Executive summery

As the VIETNAM GOLDEN STAR is leading the stuffing company with different
branches providing man power to different company and manpower of VIETNA,. Now
Management decided to interconnect all the branches with Private lease line (VPN). Also
need to redesign LAN network of Head office where there is 3 PCs in each Admin,
Management and Finance department and one server that holds details of each staff.
Being hired as a Network Administrator for NSC management, I have to redesign all the
LAN and WAN network to fulfill the requirement of VIETNAM GOLDEN STAR.
Objective
Scope
The scope of this report is to explore LAN design principles and their application in the
network design process and then implement a network using LAN design principles
based on a predefined set of requirements.

Introduction
Being hired as a Network Administrator for NSC management, I have to redesign all the
LAN and WAN network to fulfill the requirement of NSC management. For this, I am
going to describe about network design models and how they contribute to the design of a
scalable and reliable network and also LAN redundancy concepts, network features, such
as bandwidth and load and their related issues. I am going to provide a detailed account
of how redundancy protocols support scalable networks and design and implement a
network prototype and about the selection of the networking devices for the prototype
and compare between PVST and Rapid PVST and their effectiveness in solving
redundancy issues. In addition, I am going to explain how the first-hop redundancy
protocols will work for IPv4 and IPv6 and evaluate Ether Channel technology solving
bandwidth and load issues.

Network design models and features of scalable network

Network design is generally performed by network designers, engineers, IT
administrators and other related staff. It is done before the implementation of a network
infrastructure. Network design involves evaluating, understanding and scoping the
network to be implemented. The whole network design is usually represented as a
network diagram that serves as the blueprint for implementing the network physically.
Scalability is a characteristic of an organization, system, model, or function that describes
its capability to cope and perform well under an increased or expanding workload or
scope. A system that scales well will be able to maintain or even increase its level of
performance or efficiency even as it is tested by larger and larger operational demands.
Design for scalability

Design for scalability

Scalability is a team network that grow without losing and reliability. If we understand
that the network will be changed, its number of users can be increased by the variety of
device that the network will be change, its numbers of users can be increased by the
variety of device that can be found anywhere. Therefore, in other to support a large,
medium and small network designer much develop a specific strategy for the network to
achieve what is available and measure its effectively and easily. Other basic design
techniques can be the use of expanded tools, modules and integrated devices that can be
easily upgraded to increase its capacity, similarly, we can design a hierarchical network
to incorporate modules that can be added, upgraded and modified as needed without
compromising its structure and function. In addition, we can consistent IPv6 address
strategy. Selecting multi-layer switch or switches to limit streaming and filtering some
unwanted traffic from the network will also work to increase scaling.
Plane of redundancy
Redundancy is an important part of network design for preventing disruption of network
services by minimizing the possibility of a single point of failure. One method of
implementing redundancy is by installing duplicate equipment and providing failover
services for critical devices. Redundant paths offer alternate physical paths for data to
traverse the network. Redundant paths in a switched network support high availability.

Reduce failure domain size

A well-designed network not only controls traffic but also limits the size of failure
domains. A failure domain is the area of a network that is impacted when a critical device
or network service experiences problems.The function of the device that initially fails
determines the impact of a failure domain. For example, a malfunctioning switch on a
network segment normally affects only the hosts on that segment. However, if the router
that connects this segment to others fails, the impact is much greater.
The use of redundant links and reliable enterprise-class equipment minimizes the chance
of disruption in a network. Smaller failure domains reduce the impact of a failure on
company productivity. They also simplify the troubleshooting process, thereby
shortening the downtime for all users
Increase bandwidth
Bandwidth demand continues to grow as users increasingly access video content and
migrate to IP phones. EtherChannel can quickly add more bandwidth. In hierarchical
network design, some links between access and distribution switches might need to
process a greater amount of traffic than other links. As traffic from multiple links
converges onto a single, outgoing link, it is possible for that link to become a bottleneck.
Link aggregation allows an administrator to increase the amount of bandwidth between
devices by creating one logical link made up of several physical links. EtherChannel is a
form of link aggregation used in switched networks

Expand the access layer

The network must be designed to be able to expand network access to individuals and
devices, as needed. An increasingly important aspect of extending access layer
connectivity is through wireless connectivity. Providing wireless connectivity offers
many advantages, such as increased flexibility, reduced costs, and the ability to grow and
adapt to changing network and business requirements.
To communicate wirelessly, end devices require a wireless NIC that incorporates a radio
transmitter/receiver and the required software driver to make it operational. Additionally,
a wireless router or a wireless access point (AP) is required for users to connect

Tune routing protocols

Routing protocol configuration is usually rather straightforward. However, to take full
advantage of a protocol’s feature set, it is often necessary to modify the configuration.
Enterprise networks and ISPs often use more advanced protocols, such as link-state
protocols, because of their hierarchical design and ability to scale for large networks.

Discuss LAN redundancy, bandwidth and load related issues and possible solutions with
reference to layer2 and layer 3 of the OSI Model
Network redundancy is a key to maintaining network reliability. Multiple physical links
between devices provide redundant paths. The network can then continue to operate when
a single link or port has failed. Redundant links can also share the traffic load and
increase capacity. Multiple paths need to be managed so that Layer 2 loops are not
created. The best paths are chosen, and an alternate path is immediately available should
a primary path fail. The Spanning Tree Protocols are used to manage Layer 2
redundancy.
Redundant devices, such as multilayer switches or routers, provide the capability for a
client to use an alternate default gateway should the primary default gateway fail. A client
can now have multiple paths to more than one possible default gateway. First Hop
Redundancy Protocols are used to manage how a client is assigned a default gateway, and
to be able to use an alternate default gateway should the primary default gateway fail.
MAC database instability
Instability in the content of the MAC address table results from copies of the same frame
being received on different ports of the switch. Data forwarding can be impaired when
the switch consumes the resources that are coping with instability in the MAC address
table.
Broadcast stream
Without some loop-avoidance process, each switch may flood broadcasts endlessly. This
situation is commonly called a broadcast storm.
Multiple frame transmission
Multiple copies of unicast frames may be delivered to destination stations. Many
protocols expect to receive only a single copy of each transmission. Multiple copies of
the same frame can cause unrecoverable errors.

Issue with the layer 1 redundancy (MAC database instability)

Ethernet frames do not have a time to live (TTL) attribute. As a result, if there is no
mechanism enabled to block continued propagation of these frames on a switched
network, they continue to propagate between switches endlessly, or until a link is
disrupted and breaks the loop. This continued propagation between switches can result in
MAC database instability. This can occur due to broadcast frames forwarding.
Broadcast frames are forwarded out all switch ports except the original ingress port. This
ensures that all devices in a broadcast domain are able to receive the frame. If there is
more than one path through which the frame can be forwarded, an endless loop can result.
When a loop occurs, it is possible for the MAC address table on a switch to constantly
change with the updates from the broadcast frames, which results in MAC database
instability.

