PDA

View Full Version : Help! I've become a Windows network admin!




RedTomato
Jun 4, 2009, 03:59 AM
Oh my gosh, I seem to have become a windows network admin!

I've taken on a second job as tech officer for a mid-sized charity. It's about 30 staff, mixture of XP and Vista, and run via a server running Windows Server 2008.

My background is in mac admin, and I've been running a small mac network for the last few years, so while I know basic network stuff, I'm new to the windows admin world, and this is a bit of a step up to a larger class of network for me. My line manager (the CEO) is aware of this, and expects me to get up to speed quickly.

Can you recommend any decent books or websites on Server 2008, Active Directory, Terminal Services, and small / mid sized network admin?

Which websites do you go to for help about these issues?

Clueless in London



windywoo
Jun 4, 2009, 04:08 AM
For 30 users everything should be straightforward. Start - Programs - Administrative Tools and all you need should be there. Its usually a case of right clicking and following a wizard. Or double clicking and filling in stuff.

RedTomato
Jun 4, 2009, 04:26 AM
Thanks, but I'd like to acquire some deeper knowledge.

I will be rewiring the entire network in the next few months (currently it runs off series of 5 dollar hubs and has a lot of problems) and putting in a 24 port switch downstairs and a 16 port upstairs, both hanging off a managed cheapish Cisco router. We will also get a second ADSL line and I'll have to install a load balancer box for the router.

There are 5 other offices around the country with another 20 staff. Currently they do their own thing, and can't use central network services. My boss wants me to roll out a WAN, and switch the other offices to logging into the central london server. It's for easier account management and maintenance (and some of our new software needs it too). Currently they do their own thing and can't use central software.

I need to learn enough to stay on top of all this :o

acurafan
Jun 4, 2009, 05:21 AM
red, some suggested reading,

Exchange:
http://www.msexchange.org
http://msexchangeteam.com

Windows related:
http://www.windowsecurity.com
http://www.windowsnetworking.com
http://social.technet.microsoft.com/Forums/en/categories

Go to the bookstore and pick up a basic CiscoPress CCNA book to get up on networking routing, and Microsoft Press' Administrator's Pocket Consultant series books are good reading material - mostly concise to the point.

Google PSTools/Sysinternals Suite - best free troubleshooting tools for day-to-day admins.

When all else fails:
http://www.google.com :D

RedTomato
Jun 4, 2009, 07:10 AM
Fab thanks, that's exactly what I need!

maflynn
Jun 4, 2009, 07:16 AM
No offense but you got a job to which you had no experience? I'd be a little nervous but getting in over my head

RedTomato
Jun 4, 2009, 07:25 AM
Yes, I had my concerns too before accepting it. My boss knows the other company I work at, and was impressed with my work there.

I was actually sort of headhunted for it, as I'm fluent in sign language, and the boss and most of the staff here are deaf signers. (as am I)

Means I can communicate with staff and boss and find out what their issues are, and explain things to them without needing to get an interpreter in. There aren't many tech people who are also fluent in sign.

We also have an (expensive) external IT contractor, who takes care of the really difficult stuff like setting up Terminal Services for the WAN, other difficult server stuff and advises me on the rest.

I made it clear to my boss that my skills have clear limits, and he accepts I'll have to spend time learning and training myself.

RedTomato
Jun 4, 2009, 07:51 AM
As I said, thanks for the theory guides above - I will read them.

Forgot to add, do you know any guides to the physical side of rewiring a network? The dirty dusty crawley side, cable management, cutting and locating conduit, etc?

I'm gonna have to figure out how to route 24 cables from the downstairs switch, and this is an office in a listed building - I'm not allowed to cut holes in walls, and will have to run cables along the bottom of walls etc.

windywoo
Jun 4, 2009, 08:05 AM
You could try network over the powerlines. One plug downstairs and one plug upstairs linking the two networks. They are limited to 85Mbps so if you expect your users to be shifting lots of big files it might not suit. And the two floors would have to be on the same power circuit.

Or two Wireless N routers to link the two floors. Bandwidth is greater than plugs, but reception is susceptible to interference, and doesn't go through thick floors very well.

Otherwise, don't put the cables next to power cables to prevent interference, unless you have them well shielded.

And sorry I don't know any guides :( I just remember what I can from my Network +.

foidulus
Jun 4, 2009, 09:03 AM
red, some suggested reading,

Exchange:
http://www.msexchange.org
http://msexchangeteam.com



Useful info, but you gotta wonder what those people were thinking when they registered that domain :P

blaster_boy
Jun 4, 2009, 10:15 AM
Why do you need to route 24 cables upstairs out of the 48 ? Don't you have a switch to switch port that uses fiber or gigabit connection ?

Winni
Jun 4, 2009, 02:20 PM
Buy the official training courses for MCSE (Microsoft Certified Systems Engineer) and CCNA (Cisco Certified Networking Associate) and study especially through the theoretical parts that explain the concepts.

