You say that the stations connected to the 2948G-L3 stop transmitting for 15 seconds. Could the Spanning Tree be reconverging for some reason? Since you're doing IRB with both bridging and routing, presumably STP is running and 15 seconds sticks out as the Forward Delay timer used by STP. It's also the timer for aging the bridging table when BPDUs arrive with the Topology Change Flag set.
I can't see why the change you made would cause a problem, but maybe it did for some reason or maybe it caused you to hit a bug. You may want to try "debug span events" or the equivalent if that doesn't work on a 2948G-L3. If debug is too risky, "show spantree" might give you some hints as to when the last topology change occured. It's just a guess but that 15 seconds sure sticks out as a possible clue that something is up with Spanning Tree. Hopefully somebody else will have ideas too! Priscilla Don Pezet wrote: > > Hey guys, > > Well, I've been tinkering with the network again, and in search > of performance increases I have come across something a little > weird. > Let me run it by you all and see if anyone can play "spot the > mistake" > for me. We have nine separate in house networks in our > facility, each > with roughly 20 network attached devices (PCs mostly). They are > built up > as follows: > > 10.10.10.0/24 - Administrative network (for me) (VLAN 1) > 192.168.0.0/24 - Servers and NAS appliances (VLAN 2) > 192.168.1.0/24 - Network 1 (VLAN 10) > 192.168.2.0/24 - Network 2 (VLAN 20) > 192.168.3.0/24 - Network 3 (VLAN 30) > 192.168.4.0/24 - Network 4 (VLAN 40) > 192.168.5.0/24 - Network 5 (VLAN 50) > 192.168.6.0/24 - Network 6 (VLAN 60) > 192.168.7.0/24 - Network 7 (VLAN 70) > 192.168.8.0/24 - Network 8 (VLAN 80) > > The physical network is made up of the following: > (1) Cisco 3620 with 10/100 Network Module > (1) Cisco Catalyst 2948G-L3 > (4) Cisco Catalyst 3548XL > > The physical arrangement is the 3620 connects via the 100MBit > module to port F48 of the 2948G-L3. The four 3548XLs are linked > via > Cisco GigaStack Gbics in a non-clustered arrangement. One of > the 3548s > links to the 2948G-L3 via a standard 1000MBit Gbic from its > G0/2 into > the 2948G-L3's G49. The physical configuration is sound, all > VLANs are > present on all of the cisco equipment, and I have been having > no issues > from that end. > > Each network must be able to reach the server network > (192.168.0.0/24). Initially, I configured ISL between all of the > switches, and since I have the 100Mbit module on the 3620, > created an > ISL trunk to it with a sub-interface for each VLAN and began > providing > inter-VLAN routing and internet access through it. Well, on > high-speed > switches, hitting a 100Mbit bottleneck at the router during > inter-VLAN > communications was kind of a downer so I began looking for other > options. Which is exactly how I ended up where I am now. > > My idea was, hey, the 2948G-L3 is fully Layer 3 capable, so why > not make it do all of the routing so that I do not get the > 100Mbit > bottleneck created by going through the 3620. Then, the only > traffic the > 3620 would need to get is internet traffic. So I set it up > (configs at > the end of the letter, with scattered in-line comments). I > configured > the 2948G-L3 to do IRB and route between the VLANs using the > BVIs. Then, > I threw in a static default route so internet traffic would be > routed to > the 3620. Lastly, I configured OSPF to run between the 2948G-L3 > and the > 3620 so that the 3620 would know about any existing or new > networks that > I may create on the 2948G-L3. > > Now for the problem part. At first, everything was working > great, but after a while I began watching performance and > noticing that > I did not gain that much in