Network problem fixed but not sure why
I recently installed a Sonicwall TZ 210. My network consists of cable modem --> TZ 210 --> Dell Powerconnect 2748 managed switch --> everything else.
I have 2 servers running, (1 is SBS2003 which is the dc, dns server, print server, and does exchange and another windows 2003 server which just does sql.) I have 2 networked printers and approx. 25 workstations running XP pro.
All these exist on a single domain with class c private ip address on a /24 subnet. The servers and the printers have static ip.
The problem I was experiencing was that the workstations that ran applications which utilized the sql server were throwing errors pertaining to a brief loss of connectivity. I did some packet sniffing on wireshark using port mirroring on my switch and didn't see anything really unusual. I starting doing ping -t to the TZ 210, my switch, both servers, my printers, and several random workstations and constantly monitoring that to find that intermittently the ping to everything would time out once or twice then normal traffic would resume except for a printer which would continue to timeout for 30 sec to a min usually. It was not one specific printer, both did it at differerent times.
The Dell switch is less than two months old so I began to suspect a jabbering nic or a bad cable. Systematically, I disconnected everything attached to my switch one thing at a time and continued to watch those ping -t's from multiple locations to isolate the cause. Considering this dropping of network packets was only happening once every 2-3 hours this was a VERY time consuming and frustrating task. I checked the data rate on the nics, etc and all configurations and found nothing.
To make a long story short, none of this fixed the problem. I then took the sql server and moved it from my switch to one of the extra ethernet ports on the TZ 210 and I noticed that the workstations running the applications using sql were no longer throwing those errors. I continued to monitor the pings as I described above and nothing had changed and I was still getting the packets dropped periodically. I then too the SBS2003 and moved it from the switch to its own ethernet port on the TZ 210 and my network problems disappeared.
I'm totally confused here. While I'm grateful the problem is fixed I want to know why. The ethernet ports the 2 servers are on and the LAN port on the TZ 210 are still the same subnet, etc and would still be the same broadcast domain right? I"m not sure what moving it to its own physical port but keeping it in the same LAN fixed.
On a side note I checked every port on the switch and had 0 collisions, 0 jabbers, 0 CRC or Align errors, etc.
Any insight into this would be appreciated.
I have 2 servers running, (1 is SBS2003 which is the dc, dns server, print server, and does exchange and another windows 2003 server which just does sql.) I have 2 networked printers and approx. 25 workstations running XP pro.
All these exist on a single domain with class c private ip address on a /24 subnet. The servers and the printers have static ip.
The problem I was experiencing was that the workstations that ran applications which utilized the sql server were throwing errors pertaining to a brief loss of connectivity. I did some packet sniffing on wireshark using port mirroring on my switch and didn't see anything really unusual. I starting doing ping -t to the TZ 210, my switch, both servers, my printers, and several random workstations and constantly monitoring that to find that intermittently the ping to everything would time out once or twice then normal traffic would resume except for a printer which would continue to timeout for 30 sec to a min usually. It was not one specific printer, both did it at differerent times.
The Dell switch is less than two months old so I began to suspect a jabbering nic or a bad cable. Systematically, I disconnected everything attached to my switch one thing at a time and continued to watch those ping -t's from multiple locations to isolate the cause. Considering this dropping of network packets was only happening once every 2-3 hours this was a VERY time consuming and frustrating task. I checked the data rate on the nics, etc and all configurations and found nothing.
To make a long story short, none of this fixed the problem. I then took the sql server and moved it from my switch to one of the extra ethernet ports on the TZ 210 and I noticed that the workstations running the applications using sql were no longer throwing those errors. I continued to monitor the pings as I described above and nothing had changed and I was still getting the packets dropped periodically. I then too the SBS2003 and moved it from the switch to its own ethernet port on the TZ 210 and my network problems disappeared.
I'm totally confused here. While I'm grateful the problem is fixed I want to know why. The ethernet ports the 2 servers are on and the LAN port on the TZ 210 are still the same subnet, etc and would still be the same broadcast domain right? I"m not sure what moving it to its own physical port but keeping it in the same LAN fixed.