Issue with 1 redundancy: broadcast storms

A broadcast storm occurs when there are so many broadcast frames caught in a Layer 2
loop that all available bandwidth is consumed. Consequently, no bandwidth is available
for legitimate traffic, and the network becomes unavailable for data communication. This
is an effective denial of service (DoS).
Broadcast storms are inevitable on a looped network. As more devices send broadcasts
over the network, more traffic is caught in the loop, consuming resources. This eventually
creates a broadcast storm that causes the network to fail. There are other consequences of
broadcast storms. Because broadcast traffic is forwarded out every port on a switch, all
connected devices have to process all the broadcast traffic that is being flooded endlessly
around the looped network. This can cause the end device to malfunction because of the
processing requirements needed to sustain such a high traffic load on the NIC.
Issues on bandwidth and load balancing
Although various multiple links which are to networking devices for effective
functioning, only one link is active for functioning. In this there is always problem on
effective bandwidth, user or clients don’t able to receive absolute bandwidth which they
are offering and there is always one questions for preventing these issues. The following
are the preventing various issues which occur in the redundant network at layer 2 and
layer 3.
Preventing the issue from occurring in a redundant network in layer2 and layer3 To get
rid from these issues on the redundant network, spanning tree was developed and in most
network design these protocols are being used. Some types of spanning tree must be
enabled on the switches. Generally, STP uses the concepts of a root bridge, port roles,
and path cost to calculate which links to use in redundant network design.
STP ensures that there is only one logical path between all the destinations on the
network by intentionally blocking redundant paths that could cause a loop. A port is
considered as a blocked when user data is prevented from the entering and leaving that
port. This does not include the bridge protocol data unit ((BPDU) frames that are used to
prevent the loops from occurring. Blocking the redundant path is critical to preventing the
loops on the network. However, physical paths is always open to give redundancy. But
these paths are disabled to prevent loops on the network. If the path is ever needed to
compensate for a network cable or switch failure, STP recalculates the paths and
unblocks the necessary ports to allow the redundant path to become active.
Preventing load balancing and bandwidth issues on layer 2
Generally, in layer 2 using Rapid Per Vlan Spanning Tree Protocol and Link Aggregation
or creating ether channel can solve these load balancing and bandwidth issues.
Using RPVST protocol in layer 2
RPVST is the Rapid Per VLAN Spanning Tree which is improvement of STP in terms of
being newer and faster. The RPVST is able to responds the change in six seconds. RSTP
stands for Rapid Spanning Tree Protocol while PVST does the same for Per Vlan
Spanning Tree. It creates the spanning-tree for each VLANs just like PVST. It uses the
bridge Protection data unit (BPDU) version 2 which is backward compatible with the
802.1D STP, uses BPDU version 0. In the section of port roles, it has root port,
designated port, alternate port and backup port. The root port is best port form non bridge
root to root bridge, designated port is intended port for every LAN segment, alternate port
is an alternate path to root bridge which does not use root port. The backup port is
redundant path to a segment where another port already connects.
Rapid PVST has four main port states, which are discarding, learning, forwarding and
listening. In the discarding states, where a port discards the information received on the
interfaces and listens for BPDUs. In the forwarding states, a port receives and forwards
the frames receives on the interfaces whereas in learning states, switch creates the
switching table that will map Mac Address to the port number and listens the port
number. In the listening states, the switch processes the BPDU is that allow to determine
the network topology. For bypassing the forwarding and listening states we can use port
fast in the single workstation, switch, server, to allow those devices to connect the
network immediately instead of waiting for the port to transition from the listening states
to forwarding states.
Using link aggregation on layer 2
Ether channel is used to bundle the ports together in an Ethernet switch to achieve the
higher bandwidth as the traffic from the multiple links converges onto the single outgoing
link, it is possible for that link to become a bottleneck. Link Aggregation allows the
network administrator to increase amount of bandwidth between the devices by creating
one logical link made up of several physical links. In a more traditional network
functions, spanning tree protocols blocks the one redundant links to avoid layer 2 loops,
what ether channel does is to use load balancing on traffic between the redundant links,
this helps to improve the efficient use of bandwidth. In the scenario of load balancing, as
the multiple links is combined to the logical links then we can add more devices and add
more network, as after link aggregation and adding the ether channel we can scale up
network as link aggregation main advantages is load balancing.
Preventing load balancing and bandwidth issues on layer 3
For preventing load balancing and bandwidth in layer 3, I have used First Hop
Redundancy Protocols. It is designed to allow the transparent fail-over at the first hop IP
Router. FHRP enables two or more devices to work together in a group, sharing a single
Virtual IP Address and Virtual MAC Address. The virtual IP Address is configured in
each and user as a default gateway address. There are three first hop redundancy
protocols such as HSRP, GLBP and VRRP, these protocols has main aims load balancing
for fail over of primary router.

Analyses the switch and router redundancy protocols and their effectiveness in
supporting scalable networks
In Router
Network redundancy is the process through which the additional and alternatives
instances of network devices, equipment’s and communication medium are installed in
the network infrastructure. It is also process of ensuring network availability in case of
network failure and unavailability. Various redundancy protocols such as First Hop
Redundancy Protocols that includes Virtual Router Redundancy Protocols which protects
against the single point of failure for the default gateway and also provide the load
balancing if multiple links are available at first hop routers. Virtual Router Redundancy
Protocol also enable the group of routers on a LAN Segment to form a single virtual
router. Hence, VRRP protocols also supports the networks to be scalable. In HSRP which
is the Hot Stand Router Protocol, one router in the group assumes the role of the active
router and handles all request from the clients. The other router or routers becomes
standby and take over if active router fails. Therefore, activeness and available if active
routers fails to perform shows it can be implemented to the larger networks or HSRP
protocol will be the best example of the scalable network. The last one is GLBP
(Gateway Load Balancing Protocol), the main advantage of the GLBP protocol is that it
provides the load balancing in addition to redundancy without requiring the configuration
of different default gateways on the different clients. Hence, it clearly shows that GLBP
can be implemented and it also supports in scalable networks. Uses of expandable,
modular equipment’s and Redundancy Protocol or clustered devices that can be easily
upgraded to increase capabilities. Designing a hierarchical network to includes the
modules that can be added, upgraded, and modified as necessary, without the design of
other functional area of the network.
In Switches
Mainly in switches, redundancy protocols, which supports the scalable networks, are
Link Aggregation or creating ether channel and using Spanning Tree Protocols. Talking
about the Spanning Tree Protocols. Generally, STP is a layer 2 Protocols that runs on the
switches and in the bridges that are 802.1D compliant. There are different flavors of STP
but 802.1D is the best of all. STP is responsible for the identifying the links in the
networks and shutting down the redundant ones, preventing possible network loops. In
order do so, all switches in the network exchange BPDU messages between them to agree
upon the root bridge. Once they elect the root bridge, every switch has to determine
which of
its ports will communicate with the root port. If more than one link connects to the root
bridge, then one is elected as the forwarding port (Designated Port) and the others are
blocked. The entire spanning tree protocols which RSTP, Rapid per Vlan Spanning
Protocols, Per Vlan Spanning Tree Protocols, Multiple Spanning Tree Protocols have
mutual aims of providing scalable networks. Protocols, which are from the STP balance
the load, controls the bandwidth, and helps to upgrade and update the redundant links for
any fail over switches. All the protocols of STP which is used for per VLAN or for all the
fast Ethernet ports or giga Ethernet ports have main aims to scale up the networks by
enhancing internal functionalities. In the scenario of Ether channel, which multiple links
and physical links is converted to the logical links. With the multiple links to logical links
it can provides higher or consistent bandwidth and with logical links it can holds more
networks, which ultimately enhance the load balancing. Hence, by improving in
bandwidth and load balancing we scale up our network definitely and supports the
scalable networks.

