Backbone Switches!!!

Similar Messages

• XServe is slow over 100MB/s switch

  I have a big problem that's getting bigger by the month. My LAN is sloooowww! I am the assistant (i.e. volunteer technology coordinator at a small private elementary school and we are using a Dual G5 XServe (all the latest patches) for our main server. We mainly use it for authentication (OpenDirectory) and file sharing (SMB). We have 200 WindowsXP machines shared amongst 500 students using roaming profiles.
  Our problem is that logging in/out of the LAN is taking 4-6 minutes and that's way too much time to sit there with Kindergarten grade students! We've limited profiles (although we are still trying to reduce them further) and tried several other things on the Windows side but nothing seems to help. I've monitored the XServe's resources during the day and it never seems to break a sweat in either CPU, Disk I/O, or network activity. The only thing I can think of right now is that our backbone switch is an old Xylan 100MB beast with not Gig interfaces. This means that both Ethernet ports coming off the XServe are only running at 100MB each.
  I think our problem is that we are pushing waaay too much data through a 200MB pipe. Does that seem correct? My first thought was to upgrade the switch to a Gig model, but the expense (even @ eBay prices) of getting enough 1000MB ports to cover the school buried that idea real quick. And I can't seem to find a Gig interface for the Xylan anywhere!?!? What other options do I have? Break down and get a second XServe (but what would we use it for)? Segment the LAN and try to find a way to make the majority of the systems hit the server at Gig speeds?
  I know this is a long message but I am really out on a limb here. Anybody with some networking mojo wanna spread some around?
  Thanx!
  Richard

  Hi Corrado-
  That is quite a few machines to manage and should be commended for undertaking this project as a volunteer (:>)
  You may indeed need a new server, but I think you should take a close look at your network issue first. That switch is getting a little long in the tooth. Even one bad port can slow things down. If you can budget a new server then me thinks a new switch would be a bunch cheaper.
  Is this a new issue or the way it has been for a while? Does powering down the switch and bringing it back online speed things up? The answer to those questions can steer you in a couple of different troubleshooting directions.
  Do you allow connection to the internet through your setup? I am presuming that you do but I don't want to overlook anything. I do know that PC's running bit torrent software can hog a huge amount of bandwidth. Now I know that this is an elementary school but kids are smart and figure stuff out, especially the sneaky stuff, pretty quickly. You may want to shore up your filtering and or firewall defenses.
  I would suggest powering down the entire network, server, and client machines. Bring the switch and server back up first. Go to a classroom or media center and power up 2 Macs and go through the log in and see what happens. If this is speedy this will be a hint.
  That's all the mojo I have for now. Post back with your results if you need further assistance.
  Luck-
  -DaddyPaycheck

• Trouble with Windows7 and Gigabit link on Cisco 3560X switch

  Hello,
  In my company, we are using Cisco IP Phones 7945G (with 2 gigabit network ports) and Cisco 3560X-48P (1GB ports) switches for our users.
  Our client computers are running on Windows 7 SP1 (64bit - Enterprise edition) and are connected behind the IP Phone. We use a "Boradcom
  Xtreme Gigabit" onboard network card on the computers. All ports (on the switch site and IP Phone side) and on the network card of the computer are configured in "auto negotiation". Duplex and speed are set to "auto".
  We tried now to deploy a new engineering software and we are facing a very strange problem. This means that the engineer software fails to download some files from the server. We are using a flat network, all the servers and computers are on the same network segment with no firewall inbetween.
  The firewall and Anti-virus on the computers are configured to allow all incoming/outing connections.
  To troubleshoot, I tried to change all the network cables but I still get same result --> download fails.
  I connected the client computer directly to the Cisco 3560X switch, without the IP Phone and I get the same result.
  I installed a separate network card from INTEL (Intel PRO1000 PT) but I get the same result.
  As last test, I have connected to same client computer directly to a Cisco 2960-8TC switch (100Mbit; auto negotiate) and here is working fine. The software successfully downloads all the files from the server.
  If I connect the computer behind the Cisco 7945 IP Phone, set the speed and duplex of the PC-Port on the Cisco IP Phone 7945G to "100MBit/full duplex" is also working fine.
  Is there any know issue with Windows7 and Gigabit network connections?
  Do I need to set any Registry key on my Windows 7?
  The firmware version of my Cisco 3560X-48P switch is 12.2(53)SE2; do I need to update it?
  The firmware version of the IP Phone 7945G is 9.2.1.
  Thanks in advanced for your help.
  Marc Hoffmann

