Solved

Dumbfounded.  Network/switching question

Posted on 2012-03-12
6
879 Views
Last Modified: 2012-03-15
Ok, so I am dumbfounded after doing a network install with my boss today. Basically we started at the demarc point which was installed by the ISP a Ciena 311e. We connected a Netgear NETGEAR FVS318 VPN to it and alottted over an adequate amount of DHCP addresses from the 192.168.0 pool.

Here comes the crazy part, we were working with Cisco SF 100d 16 port dumb switches attempting to interconnect cabling for a building with 5 floors and about 24ish users per floor.

We put in 2 16-port Cisco SF 100d switches per floor and linked the switches together as well as plugged in all the connections from the patch panels. We did that each for each floor.

And then comes the strange part, floor 1 and 2 work flawlessly assigning an IP from the DHCP of Netgear almost immediately. Floors 3, 4, 5 though did not... Assigning a manual IP as well as as the DNS provided by the ISP worked, but slowly. DHCP did not. By slowly I mean me plugging into the dumb switch and pinging the gateway or outside world and losing roughly around 30-70% of my packets.

The cabling was already installed and we tested all of them to make sure they were crossovers, except for the straight-through connecting our Netgear VPN to the Ciena router. Each floor had a cable going back to the Demarc point which, when plugged directly into a host would fetch a DHCP right away. Floors 1 & 2 would do that with any of the switch ports. Floors 3, 4, and 5 with the switches involved however, would not work with DHCP and with a manually assigned IP would have about a 30-60% packet drop rate.

I'm completely stumped here as I've never even seen a Ciena router or worked with dumbswitches. Please help me!
0
Comment
Question by:Idunno3
6 Comments
 
LVL 1

Assisted Solution

by:aloalotebetrazim
aloalotebetrazim earned 167 total points
Comment Utility
It would probably helped if you draw a scheme :)

Is every switch on the floor connected to a Netgear directly or?
Are you maybe exceeding the ethernet limit (cable length or number of switches? - packet loss kinda guides me to that conclusion).

I think that more info would be helpful.
0
 
LVL 21

Assisted Solution

by:Rick_O_Shay
Rick_O_Shay earned 166 total points
Comment Utility
Try checking the switch ports for any kind of errors to get a clue as to what is happening or if you are familiar with wireshark run it on a PC on one of the troublesome floors and see what is going on there. Maybe compare a capture there to one of the working floors.
0
 

Author Comment

by:Idunno3
Comment Utility
I am familiar with Wireshark, just didn't have it installed on my laptop. I'll give it a shot when I'm out at the work site. Network diagram is attached
Student-Network-Diagram.pdf
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 8

Accepted Solution

by:
gsmartin earned 167 total points
Comment Utility
Typically, for multiple floors you want to use fiber to avoid any signal loss. Ethernet has a maximum limit of a 100M or 328FT, which various factors play into attenuation/signal loss.  Typically, Ethernet uplink connectivity is from switch to patch panel-to-patch panel to switch.  You need make sure the overall cable run including patch cords don't exceed the limit.  My preference for Ethernet runs is no more than 285 to 300FT, and for multi-floor buildings to use fiber between the MDF (Main Distribution Facility) and each IDF (Individual Distribution Facility).  

Note the type of switches you are using especially at the core are most likely not designed to handle the switch uplink connectivity/traffic from the other switches.  Most Enterprise network switches have a limit of 5 to 8 uplink switches.  Now I am not saying that it won't work, but not recommended.  The main issue is likely to be the Ethernet cable length on the uplinks.

Was the network cabling professionally installed?  Did the installers terminate the cabling to patch panels?  What type of cable CAT 5 or CAT 5E?  If patch panel used, CAT 5 or CAT 5E?  You need to make sure to use the same category type for both cable and patch panel.  Also, CAT 5 is limited to 100Mb vs CAT 5E goes upto 1Gb throughput. Your uplinks need to be atleast CAT5E or more preferably use Fiber, which has the ability to go higher (10Gb) over short distances (not that you require the speed).

If for any reason the cabling was not professionally installed and/or terminated cables directly without patch panels I would recommend buying a cable tester to verify your uplinks are good.  Also, it would be preferred to get an Ethernet cable tester that can detect the distance.  FYI... If cabling was professionally installed then have the vendor certify the cabling.

FYI... The disadvantage of using non-managed switches is you don't have any visibility or control while troubleshooting issues like this.
0
 

Author Closing Comment

by:Idunno3
Comment Utility
Thanks for the feedback guys..... after endless hours of pulling switches and cables, turns out our Netgear VPN/Firewall switch thinger was the point of failure... still doesn't make sense, but replacing it with a different brand one seemed to correct everything.

GSMartin, I know our setup is not ideal, but our customer seemed to want the cheapest route possible. I'd hate to live in that building, as it only has a 100MB metroethernet connection as well as a non-ideal core switch.
0
 
LVL 8

Expert Comment

by:gsmartin
Comment Utility
No worries.  Sometimes it's difficult to sell non IT people on the differences of Enterprise vs consumer grade hardware.  Typically, they can't comprehend the features and benefits inline with the higher cost.  Therefore, not every situation is going to allow for an ideal network configuration.

Anyway, glad to hear you resolved your issue.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now