Questions

Network problem.

Tags:
+
0 Votes
Locked

Network problem.

joelopez213
Ok guys, I was hired with this company 2 months ago. I am handling their Net Administrative duties. I have a degree in this, but specialize mostly in programming. I know my stuff, just dont have sufficient experience to fiddle with their network yet, I am barely getting use to their overall setup and function.

For one, they are running a crappy Network setup. That I know for sure. They currently have a T1 and a local LAN setup. Everything is working fine, but everything else is out of wack, unorganized and messy.

This is the issue:

They are dropping the T1 line to a HUB (ack, which also happens to be an old model NetGear - do they even make HUBs anymore?) and then daisy chaining it or "bridging it" to the wireless router (D-LINK DI-624) which makes up our LAN alongside a 24 port Linksys switch. The D-Link router has 4 switch ports, which they bridged the main LAN switch (24-port Linksys) which ultimately serves our 10 user nodes. We need the available extra ports in case clients come in and they have to use the net with their machines.

Anyway, we have a main server running Windows 2003 Server; its a PowerEdge 6500 DELL rack server. The server is hooked up to the NetGear HUB alongside the Wi-Fi router and a LaserJet for the office. Now here's the issue, HUBs slow your connection because of the crappy collisions and loss packets that this stupid device stumbles on, so I want to remove this thing completely. The issue here is, the server is serving our web site, so it needs a static ip (public) to be able to serve the site and so does the LaserJet (for some reason). How can I eliminate the HUB and keep my WLAN/LAN in check with the D-LINK router and keep my server static as well as the LaserJet printer??

I know that our DELL server has two network cards, one is for incoming net and other is out, right? I bring in the T1 to adapter 1, then uplink adapter 2 to the D-LINK DI-624, right? Now, our server would serve the internet to the LAN, correct? But, how do I keep the LaserJet static?

Thanks in advance for the replies!
  • +
    0 Votes
    jordanspcrepair

    well, your plan is going great. just connect the printer to the router or switch, and add a tcp/ip printer port with a static ip address for your printer, you may have to connect to the printers software through the internet and configure the printer. then configure your server with dhcp so that all the other computers on network will automatically get an ip address, which you probably already did this. but now, configure your server with an static ip address in case you haven't, and then run the dhcp wizard built-into windows, and exlude both the server and printer ip addresses.

    i hope this works for you.

    +
    0 Votes
    joelopez213

    I will give it a shot.

    The LaserJet and server are both configured for static. They are simply bypassing the router to prevent it from assigning them DHCP private addresses.

    So let me get this straight...

    My incoming line connects to adapter 1 from my Server, then from adapter 2 connect the DI-624 router, then from port 1 from the router, connect the 24 port switch, right? Then configure the server for DHCP and exclude both statics...correct?

    Then connect the LaserJet to I dunno, port 2 on the router switch port, then configure it for the static settings? Where do I add the TCP/IP settings for the printer, on the server? Wont it already become the printer server??

    +
    0 Votes
    jordanspcrepair

    ok. let me revise this. turn off the dhcp private addressing on the router. connect your T1 line to your routers WAN/Internet port. ok. now then forget that you have 2 ethernet adapters on your server, and just imagine you have one. now connect your server to the router. connect your printer to the router. connect your 24 port switch to your router. make sure you keep your static ip addresses for your server and printer. and make sure you run the dhcp wizard on the server and exlude the server and printer ip addresses. now then, on your server, open up the printer properties of the laserjet printer, and go to the ports tab. select add new port and click on standard tcp/ip port. enter in any info it asks for.

    +
    0 Votes
    joelopez213

    I will try this as soon as I can get some downtime to do all of this, possibly over the weekend if need be.

    So excluding the server and printer will give me the flexibility to config the statics? How will these nodes run through a router config'd to DHCP for my LAN?

