If that is the case Priscilla, then one might as well enable Port-Fast on a those ports and observe for a few days. If the switch activity stabilizes then it is surely a STP re-convergence problem. Am I on track? Chaoo, Cisco_Maniac ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You say that the stations connected to the 2948G-L3 stop transmitting for 15 > seconds. Could the Spanning Tree be reconverging for some reason? Since > you're doing IRB with both bridging and routing, presumably STP is running > and 15 seconds sticks out as the Forward Delay timer used by STP. It's also > the timer for aging the bridging table when BPDUs arrive with the Topology > Change Flag set. > > I can't see why the change you made would cause a problem, but maybe it did > for some reason or maybe it caused you to hit a bug. You may want to try > "debug span events" or the equivalent if that doesn't work on a 2948G-L3. If > debug is too risky, "show spantree" might give you some hints as to when the > last topology change occured. > > It's just a guess but that 15 seconds sure sticks out as a possible clue > that something is up with Spanning Tree. > > Hopefully somebody else will have ideas too! > > Priscilla > > Don Pezet wrote: > > > > Hey guys, > > > > Well, I've been tinkering with the network again, and in search > > of performance increases I have come across something a little > > weird. > > Let me run it by you all and see if anyone can play "spot the > > mistake" > > for me. We have nine separate in house networks in our > > facility, each > > with roughly 20 network attached devices (PCs mostly). They are > > built up > > as follows: > > > > 10.10.10.0/24 - Administrative network (for me) (VLAN 1) > > 192.168.0.0/24 - Servers and NAS appliances (VLAN 2) > > 192.168.1.0/24 - Network 1 (VLAN 10) > > 192.168.2.0/24 - Network 2 (VLAN 20) > > 192.168.3.0/24 - Network 3 (VLAN 30) > > 192.168.4.0/24 - Network 4 (VLAN 40) > > 192.168.5.0/24 - Network 5 (VLAN 50) > > 192.168.6.0/24 - Network 6 (VLAN 60) > > 192.168.7.0/24 - Network 7 (VLAN 70) > > 192.168.8.0/24 - Network 8 (VLAN 80) > > > > The physical network is made up of the following: > > (1) Cisco 3620 with 10/100 Network Module > > (1) Cisco Catalyst 2948G-L3 > > (4) Cisco Catalyst 3548XL > > > > The physical arrangement is the 3620 connects via the 100MBit > > module to port F48 of the 2948G-L3. The four 3548XLs are linked > > via > > Cisco GigaStack Gbics in a non-clustered arrangement. One of > > the 3548s > > links to the 2948G-L3 via a standard 1000MBit Gbic from its > > G0/2 into > > the 2948G-L3's G49. The physical configuration is sound, all > > VLANs are > > present on all of the cisco equipment, and I have been having > > no issues > > from that end. > > > > Each network must be able to reach the server network > > (192.168.0.0/24). Initially, I configured ISL between all of the > > switches, and since I have the 100Mbit module on the 3620, > > created an > > ISL trunk to it with a sub-interface for each VLAN and began > > providing > > inter-VLAN routing and internet access through it. Well, on > > high-speed > > switches, hitting a 100Mbit bottleneck at the router during > > inter-VLAN > > communications was kind of a downer so I began looking for other > > options. Which is exactly how I ended up where I am now. > > > > My idea was, hey, the 2948G-L3 is fully Layer 3 capable, so why > > not make it do all of the routing so that I do not get the > > 100Mbit > > bottleneck created by going through the 3620. Then, the only > > traffic the > > 3620 would need to get is internet traffic. So I set it up > > (configs at > > the end of the letter, with scattered in-line comments). I > > configured > > the 2948G-L3 to do IRB and route between the VLANs using the > > BVIs. Then, > > I threw in a static default route so internet traffic would be > > routed to > > the 3620. Lastly, I configured OSPF to run between the 2948G-L3 > > and the > > 3620 so that the 3620 would know about any existing or new > > networks that > > I may create on the 2948G-L3. > > > > Now for the problem part. At first, everything was working > > great, but after a while