  Hello, Thanks for your answers. First of all, I have updated the firmware of my Cisco Catalyst 3560X-48P switch to the version 12.2(55)SE5. Unfortunately, this did not solve my problem. As second step, I ran an TDR test on my 3560X switch but I do not get any result. The "Pair status" always says "not completed". Even if I wait for 5 minutes, the status remains at "Not completed". Am I doing something wrong ? To do the TDR test, I use the commande "test cable-diagnostics tdr interface gigabitEthernet 0/XY". For your information, the port gigabitEthernet 0/XY is in a "Connected" status when I run the "show int status" command. Jeff, I think there is no issue on the server side, because if I connect my workstation on a 100MB switch (example Cisco Catalyst 2960-8TC-L) the application works absolutely fine. Also, if I run the application locally on the server, it works fine. As next step, I will connect the workstation directly on our backbone switch and try the same test. Is there perhaps any Registry key in our Windows7 which could cause this trouble? If you have any other ideas or options, please let me know. Thanks a lot, Marc Hoffmann

• Help me to choose Right Core switches and Edge switches as per my Spec

  Dear All
  Please help me to choose Core and Edge switches and all required hard ware and software. 
  the spec details as per below 
  Core Switches
  1. High performance, highly scalable core switch to provide multi-10GE connectivity to various segments in the network.
  2. Switch should have redundant switch fabric and routing engines or management / supervisor modules
  3.should have separate control and forwarding planes
  4.Each switch should have redundant power supplies in N+N or N+1 fashion
  5. Must allow for two spare slots once services, management, processing modules and line cards populated
  6. Easy to manage firmware- i.e. single code type enterprise/service provider) or train, and robust operating system
  7. Supports for the VRRP, NSR, GRES, BFD, STP, MSTP, RSTP, VSTP, LACP redundancy protocols
  8. Hot plugging and removal 
  9. The switch should have native switching architecture with up to sufficient performance such that the loss of one switching fabric should not lead to degraded performance
  10. Switch should support switching at least 400Mpps
  11. Switch should be able to support 40 10Gig line rate ports in a fully redundant configuration 
  12. Chassis that can scale to 700 Gbps
  13. The proposed Backbone switch should support, but not be limited to the following Layer 3 features:
  Static ip routing
  Routing information protocol (RIP) and RIP2
  Open shortest path first (OSPF)
  IGMP v1, v2 and v3
  IGMP Snooping 
  IP multicast routing protocol 
  14. The switch should support the following features at a minimum:
  Spanning Tree 802.1D, 802.1S, 802.1W
  GVRP
  802.1x single and multi-supplicant: VLAN and ACL assignment
  Dynamic ARP Inspection (DAI), DHCP snooping, IP Source gurard
  LLDP, LLDP-MED
  802.3X, 802.3ad
  Redundant Trunk Group (RTG)
  IGMP snooping 
  Unicast static, OSPF v1/v2, RIP v1/v2
  Multicast IGMPv1/v2, PIM
  Graceful Route Engine Switchover 

  I have gone through your document and I am surprised to see MORE information in the document than what you've posted.  I am so mildly suspicious about the authenticity of the document and spreadsheet you've attached.  
  So far, based on this document, the client wants a chassis that can support up to 700 Gbps backplane.  The only candidate, other than a full-blown Nexus solution, is the 6807-X.  
  Next, the document also states dual supervisor card with two spare slots.  Good luck trying to get that much empty space on a 6807-X.  This means 6509E.  You can't use a 6513E because of line-card-to-slot limitation.  
  If you look under the heading "Edge Switching", the first sentence already makes references to 6800ia switch.
  There's also a reference stating that the product should have a 100 Gbps backplane.  You can take the 6509E chassis out of the equation.  
  So you see, I am suspicious about the authenticity of the document.  I agree with mali's and devil's recommendation that if you are serious, you would be engaging Cisco SE/AM in your region.  There are only three reasons, that I can think of, why you've posted this here.  One of them is the intended purpose of this document (and the audience).

• VoIp settings for replacing a Cisco 3550 switch with a SF300-24P

  I am adding the SF300-24P to an existing set of switches.  My backbone switch is a 3560.
  The 3550 I am replacing has this config for each port that supports a Shoretel phone
  switchport trunk encapsulation dot1q
  switchport mode trunk
  mls qos trust dscp
  global settings include
  spaning-tree mode pvst
  spanning-tree extend system-id
  spanning-tree vlan 1,200 priority 28762
  vlan internal allocation policy ascending
  all other settings are at default
  Any ideas how to replicate this on this new switch?  I added the Shoretel mac address range (00-10-49) into the Telephone OUI.  The phone gets power, I think it gets a 192.168.6.x address (local subnet), but then it should get an IP 10.6.0.xx on its VLAN - but it doesn't.
  Some configs from the backbone are attached.  I did not need to configure any of this in the 3550.
  Any ideas?
  Fred