Switch redundancy
Fundamentally, a redundancy switch has a 2x1 (1x2) arrangement. Critical applications
require a secondary set of equipment (redundant). Automated redundancy switching is
specifically designed to connect to both the primary and secondary equipment, and if
there is a failure in the "primary" equipment, the backup is switched in. Some of the
higher-level redundancy switch units listed below automatically switch with an alarm
input (10942B through 10948B), while others get remote control commands for the
backup switchover. Shown in the table below are various types of switching, but what
they all have in common is that offer a 2x1 (1x2) configuration.
It should be noted that the 10942B and 10943B units (IF and L-Band respectively) also
contain a unique feature to drastically reduce redundancy costs. They were designed to
provide a 1:4 redundancy function as well as 1:1. What this means is that there is ONE
shared piece of redundant equipment that can be switched in as backup for every FOUR
primaries. Further information about this is shown in the 10942B and 10943B sections.
There are two types of switch redundancy protocols and they are listed below:
STP (spanning tree protocol)
STP is a link management protocol designed to support redundant links that stops
switching loops in the STP network. It is a Layer 2 protocol that runs on bridges and
switches, which should be enabled on the switch interfaces. IEEE standardized STP
protocols as IEE 802.1D. The full form of STP is Spanning Tree Protocol.
Ether channel
Ether channel makes two physical links into one logical link and STP (Spanning tree
protocol to run on the logical link, not on the physical link) will run on the logical link.
Ether channel is a technology that allows you to aggregate multiple physical links of the
same capabilities into a single logical one. In this way, you can increase the bandwidth.
Normally when you have multiple links connecting between switches STP blocks
redundant port, with Ether channel the links are aggregated and not blocked by STP.

Router redundancy
Routers are networking devices operating at layer 3 or a network layer of the OSI model.
They are responsible for receiving, analysing, and forwarding data packets among the
connected computer networks. When a data packet arrives, the router inspects the
destination address, consults its routing tables to decide the optimal route and then
transfers the packet along this route.
There are three protocols used in router redundancy:
HSRP (hot standby redundancy protocol)
A Cisco-proprietary FHRP designed to allow for transparent failover of a first hop IPv4
device. HSRP provides high network availability by providing first-hop routing
redundancy for IPv4 hosts on networks configured with an IPv4 default gateway address.
HSRP is used in a group of routers for selecting an active device and a standby device. In
a group of device interfaces, the active device is the device that is used for routing
packets; the standby device is the device that takes over when the active device fails, or
when preset conditions are met. The function of the HSRP standby router is to monitor
the operational status of the HSRP group and to quickly assume packet- forwarding
responsibility if the active router fails.
VRRP (virtual router redundancy protocol)
A nonproprietary election protocol that dynamically assigns responsibility for one or
more virtual routers to the VRRP routers on an IPv4 LAN. This allows several routers on
a multiaccess link to use the same virtual IPv4 address. A VRRP router is configured to
run the VRRP protocol in conjunction with one or more other routers attached to a LAN.
In a VRRP configuration, one router is elected as the virtual router master, with the other
routers acting as backups, in case the virtual router master fails.
GLBP (global load balancing protocol)
A Cisco-proprietary FHRP that protects data traffic from a failed router or circuit, like
HSRP and VRRP, while also allowing load balancing (also called load sharing) between
a group of redundant routers.

Scalable network
Scalability is an attribute that describes the ability of a process, network, software or
organization to grow and manage increased demand. A system, business or software that
is described as scalable has an advantage because it is more adaptable to the changing
needs or demands of its users or clients.
Scalability is often a sign of stability and competitiveness, as it means the network,
system, software or organization is ready to handle the influx of demand, increased
productivity, trends, changing needs and even presence or introduction of new
competitors.
A scalable network has the following five key characteristics:
Reliable and available - A flexible network should provide QoS for different applications.
Responsive - The internetwork must be capable of responding to latency issues common
for Systems Network Architecture (SNA) traffic.
Efficient - Large internetworks should maximize resource utilization, especially
bandwidth.
Adaptable - An adaptable network can accommodate various protocols, apps, and
hardware technologies.
Accessible but secure - An open network enables connections via dedicated, dialup, and
switched networks while preserving the integrity of the network.
GLBP (Global load balancing protocol)
Gateway load balancing protocol (GLBP) is one of the first hop redundancy protocol
(FHRP) which provide redundancy like other first hop redundancy protocol, also
provides load balancing. It is a cisco proprietary protocol which can perform both
functions. It provides load balancing over multiple routers using single virtual IP address
and multiple virtual mac address.
Explanation of LAN redundancy concepts, network features, such as bandwidth and load,
and their related issues.

LAN redundancy concepts, network features, such as bandwidth and load, and their
related issues.

Network Diagram

Connection diagram overview

In principle, the general principle when designing a fully redundant LAN system is
similar to including modules as in the design of a non-redundant LAN system. However,
the difference is, the modules are designed redundantly, the connection between modules
is also designed redundantly to ensure the High Availability (HA) capability of the
network system. The main features used in this design model are Spanning Tree Protocol
(STP) at Layer 2 and Dynamic Routing at Layer 3. The details mentioned are as below:

The network system is designed based on the principle of modularization of components.

