You might want to look into the switch as the culprit, if you can replace it with another one. I recently upgraded a 10 mb switch i had with a 100 mb switch and i experienced similar issues. I found out that for some reason the switch was broadcasting out A LOT of ARP traffic and was killing the network. Switched it back with the old one and problem is resolved.
Internet Connectivity problems on LAN
First off let me applolgize for what might turn into a long post... I have read quite a bit on this and other forums, tried a few suggestions, but this is my first post so I want to be thorough enough not to waste anybody's time on here, so thanks in advance, here goes.
I am the "IT guy" (former Novell CNE) at a small manufacturing company in Arizona. We have a static IP LAN of 2 servers, 11 workstations and a few printers, here is an overview of our setup regarding internet connectivity.
ISP- Integra Telecom Bonded DSL (Capable of 24Mbps when working properly)
Modem- Comtrend NexusLink 5631
Router- D-Link EBR-2310 (Gateway for LAN IP's to internet)
Switch/Hub- 3Com Baseline Switch 2226-SFP Plus
Cabling between above devices all new CAT 6e
Building wiring CAT 5 circa 1997
Patch cords to workstations CAT 5 and CAT 5e
Workstations- HP xw and dc series machines, oldest 6yrs old. All run windows XP Pro, have McAfee "Total Protection" virus, spyware and firewall. Firewalls set to untrusted network. All have AdAware free anniversary edition. All have current Windows update, most IE7, two upgraded to IE8. All have MS Office 2003 or 2007 with current updates.
PROBLEM = Sporatic loss of internet connectivity.
When the problem first started occuring (February '09) it appeared that our internet was "slow." So we opted for upgraded service to increase bandwidth. (Our old setup was 640k ADSL on an ActionTec modem.) The problem actually got worse, so I investigated further and my diagnosis it that something inside our LAN is actually choking the router and/or the modem and "hogging" all the bandwidth.
Problem only occurs about 10% of the actual time during the day. At other times the internet works great for the 2-5 people trying to use it at one time. Speedtest.net from any workstation can get a response of 20Mb+ when it is "working."
WHEN IT IS NOT WORKING I have been able to notice the following:
PING's work normally inside the LAN (<1ms response)
PING's to the LAN or WAN side of the modem time out in varying rates from 75 to 100% (This appears as slow or no internet connectivity to the workstations.)
PING's to the DNS server or outside addresses time out 90-100%
The "idiot lights" on both the Modem and Router(Internet side) appear steady green or "maxed out."
Usage statistics logs on the Switch never go above 5%.
I have looked at the error logs on the Switch; most ports having zero or single digit errors or dropped packets.
I have looked at the live connections page on the Router; while the problem is occuring, no one address seems to be having a bunch more connections than any other (some do have 20+ connections at once however.)
BANDAID SOLUTION:
For now, I have all ports that lead to workstations limited to 10Mb in the Switch. This seems to have reduced the problem but not totally eliminated it.
I have completely reformatted and reconstructed 3 PCs, which were the only ones that had any viruses detected since 1/1/09. This did not seem to help anything.
POSSIBLE CAUSES???
Any suggestions would be appreciated.
I do not have a "packet sniffer" nor would I fully understand how to use one.
The integra folks ran every test in the book and pronouced the hardware and software up to their modem as good to go. (Not including our Router or anything on our LAN)
My Switch has a cable test page which shows no errors on the connected wiring throughout the building, and errors on all unconnected ports, is this normal?
Would not a "chattering NIC" show up as tons of packets through the switch for that computer compared to the others?
Again, any suggestions appreciated, thanks for your time.
I am the "IT guy" (former Novell CNE) at a small manufacturing company in Arizona. We have a static IP LAN of 2 servers, 11 workstations and a few printers, here is an overview of our setup regarding internet connectivity.
ISP- Integra Telecom Bonded DSL (Capable of 24Mbps when working properly)
Modem- Comtrend NexusLink 5631
Router- D-Link EBR-2310 (Gateway for LAN IP's to internet)
Switch/Hub- 3Com Baseline Switch 2226-SFP Plus
Cabling between above devices all new CAT 6e
Building wiring CAT 5 circa 1997
Patch cords to workstations CAT 5 and CAT 5e
Workstations- HP xw and dc series machines, oldest 6yrs old. All run windows XP Pro, have McAfee "Total Protection" virus, spyware and firewall. Firewalls set to untrusted network. All have AdAware free anniversary edition. All have current Windows update, most IE7, two upgraded to IE8. All have MS Office 2003 or 2007 with current updates.
PROBLEM = Sporatic loss of internet connectivity.