  Hi fred,
  The shoretel phone sounds like it is not attaching to tagged  vlan 200 on my switch, the shortel voice vlan as per your screen captures.
  The Voice VLAN should be tagged on my switch so that phones attach to a Voice VLAN and PC's connected on the back of the VoIP phones attach to  the Data Vlan .
  I scoped out, excuse the pun, the shoretel site and have attached a white paper on setting vlans and shoretel.
  They mention setting option 156 on the DHCP server, so the phone can get vendor specific information etc...  But the phones are not attached to the voice vlan , but the untagged data vlan.  You gotta figure how to get the shortel phones to attach to vlan 200, or if you are not daisy chaining PC on the back of the phone, make vlan 200 untagged on these FastEthernet switch ports..
  I have attached my SF300-48P version of my configuration and some configuration screen shots i took along the way.
  Please review carefully that attached shortel document and my screen  shots and a real configuration done on my SF300-48P.  The configuration should be almost identical to your configuration.
  I added vlan 200. and made sure that all ports were in trunk mode, even the Gigabit uplink ports.
  All ports by default are in VLAN1  as you can see below
  I then added all ports as tagged ports to vlan 200 as you can see below.
  For the sake of Spanning tree, I then made all fast ethernet (phone or PC) ports  fastports except for the uplink Gigabit ports.
  If you are not sure what portfast does , here's a little tutorial I grabbed from cisco.com
  Spanning-tree PortFast causes a port to enter the spanning-tree forwarding state immediately, bypassing the listening and learning states. You can use PortFast on switch ports connected to a single workstation or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.
  Caution PortFast should be used only when connecting a single end station to a switch port. If you enable PortFast on a port connected to another networking device, such as a switch, you can create network loops.
  When the switch powers up, or when a device is connected to a port, the port normally enters the spanning-tree listening state. When the forward delay timer expires, the port enters the learning state. When the forward delay timer expires a second time, the port is transitioned to the forwarding or blocking state.
  When you enable PortFast on a port, the port is immediately and permanently transitioned to the spanning-tree forwarding state.
  Your tasks I guess should be , making sure that vendor specific options for the shoretel phones are included in the DHCP configuration and that you somehow attach the shortel phones (even manually) to vlan 200.
  For some reason this site adds a zip extension to the end of my running configuration.  I used wordpad to look at the file 
  I am using firmware version 1.0.0.27 on my unit and the userid=admin  password i used was admin
  I hope this helps.
  regards Dave

• Catalyst 2970 switch,Errot:Orange or Amber LED on fiber SFP interface

  Hi every one..
  I am facing an error as it seems in one of my customers 2970 switches. There is a single fiber interface configured and connected to the Catalyst 6513 backbone switch. The fiber LED blincking in Orange or Amber. What could be the reason?? Some one told me that There is a hight traffic through the interface. Can that be the right answer???
  Thanks in Advance
  Regards..
  Ahmed Al-Rawahi

  It means Port is blocked by STP and is transmitting or receiving packets.
  Please see the following link:
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2970/12225se/2970hig/higoverv.htm#wp1021241
  Please rate all posts.

• Network Questions on 2012 R2 Hyper-V Cluster

  I am going through the setup and configuration of a clustered Windows Server 2012 R2 Hyper-V host. 
  I’ve followed as much documentation as I can find, and the Cluster Validation is passing with flying colors, but I have three questions about the networking setup.
  Here’s an overview as well as a diagram of our configuration:
  We are running two Server 2012 R2 nodes on a Dell VRTX Blade Chassis. 
  We have 4-dual port 10 GBe Intel NICS installed in the VRTX Chassis. 
  We have two Netgear 12-Port 10 GBe switches, both uplinked to our network backbone switch.
  Here’s what I’ve done on each 2012 R2 node:
  -Created a NIC team using two 10GBe ports from separate physical cards in the blade chassis.
  -Created a Virtual Switch using this team called “Cluster Switch” with “ManagementOS” specified.
  -Created 3 virtual Nics that connect to this “Cluster Switch”: 
  Mangement (10.1.10.x), Cluster (172.16.1.x), Live Migration (172.16.2.x)
  -Set up VLAN ID 200 on the Cluster NIC using Powershell.
  -Set Bandwidth Weight on each of the 3 NICS.  Mangement has 5, Cluster has 40, Live Migration has 20.
  -Set a Default Minimum Bandwidth for the switch at 35 (for the VM traffic.)
  -Created two virtual switches for iSCSI both with 
  “-AllowManagementOS $false” specified.
  -Each of these switches is using a 10GBe port from separate physical cards in the blade chassis.
  -Created a virtual NIC for each of the virtual switches: 
  ISCSI1 (172.16.3.x) and ISCSI2 (172.16.4.x)
  Here’s what I’ve done on the Netgear 10GB switches:
  -Created a LAG using two ports on each switch to connect them together.
  -Currently, I have no traffic going across the LAG as I’m not sure how I should configure it.
  -Spread out the network connections over each Netgear switch so traffic from the virtual switch “Cluster Switch” on each node is connected to both Netgear 10 GB switches.
  -Connected each virtual iSCSI switch from each node to its own port on each Netgear switch.
  First Question:  As I mentioned, the cluster validation wizard thinks everything is great. 
  But what about the traffic the Host and Guest VMs use to communicate with the rest of the corporate network? 
  That traffic is on the same subnet as the Management NIC. 
  Should the Management traffic be on that same corporate subnet, or should it be on its own subnet? 
  If Management is on its own subnet, then how do I manage the cluster from the corporate network? 
  I feel like I’m missing something simple here.
  Second Question:  Do I even need to implement VLANS in this configuration? 
  Since everything is on its own subnet, I don’t see the need.
  Third Question:  I’m confused how the LAG will work between the two 10 Gbe switches when both have separate uplinks to the backbone switch. 
  I see diagrams that show this setup, but I’m not sure how to achieve it without causing a loop.
  Thanks!