You --will-- find the Cisco training material extremely helpful even if you do not use Cisco equipment at work or at home. The ICND1 course explains basic networking from the OSI layer model to hubs, switches and how TCP/IP works. And without a working knowledge of of that stuff you won't get far as a system /network administrator (and it really doesn't matter if the job is in the Windows or Unix world).

You also need to have a basic understanding of the Windows domain model and Microsoft's LDAP implementation (which is called Active Directory) and how it integrates itself into their Dynamic DNS (hello TCP/IP) and what role group policies play and how to implement them. This stuff also is the foundation to understanding Microsoft Exchange.

It's a complex world and it can quickly become overwhelmingly frustrating because there is so much to learn and know.

About your physical networking problem: The other poster was absolutely right: You should install another access switch on the second floor and connect it to the other switch. That, by the way, is something you would learn in the Cisco ICND1 course. ;-)

VideoFreek
Jun 4, 2009, 11:00 PM
I'd highly recommend one of Mark Minasi's books for a very readable introduction to the MS world. For example, see here. (http://www.amazon.co.uk/Mastering-Windows-Server-Networking-Foundations/dp/0470249846/ref=sr_1_1?ie=UTF8&s=books&qid=1244174312&sr=8-1)

blaster_boy
Jun 5, 2009, 12:50 AM
If you need this network setup done quickly, let us know in general terms what you want to do, what equipment you work with, there seem to be enough network admins out here who could quickly correct any glaring errors and give you some advice...

belvdr
Jun 11, 2009, 10:41 AM
You could try network over the powerlines. One plug downstairs and one plug upstairs linking the two networks. They are limited to 85Mbps so if you expect your users to be shifting lots of big files it might not suit. And the two floors would have to be on the same power circuit.

Or two Wireless N routers to link the two floors. Bandwidth is greater than plugs, but reception is susceptible to interference, and doesn't go through thick floors very well.

Otherwise, don't put the cables next to power cables to prevent interference, unless you have them well shielded.

And sorry I don't know any guides :( I just remember what I can from my Network +.

No offense, but I wouldn't use either of those ideas.

The powerline idea really limits your bandwidth, especially when you've got 100Mb to each machine already. That will kill your performance even for just a couple of machines browsing a file server.

The wireless idea may work, but it's a half duplex connection. Avoid half duplex on main trunks.

You only need one cable to connect the switches together. If it were me, I'd future proof a bit and get switches with a modular slot so you can run fiber, which can go up to 40Gb or better. You'll want to run the fiber through conduit; do _not_ leave it exposed. Being fiber, you don't need to worry about interference either. Since you are extending a new cable, I'd run at least 4 to give you room for growth as well. For example, say you peg that 1Gb fiber link; you can easily patch one of the extra pieces of fiber and bond it with the other piece to give you extra bandwidth (called PortChannel or EtherChannel in Cisco terms). Or if you have to add another switch, you can trunk it back to your main switch where your router is.

I wouldn't use anything but Cisco. It's great equipment and there are plenty of people out there who can assist in supporting you. Buy something offbrand to keep costs down may save you in the short term, but if issues arise, it may cost you in downtime or time spent fixing/maintaining it. Also overspec your switch. If you have 20 nodes , then I would recommend looking at a 48 port switch, to give room for growth.

As for the routers, certain Cisco models will allow you to load balance the routers. For 30 people though, I'd simplify it and use one router with one bigger pipe. It's added complexity that doesn't seem to be needed here and there's no need for multiple routers to support this type of load. If you wanted to use two or more circuits bonded together (which may be cheaper than one bigger pipe), you'll need to setup BGP with your provider.

It may be in your interest to check out some of the latest routers that can use an aircard for access. Make sure to contact the aircard vendor to ensure this is a supported setup, or you may get some serious invoices from them.

RedTomato
Jun 11, 2009, 11:05 AM
Lots of amazing replies here, many thanks! Will update with specs as I get them.

There's a bit of confusion here over the layout. Let me clarify.

Upstairs (10 staff, 2 printers):

- Server,
- ADSL modem wifi accesspoint
- 16 port gigabit switch

These three boxes will link to a cisco router, also upstairs.

A cable will go from the router, down the stairwell somehow to downstairs, to a 24 port gigabit switch downstairs (15 staff, 3 printers, 2 public access computers)

The building is more or less at its maximum staff capacity here so i don't think a bigger switch is needed. Will be around 4 ports spare on both switches.

We are a charity with low budgets so I think forget any mention of fibre or using complex stuff.

Thanks for the powerline idea - I might bring that up as in idea for one or two of the harder-to reach locations, or for temporary installations.

It's possible we may get a second ADSL line with associated modem, and a load balancer. This will be for reliability and greater upload bandwidth rather than bigger download pipes.

Reason - our WAN will have 5 outside offices logging onto our server via AD, so to me, our central office outgoing bandwidth seems more of a chokepoint than incoming.