When the problem first started occuring (February '09) it appeared that our internet was "slow." So we opted for upgraded service to increase bandwidth. (Our old setup was 640k ADSL on an ActionTec modem.) The problem actually got worse, so I investigated further and my diagnosis it that something inside our LAN is actually choking the router and/or the modem and "hogging" all the bandwidth.
Problem only occurs about 10% of the actual time during the day. At other times the internet works great for the 2-5 people trying to use it at one time. Speedtest.net from any workstation can get a response of 20Mb+ when it is "working."
WHEN IT IS NOT WORKING I have been able to notice the following:
PING's work normally inside the LAN (<1ms response)
PING's to the LAN or WAN side of the modem time out in varying rates from 75 to 100% (This appears as slow or no internet connectivity to the workstations.)
PING's to the DNS server or outside addresses time out 90-100%
The "idiot lights" on both the Modem and Router(Internet side) appear steady green or "maxed out."
Usage statistics logs on the Switch never go above 5%.
I have looked at the error logs on the Switch; most ports having zero or single digit errors or dropped packets.
I have looked at the live connections page on the Router; while the problem is occuring, no one address seems to be having a bunch more connections than any other (some do have 20+ connections at once however.)
BANDAID SOLUTION:
For now, I have all ports that lead to workstations limited to 10Mb in the Switch. This seems to have reduced the problem but not totally eliminated it.
I have completely reformatted and reconstructed 3 PCs, which were the only ones that had any viruses detected since 1/1/09. This did not seem to help anything.
POSSIBLE CAUSES???
Any suggestions would be appreciated.
I do not have a "packet sniffer" nor would I fully understand how to use one.
The integra folks ran every test in the book and pronouced the hardware and software up to their modem as good to go. (Not including our Router or anything on our LAN)
My Switch has a cable test page which shows no errors on the connected wiring throughout the building, and errors on all unconnected ports, is this normal?
Would not a "chattering NIC" show up as tons of packets through the switch for that computer compared to the others?
Again, any suggestions appreciated, thanks for your time.
- Status
- Not open for further replies.
1 - 7 of 7 Posts
I actually do have the old switched hub, a Linksys 16 port. I will fire it up again and move all the patch cords and try that.
I am a little skeptical however because the new 3Com switch was the first piece of new hardware we bought back in about February to try and correct this problem, it was already occuring on the Linksys but at that time I did not know it was completely dropping communication, we all just thought it was "slow."
What piece of hardware or software am I looking for that will allow me to look at where all the traffic is going to/from, REAL TIME while the fault is occuring? (The closest thing I found so far is a "Active Sessions" status page in the D-Link router, but when I look at it nearly all the connections have a status of Closed or Last ACK.) If I copied and pasted that page here would it help one of you gurus make a suggestion about the cause?
Thanks again,
JS
PS- I forgot to mention in the original post that when the problem is occuring, it only affects internet connectivity. Connection and speed to our file and application servers inside the LAN does not seem to be reduced at all.
I am a little skeptical however because the new 3Com switch was the first piece of new hardware we bought back in about February to try and correct this problem, it was already occuring on the Linksys but at that time I did not know it was completely dropping communication, we all just thought it was "slow."
What piece of hardware or software am I looking for that will allow me to look at where all the traffic is going to/from, REAL TIME while the fault is occuring? (The closest thing I found so far is a "Active Sessions" status page in the D-Link router, but when I look at it nearly all the connections have a status of Closed or Last ACK.) If I copied and pasted that page here would it help one of you gurus make a suggestion about the cause?
Thanks again,
JS
PS- I forgot to mention in the original post that when the problem is occuring, it only affects internet connectivity. Connection and speed to our file and application servers inside the LAN does not seem to be reduced at all.
Some switches are managed ones, which allow you to watch the traffic that goes through them. Even if it isn't managed, you can use a program like Wireshark to monitor traffic.
I swapped out the switch back to our old hub, no difference... grrr.
I am back to thinking it is a virus on one or more of the workstations. I ran HijackThis on one of the more suspect machines and got the attached log.
Anything jump out at someone?
I am back to thinking it is a virus on one or more of the workstations. I ran HijackThis on one of the more suspect machines and got the attached log.
Anything jump out at someone?
Attachments
-
9.5 KB Views: 59
Sorry i don't know how to analyze a hijack this log, so i'm not sure if there is anything bad in there or not (something i need to sign up for).
I would think that it still is a hardware issue especially since it affects all computers. What do they connect to after the switch?
I would think that it still is a hardware issue especially since it affects all computers. What do they connect to after the switch?
1 - 7 of 7 Posts
- Status
- Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Top Contributors this Month
View All
spunk.funk
137 Replies
wolfen1086
50 Replies
SpywareDr
50 Replies
Recommended Communities