The modularity when designing has the following outstanding features:
Use STP in Layer 2 and Dynamic Routing in Layer 3 to provide HA.
Simple, clear.
Can expand the network easily.
Clearly separate the functionality of each module, so that there is enough information to
choose the right network device for each module:

Core / Distribution Block: is the central module of the network system, responsible for
connecting the remaining modules together. From here, it can be seen that the priority to
choose equipment in this class is "the faster the better".
Access Layer Block: is a module that provides connectivity to the end user. The priority
when choosing a device in this module is to "provide many downlink ports for users, and
at the same time must have a high-speed Uplink connection to connect to the Core /
Distribution module", and optimize the "price / downlink port" index. Normally, the
device used in this module only needs to support the features in layer 2.
Server Farm Block: This is a module that provides connectivity for servers (Servers)
providing services in the local network, for example: AD, DNS, DHCP, File,
Application, Database. Devices selected at this layer need to have a downlink connection
port with a minimum speed of 1Gbps and operate at layer 2.
WAN Block: is a module that provides connections to other branches. Typically, the
device in this module needs to support:
WAN communication ports: Serial, FTTH, ADSL, ...
Features: dynamic routing, VPN encryption in hardware (VPN supported in hardward).
Internet Access Block: is a module located at the outermost end of the network system,
providing Internet connection for internal users. Usually the device selected in this
module needs to support the following features:
Routing.
NAT/PAT.
Firewall.
Remote Access VPN.
DMZ Block: is a module directly connected to the module "Internet Access Block".
Functions of this module:
Provide services beyond the Internet: Mail, Web.

Physical connection network diagram

In order to achieve the criteria of building an SMB model network system to ensure HA,
so the proposed equipment details for the modules are as follows:
Core/Distribution Block: 2 x Switches have a minimum speed of 1Gbps and operate at
layer 3. This is the central block that transports traffic between the remaining blocks,
between 2 cores / Dist switches connected to each other from 6-8 links, and divided into
2 different EtherChannels: 1 group is Layer 2 EtherChannel and 1 group is Layer 3 Ether
Channel, specifically will be mentioned in the Logical Diagram section.
Access Layer Block: n x Switch has a downlink connection port of at least 100Mbps and
a minimum of 2 Uplink 1Gbps, operating at layer 2. Access Switches are connected to a
minimum of 2 Uplinks per Core/Dist as modeled. Make sure that if 1 Core/Dist crashes,
traffic is automatically transferred to the remaining Core/Dist.
Server Farm Block:
2 x Firewall: have at least 3 connection ports with a minimum speed of 1Gbps and have a
Firewall Throughput of at least 1Gbps. FW is configured to operate in Cluster Mode,
ensuring that if 1 FW fails, the other FW will automatically be active. FW is connected to
the Core/Dist Switch and Server Switch as the model, this is the FW model that is
physically connected between the Core/Dist and the Server Farm, in order to maximize
the high throughput of the Internal FW.
2 x Switches have a 1Gbps downlink/uplink connector and operate at layer 2. Servers
with 2 NIC Ports are physically connected to 2 Server Switches as models and configured
NIC Teaming to ensure that if 1 Server Switch fails, traffic will be automatically
transferred to the other Server.
WAN Block:
2 x Routers have corresponding LAN/WAN connection ports. To ensure HA, 2 routers
should be connected to 2 different ISPs and 1 important thing is to require these 2 ISPs to
use 2 separate physical connection lines (for example: do not share a power pole, share
ODF, ... which is usually difficult to meet).
2 x WAN Switches at least 100Mbps and operate at layer 2. These 2 WAN Switches
provide pure layer 2 connectivity and are connected as the model, (can be shared with the
DMZ Switch by dividing 1 separate VLAN on the DMZ Switch and designated
exclusively for the WAN Router)
DMZ Block, Internet Access Block:
2 x Switches have a minimum speed of 100Mbps and operate at layer 2.
2 x Firewall: supports IPSEC VPN or SSL VPN (if required). Similar to Internal FW, 2
External FW is also configured to run in Cluster Mode, for simplicity of design, and
usually the Internet connection speed is not great, so 2 External FW will be designed in
the form of "Firewall on a Stick". In which 1 port is connected between 2 FW used as
Heartbeat traffic, the other 2 ports are connected to each Core/Dist Switching as the
model above, if using Cisco ASA5500, these 2 ports will be configured in Mode Interface
Redundant (ie 1 port will operate in Active Mode, the other port works in Standby Mode
in the Redundant Interface). And this Redundant Interface is configured with 3
SubInterfaces including: TRUSTED (facing to LAN), UNTRUSTED (facing to Internet)
and DMZ.
2 x Router: has a corresponding LAN/WAN connection port. The detail is covered in the
logical connection model below.

Logical connection network diagram

Operation details:
Core/Distribution Switch: 1 Switch is configured as STP Root Bridge and HSRP active,
the other Switch will be configured as STP Backup Root Bridge and HSRP standby.
Configure 2 EtherChannel Groups between 2 switches: 1 Group Ether Channel Layer 2
Trunking Dot1Q operating at Layer 2 and 1 group EtherChannel Layer 3 Routed Port
configured to establish OSPF neighbor between 2 Core/Dist Switches.
Access Switch: Configure 2 Uplink Port as Layer 2 Trunking Dot1Q. So at 1 time, there
will be 1 Uplink Port directly connected to the Core/Dist Switch STP Root Bridge is in
the Forwarding state, the other Uplink Port will be in the Blocking state. (note, in the
following article referring to VSS/Stack-Wise/Flex-Stack, Access Switch can configure
EtherChannel for both Uplink Ports to 2 Core/Dist, and thus, the speed of Uplink will be
2Gbps and no need to use STP instead of 2Gbps when using STP)
Internal Firewall: FW is configured FW Cluster and has 2 Zones: TRUSTED (facing to
Servers Farm) and UNTRUSTED (facing to LAN). FW is responsible for filtering traffic
from internal users accessing applications deployed in Server Farm.
Server Switch: only works at Layer 2 and is configured with features at Layer 2 (VLAN,
Trunking, ...)
DMZ Switch: only configures Layer 2 features similar to Server Switching.

Internet Firewall: configured with 3 zones: UNTRUSTED (facing to Internet), DMZ and
TRUSTED (facing to LAN). FW is responsible for filtering access requests from the
Internet to the DMZ, from the DMZ to Internal, ... provides NAT functionality from the
Internet and DMZ (NAT/PAT 1-1), Internal Users to Internet (Dynamic NAT/PAT n-1).
And configured as VPN Server (IPSEC VPN or SSL VPN) makes it possible to access
internal resources securely from the Internet.
Internet Router: provides WAN port and routing to help FW Internet forward traffic
to/from the Internet, in some cases, if the Internet connection is RJ1 (FTTH,...), bypass
the Internet Router to connect to the Internet link directly to the External Switch.
WAN Router: provides WAN (Serial, T3, ...), Dynamic Routing (OSPF, EIGRP) and
Site-to-Site IPSEC VPN (or DMVPN, GetVPN) connections to connect to other business
sites.