An engineer came over yesterday to install a new telephone line and had a quick look at our network (not a proper survey). We're with Be Pro internet, but getting rather crappy 6-8Mb/sec even tho we're in the heart of the London East End. (I get 16Mb/s at home!)

Basically our line is shared with some other residential buildings, and goes through them to the street connection box, and there's not much we can do about it. He recommended digging a tunnel and having our own line to the box, but we can't afford that. If we can't get a proper second ADSL line to a second independent ISP then there's little point going for load balancing.

I tried to contact OpenReach (looks after the last mile in the UK) for a proper survey, but seems I will have to go through Be.

belvdr
Jun 11, 2009, 11:11 AM
Lots of amazing replies here, many thanks! Will update with specs as I get them.

There's a bit of confusion here over the layout. Let me clarify.

Upstairs (10 staff, 2 printers):

- Server,
- ADSL modem wifi accesspoint
- 16 port gigabit switch

These three boxes will link to a cisco router, also upstairs.

A cable will go from the router, down the stairwell somehow to downstairs, to a 24 port gigabit switch downstairs (15 staff, 3 printers, 2 public access computers)

The building is more or less at its maximum staff capacity here so i don't think a bigger switch is needed. Will be around 4 ports spare on both switches.

We are a charity with low budgets so I think forget any mention of fibre or using complex stuff.

Fiber is not that expensive any more. As John Doe on the Internet, I can get a 25 meter multimode fiber cable for $80.

Thanks for the powerline idea - I might bring that up as in idea for one or two of the harder-to reach locations, or for temporary installations.

It's possible we may get a second ADSL line with associated modem, and a load balancer. This will be for reliability and greater upload bandwidth rather than bigger download pipes.

Reason - our WAN will have 5 outside offices logging onto our server via AD, so to me, our central office outgoing bandwidth seems more of a chokepoint than incoming.

Not every WAN circuit is assymetrical. You said above you wanted to avoid complexity, but are willing to put in two routers, two WAN circuits, and a load balancer. Again, one router with multiple pipes is far much simpler to install and maintain than two or more routers with two or more pipes load balancing each other. If BGP is too much, do weighted fair queuing and you get the poor man's version of load balancing. Very very simple to do.

Our current router has been up for almost 3 years now (since implementation). Get a good router and you won't have reliability issues. EDIT: I should add we have 155Mb (an OC-3) coming through one router as well. It's not your basic router, but it's not your high end either.

An engineer came over yesterday to install a new telephone line and had a quick look at our network (not a proper survey). We're with Be Pro internet, but getting rather crappy 6-8Mb/sec even tho we're in the heart of the London East End. (I get 16Mb/s at home!)

Basically our line is shared with some other residential buildings, and goes through them to the street connection box, and there's not much we can do about it. He recommended digging a tunnel and having our own line to the box, but we can't afford that.

Yeah, that would be expensive. But do your lines go through protected boxes so that tenants of the other buildings cannot disturb them? That sounds like a potential reliability issue.

I tried to contact OpenReach (looks after the last mile in the UK) for a proper survey, but seems I will have to go through Be.

Welcome to the WAN world. There's almost never a direct communication between you, the customer, and the telco handling the last mile.

blaster_boy
Jun 11, 2009, 02:26 PM
I agree with belvdr here : get yourself a good network setup : it will cost you less intervention and less hassle and thus less intervention costs in the long run. Plus cisco experience is always good for your cv.

And do check ebay for second hand cisco catalyst equipment : plenty of second hand switches around as well as the parts to go repair them.

belvdr
Jun 11, 2009, 02:34 PM
I agree with belvdr here : get yourself a good network setup : it will cost you less intervention and less hassle and thus less intervention costs in the long run. Plus cisco experience is always good for your cv.

And do check ebay for second hand cisco catalyst equipment : plenty of second hand switches around as well as the parts to go repair them.

Oh and Used Cisco (http://www.usedcisco.com/) has some good deals as well. For your setup, it sounds like gigabit to the desktop is overkill. Take a look at the Cisco 2950G series. It has those modular ports (SFPs) I was discussing earlier, so you can have gigabit uplinks between switches, and 100Mb to each node. For $450, you can have both switches from them.

RedTomato
Jun 16, 2009, 05:54 AM
Thanks for all the advice again. Will certainly buy Minasi's 2008 networking book. I've been given his Windows Server 2000 doorstop book. I liked his writing style but I was reluctant to read it as I didn't know which sections are outdated.

A quick ask - at the moment, am firefighting re windows updates as these 30 machines haven't been updated in 2 years. (Staff aren't allowed to run updates themselves). At the moment I have to go round, chuck staff off their computer, and run Update. It's insane as all these computers are logged onto Active Directory.

What's the easiest way to remotely run Windows Update via Active Directory while staff are working? I've had a look through google, and I can't work out a simple clear way to do it. Sorry if I seem like a moron.

belvdr
Jun 16, 2009, 05:57 AM
Thanks for all the advice again. Will certainly buy Minasi's 2008 networking book. I've been given his Windows Server 2000 doorstop book. I liked his writing style but I was reluctant to read it as I didn't know which sections are outdated.