  "First Question:  As I mentioned, the cluster validation wizard thinks everything is great. 
  But what about the traffic the Host and Guest VMs use to communicate with the rest of the corporate network? 
  That traffic is on the same subnet as the Management NIC. 
  Should the Management traffic be on that same corporate subnet, or should it be on its own subnet? 
  If Management is on its own subnet, then how do I manage the cluster from the corporate network? 
  I feel like I’m missing something simple here."
  This is an operational question, not a technical question.  You can have all VM and management traffic on the same network if you want.  If you want to isolate the two, you can do that, too.  Generally, recommended
  practice is to create separate networks for host management and VM access, but it is not a strict requirement.
  "Second Question:  Do I even need to implement VLANS in this configuration? 
  Since everything is on its own subnet, I don’t see the need."
  No, you don't need VLANs if separation by IP subnet is sufficient.  VLANs provide a level of security against snooping that simple subnet isolation provides.  Again, up to you as to how you want to configure things. 
  I've done it both ways, and it works both ways.
  "Third Question:  I’m confused how the LAG will work between the two 10 Gbe switches when both have separate uplinks to the backbone switch. 
  I see diagrams that show this setup, but I’m not sure how to achieve it without causing a loop."
  This is pretty much outside the bounds of a clustering question.  You might want to take network configuration questions to a networking forum.  Or, you may want to talk with Netgear specialist.  Different networking
  vendors can accomplish this in different ways.
  .:|:.:|:. tim

• Recommended storage for Network-based accounts?

