Ping Timeouts

I have an unusual problem that I can't seem to pintpoint. Devices on
the LAN are occassionally losing their connection to other devices,
randomly. All clients have the latest antivirus, there is a scanmail
on the exchange server and no spyware that I have found running on any
PCs. Originally clients were connected through a HP 2324 switch to
each other. After switching out the HP for another HP, the issue
continued. I am now in the process of replacing the HP with a catalyst
2924. This serves only the local VLAN (which previously did not have a
VLAN assigned except after reaching another catalyst). General design
is below:

printers, mgmt via catalyst 192.168.9.5
|
servers & clients via HP 2324 no IP
|
end of local network
|
catalyst - VLAN 102 (and other VLANS) 192.168.9.1
|
catalyst 192.168.9.2
|
dotq trunk
|
2600 router 192.168.9.9
|
firewall/internet 192.168.3.3

The first device in the list (HP 2324) is being replaced with a
catalyst so I can better diagnose the problem (catalyst IP
192.168.9.5). No other VLANS are experiencing any difficulties.

Clients/printers currently connected to the new catalyst 192.168.9.5,
are able to ping other devices on the catalyst without timeouts, but
still timeout on occassion to devices on the HP switch (connected via
FastE to the catalyst), and vice versa. I have turned on broadcast
filtering and have seen no errors of any kind on the interfaces
themselves. The only SH PROC CPU on the 192.168.9.5 switch which
appear to be higher than average are Broadcast Storms (4%) and Port
Status Proc (13%).

What can cause timeouts to devices randomly that is not already
accounted for?
What are the best practices for determining the cause?
What sniffer might best help to trace the cause?
Can this be generated by a bad NIC on one of the PCs?

Thanks for any assistance,
Ed Muller
CCDP, CCNA

Ed Muller

In article <> ,
Ed Muller <> wrote:
:I have an unusual problem that I can't seem to pintpoint. Devices on
:the LAN are occassionally losing their connection to other devices,
:randomly.

rinters, mgmt via catalyst 192.168.9.5

:servers & clients via HP 2324 no IP

:end of local network

:catalyst - VLAN 102 (and other VLANS) 192.168.9.1

:catalyst 192.168.9.2

:dotq trunk

:2600 router 192.168.9.9

:firewall/internet 192.168.3.3

When I look at the IP addresses involved, I'm left wondering
whether some of those catalysts are the same device but different
VLAN? If you were to turn all of your VLANs off, would some of
the links you show get disabled because of STP ?

If you have multiple VLANs running off your router to a switch
that distributes the VLANs via port-based VLANs, with more than
one of those port-based VLANs plugged into the same second switch,
then you would have to worry about whether each of the VLANs
has a unique MAC, and if not then how your switches are going
to react when it sees the same MAC on multiple ports in the
context of different VLANs.

At least some of the Cisco routers use the same MAC for each
VLAN [the 5500+RSM does; I don't have others handy to check.]
Some switches assume MACs are globally unique, so if they
receive a packet with the same MAC on a different port, they
will update the internal MAC/port association, ignoring the VLAN
boundary. Things don't work too well after that
--
"WHEN QUINED, YIELDS A TORTOISE'S LOVE-SONG"
WHEN QUINED, YIELDS A TORTOISE'S LOVE-SONG. (GEB)