I want to maximise my network speed as some users have complained of poor network performance. I want to start by making sure my servers (x5 HP proliant...) are patched correctly into my switches (x3 netgear gsm7248 l2).
Can someone please provide a diagram or explain exactly how a LAN should be physically patched for optimum performance? And also what actual cables should be used?
Also we have 5 different departments all use the same apps (MS Office mainly) apart from our Design department who use CAD and 3D rendering packages which I know will take up a lot of bandwidth. Should I put them onto their own switches to seperate their traffic from everyone else? Should I VLAN them? I basically want to organise the traffic through my LAN to optimise the speed.
Any ideas?
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Thanks for that. Just a couple of questions:
1)Is using VLAN's for each department the best way to organise the traffic / reduce broadcast traffic, then or are there other options?
2) What software would you recommend if the problem is viruses/malware? We currently run McAfee Virus Scan Enterprise V8.5 on all workstations which hasnt found anything...
Thanks
Recomendation will be endless, as many people - so many "solution"
To simplify understanding, I'd recomend follow simple rules.
Use single most powerful switch as a "core", to wich all other switches will be connected over fiber, in "star" topology(this way you prevent bottlenecks)
Not to exced 3 switches in a "raw"., and 300 feet over CAT5/6
Use all 1gb rated patchpanel, plugs, cable- CAT6, not to bend and not to stratch it during install.
Stay with one brand, and do research for your particular needs.
Use VLAN to 'separate" portions of the network, and at same time provide them with "shared" resources-servers access, internet access.
If servers ment to be used for external users, place them with dedicated WAN IP, up front of your router, connected directly to ISP- this way you will save on network trafiic.You can always use second NIC with LAN IP conected "behind" your router, to provide internal access.
For specific design use cisco.com there is a lot of very good and easy touse recomendation , base on tha size, demand, usage.
http://www.cisco.com/web/a
check actual connection PC-to-Pc with:
Iperf 2.0.2 installer for Windows from
http://dast.nlanr.net/Proj
Look for kperf_setup.exe
This will help narrow down problem, find "bottleneck",cable problem, diffrents in file transfer type, and so on.
VLAN does not save you any traffic, it is just the way make department "invisible" to each other , but still been on same subnet, therefore no need to segment your LAN by diffrent subnets, which makes more easy to manage.
I'm personaly against any kind of third party AV.
You very well protected by:
1.router firewall
2. windows defender on each PC, and have all updates
3. Having PC not in "adminisrative" mode, but in AD group policy
4. Having monitroring soft - like www.solarwinds.com will allow more better intrusion prevention, and real time monitoring than any stupid third-party AV- which usialy cause more problem, than they preventing.
The Netgear GSM7248 is not stackable, therfore you will have a bottleneck at your uplinks.
I have a GSM7352 at the top of a stack, which is stackable with a 24-gigabit cable. Same slot could be used for 10GbE, if you had it.
Are these purchases recent enough to consider exchanging for a stackable model? Yours is more of a standalone or core router. Stacks will act and manage as one unit. Also, the stacking cables offer far greater bandwidth than uplinks with patch cables.
Gigabit switches (even un-managed) are generally sufficient for most small offices. You could increase your uplink speed by creating a LAG (link aggregate group) of ports. This gives you a 2Gbps link between switches.
If you are stuck with these switches, I suggest getting the physical layout done before worrying about VLANs and QoS. Those are icing on the cake. You need the basic recipie.
You'll have to find out what your true bandwidth need are. CAD and rendering are not bandwidth intensive if the functions are performed locally. Does the application engineer have a spec for you on network bandwidth consumption?
Without that information, here's a general recommendation:
The CAD workstations can also use two gigabit ethernet links in a LAG, which is better than just ALB.
network1
In terms of AV software; I recommend ESET Nod32. Not to say there is a virus infection for sure.
How many workstations are there in each department?
How many servers need to be used by each department?
Are there any specialty network apps in use other than say standard e-mail, surfing, sharing/downloading/upload
It may be helpful to compile an estimated amount of traffic usage expected
for each department at various times of the day based on per-user usage
estimates AND total number of users/workstations
The single best thing you can do other than having plenty of inter-switch bandwidth, and have good wiring is to have managed switches that have some intelligence, and can provide you with information about where traffic is coming from.
