How would you network ~~ 120 PCs for Internet sharing

humaxf1

Hi all...

(This is all from memory...may not be correct)

Where my dad works, there are approx 115-120 PCs. Suites of 20(ish) PCs per room (5 rooms) and 15(ish) PCs scattered for office and indivdual user use. The room PCs goto their own switch and then an upload (i presume) to a main switch to connect to a server for account logons. All run 2kPro or XP.

Majority of them are connected to a domain (Not sure of NOS on server) using 10.0.0.0 network scheme. DHCP? cant remember! Last time I saw a mouse move over the network connection on a client, it was running at 10Mbit. Dont know if a proxy is used for net access. AFAIK, they have a leased line/ISDN bundle (could be T1?) They also apparently have a CISCO router. Don't know the model.

Anyway, they are having network problems most days. IP printers not getting print jobs, no Internet access across the LAN.

I'm just curious about peoples suggestions on how they would start from absoloute scratch?!?!?

I'm thinking...

a. would it be better to scale down the IP scheme to a 172.(say)20.*.* scheme.

b. have a small domain for each room (these are actually classrooms) with an A.D. PC (2 NICS) acting as a router. 192.168.2.* scheme for the client side and 172.20.*.* for the main LAN.

c. a separate domain for the scattered 15 or so PCs each on 172.20.*.* This number could grow or have IP printers added.

Any input would be great...thanks.

twentyfour7

By the sounds of things and in my opinion you need if not already in place.....

All rooms wired with Cat5(e) or 6. These should all be wired up to a centralised room which is dedicated to your network infrastructure.(comms)
In this room all other rooms / office / classes will be connect to your central patch panel and then into a few 10/100 or gigabit switches. (I find it hard to imagine a network without these basic requirements as i'm sure you'll agree.) A single Windows AD Domain running 2000 / 2003 Server should suffice for 125 machines, you could even have DHCP / DNS services running on this. Make sure the specification of this box is ok. i.e min Dual Xeon's with a couple of gigs ram with disk redundancy etc.
If you have a couple of spare servers you should set them up as Domain controllers also, you can never have too many DC's in your organisation unless you are running NT in which case you can only have the one obviously.

What are you email requirements?
Do you have exchange 5.5 / 2000 / 2003??.
You say you have a Cisco Router in place. Is this used as your default gateway or just for internal routing. You havn't mentioned as to whether or not you have multiple subnets in place or not?? If you members of job public using the network you must setup multiple subnets in order to keep a decent level of security in place. Otherwise you may have problems.

If you have a bit more information regarding the setup may i can give you a bit more advise.


Russ

Kali

At the moment its a nice manageable design (and just because its 10.* does not mean its a /8 !!!).. its much easier to find out where the fault lies then to reconfigure everything, especially multiple domains per room, thats just horrendous and will cause countless issues.

So suggestions:

First at what speed the network is connected at.. full or half-duplex? You say its only 10Mbit: find out the speed of the switchs (and make sure they aren't hubs)... if they are 10/100 then PCs should all be at 100Mbps.

Then look at how the IPs are managed.. is it DHCP or static? a combination of the two will invariably lead to conflicts and lack of connectivity if proper DHCP pool restrictions aren't setup.

Lack of internet access generally means that PCs aren't receiving gateway (which will be the router) or DNS information from the DHCP server or have it incorrectly configured.

Have they got an internal DNS caching server?

Sounds like you really need to look at the situation properly before going gung-ho on it.

themole

humaxf1 wrote:

Anyway, they are having network problems most days. IP printers not getting print jobs, no Internet access across the LAN.

file sharing and people downloading ****e?

that would saturate any 10MB network

seamus

It does seem like you need to start at the bottom, audit exactly how the machines are set up, how each router is set up, and what the server (presumably a domain controller) does for the network.

Once you have all that information, it should be possible then to figure out where the problem is.

For example, if users in room A, using switch A, can't access the internet, but users in room B, using switch B can access the internet, then you've probably got some sort of routing issue.

As you suggest, it's probably best starting from scratch, though that's not to say that you need to remove everything and start over. Do an audit. Then figure out what services you need to change/add to get everyone singing from the same sheet. Ideally in any network, every client should be configured identically. This makes your life easier and problems easier to spot. IP printing for example - do you need to configure the printer on each machine (insert the IP address, choose the driver, etc)? Would it be easier to add a second server as a print server, then if anyone wants to connect to a printer, they just double-click on it?

rogue-entity

Here is what you could do:

First check each of the switches in the classrooms and if needbe, replace them with 100/1000Mbit switches. Connecting the uplink port to another switch in the server room.

Make sure that the other 15 PCs are connected to a seperate switch.