A quick ask - at the moment, am firefighting re windows updates as these 30 machines haven't been updated in 2 years. (Staff aren't allowed to run updates themselves). At the moment I have to go round, chuck staff off their computer, and run Update. It's insane as all these computers are logged onto Active Directory.

What's the easiest way to remotely run Windows Update via Active Directory while staff are working? I've had a look through google, and I can't work out a simple clear way to do it. Sorry if I seem like a moron.

Everyone has to start somewhere, so you're not a moron.

WSUS (http://technet.microsoft.com/en-us/wsus/default.aspx) can apply updates as well as SMS. SMS does have a price tag, so I'd check WSUS first.

acurafan
Jun 16, 2009, 06:07 AM
1) get them up to latest service pack, that will eliminate most of the need for updates.

2) then apply updates. use VNC, RDP, or Dameware utilities for remote connection to their workstations, no need to run around physically.

3) read up on and set up WSUS, which applies service packs and updates via GPO.

4) read up on slipstreaming latest service packs to your OS install CD, saves you much time.

assembled
Jun 16, 2009, 05:28 PM
anyone saying that two people _browsing_ a file server will max out a powerline connection should be ignored...

the main reason to run fibre between floors, is if they are fed by different phases in the building (415V here in the UK).

to get better inbound bandwidth from multiple ADSL lines, you need to bond them at the exchange end , not load balance them at the customer end I'd suggest Andrews and Arnold http://aa.nu for bonded ADSL2

unless you get exceptional pricing on 2nd user Cisco, I'd suggest getting new HP Procurve, the lifetime warranty and free firmware updates is the winner from my perspective.

assembled
Jun 16, 2009, 05:35 PM
Not every WAN circuit is assymetrical. You said above you wanted to avoid complexity, but are willing to put in two routers, two WAN circuits, and a load balancer. Again, one router with multiple pipes is far much simpler to install and maintain than two or more routers with two or more pipes load balancing each other. If BGP is too much, do weighted fair queuing and you get the poor man's version of load balancing. Very very simple to do.

Our current router has been up for almost 3 years now (since implementation). Get a good router and you won't have reliability issues. EDIT: I should add we have 155Mb (an OC-3) coming through one router as well.e.

USAian and UK bandwidth costs are very different. I pay in London for a 10mb (symmetric) what I could get an OC3 for in Boston. BGP4 is good, but not the right tool for what the OP is trying to achieve, if he could afford an ISP that could do BGP, he wouldn't be trying to bond two 24 per month connections...

drlunanerd
Jun 16, 2009, 05:49 PM
anyone saying that two people _browsing_ a file server will max out a powerline connection should be ignored...

the main reason to run fibre between floors, is if they are fed by different phases in the building (415V here in the UK).

to get better inbound bandwidth from multiple ADSL lines, you need to bond them at the exchange end , not load balance them at the customer end I'd suggest Andrews and Arnold http://aa.nu for bonded ADSL2

unless you get exceptional pricing on 2nd user Cisco, I'd suggest getting new HP Procurve, the lifetime warranty and free firmware updates is the winner from my perspective.

I second HP ProCurve stuff for smaller projects such as this. Cisco stuff has been more unreliable than any other networking hardware I've used in my career and IMO is overkill for you anyway...

There's lots to learn but I'm self-taught too in the Windows world (and the Apple world for that matter). Last year I put in a new Exchange, Active Directory, Windows Server, VPN, new ISP etc. solution completely on my own which has been 100% reliable so far. If I can do it you can do it! :)

belvdr
Jun 16, 2009, 06:43 PM
anyone saying that two people _browsing_ a file server will max out a powerline connection should be ignored...

the main reason to run fibre between floors, is if they are fed by different phases in the building (415V here in the UK).

to get better inbound bandwidth from multiple ADSL lines, you need to bond them at the exchange end , not load balance them at the customer end I'd suggest Andrews and Arnold http://aa.nu for bonded ADSL2

unless you get exceptional pricing on 2nd user Cisco, I'd suggest getting new HP Procurve, the lifetime warranty and free firmware updates is the winner from my perspective.

And how many people just browse a file share without doing anything with it? I meant users using a file server. If you have 100Mb to the desktop, then having a smaller bandwidth line as the trunk to the server is a very dumb idea.

You say different phases is the reason to run fiber. What in the world are you talking about? There are plenty of reasons to use fiber, none of which have to do with the phase of electricity supplying the devices (high bandwidth, long distance, not susceptible to interference, etc). I can run 110V or 220V to any of my switches and it doesn't impact the fiber at all. :confused:

As for your BGP suggestion above this post, that's why I recommended not going that route. Had you bothered to read, I recommended going with a higher bandwidth line or using weighted fair queuing and bypassing BGP altogether. I have used this in the past with a couple of T1's. Works fine.