the way of improved performance > except for > machines that were plugged directly into the 2949G-L3. Machines > connected to a 3548XL and following the ISL trunk to the > 2948G-L3 still > performed as if competing for a 100Mbit uplink. I was willing > to live > with that, even though I should have at least quadrupled my > routing > bandwidth by switching over to the 2948G-L3, but it was the > next symptom > that got me. I started getting reports from people who were > plugged > directly into the 2948G-L3 that occasionally their link would > go dead > for about 15 seconds and then come back up. About two minutes > later it > would happen again. Then things would be fine for a while, > maybe an > hour, and it would repeat. Well, the 2948G-L3 takes longer that > 15 > seconds to reboot, so it isn't rebooting and I'm kind of > stumped as to > what is happening. This is not occurring on any of the 3548XLs. > > Anyhow, 1) I thought I would post and see if anyone could > comment on my configs as far as why I may not be getting the > best > performance (I may not be thinking in the right direction). 2) > Maybe > someone has seen symptoms similar to mine regarding the network > 'brown > outs' that I am seeing. Any help is always appreciated. > > Here is the config on the 2948G-L3: > ------------------------------------------------------ > version 12.0 > no service pad > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname C2948G-L3 > ! > enable password *removed* > ! > ip subnet-zero > bridge irb > ! > ! > ! > interface FastEthernet1 > no ip address > no ip directed-broadcast > bridge-group 1 > ! > ! > ! ... Ports F1 - F46 are in VLAN 1 > ! > ! > interface FastEthernet47 > no ip address > no ip directed-broadcast > bridge-group 1 > ! > ! F48 is my link to the Router, .1 for management, .2 for > routing > ! > interface FastEthernet48 > no ip address > no ip directed-broadcast > ! > interface FastEthernet48.1 > encapsulation isl 1 > no ip redirects > no ip directed-broadcast > bridge-group 1 > ! > interface FastEthernet48.2 > encapsulation isl 2 > no ip redirects > no ip directed-broadcast > bridge-group 2 > ! > ! G49 is my ISL trunk to the 3548XL stack, thus all the > sub-interfaces > ! > interface GigabitEthernet49 > no ip address > no ip directed-broadcast > ! > interface GigabitEthernet49.1 > encapsulation isl 1 > no ip redirects > no ip directed-broadcast > bridge-group 1 > ! > interface GigabitEthernet49.2 > encapsulation isl 2 > no ip redirects > no ip directed-broadcast > bridge-group 2 > ! > interface GigabitEthernet49.10 > encapsulation isl 10 > no ip redirects > no ip directed-broadcast > bridge-group 10 > ! > interface GigabitEthernet49.20 > encapsulation isl 20 > no ip redirects > no ip directed-broadcast > bridge-group 20 > ! > interface GigabitEthernet49.30 > encapsulation isl 30 > no ip redirects > no ip directed-broadcast > bridge-group 30 > ! > interface GigabitEthernet49.40 > encapsulation isl 40 > no ip redirects > no ip directed-broadcast > bridge-group 40 > ! > interface GigabitEthernet49.50 > encapsulation isl 50 > no ip redirects > no ip directed-broadcast > bridge-group 50 > ! > interface GigabitEthernet49.60 > encapsulation isl 60 > no ip redirects > no ip directed-broadcast > bridge-group 60 > ! > interface GigabitEthernet49.70 > encapsulation isl 70 > no ip redirects > no ip directed-broadcast > bridge-group 70 > ! > interface GigabitEthernet49.80 > encapsulation isl 80 > no ip redirects > no ip directed-broadcast > bridge-group 80 > ! > ! G50 doesn't run to anything > ! > interface GigabitEthernet50 > no ip address > no ip directed-broadcast > shutdown > ! > ! And of course, a BVI for each VLAN which I use as the default > gateway > of the end-stations > ! > interface BVI1 > ip