    +
    0 Votes
    jordanspcrepair

    i agree about the fact that the ip for your printer shouldn't cost you a cent. get rid of that ip, and configure a static ip like 192.168.0.1 and exclude this address in the dhcp address pool. and if you are paying for your servers ip too, then do the same. ok, now for the router dhcp lan part. just connect the router to one of your computers, and go to the configuration setup page. disable the routers ability to assign ip addresses, and enable the router to use a server to distribute ip addresses and enter in the servers ip address and so forth. make sure you plug your T1 line into the WAN/Internet port of the router, and setup your internet connection on it.

    now for your server and printer ip addresses, just assign them a static ip address, and exclude their ip addresses from the dhcp address pool. now then, you can connect your server, printer, and a cable from your switch to your router, and then connect all the other machines that need connected to your switch.

    hope this helps.

    +
    0 Votes
    CG IT

    whatever router that has the WAN port obtaining the IP address, that needs to be kept in place. Whatever is behind the router you can mess with.

    servers and network printers should have static addressing. Everyone else can get their address from DHCP either from the server or from the perimeter router.

    I would look at the server addressing with 2 network cards and trace the connections. typically the server should only have 1 ethernet card. The printer NIC would have the IP address already configured so I don't think it has a public address [be awfull expensive to have 2 public address 1 strickly for a printer

    Simply put, all hosts on the LAN should connect to the 24 port switch as each switch port is it's own collision domain.

    you can uplink if the switch has an uplink port or just connect one of the switch ports on the linksys to the switch port on the router.

    You shouln't have to change any addressing or any configuration on the router [provided you figure out why the server has 2 NICs.

    If the server has Windows Small Business Server software, that would account for the 2 NICs and make what you do more complicated.

    btw if you want to do this right, put in a patch panel. all hosts connect directly into the patch panel punch down blocks [568B] then patch to the switch.

    If this is for a company called C.A.R.S tell Chuck good luck.

    +
    0 Votes
    joelopez213

    This is not for the company you referred to.

    But in response to your reply, the building does have a patch panel setup, which joins all the wall jacks in every room. the patch panel cables are hooked up directly to the linksys switch. The DI-624 uplink is connected on the furthest port (P24) on the linksys switch. Then it daisy chains to the NetGear crapp-O hub. I am only using one NIC on the server and the server is running Windows 2003 professional Server. The LaserJet was configured for static settings. I have available static ip's from my ISP.

    +
    0 Votes
    CG IT

    remove the crapola hub. Volia!

    There's no reason to have that hub between a router and your ISP modem.

    I have no idea why a network printer would have a public address. It's a waste of $$ in my opinion. Besides I don't think your perimeter router that gets your public addresses [the D-Link] can handle multiple global addresses. If it was a Sonicwall TZ 170 then I could see it.

    So, your server gets a static LAN address, the network printer gets a static LAN address [published in Active Directory], you reserve them in DHCP, everybody else gets theirs from DHCP.

    It's Miller Time.

    +
    0 Votes
    joelopez213

    I'm hosting webservices on the server so it needs a static public ip, not a private local ip?

    You guys are suggesting I assign a static DHCP address? It has to be public static or I wont be able to host through IIS.

    +
    0 Votes
    CG IT

    you "reserve" any static assigned addresses in DHCP so that the DHCP server doesn't assign them.

    Your ISP assigns you global local public addresses [routable on the internet]. the type depends on what you need and what your budget is. Static global local addresses assigned to you are configured on the WAN port of your perimeter firewall router [or you get it dynamically and then use a 3rd party DNS service]. you also need DNS running to perform whois name lookup resolution. [Hope you have DNS running on your network ]

    Now most perimeter routers and firewalls [both consumer level and business class ]that perform many to one NAT for internet connection sharing need to be configured to forward port 80 traffic [http] and port 443 [https]to the web server for web hosting. This is where the static non public address for the web server comes in. you create the route [map] for http and https traffic to the servers address. The perimeter router will then forward inbound http and https requests to the web server.

    +
    0 Votes
    joelopez213

    Well, the T1 service was already on installed when I got here. We have maybe 10 statics (global local)? Our gateway is xx.xx.xxx.49 and we get .50 and up to maybe .59. Our main ip is xx.xx.xxx.50, this would be our main public ip on the net, right?

    We are also running DNS, we have a primary and secondary.

    So, in plain terms what I do is the following:

    Hook up the T1 to the uplink of the DI-624 router, hook up the server to it, then the laserjet, and the 24port switch, right?