It looks to me as if you should be ignored, since you cannot be bothered to read the entire thread or anything in particular.

windywoo
Jun 16, 2009, 06:44 PM
Hey I would never recommend wireless or powerplug for heavy use, but I supported plenty of companies where they only used Word Documents, Excel Spreadsheets, Powerpoint, Email and internet. Those companies would have their needs met by either solution.

SingaporeStu
Jun 16, 2009, 09:05 PM
try this:

http://www.cisco.com/web/about/ac123/ac220/about_cisco_general_networking_resources.html

its free

RedTomato
Jun 17, 2009, 04:00 AM
Gentlemen, please don't argue.

USAian and UK bandwidth costs are very different. I pay in London for a 10mb (symmetric) what I could get an OC3 for in Boston. BGP4 is good, but not the right tool for what the OP is trying to achieve, if he could afford an ISP that could do BGP, he wouldn't be trying to bond two 24 per month connections...

Assembled is right. I'm doing this on the cheap. The reason for trying to get two ADSL connections (around 24 each per month) is:

- for greater reliability. UK ISPS (especially cheap ones) tend to fall over every now and then. BeThere (our ISP) sometimes has DNS issues or falls into Spamhaus's black hole. Hopefully if one ISP goes down we can auto fall-over to the other one.

- For greater outgoing bandwidth. ADSL2+ connections here are around 8-16mb down, and up to about 2.4mb up for about 25 a month. With two lines, hopefully I can double the outgoing bandwith for servicing our five external offices on the WAN.

What I do NOT need is:

- greater incoming bandwidth. 16mb/sec is enough for the office here.

But dual ADSL probably won't happen. An engineer said (informally) our wiring here is pretty ******, and that the only way to upgrade might be to dig a tunnel to the main junction box. Which isn't going to happen.


Hey I would never recommend wireless or powerplug for heavy use

Thanks. We're ethernet here. As we have a lot of deaf staff, I'm putting in a gigabit ethernet framework now. In the next few years, we may start looking at setting up webcam / videophone calling for signed conversations.

A couple of offices already have videophones, but they're pretty ****** (i.e. cheap) and don't get used much.

As I said above, powerline is an idea I might use for difficult locations.

try this:

http://www.cisco.com/web/about/ac123/ac220/about_cisco_general_networking_resources.html

its free

Thanks - looks a very useful resource.

assembled
Jun 17, 2009, 04:46 AM
take a look at pfsense for loadbancing, and for inter office VPN links. you could also split inter office VPN links between multiple connections at the main office, setting up routes so that connectiosn to specific addresses go over specific links is quite easy :-)

Consultant
Jun 17, 2009, 09:41 AM
Have you tried Wireless N only connections? Get 2 Airport Extreme stations, set one up as access point, using your main router as DHCP server, while the other to receive signal.

Encrypt using WPA2 with non-standard names.

Should work through interior floor. Extremely low latency for me.

If it doesn't work you can return them.

RedTomato
Jun 20, 2009, 05:01 PM
Hello,

News update:

I got the specs of the switches we will probably get. Two of these:

http://www.dabs.com/products/best-value-24-port-gigabit-ethernet-switch-529T.html

Two cheapish 24-port gigabit switches, 100 each inc taxes. We decided no point in getting a 16-port switch.

No word on the router yet, but I will start putting in the switches in the next couple of weeks. I've ordered 300 feet of cat5e cable and various ties and hooks and it should be delivered in a few days.

Yesterday I went for my training in how to crimp ethernet cables. Pretty simple, but I wouldn't have picked it up so easily from a book. My first plug crimp went perfectly, but my second one took 5 tries to get it right :o

Also went through some fire regs discussion. The main one seems to be that ethernet cables should be about 15cm away from electrical cabling, and both should be in conduit when in office space. I'll buy conduit locally - we're in East London so it shouldn't be too hard.

Cheers

PS: No I'm not going to do a wireless backbone through the floor. Thanks for the suggestion but forget about it. Please.

Ramius
Jun 20, 2009, 08:09 PM
For 30 users everything should be straightforward. Start - Programs - Administrative Tools and all you need should be there. Its usually a case of right clicking and following a wizard. Or double clicking and filling in stuff.


Wow, you suck. :eek:

Les Kern
Jun 21, 2009, 03:04 PM
No offense but you got a job to which you had no experience? I'd be a little nervous but getting in over my head

Not always the case. 16 years ago I was hired to take care of a network and 600 macs. I didn't even know what ETHERNET was. Within a a short time due to long hours, lots or reading and little sleep, I learned. Now it's grown to 30 servers, 1,200 macs, a WAN, GB switches, POE AP's... it CAN be done.

Consultant
Jun 22, 2009, 09:02 AM
PS: No I'm not going to do a wireless backbone through the floor. Thanks for the suggestion but forget about it. Please.

It can be better and faster than the powerline adapter.

But ideally you would hire someone to run real cable between the floor if you can.

Chris.L
Jun 22, 2009, 02:02 PM
As most have said, run a gigabit trunk between the switches for good communication. None of this wirelss or EoP rubbish.