address 10.10.10.1 255.255.255.0 > no ip directed-broadcast > ! > interface BVI2 > ip address 192.168.0.1 255.255.255.0 > no ip directed-broadcast > ! > interface BVI10 > ip address 192.168.1.254 255.255.255.0 > ip access-group 100 in > ip helper-address 192.168.0.101 > no ip directed-broadcast > ! > interface BVI20 > ip address 192.168.2.254 255.255.255.0 > ip access-group 100 in > ip helper-address 192.168.0.101 > no ip directed-broadcast > ! > interface BVI30 > ip address 192.168.3.254 255.255.255.0 > ip access-group 100 in > ip helper-address 192.168.0.101 > no ip directed-broadcast > ! > interface BVI40 > ip address 192.168.4.254 255.255.255.0 > ip access-group 100 in > ip helper-address 192.168.0.101 > no ip directed-broadcast > ! > interface BVI50 > ip address 192.168.5.254 255.255.255.0 > ip access-group 100 in > ip helper-address 192.168.0.101 > no ip directed-broadcast > ! > interface BVI60 > ip address 192.168.6.254 255.255.255.0 > ip access-group 100 in > ip helper-address 192.168.0.101 > no ip directed-broadcast > ! > interface BVI70 > ip address 192.168.7.254 255.255.255.0 > ip access-group 100 in > ip helper-address 192.168.0.101 > no ip directed-broadcast > ! > interface BVI80 > ip address 192.168.8.254 255.255.255.0 > ip access-group 100 in > ip helper-address 192.168.0.101 > no ip directed-broadcast > ! > ! OSPF makes sure the 3620 will know the way home > ! > router ospf 100 > network 10.10.10.0 0.0.0.255 area 0 > network 192.168.0.0 0.0.0.255 area 0 > network 192.168.1.0 0.0.0.255 area 0 > network 192.168.2.0 0.0.0.255 area 0 > network 192.168.3.0 0.0.0.255 area 0 > network 192.168.4.0 0.0.0.255 area 0 > network 192.168.5.0 0.0.0.255 area 0 > network 192.168.6.0 0.0.0.255 area 0 > network 192.168.7.0 0.0.0.255 area 0 > network 192.168.8.0 0.0.0.255 area 0 > ! > ip classless > ! My static route for internet access > ip route 0.0.0.0 0.0.0.0 192.168.0.2 > ip http server > ! > ! None of the other networks need to reach the management VLAN > ! So I have blocked them with AL 100 > ! > access-list 100 deny ip any 10.10.10.0 0.0.0.255 > access-list 100 permit ip any any > bridge 1 protocol ieee > bridge 1 route ip > bridge 2 protocol ieee > bridge 2 route ip > bridge 10 protocol ieee > bridge 10 route ip > bridge 20 protocol ieee > bridge 20 route ip > bridge 30 protocol ieee > bridge 30 route ip > bridge 40 protocol ieee > bridge 40 route ip > bridge 50 protocol ieee > bridge 50 route ip > bridge 60 protocol ieee > bridge 60 route ip > bridge 70 protocol ieee > bridge 70 route ip > bridge 80 protocol ieee > bridge 80 route ip > ! > line con 0 > exec-timeout 0 0 > password *removed* > login > transport input none > line aux 0 > line vty 0 4 > password *removed* > login > ! > end > > And the config for the 3620: > ------------------------------------------------------ > > version 12.2 > no service single-slot-reload-enable > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname C3620 > ! > logging rate-limit console 10 except errors > enable password *removed* > ! > ip subnet-zero > ! > ! > no ip finger > no ip domain-lookup > ! > ip audit notify log > ip audit po max-events 100 > no ip dhcp-client network-discovery > ! > call rsvp-sync > ! > ! E0/0 is not currently in use > ! > interface Ethernet0/0 > shutdown > half-duplex > ! > ! My internet connection (Point-to-point frame relay T1, 1.544 > 100%CIR) > ! > interface Serial0/0 > no ip address > encapsulation frame-relay > service-module t1 remote-alarm-enable > frame-relay lmi-type ansi > ! > interface Serial0/0.1 point-to-point > description connected to Internet > ip address 10.27.7.194 255.255.255.252 > ip nat outside > frame-relay interface-dlci 101 IETF > ! > ! Here's my ISL trunk to the 2948G-L3, I left this an ISL trunk > because > I didn't want > ! the other networks accessing the 10.10.10.0/24 network, but > wanted an > IP > ! accessable by both. > ! > interface FastEthernet1/0 > description connected to Private Network > no ip address > duplex auto > speed auto > ! > ! This is the interface I use for management > ! > interface FastEthernet1/0.1 > encapsulation isl 1 > ip address 10.10.10.6 255.255.255.0 > no ip redirects > ip nat inside > ! > ! This is the interface the 2948G-L3 uses as the default route > for my > internet traffic. > ! > interface FastEthernet1/0.2 > encapsulation isl 2 > ip address 192.168.0.2 255.255.255.0 > ip nat inside > ! > router ospf 100 > log-adjacency-changes > network 10.10.10.0 0.0.0.255 area 0 > network 192.168.0.0 0.0.0.255 area 0 > network 192.168.1.0 0.0.0.255 area 0 > network 192.168.2.0 0.0.0.255 area 0 > network 192.168.3.0 0.0.0.255 area 0 > network 192.168.4.0 0.0.0.255 area 0 > network 192.168.5.0 0.0.0.255 area 0 > network 192.168.6.0 0.0.0.255 area 0 > network 192.168.7.0 0.0.0.255 area 0 > network 192.168.8.0 0.0.0.255 area 0 > ! > ip kerberos source-interface any > ip nat pool C3620-natpool-8191 66.35.166.233 66.35.166.238 > netmask > 255.255.255.248 > ip nat inside source list 1 pool C3620-natpool-8191 overload > ip classless > ip route 0.0.0.0 0.0.0.0 Serial0/0.1 > no ip http server > ! > access-list 1 permit 10.10.10.0 0.0.0.255 > access-list 1 permit 192.168.0.0 0.0.0.255 > access-list 1 permit 192.168.1.0 0.0.0.255 > access-list 1 permit 192.168.2.0 0.0.0.255 > access-list 1 permit 192.168.3.0 0.0.0.255 > access-list 1 permit 192.168.4.0 0.0.0.255 > access-list 1 permit 192.168.5.0 0.0.0.255 > access-list 1 permit 192.168.6.0 0.0.0.255 > access-list 1 permit 192.168.7.0 0.0.0.255 > access-list 1 permit 192.168.8.0 0.0.0.255 > access-list 106 deny ip any 10.10.10.0 0.0.0.255 > access-list 106 permit ip any any > ! > dial-peer cor custom > ! > line con 0 > exec-timeout 0 0 > password *removed* > login > transport input none > line aux 0 > line vty 0 4 > password *removed* > login > ! > end > > And just in case, I'll throw in the config for the first 3548XL > ------------------------------------------------------ > version 12.0 > no service pad > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname C3548XLA > ! > enable password *removed* > ! > ip subnet-zero > ! > ! > ! > interface FastEthernet0/1 > switchport access vlan 10 > spanning-tree portfast > ! > ! ... Ports F0/1 - F0/48 are usually split in half on these > switched > providing > ! 24 ports each to two VLANs. The eight 192.168.x.0/24 networks > are > ! spread evenly this way accross the four switches. > ! > interface FastEthernet0/48 > switchport access vlan 20 > spanning-tree portfast > ! > ! Standard Gbic 1000Mbit interface ISL trunk to the 2948G-L3 > ! > interface GigabitEthernet0/1 > switchport mode trunk > ! > ! Cisco GigaStack 1000Mbit interface ISL trunk to the next > 3548XL > ! > interface GigabitEthernet0/2 > switchport mode trunk > ! > interface VLAN1 > ip address 10.10.10.7 255.255.255.0 > no ip directed-broadcast > no ip route-cache > ! > ip default-gateway 10.10.10.6 > ! > line con 0 > exec-timeout 0 0 > password *removed* > login > transport input none > stopbits 1 > line vty 0 4 > password *removed* > login > line vty 5 15 > password *removed* > login > ! > end > ------------------------------------------------------ > > Anyhow, maybe one of the gurus in the group can look at this > and spot my > problem right off, or I'll keep you guys updated as I continue > researching it. > > Thanks, > > Don Pezet > Enterprise Technology Solutions > [EMAIL PROTECTED] > (352) 248-1010 > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51175&t=51161 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
