Expert Session on network faults (Part 1)

Difficulties in binding IP addresses to MAC
Q: My computer used a public fixed IP address. To avoid theft, use the "arp-s ip mac" command to bind the MAC address and ip address. Later, for some reason, the "arp-d ip mac" command was used to cancel the binding. However, it is strange that, after unbinding, the IP address cannot be used on other computers, but can only be used on my own computer. It must be noted that my computer is not a proxy server.
A: In TCP/IP networks, computers usually need to set IP addresses for communication. However, in fact, communication between computers is not through IP addresses, but by the MAC address of the NIC. The IP address is only used to query the MAC address of the target computer.
ARP is used to notify the recipient's computers and network devices of the MAC address corresponding to their IP addresses. The computer's ARP cache contains one or more tables used to store IP addresses and resolved Ethernet MAC addresses. After a computer communicates with another IP address, the corresponding MAC address is retained in the ARP cache. Therefore, the next communication with a computer with the same IP address will not query the MAC address, but directly reference the MAC address in the cache. In addition, it should be noted that the items added through the "-s" parameter are static items and will not cause ARP cache timeout. These items will be deleted only after the TCP/IP protocol is terminated and then started. Therefore, even if you cancel the binding, other computers will still think that you are using the original IP address in a short time.
In a switched network, the switch also maintains a MAC address table and sends data to the target computer based on the MAC address. After an IP address is bound to a MAC address, the switch records the MAC address as long as it communicates with the switch. In this way, even if someone is using the same IP address, it will still be unable to communicate with the gateway, and it will not be connected to the outside, unless you restart the switch, clear the MAC table, or the MAC address table exceeds the specified aging time.
Why is the network always paralyzed?
Q: there are more than 70 computers in the Internet cafe, and the network crashes once or three times a day. In general, you only need to unplug all the network cables of the first-level switch and connect them to the same vswitch. Sometimes, you have to restart the vswitch. After changing the original 10 Mbps Nic to 10/100 Mbps Nic, the network was not paralyzed for nearly a week. However, the network has become abnormal in the past few days. A 16-port 10/100 Mbps switch and 24-port 2000 Mbps switch are used for the cabling device, and the proxy server uses Windows ICS (Windows connection sharing ). What is the cause of this phenomenon?
A: After eliminating the possibility that a virus sends data packets to the network frantically, it can be regarded as a typical network breakdown caused by a broadcast storm. After a broadcast storm breaks out, all packets transmitted in the network are broadcast packets, and all computers process broadcast packets. Normal packets cannot be forwarded or processed. After the network cable is unplugged or the switch is switched off, the broadcast storm is blocked to resume normal communication.
Broadcast can be understood as a person talking to everyone present. The advantage of this is that the communication efficiency is high, and information can be transmitted to all the computers on the network at once. Even if no broadcast frame is manually sent, a certain number of broadcast frames will appear on the network. It should be noted that broadcast not only occupies a large amount of network bandwidth, but also occupies a large amount of CPU processing time on the computer. Broadcast storm means that the network is occupied by a large number of broadcast data packets for a long time, so that normal point-to-point communication cannot proceed normally. Its external performance is that the network speed is extremely slow, and even causes network paralysis.
There are many causes of broadcast storms. A faulty Nic or a faulty port may cause broadcast storms.
Note that a vswitch can only isolate collision domains, but not broadcast domains. In fact, when the number of broadcast packets accounts for 30% of the total amount of communication, the network transmission efficiency will be significantly reduced.
Generally, in a network using multiple communication protocols, there should be no more than 100 computers. In a network using a communication protocol, there should be no more than 150 computers. If the number of computers is large, VLAN-based networks should be separated to divide large broadcast domains into several small broadcast domains, to reduce the potential harm caused by broadcast storms.
Slow access to network neighbors
Q: there is a small LAN, the server is a Windows NT operating system, and each workstation is Windows 98. Previously, the LAN was working normally. After a workstation re-installed Windows 98, it was very slow for this computer to browse other computers through its network neighbors. In addition, only some computers could be seen, but some computers could not, while other computers are working normally with each other. Check whether the IP address and subnet mask are correct, and the domain name is the same as that of the workgroup. I don't know why. What should I do?
A: based on the user description, we can draw the following conclusions:
First, if you can see some computers, it indicates that the network connection is normal, and the NIC Driver and network communication protocol are correctly installed. Second, since there is no error in the IP address and subnet mask, it indicates that the IP address information is correctly set. Third, since the domain name is the same as that of the Working Group, other users in the same working group should be able to find the IP address quickly.
However, in fact, the connection speed between computers is not only very slow, but only some of them can be found. This is the key to the problem.