If your switches are managed switches such as Cisco 45xx units that provide monitoring functions, you might setup a span session on a port, and plug in a laptop running wireshark, to the monitoring port, turn the port on, at times when network usage should be minimal (but have PCs turned on), as a method of detecting unusual traffic.
This may also assist in seeing if there are background apps running hogging network bandwidth, and if they are essential to the business or dispensible in the name of network performance (although when it comes to internet traffic, it is preferable to monitor that at a firewall).
Ideally: have managed switches that support SNMP-based interface statistics, enable SNMP, setup a SNMP community, and have a server or workstation graph traffic on the inter-switch link ports 24/7, for assistance in locating bottlenecks. There is useful free software such as MRTG and Cacti that can help with this on a *ix server. Or commercial software like Intermapper you can use on a Windows workstation. The "high-end" extremely expensive solution being tools like Solarwinds' suite or HP Openview, full-blown monitoring packages.
(For security reasons, set aside a special VLAN for managing
network equipment and restrict access by ip to your approved management
stations)
For 5 departments, you probably do not need a super-powerful core switch, or $10,000 monitoring system. In the absence the most likely bottleneck are your inter-switch links.
You should check vendor specifications for the specific models of
switches you are using for maximum total gbps traffic, and be sure you are using
non-blocking switches, if you want maximum performance.
I prefer Cisco's multilayer switches, but brand isn't all that important.
Make sure they are commercial-grade units with SNMP management and
full layer2 and layer3 capabilities, no 5-port unmanaged linksys boxes should
be allowed on the organization's premises.
The portable 5-port devices should be regarded extremely as dangerous, especially in the hands of the computer illiterate, who have an insidious knack at creating bridging loops or "accidentally" introducing unauthorized DHCP servers and
rogue home routers with a "192.168.1.1" ip conflicting with your network's gateways.
To that end, switches with port security, and ARP inspection/DHCP snooping capabilities (to allow only the privileged ports to dish out DHCP) may be
administratively useful to minimize problems later.
Admittedly using VLANs does have some administrative overhead;
whenever a new office is to be plugged in, a switch technician needs to
assign the port to the right VLAN.
One possibility is to pre-allocate certain banks of ports to certain VLANs.
From a security standpoint though, it is best to have unused ports turned off.
When a new authorized device is being connected to a switch,
proper documentation should then be entered and filed with the request
for a switch tech to turn on the new port.
Just to clarify something that may not be obvious: if you use VLANs, you don't need every switch to be multi-layer.
You can use mostly Layer2 switches and have one multilayer switch as a central switch plus possibly a backup to provide inter-VLAN routing and connection to your ISP's equipment.
Multilayer switches are much more expensive, and it's better to spend that cash
on pure forwarding speed than on L3 capabilities, when only one device can handle
it.
But keep in mind you shouldn't want a lot of inter-vlan traffic coming back to the same L2 switch (on a different VLAN)
So this works optimally if the departments/VLANs are mostly concentrated on their own switch.
Business Accounts
Answer for Membership
by: MysidiaPosted on 2008-09-29 at 05:35:16ID: 22595657
Switches are highly efficient; and generally, if there is a network performance issue it will be either due to either (A) bad wiring, (B) excessive broadcast traffic, (C) viruses/malware running rampant on the network and flooding, (D) the servers or internet connection itself, or
(E) a bottleneck between two switches when the total traffic exchanged between stations on different switches exceeds the total available bandwidth between switches.
Traffic between two workstations normally is never forwarded to any ports other than the two workstation's port if they are on the same switch. On the other hand: if they are on different switches, the traffic has to cross that one link along with traffic related to other workstations communicating with servers/PCs on different switches.
Generally you should concentrate machines that are near a central point to a switch connected with 100meg fastethernet, and connect the switches together with gigabit (fiber) trunk lines. If you use VLANs, the inter-switch links should use 802.1q tagging.
If you have major servers that service multiple departments, attach them with Gig Ethernet also. If you wish to connect more than a dozen or so workstations with GigE, then use 10GigE links between switches.
Using high-speed inter-switch links allows you to have flexibility without making your switch connections a bottleneck.
The advantage of organizing into VLANs on a multilayer switch is reduction of broadcast traffic.
I.E. Place each department in its own VLAN on a multilayer switch, so that broadcast traffic from a workstation in one department will not be relayed to all PCs and servers in the other departments.
There should be a separate VLAN for the uplink to your internet providers.