Solved

How get a good overview and how to manage with graphical view

Posted on 2008-10-04
8
333 Views
Last Modified: 2010-04-21
I've inherited a small LAN to administer, which has multiple 2900 series catalyst switches (3 total) and a 3524xl as the main. The configuration is highly suspect in causing various internal outages and slow communications.  I am trying to get a good mental picture of how this LAN is configured, but can't make out full details.

Is there a halfway decent graphical tool that can give me an idea of how things work at the switching level?  There is VLAN1, where mgmt interfaces exist, along with the primary client/server network running at 192.168.1.0/24.  There is also, apparently, a DMZ sort of VLAN that hosts a few servers that are exposed to the internet, with limited connectivy back into VLAN1.  I'm not even sure which ports connect up yet, to the various devices, still doing discovery.  There's also a Juniper firewall/gateway in the mix, bringing in two T-1 circuits.

Some of the servers within VLAN one have multiple NICs plugged in, and some servers with single NICs have multiple IP addresses.  DNS is a mess, as is WINS, with no really accuracy of which hosts are which.  I'm beginning the cleanup of the WINS/DHCP/DNS to try to get that back on track.

I've also found many auto negotiated ports for speed/duplex that I've corrected that were getting tons of collisions and other error packets.

When I do a sho cluster, only two of the switches show, the 3523 and one 29xx.  The other two don't indicate cluster membership.

The switches are interconnected via fiber Gig, daisy chained from one to the next.

I'd like to make sure that there aren't any looping conditions going on that may stop or break or significantly delay communications.  Frequently, users are disconnected from their server drive mappings, and sometimes, outgoing emails take hours to reach their destinations, including emails destined for internal deliveries (like NDRs)

When doing SHO int on each switch, most ports indicate multiple interface resets throughout a day, and frequently, PCs/Servers indicate a physical disconnection then reconnect, with anywhere from a few seconds to a few minutes before reconnection.

I'm hoping to find a graphical mapping tool that either simply will display the logical/physical layout, and maybe something that will show problematic situations like a port going offline or a loop taking place.  It'd be really nice to be able to manage the group of switches as a single, whole unit, to where I didn't have to think about each switch as a separate object.   I'm not that familiar with IOS, have picked up a few commands over the years, but no real understanding of portfast, spanning tree, etc.  I do understand IP routing and do have a solid understanding of TCP/IP and services/tcp/udp ports, etc, and significant experience in packet analysis.  I have collected many captures that show definite issues where communications enters one NIC on a server but then leaves out of a 2nd nic to go back to the client.

Also, any recommendations of online reference material that'd be good to start with in trying to understand this fabric.

Thanks!

Bob
0
Comment
Question by:BobintheNoc
  • 4
  • 3
8 Comments
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 125 total points
Comment Utility
Use the Cisco Network Assitant - this is a very nice free tool designed to work specifically with Cisco equipment that is good even for managing larger networks. It can discover devices using CDP or by sweeping a network range and then map them and let you manage them.
http://www.cisco.com/en/US/products/ps5931/
Cheers!
0
 
LVL 32

Expert Comment

by:Kamran Arshad
Comment Utility
Hi,

You can also check out the below applications;

LAN Surveyor                    www.solarwinds.com/products/lansurveyor/
Dude                                 www.mikrotik.com/thedude.php
Adventnet OPManager      www.adventnet.com
0
 
LVL 12

Assisted Solution

by:Pugglewuggle
Pugglewuggle earned 125 total points
Comment Utility
Those all work... except for the prices.
LAN Surveyor                    $1,995 USD          
Adventnet OPManager    $1,995 for 50 devices + $299 per year
The Dude is free, but I don't particularly care for the interface. Also, it can only monitor and map - it cannot manage like Cisco Works.
If you only have Cisco devices and want to manage and map them - use Cisco Network Assistant. If you want to map devices OTHER than Cisco, then use The Dude (but remember Dude cannot manage devices).
Cheers!
 
0
 
LVL 7

Author Closing Comment

by:BobintheNoc
Comment Utility
Thank you for your responses, I have begun exploring with the Cisco Network Assistant.  As suspected, it does show several ports that are going up and down, from devices that shouldn't.  The details of how/why though, aren't very descriptive.  I think I'll set up an snmp trap destination and see if the switch devices report more accurate information via snmp.  Oddly, the majority of log events don't have a timestamp, making the historical log difficult to interpret.  Of course, the price of FREE was the deciding factor, thanks for the additional info on the other suggested products and their prices.
Of the four primary switches, only three were clustered.  I've not yet explored the 4th switch enough to know if it SHOULD have been clustered or not.  The CNA recommends making this cluster a community.  Does that actually modify the switch configuration?  Or is it just a management view within CNA?  I'll do some reading to discover the differences between Clusters and Communities, to see especially if the functionality for the vlans/ port configs get modified/changed, and whether or not the actual end result is perceivable by the client systems.

Thanks again!
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 7

Author Comment

by:BobintheNoc
Comment Utility
Thanks all for the rapid feedback.  The CNA is running, and have confirmed some suspicions about various ports being deactivated and or ports dropping connections.  The detail from the alerts isn't very thorough, mostly just indicating port down and then up, so not sure if it's Spanning Tree that's dropping them, or perhaps faulty cabling/power.  The referenced ports all are server systems, I haven't yet determined if they're looping potential machines, hope to tomorrow.  Is there a preference or better suited mode than clustering?  The CNA is recommending a conversion of the cluster to a community?  Will read up on that shortly.  Will also likely configure an snmp trap destination to collect SNMP, figuring that it might offer more 'real time' and detailed information?  Thanks again, appreciate the help.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
I'm not sure if making it a community affects the config or not. I don't believe so. I think it's just a logical setup in the CNA.
0
 
LVL 7

Author Comment

by:BobintheNoc
Comment Utility
So, now that CNA is in place, a few oddities pop.  First, I see frequent event messages indicating a port goes down and then back up.  Happening on multiple ports, however details from cna is virtually nonexistent.  I'm guessing that the ws3524xl, and the 2950s have very limited support compared to the newest switches.

Two of the switches are reporting failed redundant power, however both switches only have a singe power supply, and the uptime is maintained.  Happens 3-5 times per 24 hrs.  Just bad interpretation bt cna..

TIA,
0
 
LVL 7

Author Comment

by:BobintheNoc
Comment Utility
oh, btw, if those semi frequent link drop detections are due to being clocked by Spanning Tree, what's the best way to determine the source of the shutdown of that port?
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now