I began watching performance and > > noticing that > > I did not gain that much in the way of improved performance > > except for > > machines that were plugged directly into the 2949G-L3. Machines > > connected to a 3548XL and following the ISL trunk to the > > 2948G-L3 still > > performed as if competing for a 100Mbit uplink. I was willing > > to live > > with that, even though I should have at least quadrupled my > > routing > > bandwidth by switching over to the 2948G-L3, but it was the > > next symptom > > that got me. I started getting reports from people who were > > plugged > > directly into the 2948G-L3 that occasionally their link would > > go dead > > for about 15 seconds and then come back up. About two minutes > > later it > > would happen again. Then things would be fine for a while, > > maybe an > > hour, and it would repeat. Well, the 2948G-L3 takes longer that > > 15 > > seconds to reboot, so it isn't rebooting and I'm kind of > > stumped as to > > what is happening. This is not occurring on any of the 3548XLs. > > > > Anyhow, 1) I thought I would post and see if anyone could > > comment on my configs as far as why I may not be getting the > > best > > performance (I may not be thinking in the right direction). 2) > > Maybe > > someone has seen symptoms similar to mine regarding the network > > 'brown > > outs' that I am seeing. Any help is always appreciated. > > > > Here is the config on the 2948G-L3: > > ------------------------------------------------------ > > version 12.0 > > no service pad > > service timestamps debug uptime > > service timestamps log uptime > > no service password-encryption > > ! > > hostname C2948G-L3 > > ! > > enable password *removed* > > ! > > ip subnet-zero > > bridge irb > > ! > > ! > > ! > > interface FastEthernet1 > > no ip address > > no ip directed-broadcast > > bridge-group 1 > > ! > > ! > > ! ... Ports F1 - F46 are in VLAN 1 > > ! > > ! > > interface FastEthernet47 > > no ip address > > no ip directed-broadcast > > bridge-group 1 > > ! > > ! F48 is my link to the Router, .1 for management, .2 for > > routing > > ! > > interface FastEthernet48 > > no ip address > > no ip directed-broadcast > > ! > > interface FastEthernet48.1 > > encapsulation isl 1 > > no ip redirects > > no ip directed-broadcast > > bridge-group 1 > > ! > > interface FastEthernet48.2 > > encapsulation isl 2 > > no ip redirects > > no ip directed-broadcast > > bridge-group 2 > > ! > > ! G49 is my ISL trunk to the 3548XL stack, thus all the > > sub-interfaces > > ! > > interface GigabitEthernet49 > > no ip address > > no ip directed-broadcast > > ! > > interface GigabitEthernet49.1 > > encapsulation isl 1 > > no ip redirects > > no ip directed-broadcast > > bridge-group 1 > > ! > > interface GigabitEthernet49.2 > > encapsulation isl 2 > > no ip redirects > > no ip directed-broadcast > > bridge-group 2 > > ! > > interface GigabitEthernet49.10 > > encapsulation isl 10 > > no ip redirects > > no ip directed-broadcast > > bridge-group 10 > > ! > > interface GigabitEthernet49.20 > > encapsulation isl 20 > > no ip redirects > > no ip directed-broadcast > > bridge-group 20 > > ! > > interface GigabitEthernet49.30 > > encapsulation isl 30 > > no ip redirects > > no ip directed-broadcast > > bridge-group 30 > > ! > > interface GigabitEthernet49.40 > > encapsulation isl 40 > > no ip redirects > > no ip directed-broadcast > > bridge-group 40 > > ! > > interface GigabitEthernet49.50 > > encapsulation isl 50 > > no ip redirects > > no ip directed-broadcast > > bridge-group 50 > > ! > > interface GigabitEthernet49.60 > > encapsulation isl 60 > > no ip redirects > > no ip directed-broadcast > > bridge-group 60 > > ! > > interface GigabitEthernet49.70 > > encapsulation isl 70 > > no ip redirects > > no ip directed-broadcast > > bridge-group 70 > > ! > > interface GigabitEthernet49.80 > > encapsulation isl 80 > > no ip redirects > > no ip directed-broadcast > > bridge-group 80 > > ! > > ! G50 doesn't run to anything > > ! > > interface GigabitEthernet50 > > no ip address > > no ip directed-broadcast > > shutdown > > ! > > ! And of course, a BVI for each VLAN which I use as the default > > gateway > > of the end-stations > > ! > > interface BVI1 > > ip address 10.10.10.1 255.255.255.0 > > no ip directed-broadcast > > ! > > interface BVI2 > > ip address 192.168.0.1 255.255.255.0 > > no ip directed-broadcast > > ! > > interface BVI10 > > ip address 192.168.1.254 255.255.255.0 > > ip access-group 100 in > > ip helper-address 192.168.0.101 > > no ip directed-broadcast > > ! > > interface BVI20 > > ip address 192.168.2.254 255.255.255.0 > > ip access-group 100 in > > ip helper-address 192.168.0.101 > > no ip directed-broadcast > > ! > > interface BVI30 > > ip address 192.168.3.254 255.255.255.0 > > ip access-group 100 in > > ip helper-address 192.168.0.101 > > no ip directed-broadcast > > ! > > interface BVI40 > > ip address 192.168.4.254 255.255.255.0 > > ip access-group 100 in > > ip helper-address 192.168.0.101 > > no ip directed-broadcast > > ! > > interface BVI50 > > ip address 192.168.5.254 255.255.255.0 > > ip access-group 100 in > > ip helper-address 192.168.0.101 > > no ip directed-broadcast > > ! > > interface BVI60 > > ip address 192.168.6.254 255.255.255.0 > > ip access-group 100 in > > ip helper-address 192.168.0.101 > > no ip directed-broadcast > > ! > > interface BVI70 > > ip address 192.168.7.254 255.255.255.0 > > ip access-group 100 in > > ip helper-address 192.168.0.101 > > no ip directed-broadcast > > ! > > interface BVI80 > > ip address 192.168.8.254 255.255.255.0 > > ip access-group 100 in > > ip helper-address 192.168.0.101 > > no ip directed-broadcast > > ! > > ! OSPF makes sure the 3620 will know the way home > > ! > > router ospf 100 > > network 10.10.10.0 0.0.0.255 area 0 > > network 192.168.0.0 0.0.0.255 area 0 > > network 192.168.1.0 0.0.0.255 area 0 > > network 192.168.2.0 0.0.0.255 area 0 > > network 192.168.3.0 0.0.0.255 area 0 > > network 192.168.4.0 0.0.0.255 area 0 > > network 192.168.5.0 0.0.0.255 area 0 > > network 192.168.6.0 0.0.0.255 area 0 > > network 192.168.7.0 0.0.0.255 area 0 > > network 192.168.8.0 0.0.0.255 area 0 > > ! > > ip classless > > ! My static route for internet access > > ip route 0.0.0.0 0.0.0.0 192.168.0.2 > > ip http server > > ! > > ! None of the other networks need to reach the management VLAN > > ! So I have blocked them with AL 100 > > ! > > access-list 100 deny ip any 10.10.10.0 0.0.0.255 > > access-list 100 permit ip any any > > bridge 1 protocol ieee > > bridge 1 route ip > > bridge 2 protocol ieee > > bridge 2 route ip > > bridge 10 protocol ieee > > bridge 10 route ip > > bridge 20 protocol ieee > > bridge 20 route ip > > bridge 30 protocol ieee > > bridge 30 route ip > > bridge 40 protocol ieee > > bridge 40 route ip > > bridge 50 protocol ieee > > bridge 50 route ip > > bridge 60 protocol ieee > > bridge 60 route ip > > bridge 70 protocol ieee > > bridge 70 route ip > > bridge 80 protocol ieee > > bridge 80 route ip > > ! > > line con 0 > > exec-timeout 0 0 > > password *removed* > > login > > transport input none > > line aux 0 > > line vty 0 4 > > password *removed* > > login > > ! > > end > > > > And the config for the 3620: > > ------------------------------------------------------ > > > > version 12.2 > > no service single-slot-reload-enable > > service timestamps debug uptime > > service timestamps log uptime > > no service password-encryption > > ! > > hostname C3620 > > ! > > logging rate-limit console 10 except errors > > enable password *removed* > > ! > > ip subnet-zero > > ! > > ! > > no ip finger > > no ip domain-lookup > > ! > > ip audit notify log > > ip audit po max-events 100 > > no ip dhcp-client network-discovery > > ! > > call rsvp-sync > > ! > > ! E0/0 is not currently in use > > ! > > interface Ethernet0/0 > > shutdown > > half-duplex > > ! > > ! My internet connection (Point-to-point frame relay T1, 1.544 > > 100%CIR) > > ! > > interface Serial0/0 > > no ip address > > encapsulation frame-relay > > service-module t1 remote-alarm-enable > > frame-relay lmi-type ansi > > ! > > interface Serial0/0.1 point-to-point > > description connected to Internet > > ip address 10.27.7.194 255.255.255.252 > > ip nat outside > > frame-relay interface-dlci 101 IETF > > ! > > ! Here's my ISL trunk to the 