The fault causes and solutions are as follows:
First, the NetBEUI protocol is not installed. TCP/IP is a low-efficiency protocol. Therefore, NetBEUI is usually used in small LAN, which occupies less system resources and is more efficient. In addition, to add a Windows 98 computer with TCP/IP protocol to a Windows NT domain, you must also install NetBEUI protocol. Second, the NIC Driver is defective. Although many NICs use the same chipset, the drivers are not the same. Although defective drivers do not necessarily cause communication failures, they often compromise transmission efficiency. Therefore, make sure that the NIC Driver is correctly selected and installed. Third, because Windows NT does not have the Active Directory function, it cannot quickly and effectively organize network resources. Therefore, computers that have not been accessed may not appear in network neighbors. Try to use the "Search" function on the server and use the computer name or IP address to find the computer that cannot be displayed in the network neighbor. Generally, the computer you find is automatically displayed in the network neighbor. Unable to open webpage in broadband Environment
Q: In the past, our company used virtual dialing software to access the Internet through optical fiber cables. After the network was changed, the IP address and the Internet access method were different. It was said that there were more routers and the Intranet and Internet could be automatically converted, it will be directly posted on the Internet in the future. However, although I can use QQ, I cannot use IE to browse. The installer says that you can directly type a domain name without entering "http: //" (for example, enter www.sina.com.cn or enter an IP address when accessing Sina ). However, I cannot open my domain name, but other computers on the network can. Some URLs can be opened even if they know the IP address. However, it is normal to use a cat to access the Internet. What is the reason and how to set it?
A: There are indications that the cause of the fault is that the DNS server settings in the IP address information are incorrect.
First, since computers in the network can normally access the Internet, it indicates that there is no problem with the Internet link of the entire network, and there is no problem with the configuration of broadband routing;
Second, since the faulty computer can access the website through an IP address and can use QQ, it indicates that the computer has no problems with the Internet link;
Third, you can access through an IP address but cannot access through a domain name. This indicates that the DNS resolution of the faulty computer is faulty. That is to say, you cannot resolve the domain name to an IP address. Therefore, the cause of the failure is that there is a problem with the DNS server settings, either the IP address of the DNS server is not set in the IP address information, or the IP address of the DNS server is set incorrectly.
Troubleshooting is very simple. You only need to select the "use the following DNS server address" option in the "Internet Protocol (TCP/IP) properties" dialog box, enter the IP address of the DNS server provided by the ISP (figure 1 ). Although some broadband routers can automatically allocate IP addresses (including IP addresses, subnet masks, default gateways, and DNS servers), the DHCP function of the router is not activated due to a fault, you must manually enter the IP address information.
Automatic dialing is annoying
Q: Windows XP is used for all the three machines. A Hub is used to form a LAN and connect to an ADSL Modem. One machine is used as a proxy server to access the Internet. However, recently (especially for the host), one machine automatically performs virtual dial-up to the Internet after it is started, and the other two machines can still access the Internet after it is taken offline. Why?
A: The reason is simple. By default, ICS (Internet Connection Sharing) enable the "when a computer on my network tries to access the Internet, a dial-up connection is recommended" and "allow other network users to control or disable shared Internet connections" (figure 2 ). That is to say, when any computer in the network sends an Internet request, the ICS host starts to automatically dial and connect to the Internet. Some software automatically connects to the Internet when the computer is started to update the software or virus database. Therefore, it is natural to enable automatic virtual dialing after the computer is started.
The solution is also very simple. Just deselect the selected status of the preceding two check boxes.
Failed to upgrade System Network
Q: I have a computer with Windows 98 installed. It is connected to another Server with Windows adv Server. It is normal to install Office2000 and other software and copy files on the Server, however, after upgrading to Windows Pro, it is not normal: After the server is started, the Ping server can be pinged. During the installation or file copying process, the local connection prompts "the network connection is not properly inserted ", the server cannot be pinged either, but the network cable failure still persists. My Nic is 3Com sc905B XL 10/100 tx pci. Hope you can help me solve it!
A: The fault is a bit strange. It is estimated that the driver of the NIC is faulty after being upgraded to Windows2000 Pro.
Since the server can be pinged at startup, the physical connection of the network is normal and the network protocol of the client is normal. However, when a network connection failure occurs during File Installation or copying, it indicates that the driver cannot drive the NIC normally in some applications. Therefore, it can be preliminarily determined that it is caused by driver upgrade failure.
Solution: Download the driver for Windows 2000 from the official website of 3Com. Uninstall the NIC from the computer, clear the entries and key values for the NIC from the Registry, and then install the driver for the NIC again. Or, try to update and upgrade the driver and use the downloaded driver to replace the original driver.