  Hello everyone. Sorry in advance for all the following information, but I want to thorough in hopes of allowing you to offer better input. I'm using an Xserve 2 x 2.8 Ghz. Quad Xeon (Mac OS X Server 10.6.6) with 22 GBs RAM and 6 GB NIC LACP bond to our backbone switch. This switch feeds three labs, each with their own gigabit switch, with a total of approximately 50 iMacs combined. All iMacs are connected via gigabit ethernet. All user accounts are network-based, bound to the Xserve via OD via AFP. I have WGM folder-redirects to keep the user caches folder and some of the Adobe stuff off the network for better performance. Primary software is the Adobe Creative Suite Premium CS5 throughout; with one lab using Final Cut Express & Pro and Adobe After Effects. This lab has local partitions for the high I/O requirements of video editing (so I'm not looking to sustain multiple HD streams over the network. etc.). I installed an 8TB OWC Mercury Rack Pro (external hardware RAID enclosure) with an Oxford 936 chipset this past summer, which is currently configured as RAID 5 and connected to the Xserve via a NewerTech 6GB-capable SATA host card (also provided by OWC). All of our network home directories are on the OWC Mercury Rack Pro. We also upgraded two of our three labs with brand new 27" Intel i5 iMacs this past summer. Lastly, I upgraded the Xserve to Snow Leopard also this past summer.
  The Problem:
  Since the upgrades this past summer (Snow Leopard Server, OWC Mercury Rack Pro, new iMacs), network account performance is notably more sluggish (log-in, opening apps, etc.) compared to before the upgrades (Xserve was running Server 10.5.8, labs had Mac Mini systems with gigabit running Mac OS X 10.5.8 and Adobe CS4). My network accounts were on an eSATA Rocstor ArticRoc RAID 5 unit previously, connected to the Xserve via an older Sonnet Tempo-X SATA card (which was PCI-X, not PCI-Express).
  Turns out the new iMacs don't support jumbo frames (yikes!), but notwithstanding that issue, it appears like the new Mercury Rack Pro might not be performing well under load. I've done some testing using OWC's provided QuickBench software. I logged into 3 iMacs using a local admin account, mounted three separate home directories from the Xserve and started testing performance simultaneously (to simulate multiple user access). The iMacs were next to each other, so my tests were started about 1 second apart, but were otherwise running simultaneously. Here's the results for review:
  The tests were performed without file caching enabled, to better gauge the raw storage performance. The results for each test file size are in MB/sec and the 4 result columns in order from left to right are Seq. Read, Seq. Write, Rand. Read, Rand. Write. The averages are totaled at the bottom. Hope this comes through in a readable fashion...
  iMac-1 Test:
  4 KB 10.499 0.502 10.645 0.087
  8 KB 16.351 4.179 15.913 0.143
  16 KB 29.35 11.213 28.878 0.213
  32 KB 39.703 19.318 40.633 0.251
  64 KB 55.519 27.347 51.766 0.335
  128 KB 70.823 38.541 63.345 0.414
  256 KB 78.946 46.074 70.803 0.383
  512 KB 87.872 56.071 77.47 0.325
  1024 KB 93.209 60.616 87.667 0.281
  Average 53.586 29.318 49.68 0.27
  iMac-2 Test:
  4 KB 9.901 0.494 10.843 0.08
  8 KB 14.208 5.116 15.942 0.142
  16 KB 22.762 9.668 26.973 0.174
  32 KB 30.357 16.301 42.276 0.183
  64 KB 2.605 25.486 51.606 0.179
  128 KB 4.831 28.404 18.495 0.308
  256 KB 87.839 43.936 87.014 0.404
  512 KB 96.93 28.836 95.64 0.335
  1024 KB 99.789 40.661 71.096 0.318
  Average 41.025 22.1 46.654 0.236
  iMac-3 Test:
  4 KB 4.689 0.79 10.348 0.065
  8 KB 7.908 5.526 16.399 0.086
  16 KB 6.848 8.783 27.967 0.056
  32 KB 30.183 14.756 42.096 0.132
  64 KB 46.42 13.255 53.114 0.277
  128 KB 74.744 11.307 4.369 0.424
  256 KB 80.955 25.521 26.432 0.484
  512 KB 97.356 16.138 65.667 0.386
  1024 KB 103.434 44.617 103.015 0.612
  Average 50.282 15.632 38.823 0.28
  It appears that small file performance is poor (historically a problem via AFP, I recall), but the Random Write performance is what scared me the most. It's very low across the spectrum. I'm going to provide these results to OWC for review, but wanted to get some additional perspective from the community. I'd appreciate any thoughts or ideas you might share.
  Related Question:
  We may have 35 users logged in at peak time. But given that I'm hosting network accounts for approximately 50 gigabit-equipped Macs, what would you recommend (or are you using) for storage based on my usage criteria mentioned earlier? I'm hoping there's a solution that's less expensive than the fibre-channel Promise RAID (or equivalent); as our budget unfortunately won't support that. Any storage solutions in the SATA realm that might be sufficient for hosting home directories where video capture isn't required?
  Thanks for your patience and your advice!
  Regards - Zeek

  RE: options (b) or (c) with external firewire or USB drives -- if you go this route, are you thinking of afp- or smb-mounting (i.e., ⌘k in Finder) the mini or cube or G3? If so, you'll want to get ahold of SharePoints (unless you know how to create mount points in NetInfo), so you can create an additional mount point on the mini or cube or G3 for your external drive. As you know, when you afp-mount another Mac, the mount points that show up are the individual user accounts on that other Mac /Users/{shortUserNameGoesHere}. But an external firewire drive would not be visible at /Volumes/{extDriveNameGoesHere} on the mini or cube or G3 from these User mount points because /Volumes/{extDriveNameGoesHere} is not in the path of /Users/{shortUserNameGoesHere}. The only way that you could get there would be if you connected as admin on the cube or mini or G3, and then mounted the mini or cube or G3 at its root (/). But you might not want to let regular user accounts access the cube or mini or G3 as admin. But SharePoints will let you define that mount point, so when you ⌘k, it shows up just like the user names do. I am not familiar with smb mounts (for the benefit of your Wintel boxes) but SharePoints will let you define smb mount points, too. It has enabled me to create a "community (inbound) fax" afp mount point, for remote users to retrieve faxes from my computer, as well as permit a "central" afp-mount point for all my users' dropboxes, so you don't have to mount every user if you have multiple drops to make. (That required me to actually move all the drop boxes to a common folder, and make aliases to those locations back in the original users' drop box locations). So you might want to look into SharePoints if you decide to go this route.
  (if you find that this solves your problem, or is actually helpful towards arriving at a solution to your problem, please consider clicking on either the "helpful" or "solved" buttons in the header of this post)

• Is 1 server enough? Or should I employ a 2 server system? (60 to 1)