Spanning Tree Diagram

For device lines from Access Layer (Catalyst 3560, 2960,...) to Core/Distribution Layer
(6500, 4500, 3750-X) all support Rapid STP with 2 versions: Rapid-PVST and MST.
Typically Traditional STP (802.1D) has a convergence time of 30->50 seconds, which is
too slow compared to Rapid STP with a typical convergence time of < 2 seconds.
Therefore in this article Rapid-PVST will be used, specifically the design is mentioned as
below.
Root Bridge / HSRP Active: 1 Switch will be configured as Root Bridge 1 array of
VLANs and also HSRP Active for these VLAN interfaces. LoadSharing can be
configured by configuring the 1st Core/Dist Switch as Root STp/HSRP Active for 1st
VLAN array, 1nd Core/Dist Switch as Root STP/HSRP Active for 2nd VLAN array. This
LoadSharing method has 2 advantages: sharing the load between 2 Core / Dist Switches
and sharing the load between 2 Uplinks on Access Switches.
Backup Root Bridge / HSRP Standby: This is a Switch that will not take care of forward
traffic under normal conditions (Root Bridge / HSRP Active Switch is still active) and
will be automatically switched to Root Bridge / HSRP Active status when the other
Switch has problems.
STP BPDU Guard: configured on the downlink ports of the Access Switch.
STP Root Guard: configured on the downlink ports of the Core/Dist Switch.
STP Loop Guard: configured on STP Blocking Port and Root Port.

STP Portfast: configured on the downlink ports of the Access Switch.

Logical Diagram for External Firewall

For Cisco Firewall ASA5500, when configuring the Cluster for 2 FW, 2 FW will operate
logically as 1 FW, 2 physical connection ports from each FW to 2 Core / Dist Switch will
be configured in Redundant Interface Mode (1 port will be Active, the other port will be
Standby). Because we need to divide 3 Zones (TRUSTED, DMZ and UNTRUSTED), so
on the Redundant Interface will be configured 3 SubInterfaces with VLANs belonging to
TRUSTED, DMZ and UNTRUSTED respectively as the model above.
The above model is 1 example of traffic flow when Users want to access the Internet:
Example: Traffice flow from USERS to INTERNET:
Users ==(user vlan)==> Access Switch ==(trunking)==> Core Switch ====(trusted
vlan)====> External Firewall ==(untrusted vlan) ==> Core Switch ==(untrusted
vlan)==> External Switch ==(untrusted vlan)==> Router ====> INTERNET.

Routing diagram
Let's say this is the Headquarters of the business. OSPF is used and designed as the
model above:
OSPF Area 0 (Backbone Area): includes devices: Core/Dist Switch, WAN Router,
Internal FW. Configure OSPF to advertise only default or summary routes to Stub Areas
in other sites. Note about the connection between 2 Core / Dist Switches, only use Layer
3 Ether Channel between these 2 Switches to create OSPF neighbors, VLAN Routing
interfaces for End Users are configured in Passive Mode.
OSPF Area N (Stub or Totally Stub Area): Each Site is designed to belong to 1 Stub
Area, these sites only receive default routes (if totally stub area) or summary routes (if
stub area) from the Backbone Area.
For the above design to be really optimal, it requires the designer to do a good job of
assigning IP addresses to each branch. Each branch must be specifically planned which
IP range will be used, so assigning 1 continuous IP Address range is large enough,
meeting the needs of growing/expanding the number of users of the branch in the future,
avoiding assigning many discontinuous IP Addresses, which will reduce the efficiency of
Route Summary.

Discussing the Pros and Cons in Design

Advantages: The network system fully supports HA.

Shortcoming:
Using STP / HSRP as a HA support platform, the network system is prone to STP-related
problems (broadcast storm, STP loop, ...). The greater the risk of these incidents the
greater the network is expanded.
Ether Channel cannot be used for connections from Access Switch to 2 different
Core/Dist Switches.
STP is not recommended in new designs and tends to be phased out in future designs, as
STP instability can have serious consequences for the network.

Deploy a network using LAN design principles based on a predefined set of

requirements

1.DESIGN OF FULLY REDUNDANT LAN INFRASTRUCTURE USING STP

Today, I would like to introduce to you how to design a LAN system for SMB with full
redundancy based on STP. However, the STP-based design has been around for a long
time, and along with the inherent limitations, this design does not meet today's stringent
requirements and will be replaced by newer technologies (which will be covered in the
article "Full push redundancy using Virtualize Switch, remove STP").

1.Configure HSRP:
Initially, I have the configuration of the router redundancy protocols in LAN design
which are given below: 1. HSRP: As I have already discussed about this in above, now I
am going to configuring the HSRP with the design which are given below in table form:
S. What has done Screenshot of configuration
N
1 In Core 1, we have
assigned Ip address
in fa0/8 and inter-
vlan and we have
given standby1, IP
and priority as 105.

2.Configure VTP for switches:

1 In Core 2,
Configure vtp
mode server and
domain,passwor
d

2 In Core 2,
Configure vtp
mode client and
domain,passwor
d

3 In others
switch,we also
configure vtp
mode client and
the same domain
,password

3. Configure etherchannel and trunking:

1 Configur
e ether-
channels
from
f0/6-
fa0/7 to
portchan
nel 1
4.configure Spanning-tree protocol(stp)
 In core 1
and core
2 we
configure
STP
mode
and
Priority

2 In others
we
configure
stp mode
pvst and
extend
system-
id
5.configure inter-vlan at switch core
1 We add
Ip address
for vlans
in switch
core
6.configure OSPF in router.
Configur
e
OSFP on
Core1

Configur
e
OSFP on
Core2

OSPF on
gate

7.configure NAT on GATE

1 configure
NAT on
GATE

8.configure ACL on Gate

1 Permit
Devices
on vlan
10 ,
20,30,40
To
access
the
internet

2.Analyze different failover protocols and their effectiveness in solving redundancy

problems.

Spanning-Tree Protocol (STP): As I have already discussed about

these protocols in above but now, I have shown the configuration of
the STP which are given below:

As we can see, after connecting the switches in a loop, one of the ports
becomes blocked.
Because STP is enabled by default, it prevents us from getting into a Switching Loop.

The configuration that has been done on switches are:

1. RSTP: STP (Spanning Tree Protocol) is divided into four

states. Blocking, Listening, Learning, and Forwarding are

the STP states. The Spanning Tree states Blocking and
Listening are bypassed by RSTP (Rapid Spanning Tree
Protocol). According to the RSTP, begin with discarded and
progress through learning and forwarding.
 The Blocking State in STP (Spanning Tree Protocol) is
20 seconds, the Listening State is 15 seconds, and the
Learning State is 15 seconds. So, for STP, traversing
forwarding states takes 50 seconds. In RSTP, the total
time is 15 seconds (Rapid Spanning Tree Protocol).
Because RSTP avoids the blocking and listing states.