In terms of updates and WSUS. Get WSUS free from MS and configure a GPO to control what happens with updates.

Then its just a simple case of approving the updates.

Also check what other GPO's are in place and considering implementing some sort of security if you don't have any.

Have you decided how you will be connecting in the remote offices yet? Obviously a site-to-site VPN, but will you be terminating on the Cisco equipment or will you be getting something like ISA to do that?

RedTomato
Jun 25, 2009, 06:00 AM
All the hardware except the router's arrived.

Spent yesterday making a start on the cabling. Jesus, what a mess. Ethernet, power cables, telephone cables all mixed up on the floor. Ethernet cables strapped to powerlines strapped to hot heating pipes. Jesus.

Put in 2 inch wide trunking around the perimeter of the upstairs floor to take all the ethernet and telephone cables. Left power lines on floor to be put in separate trunking later. As this is an old building, there's about 4 wall power sockets supplying 10 desks. It's a mess of extension cables under desks everywhere.

Mounted the upstairs 24 port switch vertically on the wall behind the boss's chair. (best location on floor to save on having to run an extra 20x10m cable)

Took the rackmount brackets and turned them through 90 degrees for vertical mounting. The screws for attaching the rackmount brackets to the switch are tiny, only about 3mm from head to tail. Stripped two, wasn't happy with the others, so replaced with hard drive mounting screws. Tight, but switch still wobbles in the rackmount brackets. At least it won't fall on the boss's head, as it was threatening to do with the original screws. I might superglue the rack brackets to stop the wobble.

Gigabit cable in place now between ground floor and upstairs. Will mount downstairs switch next week.

Got a topology problem, see my next post.

Chris.L
Jun 25, 2009, 01:03 PM
Next post?

OZMP
Jun 26, 2009, 04:30 AM
i couldnt get a mac job so now i am doing a traineeship at IBM :P
work where ever you have to too pay the bills, use apple stuff at home :cool:

oh, and try some silicon(one that sets solid) in the screw holes if it is the one on the blade and not on the rack(eg, you cant use another one) silicon method worked to fix some shelves in the shed years ago.

belvdr
Jun 26, 2009, 05:45 AM
I would look for better screws rather than superglue personally. In my experience, doing it right the first time will only help you down the road (say for a replacement switch if it should fail).

What's this topology problem you are having?

locust76
Jun 26, 2009, 04:34 PM
Ok. First of all, being a network administrator myself, Windows Domain management and network administration are entirely different areas.

Since you're starting with layer two networking hardware (switches), I suggest you avoid CCNA books and read up on some CCENT material. Cisco broke CCNA into two parts, the first of which is CCENT. There you will learn the absolute fundamentals of networking. None of that domain admin crap, but actually how data is packaged from the application and the entire process until it gets put on the wire. You will also learn what hubs really are, why they are bad, and why a switched layer two LAN is the best way to go.

Subnetting, subnetting, subnetting. If you don't know what a subnet is or how to calculate IP ranges and convert from binary to decimal and back, you should probably start doing it. I understand the LAN will be small at the moment, but if it ever grows beyond the 253 host limit for a class C network, you will need to subnet. Oh yeah, learn what Class A, B and C networks are.

From there you will learn about switching logic, physical addressing, broadcasting, multicasting and unicasting. In addition to that, some basic
routing information is included as well.

Even though I say "basic," it's A LOT OF INFORMATION. My CCENT book from Ciscopress has to be about 500-600 pages (left it at work, so I cant tell you an exact #).

Unfortunately, you opted for non-Cisco switches. I'm sure other brands are just fine, but the wealth of configuration knowledge in the Cisco books is geared towards Cisco IOS-based equipment. My company is migrating to 100% Cisco devices. We used to have HP Procurve switches and they died on a regular basis. We've had Cisco for about 5 years now without a single one (out of currently around 40) failing. Our core switches have been up for 266+ days straight (since the last firmware update) without a single service interruption, though I would like to bring them down for a firmware update some day.

DON'T do:
Wireless connections between floors
Ethernet-over-power
or any other silly idea like that. Use copper Cat-5e wiring at the bare minimum, or fiber optic if those switches can take SFPs.

DO do:
Read
Study
Learn
SUBNET

All of this fundamental knowledge will make you a much better network administrator, because nothing is as embarrassing as not knowing how to effectively do what it is that you're getting paid to do, or having to redo everything in the future because you screwed it up the first time. Every time I look into one of our network cabinets I have to undo some stupid crap that my pre-predecessor did when he was fumbling around with only a half-idea of what he was doing.