  *Brief Backgound:*
  I have 60 LDAP directory bound clients (PPC eMacs and Intel iMacs) to one Dual G5 PowerMac server - such that students login on any client in one of the 3 computer labs, authenicate against the server, and mount their own home directory over the network.
  *The Issue:*
  It seems to me that the student login process takes way too long to mount their home directories - they often, but not always, have to sit there and wait - and occasionally the authentication process hangs, requiring a forced reboot of the client. And it's worth noting that performance is not always quicker when only a few clients are in use.
  *My question:*
  Do I need a second server to speed up the login process? Or, am I nowhere near needing a second server, and should I instead concentrate my efforts on other issues to figure out the slow login issue?
  *The Details:*
  Clients are student eMacs and iMacs running 10.4.10, the slowest of which is 1GHz PPC with 384MB RAM and the newest is 1.83GHz Intel Core Duo with 512MB RAM. All have a dedicated 100mbs wired network connection - that is, each computer has it's own CAT5 cable direct into a 3COM switch which is then connected via gigabit to the backbone switch that the server is tied into. Generally, kids use Safari, MS Office 2004, iLife apps, etc. I have a login hook to make Office look to the client not the server for fonts, etc. Any video work is done on a local user account, not over the network.
  The Server is a connected to one of 2 backbone gigabit switches with gigabit (very nice Cisco). It's also running 10.4.10 Server. It's a 2.0GHz Dual G5 PowerMac with 2GB RAM and 2 hard drives. I use Workgroup Manager to manange client preferences. When I monitor the server, neither the processor nor the memory ever get taxed, and there's plenty of free disc space. I plan to replace it with a new 2.6GHz Intel Mac Pro this month, but should I replace it with 2 Mac Pros instead of 1?
  Concerns:
  I find it a bit daunting to divide the current setup into a 2 server system, but if the results will have a very noticable impact on performance, then I'm willing to go that route.
  *Many thanks in advance for your helpful advice!!!*

  With your current setup, and just a few clients logging in, you should see pretty decent performance. If all 60 clients logged in at about the same time, you'd be pushing it.
  Things to consider:
  A replica server with roughly half of the user homes to spread the load.
  You mention two HD's, but how do you use them. If a new server is out of the question, you may consider an eSata RAID. You could take the two HD's you have, install the System on them and stripe them for faster performance. Even though you have some files stored locally, there's still a lot of little files flying around when clients log in. A striped system HD may make r/w access a lot faster. Put the network homes on the eSata in a RAID 5 for speed and redundancy. Assuming that the System doesn't change that much, keep a backup of the internal HD's as often as you need, and ditto for the external RAID.
  Check out
  http://docs.info.apple.com/article.html?artnum=304106
  and here
  http://www.afp548.com/article.php?story=20060329213629494&query=afp%2Btuning
  I'm not sure if 10.4.8 and later take care of this stuff, but I can say that these articles have improved performance on our network greatly.
  hth
  Jeff

• Is 1 server enough?  Or should I employ a 2 server system?

  *Brief Backgound:*
  I have 60 LDAP directory bound clients (PPC eMacs and Intel iMacs) to one Dual G5 PowerMac server - such that students login on any client in one of the 3 computer labs and mount their own home directory.
  *The Issue:*
  It seems to me that the student login process takes way too long to mount their home directories - they often, but not always, have to sit there and wait - and occasionally the authentication process hangs, requiring a forced reboot of the client. And it's worth noting that performance is not always quicker when only a few clients are in use.
  *My question:*
  Do I need a second server to speed up the login process? Or, am I nowhere near needing a second server, and should I instead concentrate my efforts on other issues to figure out the slow login issue?
  *The Details:*
  Clients are student eMacs and iMacs running 10.4.10, the slowest of which is 1GHz PPC with 384MB RAM and the newest is 1.83GHz Intel Core Duo with 512MB RAM. All have a dedicated 100mbs wired network connection - that is, each computer has it's own CAT5 cable direct into a 3COM switch which is then connected via gigabit to the backbone switch that the server is tied into. Generally, kids use Safari, MS Office 2004, iLife apps, etc. I have a login hook to make Office look to the client not the server for fonts, etc. Any video work is done on a local user account, not over the network.
  The Server is a connected to one of 2 backbone gigabit switches with gigabit (very nice Cisco). It's also running 10.4.10 Server. It's a 2.0GHz Dual G5 PowerMac with 2GB RAM and 2 hard drives. I use Workgroup Manager to manange client preferences. When I monitor the server, neither the processor nor the memory ever get taxed, and there's plenty of free disc space. I plan to replace it with a new 2.6GHz Intel Mac Pro this month, but should I replace it with 2 Mac Pros instead of 1?
  Concerns:
  I find it a bit daunting to divide the current setup into a 2 server system, but if the results will have a very noticable impact on performance, then I'm willing to go that route.
  *Many thanks in advance for your helpful advice!!!*

