Date: Thu, 30 Mar 2006 09:28:13 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Mark Jayson Alvarez" <jay2xra@yahoo.com>, <questions@freebsd.org> Subject: RE: Need some tips in reorganizing our LAN. Message-ID: <LOBBIFDAGNMAMLGJJCKNGEIMFDAA.tedm@toybox.placo.com> In-Reply-To: <20060329035511.28080.qmail@web51607.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: owner-freebsd-questions@freebsd.org >[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Mark Jayson >Alvarez >Sent: Tuesday, March 28, 2006 7:55 PM >To: questions@freebsd.org >Subject: Need some tips in reorganizing our LAN. > > >Hi, > > Right now, I'm working in a poor government agency where the >network is not well organized. Its hard to trace users that are >doing this stuff and doing that.IP addresses are scattered all >around the 3 story building.Switches are cascading everywhere.. >Everything is a disaster. When a machine is infected with some >worms, its trivial to track it down..When one is doing p2p, no >one can stop him. Perhaps the reason why this is happening >right now is that the former network administrators OK so this I think implies they all were fired? >did not >consider the scenarios that will happen in the future, like >increasing number of users and workstations.... mobilization of >employees from one area to another, etc. > > > Right now, we have a freebsd 4.7 lying in a dark room not far >away from where I am right now. And it is indeed the center of >our Local Area Network.. Guess what, it has only 2 interfaces. >One connected to public, and the other connected to our private >switch. That private interfaced is aliased to multiple subnets >like this: > > 10.10.1.1 > 10.10.2.1 > 10.10.3.1 > 10.10.4.1 > 10.10.5.1 > > This interface is connected to 1 switch and then 5 or more >switches are connected to this main switch. Those 5 or more >switches are then scattered to every area of the building. I >know you are thinking a lot of negative things about this >setup, but this is what it really looks right now. > > The MIS suggested a LAN transition project, and I was assigned >to lead the team. Right now, we are only two in this very big >team. :-) I'm just wondering if I will ever gonna finish this >project or not. I have a lot of stuffs mixed up in my mind >right now but I really don't know where to start. > You are going to find you might as well start over and toss everything. These kinds of clean up projects only work right if the chief network admins who have all the institutional knowledge run the cleanup project. If your new, and the people with the institutional knowledge aren't around anymore, you have little choice but to just start over. This is not an uncommon scenario since incompetent admins are the ones who are most likely to create big undocumented messes. > I have these in my mind right now: > > Connectivity > 1. wired > 2. wireless > > Machines being hooked into the network: > 1. servers > 2. workstations > 3. testbeds > 4. personal (laptops etc.) > > Will use DHCP > Will use centralized directory service > Will use centralized authentication > We have at most 150 employees... > We don't have that much to spend on equipments like managed >switches, powerful servers, etc. > We have a lot of political issues that needs to be resolved >regarding network usage policies > You have to start with these first. Unless you can get a statement of use worked out and have the top dogs sign off on it, your screwed before you even start. Do this first before you have spent all your political capital because you are absolutely going to be pissing off people and later on you won't have the support to do it. You ought to know as well that I know several professional admins that do this for a living - they are hired in the wake of incompetents being fired, and they come in and hatchet out everything, then once everything is running smoothly, they quit and go on to the next company, because by the time they are done, everyone in the office save the directors, hate their guts. (and the directors are laughing up their sleeves at the users) They get paid pretty damn good money for this. > > All these stuffs, basically mixed up in my mind. I really have >no idea where to start aside from creating a purchase request >for a new PC router and a multiple port lan card, which I >already did a week ago..And it has not arrived yet. :-) Please >help me. I told my partner that services configuration is just >a piece of cake once we already have a definite plan. I really >don't know where to start. I'm not even tasked to do this... >I'm just tasked to help my partner who is a member of the poor >MIS. At first, I thought this would be just as easy as >upgrading the machine to FreeBSD 6.0 and then reconfiguring the >firewall ruleset, but I was wrong. > > If you have any Network Transition plan that you may want to >share to me, please do so. Even if we don't have that much >similarities in our network setup, at least the non technical >part like planning etc... > Just start over and don't bother with a transition plan. If you spend a lot of time documenting what is there now you will get snared into keeping the bandaids going. The only way is to interview every user, document all the services that all the users are officially supposed to be using, then figure out how to provide those in the cleanest way possible, then start doing that. If the existing stuff can be part of that, fine, but most times it can't, and don't shed any tears over it going away. And if your forte is Windows, then get rid of the FreeBSD servers, if your forte is FreeBSD, get rid of the Windows servers. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNGEIMFDAA.tedm>