In this regard, you're damn lucky you're only starting with two switches and a router. That's really basic and you will be able to get it up and running without too much in-depth knowledge or troubleshooting. When I started as a network admin at my company, I was given a full-on network made of 40 switches, two routers, hundreds of hosts, a few dozen VLANs, a 34 megabit WAN link and a VPN running over that WAN link to our satellite sites in several dozen other countries, as well as 6 or 7 Wi-Fi access points on the factory floor, with a new wing being built on. In the next month or two, I have been in planning stages with my supervisor for redoing the entire core of our network, essentially ripping out our core switches and replacing it with entirely different hardware.

locust76
Jun 26, 2009, 04:48 PM
Baleeted

belvdr
Jun 28, 2009, 01:39 PM
essentially ripping out our core switches and replacing it with entirely different hardware.

Word to the wise, since you're going all Cisco, is to get a modular switch, such as the 6500 series, and use dual supervisors. You can then do rolling IOS upgrades with little to no downtime.

RedTomato
Jun 29, 2009, 06:44 AM
Thanks Locust76, and yes I already know a little about some of the networking fundamentals, the various layers that go into making a network packet datagram, and the differences between Class A, B and C sub networks. It isn't too difficult. It's the whole Microsoft Server software and domain control and setting policies that's entirely new to me.

We're unlikely to go over 253 addresses, tho thanks for the heads up, as at the moment, including all staff, printers, laptops, various offices etc, we're unlikely to break 100 addresses. This is just after a major expansion, which is stressing the charity at the moment (and why I was hired).

OK, the toplogy problem, this is embarrassingly simple considering what I just said ...

Firstly, our current router is a simple Netgear D-link model, as the cash for the Cisco upgrade seems to be delayed.

The server and the switches and more and more of our computers are gigabit speed, but the router is only 100megabit. So I'm trying to figure out what's the best way to link them up. None of my networking books address this (probably rather common) situation, and my Google-fu is failing me.

This is the current set-up:

http://i946.photobucket.com/albums/ad303/deaftomato/router-top.jpg

So everything goes through the 100mb router, and it seems to be slowing down the network.

Now, I understand the switches (24 port gigabit) cache a routing table. From that, it seems they don't really need to be directly connected to the router, and our wired network is going to be quite static. So I wonder if this topology is workable:

http://i946.photobucket.com/albums/ad303/deaftomato/switch-1-top.jpg

Here, there is a full gigabit connection from the server to switch 1 (where most of the computers with gigabit ethernet are). Switch 2 has to share the server link with switch 1, but should still be better than a 100mb link.

The ADSL modem is low bandwidth (about 12mbit down and 4mbit up) at the moment) so switch 1 should be able to deal with passing on the traffic from it.

There's also a picture of a sample network that looks like this in one of my microsoft books (!) but nothing about it in the text.

Finally, is it possible to give each switch its own gigabit connection to the server? I have two ports on the server, so:

- if the computers linked to switch 1 are given server address 1, and the computers linked to switch 2 are given server address 2,

- and switch 2 is linked to switch 1 for internet access, and to give upstairs access to printers downstairs and vice versa, we get the following diagram:

http://i946.photobucket.com/albums/ad303/deaftomato/network-loop.jpg

Now, this looks like a loop, and every networking book will say OH NOES no loops, but as the two server ports have different addresses, I'm not sure if it's really a loop.

The server has 3 drives: 1 system; and 2 data in RAID 1 mirrored (plus external backup), so in theory it could saturate a single gigabit link, which is why I'm considering dual gigabit ethernet links.

Thoughts as to which is best? I don't really want to get into complicated spanning loop networks - rather keep it simple for now.

belvdr
Jun 29, 2009, 10:32 AM
That second picture should work just fine, and I would recommend it over picture 1. If the server has a gigabit connection to Switch 1, and it is a gigabit link between Switch 1 and 2 you shouldn't have issues. When a network of this type expands further, you'd link the extra switches back to Switch 1, and keep the server there. Additionally, adding on further might require you to upgrade Switch 1 so it has more capability at handling the extra load. To be honest, you'll likely never see the need to do this on that particular network.

Switches do not cache routing tables, unless they are layer 3 capable switches and IP routing is enabled. As for loops in the network, that is only a concern when the network is looped together. Servers can be multihomed and as long as they are not bridging the connections together, all is well.

You could certainly multihome your server, but I doubt you'll see any added benefit for doing so. If doing this, you may run into issues with Active Directory as it seems to be tied heavily to the IP address. I can say that I have never seen that in use on any network I have been involved in.

locust76
Jul 8, 2009, 04:24 PM
Third pic:

That setup with the server looks a little funny. What's the purpose of that? Keep in mind, that the Hostname will be visible under two separate IP and MAC addresses, so that might cause confusion, especially with name lookups (Computer A says "Who is 'Server?'" and two separate MACs reply with totally different IPs). It's not a physical loop, per se, since the server has two unique MAC addresses, but logically it's kind of crazy and will most likely function accordingly. I kind of see that maybe you wanted to give both switches direct access to the server, but in order to actually pull that off, you'd have to have two separate networks (IP ranges) for each switch.

Second, since this is a small network, doesn't the ADSL modem have a built-in router? If so, you've got 3 separate networks there. One WAN (from ADSL to the ISP), one between the ADSL modem and the router and another between the switched layer 2 network and the router. That's extra layers of routing decisions that don't really seem too terribly necessary.