Setup a server (can be a spare PC) with 3 NICs and a linux distro to work as a router and DHCP server for the network. This way you can split the classrooms and the other PCs into seperate subnets. For Example:
192.168.0.1 (External IP to Internet and login servers).
192.168.1.1 (IP for Server on Classroom side)
192.168.2.1 (IP for Server on Individual PC side)

Now just configure the DHCP server to dish out IPs for each subnet and you are up and running. All you need to do now is change the "internal" IP for your Internet Router (which is probably the Cisco one) to say, 192.188.0.200 and the IP for your A.D/Login server to 192.168.0.2 and connect them to a switch, with the uplink port connected to the "External" NIC of your new Linux router. This should bring things back in order. I would have replaced the login server with a linux box, setup as a domain controller which would handle the logins, so I could save money on MS licencing fees.

Any Qs, drop me a PM.

humaxf1

Cheers guys for the replies. All interesting views of the situation.

If I get time, I will try and get a better look at the setup and make a list of exactly whats there and try figure out how it's all set up.

As for linux router, would IPcop, smoothwall or monowall do for this application?

As for the cisco, I am presuming this is for taking the internet on one interface and converting to a private address for the LAN on the other interface.

axer

rogue-entity wrote:

Setup a server (can be a spare PC) with 3 NICs and a linux distro to work as a router and DHCP server for the network. This way you can split the classrooms and the other PCs into seperate subnets. For Example:
192.168.0.1 (External IP to Internet and login servers).
192.168.1.1 (IP for Server on Classroom side)
192.168.2.1 (IP for Server on Individual PC side)

Now just configure the DHCP server to dish out IPs for each subnet and you are up and running. All you need to do now is change the "internal" IP for your Internet Router (which is probably the Cisco one) to say, 192.188.0.200 and the IP for your A.D/Login server to 192.168.0.2 and connect them to a switch, with the uplink port connected to the "External" NIC of your new Linux router. This should bring things back in order. I would have replaced the login server with a linux box, setup as a domain controller which would handle the logins, so I could save money on MS licencing fees.

Any Qs, drop me a PM.

For all he knows he could have a decent Cisco router that would handle all DHCP and subnets. I would check that out first before making a PC router or changing the IP addressing scheme used. I would also do what the others mention first - do a full run down of all that is there now and do a few tests to check for connectivity problems and as Kali said - Make sure they are not hubs they are using.

seamus

humaxf1 wrote:

As for linux router, would IPcop, smoothwall or monowall do for this application?

I wouldn't add any further hardware until you have done an audit. A hardware router (which you already seem to have) will be much more efficient than a Linux-based PC router.

As for the cisco, I am presuming this is for taking the internet on one interface and converting to a private address for the LAN on the other interface.

That's a possible configuration.

I'm sure there's no shortage of us here who'd happily come in and do it for you (for a fee). If you're in over your head, it may be best to consult someone who knows what they're doing. From you posts though, you seem like you should be well able to figure out how the network is set up, and post up any further questions here.

humaxf1

I might be putting out the wrong vibes here...I have nothing to do with the network. The fact that my dad works there and from what he has heard, the IT company that look after & supply the computers/network haven't a clue. They had a spate of hardware problems that were not resolved totally, never mind the network.

I sat a comptia A+ & Network+ exam(s) (all passed)(FAS course) in August/December so I know a fair bit, but alot to learn yet. I'm interested in trying to find out where the problem(s) lay and would love to give a soloution to them and go HA!HA!...you're paying Big Bucks for a tIT company to look after your network compared to me, still wet behind the ears.

They brought in new switches, which either didn't work or when it was brought upto 100Mb, the connectivity went. They muttered something about a possibility of faullty NICs...sounds to me they are urinating in the wind! As said before, I can get a closer look at the setup and note what they have.

Thanks to all for the responses so far.

TimTim

I'm just wondering about that, because where I go to school we have a "IT" company who send out "techs" to do things which they can't do and I end up doing what they are being paid to do for free.

Could you PM me the name of the company, I'd like to know if we have a common enemy.

humaxf1

Where abouts are you located county wise timtim. I dont want to give out too much info at the mo. Hope you respect that.

Thanks.

Ziycon

im my opinion you should use a class C ip address scheme as it is a smaller range to maintain, also you should give any network printers or print servers static IPs this way when you set a print to print from a pc it will never change or lose jobs!

humaxf1

Hi Ziycon,

Class C are great as you just have to remember the last octet for hosts, but I can see a possibility for the network to grow. I've heard that it's not a good idea to nearly max out on hosts for class C... a 172. address will never run out of addresses with the setup I'm talking about.

I understand the static IPs for printers etc, or give them DHCP but associate it's MAC address for reservation of a specific address within the scope/pool of addresses.

Capt'n Midnight

Are any of the switches managed - especially one of the central ones so you can see the load ?

Have you used something like Ethereal or Windump/TcpDump to look at where the traffic comes from - in case of broadcast storms or old protocols.

Is name resoultion working fine if using windows activery directory - DNS problems make newer versions of windows cry.

TimTim

humaxf1 wrote:

Where abouts are you located county wise timtim. I dont want to give out too much info at the mo. Hope you respect that.

Thanks.

Yeah, fully respect that, wouldn't want to give out much details about myself on a public forum.

Greater Dublin area if thats any good to you.