Archive for April 9th, 2009
Changing Networks Tips
Posted by Bloggylife in technology, troubleshooting on April 9, 2009
It can get a bit tedious when changing the design of your network, if you have an existing configured network, it’s harder to change it then implement a new one all together.
If you look at a company’s network, it’s focal point is its firewall. Behind each interface is a network or a group of networks.
On the 3-layer switch level, you’ll have the VLANs configured and on that switching level, there are routing capabilities, all is routed to the gateway. ex. users private network will be routed to a single firewall interface (172.17.1.1), where as your DMZ private network, has it’s own interface on the firewall.
When changing the network, do it one step at a time, have your design layout and let it make sense, if you have VLANs, name your VLANs correlated with the network IP settings, ex. VLAN 3 is configured for network 10.3.x.x, something to make your life easier for future troubleshooting.
Change one thing a day (VLAN/switch) and start with the least network usage department/users. Which locations, uses the network resources less, they don’t depend on the email system, Internet, etc. Most of their tasks are local to their PCs. Preferable, if it has the less users mixture, what we call direct users who are configure on another level, firewall, to use services other than the normal ones, like direct access to application servers.
Adding a new VLAN, doesn’t mean you delete the old one, keep it still, the same VLAN maybe configured somewhere else you aren’t aware of and needs to be routed.
Don’t forget to go beyond the switch level, your firewall needs to be aware of the new settings. Route the new network to the proper interface and don’t forget to add the network group on the firewall application, it has to know that this is a valid network residing behind that specific interface, ex. network 10.x.x.x is behind interface 172.17.1.1, or else the firewall will drop the packets presuming it some kind of spoofing attack. These settings are needed for users with public IPs natted to their private ones.
Check everything after each configuration, even if you think it won’t effect what you are checking, believe me with IT crazy things that don’t make sense happen all the time!
Write everything down, day and what tasks were done and build up your documentation through that.
Leave the servers network last, this is a huge headache, you can have both old and new server network, working side by side, routing between each other and gradually shift them and don’t forget to PRAY throughout the whole process 
Imaginary Scenario
Posted by Bloggylife in thoughts on April 9, 2009
I’m familiar with computers, I put it all together and still I don’t have Internet!
Did you plug in the network cable
Yes
Not the telephone one, it’s head is smaller, the big one, the thicker one
Yes
The cable colour is white
Yes
Are you sure, it isn’t the telephone line, we don’t have white network cables
This is the cable, I’ve been using since I joined the company
Ok, I’m coming over …
See, I put everything together, there must be something wrong, you didn’t fix my computer …
Sure, there’s something wrong, where’s your telephone?
It’s over there, I couldn’t find the telephone cable, it must be the new employee, they always take stuff …
There’s your telephone cable.
Where ???
Plugged in your ethernet network card! This goes here and that other black cable goes in your computer. Are you sure, you were using the white cable on your computer all along?
Well, now that I’ve seen the black one, it seems this is the one for the computer, it’s all the helpdesk fault, they had to take it to the workshop, why couldn’t they fix it here and ….
-
You are currently browsing the archives for Thursday, April 9th, 2009
Recent Comments