  With your current setup, and just a few clients logging in, you should see pretty decent performance. If all 60 clients logged in at about the same time, you'd be pushing it.
  Things to consider:
  A replica server with roughly half of the user homes to spread the load.
  You mention two HD's, but how do you use them. If a new server is out of the question, you may consider an eSata RAID. You could take the two HD's you have, install the System on them and stripe them for faster performance. Even though you have some files stored locally, there's still a lot of little files flying around when clients log in. A striped system HD may make r/w access a lot faster. Put the network homes on the eSata in a RAID 5 for speed and redundancy. Assuming that the System doesn't change that much, keep a backup of the internal HD's as often as you need, and ditto for the external RAID.
  Check out
  http://docs.info.apple.com/article.html?artnum=304106
  and here
  http://www.afp548.com/article.php?story=20060329213629494&query=afp%2Btuning
  I'm not sure if 10.4.8 and later take care of this stuff, but I can say that these articles have improved performance on our network greatly.
  hth
  Jeff

• Unable to Ping AP

  Hello,
  I have a new setup I'm trying to build with a WLC2106 and 4 1142n's (currently just trying to get 1 working).  I have the WLC running 7.0.98.0.  I built a new VLAN on our core network (3560g) and have the ap-manager, management interfaces ip'ed in that vlan.  I also have the AP plugged into the PoE port on port 8 and it ip'ed in the same VLAN.  The AP associates to the WLC, i am able to configure it from the WLC, but i cannot ping it, from the WLC or from anywhere.  I cannot ping anything from console on the AP either.
  My assumption is once, i get ip connectivity established, the AP will be able to communicate to our network DHCP server and issue out IP's.  I just can't figure out what is wrong with the network setup.  I have the trunk configured properly on the core switch from the WLC, i can ping other hosts on the other vlans that are allowed.
  Interfaces on WLC:
  Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
  ap-manager                       1    5        10.108.5.3      Static  Yes    No  
  management                       1    5        10.108.5.2      Static  No     No  
  office-vlan-2                    1    2        10.108.111.96   Dynamic No     No  
  virtual                          N/A  N/A      1.1.1.1         Static  No     No
  AP Config:
  infraspawap2#show capwap ip config
  LWAPP Static IP Configuration
  IP Address         10.108.5.5
  IP netmask         255.255.255.240
  Default Gateway    10.108.5.1
  I've been staring at this for days and just can't figure it out (so it's probably just something simple i've missed).  Any help is greatly appreciated.
  Thanks,
  Ben

  So i may have solved this, or at least provided a work-around.  I made the new Vlan for MGMT and AP interfaces native on the switch and changed the config on the WLC to untagged.  I also disabled DHCP proxy.  This allowed clients to retrieve DHCP from our network server and get connected to the LAN, however i was still unable to ping the AP.
  I then moved everyhting into a different VLAN (already existing) and had the same results.  I then moved the AP off of the WLC and used a power brick to connect it directly to the backbone switch.  This rectified the issue.  I am now able to ping accross all vlans to/from the AP.  My only question really is why not from the switch on the WLC?  what was/ wasn't i doing that prevented this when directly connected to the WLC?

• Challenging Network Design

  I am going to attach a drawing and  offer up a challenge to anyone who wants to solve it.  I have two ways  on how to make it work.
  So here is the scenario.
  1) This is a  transit network. That means there are objects that circumnavigate a  known path along tracks.
  2) There is already an infrastructure of  fiber connected to Cisco ONSs at OC-48 speeds
  3) Hanging off the  ONS are 6 Cisco 6509 Chassis
  4) Hanging off the 6509 Chassis are  Cisco 3560 switches
  5) Hanging off the 3560 switches are Cisco  Wireless Access Points
  6) The objects circumnavigating the tracks  have a Cisco Wireless Access Point and a Cisco 3560 switch to connect  equipment on board
  7) The Wireless access points are managed by a  WISM on the 6509s
  8) Wireless Antenna are spread along the track  so that the vehicle has constant contact with the network
  9) There  are multiple VLANs in the Primary and Backup Data Centers
  10) The  is just one VLAN on the vehicle
  11) The equipment on the vehicle  needs to communicate to the data center and to other vehicles
  12)  Each vehicle has a need for 16 hosts
  The question I have (or the  challenge) is to figure out how the vehicles can maintain constant  contact with the rest of the network.  The data center configuration is  more or less done.  It challenge is figuring out how to subnet and route  and/or bridge the trains to keep in contact with the rest of the  network while it switches from one access point to another and from one  6509 backbone switch to another.
  What are your thoughts?
  James