    Run the wizard and exclude both the server and laserjet from DHCP assignment?

    Run it through CG IT.

    +
    0 Votes
    CG IT

    If it was me, I'd opt for dumping the D-Link router and get a SonicWall TZ 170 [or Cisco 1800 series if you can afford it] for your perimeter NAT router / firewall. The TZ 170 can handle a pool of public addresses assigned to you and you can assign LAN services to whatever public address you want to use. [the term glocal local addresses is a Cisco type term they call public Internet addresses assigned to a company or individual].

    For instance, if you have a pool of public address 10.x.x.1-5 you can assign 10.x.x.1 for http 10.x.x.2 for FTP 10.x.x.3 for [alternate web server or whatever]. Your name servers [DNS] would then have records that will resolve <yourdomain>.com [http] 10.x.x.1 FTP.<yourdomain>.com to 10.x.x.2 etc etc.

    That way queries for http or ftp or https will be resolved to the right address.

    from there, you create routes in the routing table that says http traffic [10.x.x.1] goes to 192.168.x.x which is the static address of the web server. So on and so forth.

    You don't have to do that but.... you could just get away with having only 1 public address [reduces cost] and just have all services resolve to that 1 address, but that has drawbacks. If you want PPTP or L2TP VPN traffic you can create host records for VPN.<domainname>.com to come in on 10.x.x.8 so multiple public addresses has advantages.

    LAN setup- I would have ALL workstations, servers and network printers connected to the Linksys 24 port switch. From the Linksys switch, uplink to the router [if the Linksys has an uplink port] I wouldn't connect anything but the switch to the D-Link router [or for that matter any perimeter router] unless you want to run services on the DMZ with another server].

    Waste of 3 ports on the D-Link but then there's also flexibility in case you want to add something in the DMZ [D-Link if their like other consumer level routers have 1 port that can be used as a DMZ port. typically port 4. Newer SMB routers have software capability of putting the DMZ port on any of the 4 switch ports but, in this case I think the D-Link only has 1 port to do this. PLUS, if you ever decide to change out the D-Link to a different router, it's a lot less hassle trying to figure out what's connected to what, even when the cables are labeled.

    If you use the D-Link DHCP for handing out addresses and they have a wizard for this, sure run the wizard and create "reservations" in DHCP for the server and network printer which must have static LAN addresses. First because the web server route from the public address to the private address can't change or you'll lose your web presence [you would have to always have the check if DHCP changed the server address and then have to change the route table. Since one never knows when DHCP might change an address, that because a daunting admin effort.

    I would check how the D-Link is configured. With that many public addresses, I would have the suspicion that DNS services [and other services ] for name servers is on one of those addresses and the router is configured to route all DNS queries through that address to the name servers [DNS servers].

    I would also diagram out what's what for what address and where it goes [to what server] before I proceeded. That way if something doesn't work like name resoultuion, you'll know where to look and for what]. Documentation will also help with future troubleshooting and planning.

  • +
    0 Votes
    jordanspcrepair

    well, your plan is going great. just connect the printer to the router or switch, and add a tcp/ip printer port with a static ip address for your printer, you may have to connect to the printers software through the internet and configure the printer. then configure your server with dhcp so that all the other computers on network will automatically get an ip address, which you probably already did this. but now, configure your server with an static ip address in case you haven't, and then run the dhcp wizard built-into windows, and exlude both the server and printer ip addresses.

    i hope this works for you.

    +
    0 Votes
    joelopez213

    I will give it a shot.

    The LaserJet and server are both configured for static. They are simply bypassing the router to prevent it from assigning them DHCP private addresses.

    So let me get this straight...

    My incoming line connects to adapter 1 from my Server, then from adapter 2 connect the DI-624 router, then from port 1 from the router, connect the 24 port switch, right? Then configure the server for DHCP and exclude both statics...correct?

    Then connect the LaserJet to I dunno, port 2 on the router switch port, then configure it for the static settings? Where do I add the TCP/IP settings for the printer, on the server? Wont it already become the printer server??