2948G-L3, I left this an ISL trunk > > because > > I didn't want > > ! the other networks accessing the 10.10.10.0/24 network, but > > wanted an > > IP > > ! accessable by both. > > ! > > interface FastEthernet1/0 > > description connected to Private Network > > no ip address > > duplex auto > > speed auto > > ! > > ! This is the interface I use for management > > ! > > interface FastEthernet1/0.1 > > encapsulation isl 1 > > ip address 10.10.10.6 255.255.255.0 > > no ip redirects > > ip nat inside > > ! > > ! This is the interface the 2948G-L3 uses as the default route > > for my > > internet traffic. > > ! > > interface FastEthernet1/0.2 > > encapsulation isl 2 > > ip address 192.168.0.2 255.255.255.0 > > ip nat inside > > ! > > router ospf 100 > > log-adjacency-changes > > network 10.10.10.0 0.0.0.255 area 0 > > network 192.168.0.0 0.0.0.255 area 0 > > network 192.168.1.0 0.0.0.255 area 0 > > network 192.168.2.0 0.0.0.255 area 0 > > network 192.168.3.0 0.0.0.255 area 0 > > network 192.168.4.0 0.0.0.255 area 0 > > network 192.168.5.0 0.0.0.255 area 0 > > network 192.168.6.0 0.0.0.255 area 0 > > network 192.168.7.0 0.0.0.255 area 0 > > network 192.168.8.0 0.0.0.255 area 0 > > ! > > ip kerberos source-interface any > > ip nat pool C3620-natpool-8191 66.35.166.233 66.35.166.238 > > netmask > > 255.255.255.248 > > ip nat inside source list 1 pool C3620-natpool-8191 overload > > ip classless > > ip route 0.0.0.0 0.0.0.0 Serial0/0.1 > > no ip http server > > ! > > access-list 1 permit 10.10.10.0 0.0.0.255 > > access-list 1 permit 192.168.0.0 0.0.0.255 > > access-list 1 permit 192.168.1.0 0.0.0.255 > > access-list 1 permit 192.168.2.0 0.0.0.255 > > access-list 1 permit 192.168.3.0 0.0.0.255 > > access-list 1 permit 192.168.4.0 0.0.0.255 > > access-list 1 permit 192.168.5.0 0.0.0.255 > > access-list 1 permit 192.168.6.0 0.0.0.255 > > access-list 1 permit 192.168.7.0 0.0.0.255 > > access-list 1 permit 192.168.8.0 0.0.0.255 > > access-list 106 deny ip any 10.10.10.0 0.0.0.255 > > access-list 106 permit ip any any > > ! > > dial-peer cor custom > > ! > > line con 0 > > exec-timeout 0 0 > > password *removed* > > login > > transport input none > > line aux 0 > > line vty 0 4 > > password *removed* > > login > > ! > > end > > > > And just in case, I'll throw in the config for the first 3548XL > > ------------------------------------------------------ > > version 12.0 > > no service pad > > service timestamps debug uptime > > service timestamps log uptime > > no service password-encryption > > ! > > hostname C3548XLA > > ! > > enable password *removed* > > ! > > ip subnet-zero > > ! > > ! > > ! > > interface FastEthernet0/1 > > switchport access vlan 10 > > spanning-tree portfast > > ! > > ! ... Ports F0/1 - F0/48 are usually split in half on these > > switched > > providing > > ! 24 ports each to two VLANs. The eight 192.168.x.0/24 networks > > are > > ! spread evenly this way accross the four switches. > > ! > > interface FastEthernet0/48 > > switchport access vlan 20 > > spanning-tree portfast > > ! > > ! Standard Gbic 1000Mbit interface ISL trunk to the 2948G-L3 > > ! > > interface GigabitEthernet0/1 > > switchport mode trunk > > ! > > ! Cisco GigaStack 1000Mbit interface ISL trunk to the next > > 3548XL > > ! > > interface GigabitEthernet0/2 > > switchport mode trunk > > ! > > interface VLAN1 > > ip address 10.10.10.7 255.255.255.0 > > no ip directed-broadcast > > no ip route-cache > > ! > > ip default-gateway 10.10.10.6 > > ! > > line con 0 > > exec-timeout 0 0 > > password *removed* > > login > > transport input none > > stopbits 1 > > line vty 0 4 > > password *removed* > > login > > line vty 5 15 > > password *removed* > > login > > ! > > end > > ------------------------------------------------------ > > > > Anyhow, maybe one of the gurus in the group can look at this > > and spot my > > problem right off, or I'll keep you guys updated as I continue > > researching it. > > > > Thanks, > > > > Don Pezet > > Enterprise Technology Solutions > > [EMAIL PROTECTED] > > (352) 248-1010
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51221&t=51221 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