On a side note I checked every port on the switch and had 0 collisions, 0 jabbers, 0 CRC or Align errors, etc.
Any insight into this would be appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
A little more info: single domain, 192.168.1.xxx ip scope with /24 subnet so very basic. SBS does dhcp and the printers are outside the range of the assigned scope. Anything else with a static ip has that address reserved. I didn't find any duplicate ip address. I'm not sure what network configuration could be incorrect. Everything has the sonicwall TZ 210's static ip as its gateway, the sbs as dns, subnets all correct, etc. Very simple and easy and never found anything there. All the nics are set to auto detect, flow control is off. I'm not using anything fancy on the managed switch like storm control, etc. I'm just not seeing anything obvious, my network is probably very simple compared to what some of you work with. If it was a jabbering nic or a bad cable on the server(s) I would think just moving physical ports but having it in the sam lan wouldn't fix it.
If i move the server from the sonicwalls extra ethernet port and plug it back in my dell switch the problem resumes.
If i move the server from the sonicwalls extra ethernet port and plug it back in my dell switch the problem resumes.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Its just one switch, a Dell Powerconnect 2748, connected to the Sonicwall by cat5.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here are some screenshots from the Dell powerconnect switch of what I thought you would be interested in seeing. Some additional info not shown: jumbo frames are disabled. Every port is by default on vlan1 on the switch. There is currently no port mirroring or storm protection enabled on it.
ipaddressing.jpg
ipaddressing.jpg
ASKER
this is the switch address table. The TTL set to 600 (which is 10 min. I think.)
addresstable.jpg
addresstable.jpg
ASKER
This is the switch interface configuration.
interfaceconfig.jpg
interfaceconfig.jpg
ASKER
If you are interested, this is a screenshot of the Sonicwall interace screen
SWinterfaces.jpg
SWinterfaces.jpg
ASKER
a screenshot of the Sonicwall's portshield interface screen.
SWportshieldgroups.jpg
SWportshieldgroups.jpg
ASKER
The Sonicwall's network zones
SWzones.jpg
SWzones.jpg
ASKER
I really appreciate your help. I'm glad my problem is fixed but it really bothers me that I can not figure out why. I can provide you with screenshots of any information you require.
ASKER
Not really a specific solution offered but awarded points for your effort.
I have a similar problem. I just replaced a Netgear FVS318 with a Sonicwall TZ210 as an "upgrade" in being able to manage threats on my Network. The Internet Modem connects to the TZ210 on firewall X1 and then the firewall connects to through it's X0 Lan Port to a Dell Powerconnect 5424 which is connected to a Dell 5212. My network runs mostly connect to the Powerconnect 5424. My domain controller runs Windows 2000 Server SP4 and is my file server and print server. My application server runs Windows 2000 Server SP4 terminal services. I have about 25 other clients running Windows 2000 professional or Windows XP Professional.
Using the TZ210, I cannot get Backup Exec 12.5 remote agents to install or to complete backups. My "interface server" running Windows XP Pro loses connectiviity and shuts off interface services, and a separate "drug and drug-drug interaction" dataserver (Windows 2000 Pro) gets very slow.
Taking the TZ210 out and replacing it with the Netgear FVS318, all these problems go away.
I am new here, so I'm sorry if it is bad etiquette to post to a closed thread.
Using the TZ210, I cannot get Backup Exec 12.5 remote agents to install or to complete backups. My "interface server" running Windows XP Pro loses connectiviity and shuts off interface services, and a separate "drug and drug-drug interaction" dataserver (Windows 2000 Pro) gets very slow.
Taking the TZ210 out and replacing it with the Netgear FVS318, all these problems go away.
I am new here, so I'm sorry if it is bad etiquette to post to a closed thread.
ASKER
I had already posted here numerous times about this problem with captures, etc, etc ad nauseum. It would help me tremendously now to just know what something simple like that would change. Even assuming a network that was working right.