Fig: RSTP

Configuration on RSTP:

Since, RSTP is faster and voice and video work better,

we use this in LAN network connection of the Nepal
Staffing Company. Likewise, it supports more ports than
MSTP or VSTP. So, RSTP is important to configured on
the switch.
2. EtherChannel: EtherChannel is a port link aggregation

technology that combines multiple physical port links into a

single logical link. It is used to provide high-speed
connections as well as redundancy. A total of eight links can
 be combined to form a single logical link (EtherChannel in
Computer Network - GeeksforGeeks. (2018).
Configuration of the EtherChannel:

Fig: EtherChannel

In my VIETNAM Golden Star Company, the main benefits of

EtherChannel technology are that it allows traffic load sharing
among the links in the channel, as well as redundancy in the
event that one or more links in the EtherChannel fail.
EtherChannel is a Cisco Copyrighted term, and the industry
term is "Link Aggregation." So, it is necessary to be configured
in the channel.

Layer 3 redundancy implementations for IPv4 and IPv6:

Protocols represent an essential role in today's communication world, where it is not

possible for one computer to communicate with another. Internet Protocol Version 4
(IPv4) is the first generation of internet protocols, which consists of 32bit. However, with
the passage of time and with frequent use of the internet the existing addresses has been
finished, and this lead to the looking for new IPs. A new network layer protocol has been
proposed named Internet Protocol Version 6 (IPv6). This paper focus on internet Protocol
version 6 and it's transition or migration techniques then will make performance analysis
of ipv4 and ipv6 for data and voice traffics under using riverbed. Through this paper, we
proved the dual stack is the best technique for migration from ipv4 to ipv6 and then the
tunnel technique is better technique after dual stack. In addition, we proved the pure ipv6
network and dual stack have high performance than ipv4 network.
Evaluation of different link aggregation implementations, using EtherChannel to
address bandwidth and load issues.
EtherChannel, IEEE 802.3ad Link Aggregation, and Teaming are network port
aggregation technologies that allow several Ethernet adapters to be aggregated together
to form a single pseudo Ethernet device.

There are some differences between EtherChannel, IEEE 802.3ad Link Aggregation, and
teaming aggregation mechanism. Consider the differences listed in Table 1 to determine
which technology best suits your requirement.

EtherChannel IEEE 802.3ad Link Teaming

Aggregation
Requires switch Requires switch Does not require switch
configuration configuration for Link configuration.
Aggregation Control
Protocol Data Unit
(LACPDU) exchange.
Heartbeats are not Heartbeats (LACPDU) are Heartbeats are not
exchanged between the exchanged at the interval exchanged between the
switch port and the that is defined by the IEEE switch port and the
adjacent system port. 802.3ad standard. adjacent system port.
Heartbeats provide extra
protection in a failure.
Both primary and backup Both primary and backup Only a single (primary)
channels can be used. channels can be used. channel is used.

 EtherChannel
The adapters that belong to an EtherChannel must be connected to the same
EtherChannel-enabled switch. If the adapters are connected to different switches,
those switches must be stacked and act as a single switch.

 Configuring an EtherChannel

Produce a WAN solution that fits a wide range of organizational requirements

Since the company is distributed across multiple branches and thus requires testing
different WAN technologies and selecting the right technology based on a given
scenario.
 Configure and simulate WAN protocols to meet certain scenario requirements, outline
some analysis, benefits, and limitations of private and public WAN technologies
including and evaluate different types of VPNs based on and evaluate different types of
VPNs based on company needs.
Types of WAN technologies :

Packet switching
Packet switching is a method of data transmission in which a message is broken into
several parts, called packets, that are sent independently, in triplicate, over whatever
route is optimum for each packet, and reassembled at the destination. Each packet
contains a piece part, called the payload, and an identifying header that includes
destination and reassembly information. The packets are sent in triplicate to check for
packet corruption. Every packet is verified in a process that compares and confirms that
at least two copies match. When verification fails, a request is made for the packet to be
re-sent.

TCP/IP protocol suite

TCP/IP is a protocol suite of foundational communication protocols used to interconnect
network devices on today's Internet and other computer/device networks. TCP/IP stands
for Transmission Control Protocol/Internet Protocol.

Router
A router is a networking device typically used to interconnect LANs to form a wide area
network (WAN) and as such is referred to as a WAN device. IP routers use IP addresses
to determine where to forward packets. An IP address is a numeric label assigned to each
connected network device.
Overlay network
An overlay network is a data communications technique in which software is used to
create virtual networks on top of another network, typically a hardware and cabling
infrastructure. This is often done to support applications or security capabilities not
available on the underlying network.

Packet over SONET/SDH (PoS)

Packet over SONET is a communication protocol used primarily for WAN transport. It
defines how point-to-point links communicate when using optical fiber and SONET
(Synchronous Optical Network) or SDH (Synchronous Digital Hierarchy)
communication protocols.

Multiprotocol Label Switching (MPLS)

MPLS is a network routing-optimization technique. It directs data from one node to the
next using short path labels rather than long network addresses, to avoid time-consuming
table lookups.

ATM
ATM (Asynchronous Transfer Mode) is a switching technique common in early data
networks, which has been largely superseded by IP-based technologies. ATM uses
asynchronous time-division multiplexing to encode data into small, fixed-sized cells. By
contrast, today's IP-based Ethernet technology uses variable packet sizes for data.

Frame Relay
Frame Relay is a technology for transmitting data between LANs or endpoints of a
WAN. It specifies the physical and data-link layers of digital telecommunications
channels using a packet switching methodology.
Frame Relay packages data in frames and sends it through a shared Frame Relay
network. Each frame contains all necessary information for routing it to its destination.
Frame Relay's original purpose was to transport data across telecom carriers' ISDN
infrastructure, but it's used today in many other networking contexts.

Configure NAT:
Configure NAT on router GATE and BRANCH to ensure that internal network devices
can access the internet.

Configure VPN:
Setting up GRE VPN on GATE router and BRANCH router ensures that all devices can
access the Server through 2 directions.

