On Wed, 9 Jan 2002, Ken Milder wrote: > Paul, > > Thanks for your comments. You must have a small network. We have several
I've built and run networks from the tens of devices to the tens of thousands. > hundred subnets and thousands of nodes. Gathering traffic statistics, > installing patches and software upgrades, trouble shooting, and other > network management functions make remote management of our switches > essential. It is inefficient to have a tech jump into a truck and drive 20 I've seen two switch failures on switches I've procured since Ethernet switches became popular, one was DOA, and the other was locked up so that you couldn't remotely access it. If you've got any significant number of switch failures, then either your vendor needs a good dressing down, and your POs need a MTBF clause, or you're under capitalizing your network infrastructure. If it's a dumb switch, there's no need for software upgrades or patches. That leaves troubleshooting- and other than one set of Ethernet cards doing poor autonegotiation, I've yet to see a significant layer 2 problem on Ethernet which wasn't easily troubleshot without SNMP or switch stats- and most of those could be shot from either a host or a router. > miles to a remote site every time we need to trouble shoot a compliant > about poor network performance. If you're troublshooting performance issues on a regular basis, I'd suggest that your efforts really need to be directed towards building out a more robust architecture, or educating your users to build network infrastructure dollars into new projects to support their workloads. Networking existed pretty happily before people put SNMP on switches, even large robust networks. It's been my experience that most of the time, the very cause of trouble is the network layer, so once again, in-band management sucks for diagnosing it. That's why I like terminal servers wired to console ports where remote diagnosis is necessary. Another more useful trick if you're using large core switches is to out-of-band the console port and keep a sniffer on one port that you can span onto one of the VLANs. Sniffers are a heck of a lot more useful for diagnostics than built-in switch statistics IMO. FWIW, I've never had responsibility an internetwork with more than ~3,000 local users, and about 150 remote sites. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
