of infected machines blasting your network and eating up the bandwidth. I would use a decent network monitoring tool (solarwinds is awesome, but expensive, Netowrk Sniffer is also very good) and watch the traffic levels on the routers. Also check your firewall logs and look for fishy traffic. make sure the computers are patched (yea this is a pain for that many computer, but necessary)
chances are with the right tools you will be able to narrow the traffic down to a few IP addresses and just shut them down, clean them, and let them back in.
good luck.
-
March 31st, 2005, 09:43 AM
#3
Member
Thanks XTC46..
I will try your valuable suggestions practically. I have tried ethereal, but not able to detect the exact problem. What types of packets should I look to solve the problem? Shall I use any Enterprise version antivirus software to detect network viruses(welchia,nimda)? will You suggest me any good AV software?
... Viruss
Be Cool ..
-
March 31st, 2005, 09:48 AM
#4
You might try pulling one of the noticeably affected machines and scanning it for malware in safe mode.
-
March 31st, 2005, 10:03 AM
#5
Member
which software shall I use to scan thoroughly? Another question comes in my mind that connecting network in ring type topology will make LAN slow? is there any broadcasting done by unmanage switch ?
sorry for asking such silly questions..
Be Cool ..
-
March 31st, 2005, 11:45 AM
#6
PC-Cillin, Kaspersky, AVG, McAfee will all probably do the job. I am not a fan of Norton, particularly in an environment where you already have a problem of it running slow. As you can get trial versions, you might like to try more than one?
I would also get SpyBot S&D and AdAware SE.
Remember, update everything and run it in safe mode.....................this is why I am suggesting you pull a machine and check that to see if you do have a malware malware problem, and if so, its extent.
It might even be worth putting a local software firewall on the machine and re-connecting it to see who tries to connect, and on what ports.
-
March 31st, 2005, 12:19 PM
#7
if you are using ethereal try turning a machine on and not running any programs, if it starts broadcasting more than what it should than you have a problem. Also try going into a command prompt and typing in "netstat -a" without the quotes. that will show you all open ports and what their state is. if you see any strange connections take that machine and scan it with an antivirus and adaware.
make sure all scans are in safemode.
-
March 31st, 2005, 01:00 PM
#8
Member
LANs slowdown is a big problem in many parts of the world. This is mainly due to spyware and malware being downloaded into your machines from the Internet. Once a host program is downloaded into your machine, it starts broadcasting data packets at exponentially increasing and alarming rates.
Use some personal firewall and one Antivirus onto your machines. Monitor logs from the firewall and see which machine on your network is initiating the packet attacks etc inside your LAN. Clean those machines afterwards which have been detected to be infected.
-
March 31st, 2005, 01:19 PM
#9
Hi
One source of problems has been thoroughly discussed (gauravjulka ,
do you actually read previous posts before posting? I do not want to
be rude, since sometimes it is good to paraphrase, elaborate or add
additional information.).
But from las 1-2 months our LAN becom slow.
I am not sure, what that means. From every node to every node or just from
some boxes to a few other boxes? Is one of the switches damaged? Collisions?
Is one of the NIC's damaged and throwing electronic noise on the cable
(I actually had this recently in my home network)? Cables ok?
Does the spanning tree really eliminate all possible loops? Check your network
topology drawings (Visio does really a nice job of illustrating these kind of issues).
I would try to proceed as follows:
physical layer ok? hardware?
data link layer ok? spanning trees, loops?
...
malicious activity?
Note, besides "ordinary" loops, there is the issue of bridging loops in the STP
environment, which comes from a port that should be blocking, but is forwarding
traffic instead[1]
Cheers.
[1] http://www.cisco.com/warp/public/473/16.html
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
March 31st, 2005, 01:30 PM
#10
Sec_ware, I think you have the order to check tings mixed up. In my opinion starting from hardware failure is generally a bad idea becasue in a network this size there could be a problem almost anyware. you want to start with the easy/obvious possibilities first. If the slow down is just in the last month or two it probably is malware (which has been pointed out over and over again) from there I agree take a look at some network diagrams (visio is my fav also) and see where else the problem can be. check your logs for collissions, errors, time outs. things of that nature. THEN if all else fails start testing cables and all that good stuff. Token ring networks are generally slower, and you may want to look into upgrading to a better topology (if time/money permits) most common are star topologies.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|