Solve a wide range of network-related problems using appropriate troubleshooting

techniques and methods
1. Slow network
Users complain the network is too slow. There can be many reasons why a network that
provided adequate performance in the past is now frustrating its users. For instance, a
new application, such as video conferencing or online training videos, may have been
added. A failing switch port or link could cause traffic to route around the failure and
overload another link.
In other cases, the network could be part of a larger organizational network. As a result, a
change in the larger network has resulted in more traffic through the internet connection
point, slowing responses to cloud-resident applications.
Another network speed issue could emerge if employees decide to download high-
definition videos while at work because downloading in the office is faster than using
their home internet connection. A network monitoring tool helps solve any of these
common network issues.
2. Weak Wi-Fi signal
Wi-Fi signal strength may be adequate almost everywhere, but it could be weak or
nonexistent in other areas. Rearranging an office area can result in a weak wireless
connection, where signal strength had been adequate before the move. For example, a
large metal object, like a file cabinet, can block the Wi-Fi signal.
Devices such as microwave ovens, cordless phones and Bluetooth can interfere with Wi-
Fi signals, too. A Wi-Fi network test tool can help identify the source of the problem.
3. Physical connectivity issues
A network connection can suddenly break because of physical connectivity issues. A
common problem is when a network cable becomes damaged or knocked loose. Cables
might be added or removed from a switch, and one of the other cables might accidentally
get disconnected.
Or a cable was damaged when it was pulled around a sharp edge while work was done on
the heating or air conditioning pipes. It should be clear from the segment of the network
affected which cable was damaged. But finding the problem along a cable stretching
across the ceiling may be time-consuming.

4. Excessive CPU usage

Task Manager is the first thing to use to find which application is using a high proportion
of system resources, such as CPU, memory or disk space. This basic troubleshooting step
may not reveal a problem since some applications may be performing complex
calculations, receiving high-speed video or interacting with large databases. A virus may
also consume resources, so make sure antivirus software is up to date.
If an application has been running for a long time, it may slowly leak resources. The
quickest way to improve performance is to stop and restart the application, although
sometimes you may need to stop and restart the entire system. Updating device drivers
may also improve performance.
Task Manager also shows applications you didn't know were running in the background.
One example would be Windows including games upon system startup. Editing startup
files can eliminate this problem.
5. Slow DNS lookups
The DNS matches the common name used to match server or service names with the
internet address that routes a network request. For commonly used names, the matchup is
probably already stored in the system's DNS cache, and the lookup is quick. For less
commonly used names, the matchup may be stored in a more distant cache, such as the
root server of the top-level name, such as .com, .org or a national root, such as .uk.
Each DNS server along the path checks its cache before making a request to the next
server along the path. The next server then checks its cache, repeating the process. If
lookup is slow, there may be a slow link along the path or a slow or overloaded server.
To address this issue, your local network administrator can reconfigure local routers to
shift requests to a faster chain of servers.
6. Duplicate and static IP addresses
On a network, no two systems can share the same internet address. If there are duplicate
internet addresses, neither system can access the network reliably. The addresses for most
network devices are assigned when Dynamic Host Configuration Protocol (DHCP) boots
up the systems on the local network. DHCP maintains a pool of addresses assigned to the
local network, assigning a different address from the pool to each system.
Workstations are not assigned permanent addresses but receive one for a limited time
from DHCP. Systems re-request before the time runs out and usually receive the same
address. If the system shuts down without re-requesting and the time runs out, it loses
this address and may receive a different one upon startup.
The DHCP administrator may assign a static IP address to some network devices, such as
printers or web servers, because external systems won't be updated if an address changes.
One issue is users sometimes set up a private web server to support a hobby, allocating a
static address without informing the network administrator. Both share a DHCP server in
either an organization or home network. So, if the static address matches one assigned by
DHCP, it disrupts the network.
Often, these private web servers are set up to upload and download licensed music or
video and consume excessive network bandwidth.
7. Exhausted IP addresses
Internet addresses are in limited supply. Each service provider is given a supply based on
the expected number necessary. Most familiar are the IPv4 addresses, which were
originally thought to be adequate so every system could be allocated one. But, with the
proliferation of cellphones and other devices, it's been necessary to move to IPv6 with
128-bit addresses for some networks.
A widely used method to stretch the supply of addresses is Network Address Translation
(NAT), a feature often built into routers. Each is assigned a single internet address
allocated from the worldwide set of addresses. Its internal DHCP server allocates private
addresses to systems on connected local networks -- usually, an Ethernet or wireless
network.
Private addresses generally start with either 10 or 192.168 on networks using 32-bit IPv4
addresses. These address ranges can be used many times, which helps to save addresses.
The NAT server maps traffic to its global address to communicate with the internet.
Responses are mapped back via the private addresses.
8. Can't connect to printer
When users can't connect to a printer, the first step is to check simple things like whether
the printer is plugged in, turned on and has paper. Also, make sure the printer appears on
Devices and Printers on Windows. If it does, click to check whether the file is queued.
Sometimes, you need to stop and restart the print spooler, the software that stores files
until the printer is ready to print them. Also, check the printer vendor's website because
some brands have a downloadable app that can diagnose and fix problems.
If the OS was just upgraded, scan for other people with similar problems, or check
Microsoft.com to see if the company is aware of a problem. Shut off the printer, and turn
it back on. Also, shut down your system, and turn it back on.
Finally, update printer drivers and your OS. In some cases, you may need to
temporarily shut down your antivirus software. For a wireless printer, make sure it's
connected to the signal.
9. VLAN and VPN problems
Check for virtual LAN (VLAN) misconfiguration issues. Review the configuration on
each switch, carefully comparing configurations to ensure compatibility of switch
configuration.
The most common VPN problem is a failure to connect. First, check to see if you're
successfully logging in to the service, and make sure your account is up to date and
you're entering your correct credentials. Next, check firewall settings. You need to open
some ports. Check if that is the problem by temporarily shutting down your firewall.
Finally, restart your system.
Try accessing the VPN from a different network, such as switching from Wi-Fi to
Ethernet to the router. If there is still a problem, refer to the firewall documentation for
other solutions, or contact the VPN vendor support.
In sum, networks are complex, and problems do occur. These are just some of the most
common types of network problems. When other types of network issues occur, scan the
web for help, or contact network service providers or device vendor support.