Second pic:

You will want to avoid daisy-chaining your switches like that, since all traffic coming out of switch two will have to go thru switch 1 and to the router, basically constraining your entire network to a single gigabit link out to the internet (and, of course, forcing switch 1 to handle switching decisions for packets from switch 2 to the internet). IF the router has more than one LAN port, I'd suggest going the extra mile and running a line from it to switch 2, though you probably have no choice, as many routers only have one LAN port.

First pic: I think this one is probably the best, most future-proof scenario, if it's feasible, though I wouldn't connect the server to the router because it probably only has 100mbit ports instead of gigabit. You'll kind of have to bite the bullet and put the server on switch 1 and force traffic from switch 2 to traverse switch 1 to get to the server (or get another smaller gigabit switch for servers and connect it directly to the router, again, if possible)

Actually, if you could, it might make sense to get a third gigabit switch to connect directly to the router and put the server and other two switches on that third switch. With that setup, you're 100% gigabit internally with a 100mb uplink to your outside line

belvdr
Jul 8, 2009, 08:41 PM
Third pic:

That setup with the server looks a little funny. What's the purpose of that? Keep in mind, that the Hostname will be visible under two separate IP and MAC addresses, so that might cause confusion, especially with name lookups (Computer A says "Who is 'Server?'" and two separate MACs reply with totally different IPs). It's not a physical loop, per se, since the server has two unique MAC addresses, but logically it's kind of crazy and will most likely function accordingly. I kind of see that maybe you wanted to give both switches direct access to the server, but in order to actually pull that off, you'd have to have two separate networks (IP ranges) for each switch.

Second, since this is a small network, doesn't the ADSL modem have a built-in router? If so, you've got 3 separate networks there. One WAN (from ADSL to the ISP), one between the ADSL modem and the router and another between the switched layer 2 network and the router. That's extra layers of routing decisions that don't really seem too terribly necessary.

There would only be confusion for the hostname lookups. As for "Who is Server", MAC addresses won't be the response. "Who is <IP>" (i.e. ARP who-has) would get a MAC address for a response, and since both NICs would have different IPs, there would be no confusion. Of course, having the same IP on both NICs wouldn't work in any case.

Also, there's really no routing decisions here. It's a simple default gateway network: either it is local or send it to the next hop. But I agree, the less units in the mix the better.

Second pic:

You will want to avoid daisy-chaining your switches like that, since all traffic coming out of switch two will have to go thru switch 1 and to the router, basically constraining your entire network to a single gigabit link out to the internet (and, of course, forcing switch 1 to handle switching decisions for packets from switch 2 to the internet). IF the router has more than one LAN port, I'd suggest going the extra mile and running a line from it to switch 2, though you probably have no choice, as many routers only have one LAN port.

I strongly disagree. All enterprise networks have a MDF with a switch capable of handling the load to the WAN and between the IDFs. The heavier load will be between Switch 1 and 2 for access to the server. In this case, Switch 1 most likely has more switching horsepower than a simple router. After all, switches were designed to switch, and routers to route.

Since the WAN link is ADSL, then it is very likely a 100Mb link to the router is more than sufficient. ;)

First pic: I think this one is probably the best, most future-proof scenario, if it's feasible, though I wouldn't connect the server to the router because it probably only has 100mbit ports instead of gigabit. You'll kind of have to bite the bullet and put the server on switch 1 and force traffic from switch 2 to traverse switch 1 to get to the server (or get another smaller gigabit switch for servers and connect it directly to the router, again, if possible)

I'm not sure I gather what you're trying to say. Just leave the server on switch 1 or 2 and let the users have at it. I'm not sure why adding another switch is being considered just for the server. Additionally, he/she said the router is 100Mb. Why do you want to constrain the links to both switches to 100Mb when you have gigabit already available?

Actually, if you could, it might make sense to get a third gigabit switch to connect directly to the router and put the server and other two switches on that third switch. With that setup, you're 100% gigabit internally with a 100mb uplink to your outside line

How's this different than what you're opposed to in the second pic? You said not to daisy chain the switches as people on Switch 2 will need to traverse switch 1 to get to the Internet, but now you're suggesting a third switch. Honestly, keep it simple: two switches and be done with it. The two switches already provide 100% gigabit internally with a 100Mb Internet link. Adding a third switch does absolutely nothing to enhance the network.

Ap0k5
Jul 9, 2009, 05:44 AM
Your 2nd picture is the method I'd use. It's almost identical to the setup I have at home.

Internet (20M) into Modem/Router (100M)
Modem/Router into Switch1 (1G)
Switch1 then splits off to Switch2 (which is upstairs also 1G), and various endpoints downstairs
Switch2 splits off to various endpoints upstairs

Everything works fine, no slowdowns when accessing content between switches, and the 100M link is plenty fast enough to cope with internet requests from devices on either switch.