    +
    0 Votes
    jordanspcrepair

    ok. let me revise this. turn off the dhcp private addressing on the router. connect your T1 line to your routers WAN/Internet port. ok. now then forget that you have 2 ethernet adapters on your server, and just imagine you have one. now connect your server to the router. connect your printer to the router. connect your 24 port switch to your router. make sure you keep your static ip addresses for your server and printer. and make sure you run the dhcp wizard on the server and exlude the server and printer ip addresses. now then, on your server, open up the printer properties of the laserjet printer, and go to the ports tab. select add new port and click on standard tcp/ip port. enter in any info it asks for.

    +
    0 Votes
    joelopez213

    I will try this as soon as I can get some downtime to do all of this, possibly over the weekend if need be.

    So excluding the server and printer will give me the flexibility to config the statics? How will these nodes run through a router config'd to DHCP for my LAN?

    +
    0 Votes
    jordanspcrepair

    i agree about the fact that the ip for your printer shouldn't cost you a cent. get rid of that ip, and configure a static ip like 192.168.0.1 and exclude this address in the dhcp address pool. and if you are paying for your servers ip too, then do the same. ok, now for the router dhcp lan part. just connect the router to one of your computers, and go to the configuration setup page. disable the routers ability to assign ip addresses, and enable the router to use a server to distribute ip addresses and enter in the servers ip address and so forth. make sure you plug your T1 line into the WAN/Internet port of the router, and setup your internet connection on it.

    now for your server and printer ip addresses, just assign them a static ip address, and exclude their ip addresses from the dhcp address pool. now then, you can connect your server, printer, and a cable from your switch to your router, and then connect all the other machines that need connected to your switch.

    hope this helps.

    +
    0 Votes
    CG IT

    whatever router that has the WAN port obtaining the IP address, that needs to be kept in place. Whatever is behind the router you can mess with.

    servers and network printers should have static addressing. Everyone else can get their address from DHCP either from the server or from the perimeter router.

    I would look at the server addressing with 2 network cards and trace the connections. typically the server should only have 1 ethernet card. The printer NIC would have the IP address already configured so I don't think it has a public address [be awfull expensive to have 2 public address 1 strickly for a printer

    Simply put, all hosts on the LAN should connect to the 24 port switch as each switch port is it's own collision domain.

    you can uplink if the switch has an uplink port or just connect one of the switch ports on the linksys to the switch port on the router.

    You shouln't have to change any addressing or any configuration on the router [provided you figure out why the server has 2 NICs.

    If the server has Windows Small Business Server software, that would account for the 2 NICs and make what you do more complicated.

    btw if you want to do this right, put in a patch panel. all hosts connect directly into the patch panel punch down blocks [568B] then patch to the switch.

    If this is for a company called C.A.R.S tell Chuck good luck.

    +
    0 Votes
    joelopez213

    This is not for the company you referred to.

    But in response to your reply, the building does have a patch panel setup, which joins all the wall jacks in every room. the patch panel cables are hooked up directly to the linksys switch. The DI-624 uplink is connected on the furthest port (P24) on the linksys switch. Then it daisy chains to the NetGear crapp-O hub. I am only using one NIC on the server and the server is running Windows 2003 professional Server. The LaserJet was configured for static settings. I have available static ip's from my ISP.

    +
    0 Votes
    CG IT

    remove the crapola hub. Volia!

    There's no reason to have that hub between a router and your ISP modem.

    I have no idea why a network printer would have a public address. It's a waste of $$ in my opinion. Besides I don't think your perimeter router that gets your public addresses [the D-Link] can handle multiple global addresses. If it was a Sonicwall TZ 170 then I could see it.

    So, your server gets a static LAN address, the network printer gets a static LAN address [published in Active Directory], you reserve them in DHCP, everybody else gets theirs from DHCP.

    It's Miller Time.

    +
    0 Votes
    joelopez213

    I'm hosting webservices on the server so it needs a static public ip, not a private local ip?

    You guys are suggesting I assign a static DHCP address? It has to be public static or I wont be able to host through IIS.

    +
    0 Votes
    CG IT

    you "reserve" any static assigned addresses in DHCP so that the DHCP server doesn't assign them.