Network Troubleshooting Methods and Methods to prevent network problems

How to Troubleshoot a Network

Issues can arise at numerous points along the network. Before you start trying to
troubleshoot any issue, you want to have a clear understanding of what the problem is,
how it came up, who it’s affecting, and how long it’s been going on. By gathering the
right information and clarifying the problem, you’ll have a much better chance of
resolving the issue quickly, without wasting time trying unnecessary fixes.
I always start troubleshooting using these simple network troubleshooting steps to help
diagnose and refine the issue.
Check the hardware. When you’re beginning the troubleshooting process, check all your
hardware to make sure it’s connected properly, turned on, and working. If a cord has
come loose or somebody has switched off an important router, this could be the problem
behind your networking issues. There’s no point in going through the process of
troubleshooting network issues if all you need to do is plug a cord in. Make sure all
switches are in the correct positions and haven’t been bumped accidentally.
Next, turn the hardware off and back on again. This is the mainstay of IT
troubleshooting, and while it might sound simplistic, often it really does solve the
problem. Power cycling your modem, router, and PC can solve simple issues—just be
sure to leave each device off for at least 60 seconds before you turn it back on.
Use ipconfig. Open the command prompt and type “ipconfig” (without the quotes) into
the terminal. The Default Gateway (listed last) is your router’s IP. Your computer’s IP
address is the number next to “IP Address.” If your computer’s IP address starts with
169, the computer is not receiving a valid IP address. If it starts with anything other than
169, your computer is being allocated a valid IP address from your router.
Try typing in “ipconfig /release” followed by “ipconfig /renew” to get rid of your current
IP address and request a new one. This will in some cases solve the problem. If you still
can’t get a valid IP from your router, try plugging your computer straight into the modem
using an ethernet cable. If it works, the problem lies with the router.
Use ping and tracert. If your router is working fine, and you have an IP address starting
with something other than 169, the problem’s most likely located between your router
and the internet. At this point, it’s time to use the ping tool. Try sending a ping to a well-
known, large server, such as Google, to see if it can connect with your router. You can
ping Google DNS servers by opening the command prompt and typing “ping 8.8.8.8”;
you can also add “-t” to the end (ping 8.8.8.8 -t) to get it to keep pinging the servers
while you troubleshoot. If the pings fail to send, the command prompt will return basic
information about the issue.
You can use the tracert command to do the same thing, by typing “tracert 8.8.8.8”; this
will show you each step, or “hop,” between your router and the Google DNS servers.
You can see where along the pathway the error is arising. If the error comes up early
along the pathway, the issue is more likely somewhere in your local network.
Perform a DNS check. Use the command “nslookup” to determine whether there’s a
problem with the server you’re trying to connect to. If you perform a DNS check on, for
example, google.com and receive results such as “Timed Out,” “Server Failure,”
“Refused,” “No Response from Server,” or “Network Is Unreachable,” it may indicate
the problem originates in the DNS server for your destination. (You can also use
nslookup to check your own DNS server.)
Contact the ISP. If all of the above turn up no problems, try contacting your internet
service provider to see if they’re having issues. You can also look up outage maps and
related information on a smartphone to see if others in your area are having the same
problem.
Check on virus and malware protection. Next, make sure your virus and malware tools
are running correctly, and they haven’t flagged anything that could be affecting part of
your network and stopping it from functioning.
Review database logs. Review all your database logs to make sure the databases are
functioning as expected. If your network is working but your database is full or
malfunctioning, it could be causing problems that flow on and affect your network
performance.
Back to Top
Network Troubleshooting Best Practices
To make troubleshooting as efficient and painless as possible, it’s also important to have
some best practices in place. As you work through the steps to try to solve network
issues, following these network troubleshooting best practices can help streamline the
process and avoid unnecessary or redundant efforts.

Collect information. To best support your end users, you first need to make sure you’re
clear on what the problem is. Collect enough information from both the people who are
experiencing network issues and the network itself, so you can replicate or diagnose the
problem. Take care not to mistake symptoms for the root cause, as what initially looks
like the problem could be part of a larger issue.
Customize logs. Make sure your event and security logs are customized to provide you
with information to support your troubleshooting efforts. Each log should have a clear
description of which items or events are being logged, the date and time, and information
on the source of the log (MAC or IP address).
Check access and security. Ensure no access or security issues have come up by checking
all access permissions are as they should be, and nobody has accidentally altered a
sensitive part of the network they weren’t supposed to be able to touch. Check all
firewalls, antivirus software, and malware software to ensure they’re working correctly,
and no security issues are affecting your users’ ability to work.

Follow an escalation framework. There’s nothing worse than going to the IT help desk
and being directed to another person, who then directs you to another person, who directs
you to yet another. Have a clear escalation framework of who is responsible for which
issues, including the final person in the chain who can be approached for resolution. All
your end users should know who they can go to about a given issue, so time isn’t wasted
talking to five different people who cannot fix the problem.

Use monitoring tools. Troubleshooting can be done manually but can become time-
consuming if you go through each step. When you have a bunch of people knocking on
your office door or sending you frantic emails, it can be overwhelming to try to find the
problem, let alone fix it. In business and enterprise situations, it’s best to use monitoring
tools to make sure you’re getting all the relevant network information and aren’t missing
anything vital, not to mention avoiding exposing the company to unnecessary risk.
My preferred monitoring software is SolarWinds® Network Performance
Monitor (NPM). It’s a well-designed tool with features to support network
troubleshooting issues in an efficient and thorough way. It allows you to clearly baseline
your network behavior, so you have good data on what your network should look like
and how it usually performs, and it includes advanced alerting features so you don’t
receive floods of alerts all the time. You can customize the software to alert you to major
issues, choose the timing of alerts, and define the conditions under which alerts occur.
Other NPM features include NetPath™ network path analysis, which lets you see your
network topology and performance pathways, and PerfStack™, which allows you to
compare different performance metrics against each other, as well as historical data. With
these tools, you can see which performance issues may be interlinked and troubleshoot
the root cause faster. NPM also comes with tools like Wi-Fi sniffer, software for
monitoring load balancers, switches, and firewalls, as well as wireless issues and
coverage, all of which enables you to keep an eye on the overall health of your network
and quickly pinpoint and fix issues as soon as they arise.

Deploy network monitoring tools

The comprehensive infrastructure management capabilities and ability of
PRTG Network Monitor Tools are well-known. Using IT infrastructure
such as SNMP, WMI, SSH, Flows/Packet Sniffing, HTTP Requests, Rest
APIs, Pings, and SQL, all devices, systems, traffic, and applications in
our network are displayed in a hierarchical view that includes alarms,
logs, performance, and speed.
In below I have shown the installation process of the PRTG and
configuring process of PRTG:

1. PRTG Network Monitor can be downloaded from the PAESSLER website.

2. Acceptance of the terms and conditions as well as the License Agreement.
3. On the computer, PRTG network monitor is installed.

4. The PRTG Network Monitor Setup Wizard is now complete.

5. After installing PRTG, launch the software in a browser and log in

using your username and password.

6. After logging in, the PRTG Software dashboard appears.

7. Adding a network monitoring device.

8. Continuing adding a Device
9. Configuring device detail which we want to monitor

10. Checking added device in the device list

11. Monitoring the Added Device, which has IP Address 192.168.1.2

12. Adding Netflow Sensor for Monitoring its traffic, HTTP, and
performance of the device.
Clicking button Add sensor.

13. Adding Device to use Netflow Sensor and clicking the device which is
192.168.1.2
14. Searching Netflow on the search box and adding Netflow version 9.

15. Configuring the basic sensor setting and clicking create.

16. Monitoring each module of the device