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin-top:0cm;
  mso-para-margin-right:0cm;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0cm;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Thank you for this nice challenge!
  I assume all the 6500 switches are connected together, but you do not describe how this logical topology is. Is it a shared layer 2 Ethernet or is there a point to point structure between them?
  How many access points do you have behind each of the 3560 switches outside the 6500 switches?
  What types of access point are used?
  The best way to do this is to implement WISM modules (wireless controllers) in the 6500 switches or in at least two of them (redundancy). How many depends on the amount of access points you have installed that are fixed and not moving around. These access points should then be lightweight access points.
  Access points on the moving objects will connect with the most optimal fixed access point and traffic will be tunneled back to the controller where the access point is connected. This is called local mode and you can consider the AP on the moving object as a client that are directly connected (locally) at the controllers interface towards the switch.
  If the moving object move so that another fixed access point is used, and that access point is connected to the same controller then the client will appear to the network as it have newer moved since it remains connected to the same controller.
  More 'challenging' (but solved) is when the moving object connects to an AP that is associated to another controller than where it first connected. Then this controller tunnels the traffic back to the first controller and the client still seems to be locally connected at the first controller.
  Summary so far: The point where the AP on the moving object seems to be connected with the LAN will remain at the Ethernet port of the first controller it is connected via as long as it is connected to any of the fixed access points.
  IP addressing: You subnet the network as usual and provide a DHCP pool for the clients at each site with 6500 switches that contains WISM modules.
  The clue is ‘local mode’.
  Regards,
  André

• Help with 4255

  Hi All,
  I have installed a 4255 sensor inline behind an ASA 5550 that connects to the Internet.
  The problem is that the IPS is not tuned (brand-new) and as soon as we connect the IPS inline, the CPU goes up to 100% and stops the traffic flow in a matter of minutes.
  Therefore we removed the IPS and everything went back to normal.
  Now, I connected the 4255 in promiscuous mode (behind the ASA connected to the 4506 backbone Switch), and I still see the CPU between 40% to 80%
  The sensor is running the latest image 7.0(2)E3 and the latest signature package S477.0
  My questions are:
  1. Where do I check on the sensor exactly what is it doing, because we plan to leave the IPS in IDS mode for a couple of weeks. Are there some kind of reports that I can get from it? What is the best way to check it out? I managed the sensor via IDM 7.0
  2. After getting the above information what is the recomendation to tune the device? Disable signatures? How do I find out which signatures do I need and if we are getting lots of false positives and/or false negatives?
  3. Any other comments are appreciated!
  Thank you All as always.
  Federico.

  Hi,
  Download and install the following.
  HP OSD Utility.
  Proximity Sensor Driver.
  When done, restart the notebook.
  Regards,
  DP-K
  ****Click the White thumb to say thanks****
  ****Please mark Accept As Solution if it solves your problem****
  ****I don't work for HP****
  Microsoft MVP - Windows Experience

• BIG Problem in our LAN

  Hi every one,
  In our company we have the topology below:
  It seems that the LAN is stable , and everything works fine, for saving  user’s data we use mechanic ways : we  visit every user and we save its data with external hard drive, so we want to use some software that can help us making saving users’ data easy for us, like symentec backup exec or other automatic ways,
  Before doing it, I save one document (size = 9 Go)   using the LAN, this document is in the server_1
  And will go Through the switch_1 and switch_2 to my laptop,
  During this operation, we can’t make phone call with phones connected to switch_3 , And sometimes we  some users cannot work in server_2
  All switches are 48 ports
  So I think that the problem is with the switch_1: its bandwidth is not enough
  I can’t take any decision because I’m not sure I have many suggestions:
  •1)      backbone switch
  •2)      Separate data from the voice
  •3)      Adding another switch
  •4)      Linking the Avaya to switch_2 and servers to switch_3
  •5)      Buy  Cisco switches  and replace  the Enterasys Swithes
  Hope it was clear and I hope I will get the good answer, thank you.

  I would if possible, put you servers in a different VLAN from your user and voice data if the Enterasys Switches could do. This will seperate the traffic flows and will only aid you in finding the solution. Configure the Enterasys device to do the routing between the devices if possible as you would with the core, this will stop the fortigate or router from being congested.
  Ensure your servers are running at speed 1000 and duplex full as well as your fiber connections. if not possible ensure your gigabit connections configured properly.
  If the switches are unmanaged switches i would look at option 5, if that is not feasible I would strongly recommend a re-architecture put all the data intensive users near your servers.

• Fall back to DNS if node in HOSTS file doesn't respond

  I have a server farm in which the servers talk to each other on a private backbone (via hosts files), but the clients talk to the servers on a second NIC via AD/DNS. Is there a way to have the servers fail over to DNS if entries in the hosts files don't
  respond (in other words, if the private backbone switch fails)?

  1. It depends on node type, DNS suffixes and DNS content.
  2. Be aware of problems with multihome domain controller.
  http://technet.microsoft.com/en-us/library/cc772564.aspx
  Regards
  Milos