    Your ISP assigns you global local public addresses [routable on the internet]. the type depends on what you need and what your budget is. Static global local addresses assigned to you are configured on the WAN port of your perimeter firewall router [or you get it dynamically and then use a 3rd party DNS service]. you also need DNS running to perform whois name lookup resolution. [Hope you have DNS running on your network ]

    Now most perimeter routers and firewalls [both consumer level and business class ]that perform many to one NAT for internet connection sharing need to be configured to forward port 80 traffic [http] and port 443 [https]to the web server for web hosting. This is where the static non public address for the web server comes in. you create the route [map] for http and https traffic to the servers address. The perimeter router will then forward inbound http and https requests to the web server.

    +
    0 Votes
    joelopez213

    Well, the T1 service was already on installed when I got here. We have maybe 10 statics (global local)? Our gateway is xx.xx.xxx.49 and we get .50 and up to maybe .59. Our main ip is xx.xx.xxx.50, this would be our main public ip on the net, right?

    We are also running DNS, we have a primary and secondary.

    So, in plain terms what I do is the following:

    Hook up the T1 to the uplink of the DI-624 router, hook up the server to it, then the laserjet, and the 24port switch, right?

    Run the wizard and exclude both the server and laserjet from DHCP assignment?

    Run it through CG IT.

    +
    0 Votes
    CG IT

    If it was me, I'd opt for dumping the D-Link router and get a SonicWall TZ 170 [or Cisco 1800 series if you can afford it] for your perimeter NAT router / firewall. The TZ 170 can handle a pool of public addresses assigned to you and you can assign LAN services to whatever public address you want to use. [the term glocal local addresses is a Cisco type term they call public Internet addresses assigned to a company or individual].

    For instance, if you have a pool of public address 10.x.x.1-5 you can assign 10.x.x.1 for http 10.x.x.2 for FTP 10.x.x.3 for [alternate web server or whatever]. Your name servers [DNS] would then have records that will resolve <yourdomain>.com [http] 10.x.x.1 FTP.<yourdomain>.com to 10.x.x.2 etc etc.

    That way queries for http or ftp or https will be resolved to the right address.

    from there, you create routes in the routing table that says http traffic [10.x.x.1] goes to 192.168.x.x which is the static address of the web server. So on and so forth.

    You don't have to do that but.... you could just get away with having only 1 public address [reduces cost] and just have all services resolve to that 1 address, but that has drawbacks. If you want PPTP or L2TP VPN traffic you can create host records for VPN.<domainname>.com to come in on 10.x.x.8 so multiple public addresses has advantages.

    LAN setup- I would have ALL workstations, servers and network printers connected to the Linksys 24 port switch. From the Linksys switch, uplink to the router [if the Linksys has an uplink port] I wouldn't connect anything but the switch to the D-Link router [or for that matter any perimeter router] unless you want to run services on the DMZ with another server].

    Waste of 3 ports on the D-Link but then there's also flexibility in case you want to add something in the DMZ [D-Link if their like other consumer level routers have 1 port that can be used as a DMZ port. typically port 4. Newer SMB routers have software capability of putting the DMZ port on any of the 4 switch ports but, in this case I think the D-Link only has 1 port to do this. PLUS, if you ever decide to change out the D-Link to a different router, it's a lot less hassle trying to figure out what's connected to what, even when the cables are labeled.

    If you use the D-Link DHCP for handing out addresses and they have a wizard for this, sure run the wizard and create "reservations" in DHCP for the server and network printer which must have static LAN addresses. First because the web server route from the public address to the private address can't change or you'll lose your web presence [you would have to always have the check if DHCP changed the server address and then have to change the route table. Since one never knows when DHCP might change an address, that because a daunting admin effort.

    I would check how the D-Link is configured. With that many public addresses, I would have the suspicion that DNS services [and other services ] for name servers is on one of those addresses and the router is configured to route all DNS queries through that address to the name servers [DNS servers].

    I would also diagram out what's what for what address and where it goes [to what server] before I proceeded. That way if something doesn't work like name resoultuion, you'll know where to look and for what]. Documentation will also help with future troubleshooting and planning.