Hi,
That's fine, a good security engineer should know about internetworking
anyway! Just to set up fws you need an understanding of routing! Anyway...
Being in your situation I will get all the free network diag. tools
available on the Internet. You are lucky enough to have Unix boxes, IMHO
there are more FREE network tools available under Unix right now (as opposed
as NT for example)!
tcpdump is the first one that comes to mind.
SessionWall-3 could be useful they have a demo version I believe still. I
used it but on an NT box. Not sure about a Unix version. Do a search on
network scanners, I am sure you will find free ones... You may want
something like a computer to carry between your different physical network
segments...
Your switches should be able to tell you something though. I know from the
2924XL you can tell the network usage, working at 10 or 100 Mbps etc... and
also I am sure there are some debug functions with the IOS you can do...
It is very hard to help you out with the info. you provided us with. You
mentioned the pieces s/w and h/w and we can only get a general layout from
this info.
Your approach to troubleshoot the thing seems good but not quite sure what
you mean by "scanning the 5500's show port for excessive errors and pulling
the fiber to the problematic port." Did you find or not the problematic
port?
Regards,
Jean.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Stewart Dean
> Sent: Wednesday, November 10, 1999 7:51 AM
> To: [EMAIL PROTECTED]
> Subject: A basic question on network saturation
>
>
> I'm the Unix (AIX & Solaris) system admin in a small college whose
> strength is more in the hosts than the network, but I'm the one that
> has to deal with network problems...so this is a basic question.
> Further, it's more a network than firewall question. So my apologies
> and abasement...if there's a better list to ask this in, please direct me.
>
> OK: I am seeing intermittent network saturation: internal pings fail,
> telnet session hang or get dropped, etc. I have no sniffer, no network
> analyzer, no network management software. This is an Ethernet
> network that was figer linked to IBM/Cabletron/Synoptics hubs, but
> now has a Cisco 5500 with RSM at its center and about 1/3 of the
> network is Cisco 2900 XLs..in a year or two, it'll be all of it.
> It handles
> about 1000 students and 500 faculty and staff. We have a T1
> outbound out of a Cisco 2501 (which ties to the intranet with a 10Mb
> regular Ethernet); it's other serial port is a frational T1 from a
> satellite campus.
> I notice that, when network saturation happens, the T1-Out is
> pegged....the ISP, AppliedTheory/Nysernet, provides a nice web-
> based page that graphs our T1 usage. When I do a 90 day report, I
> see the first 30 days is flat at 10-15%. Then (perhaps coinceding with
> the beginning of replacing old stuff with 2900XL Cisco gear) I see the
> beginning of peaking, that grows over time. By this time, we are
> getting 100% T1 out for periods for hours...then it will break off and
> go down to 20-30% and ordinary usage resumes.
>
> About the only approach I've been able to come up with is:
> = scanning the 5500's show port for excessive errors and pulling the
> fiber to the problematic port. That hasn't yielded anything.
> = pulling the fibers to all switches/hubs one at a time and watching
> the CPU% of the Internet router. I observed a 10% drop on one fiber
> leading to a student dorm, but no great restoral of services.
>
> As you can see, I am bashing around in the dark. Yes, I would like
> some diagnostic hw/sw, but the boss has smiled at me when I've
> asked and said, 'We're buying the network gear", as if a real admin
> could sniff the wind and tell you what idiot student is running an
> MP3 website on campus (I once had the mail server freeze because a
> student used /tmp as MP3 storage!).
> Well, it's all come home now and it's roosting on MY head.
>
> The floor is open. I appreciate your suggestions for:
> = debugging with what I've got
> = what hw/sw would work to help debugging
> = books/courses
>
> There's a fine line here between convincing the management that
> network mgmnt that supervisory and debugging hw/sw is needed
> and getting fired 'cuz the network don't work.
> // Stewart Dean - [EMAIL PROTECTED]
> //
> // Machiavelli said (in essence):
> // Bad mercenaries will lose your country for you,
> // "good" ones will take it away from you....
> // Don't use mercenaries
> // Dean's corollary:
> // Hiring temps or vendor employees may be all the rage...
> // but they're the same as mercenaries:
> // You give neither loyalty nor committment;
> // the favor, if returned, should come as no surprise
> // Look to your own honor if you expect any from them.
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
