Hey guys,
Well, I've been tinkering with the network again, and in search
of performance increases I have come across something a little weird.
Let me run it by you all and see if anyone can play "spot the mistake"
for me. We have nine separate in house networks in our facility, each
with roughly 20 network attached devices (PCs mostly). They are built up
as follows:
10.10.10.0/24 - Administrative network (for me) (VLAN 1)
192.168.0.0/24 - Servers and NAS appliances (VLAN 2)
192.168.1.0/24 - Network 1 (VLAN 10)
192.168.2.0/24 - Network 2 (VLAN 20)
192.168.3.0/24 - Network 3 (VLAN 30)
192.168.4.0/24 - Network 4 (VLAN 40)
192.168.5.0/24 - Network 5 (VLAN 50)
192.168.6.0/24 - Network 6 (VLAN 60)
192.168.7.0/24 - Network 7 (VLAN 70)
192.168.8.0/24 - Network 8 (VLAN 80)
The physical network is made up of the following:
(1) Cisco 3620 with 10/100 Network Module
(1) Cisco Catalyst 2948G-L3
(4) Cisco Catalyst 3548XL
The physical arrangement is the 3620 connects via the 100MBit
module to port F48 of the 2948G-L3. The four 3548XLs are linked via
Cisco GigaStack Gbics in a non-clustered arrangement. One of the 3548s
links to the 2948G-L3 via a standard 1000MBit Gbic from its G0/2 into
the 2948G-L3's G49. The physical configuration is sound, all VLANs are
present on all of the cisco equipment, and I have been having no issues
from that end.
Each network must be able to reach the server network
(192.168.0.0/24). Initially, I configured ISL between all of the
switches, and since I have the 100Mbit module on the 3620, created an
ISL trunk to it with a sub-interface for each VLAN and began providing
inter-VLAN routing and internet access through it. Well, on high-speed
switches, hitting a 100Mbit bottleneck at the router during inter-VLAN
communications was kind of a downer so I began looking for other
options. Which is exactly how I ended up where I am now.
My idea was, hey, the 2948G-L3 is fully Layer 3 capable, so why
not make it do all of the routing so that I do not get the 100Mbit
bottleneck created by going through the 3620. Then, the only traffic the
3620 would need to get is internet traffic. So I set it up (configs at
the end of the letter, with scattered in-line comments). I configured
the 2948G-L3 to do IRB and route between the VLANs using the BVIs. Then,
I threw in a static default route so internet traffic would be routed to
the 3620. Lastly, I configured OSPF to run between the 2948G-L3 and the
3620 so that the 3620 would know about any existing or new networks that
I may create on the 2948G-L3.
Now for the problem part. At first, everything was working
great, but after a while I began watching performance and noticing that
I did not gain that much in the way of improved performance except for
machines that were plugged directly into the 2949G-L3. Machines
connected to a 3548XL and following the ISL trunk to the 2948G-L3 still
performed as if competing for a 100Mbit uplink. I was willing to live
with that, even though I should have at least quadrupled my routing
bandwidth by switching over to the 2948G-L3, but it was the next symptom
that got me. I started getting reports from people who were plugged
directly into the 2948G-L3 that occasionally their link would go dead
for about 15 seconds and then come back up. About two minutes later it
would happen again. Then things would be fine for a while, maybe an
hour, and it would repeat. Well, the 2948G-L3 takes longer that 15
seconds to reboot, so it isn't rebooting and I'm kind of stumped as to
what is happening. This is not occurring on any of the 3548XLs.
Anyhow, 1) I thought I would post and see if anyone could
comment on my configs as far as why I may not be getting the best
performance (I may not be thinking in the right direction). 2) Maybe
someone has seen symptoms similar to mine regarding the network 'brown
outs' that I am seeing. Any help is always appreciated.
Here is the config on the 2948G-L3:
------------------------------------------------------
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname C2948G-L3
!
enable password *removed*
!
ip subnet-zero
bridge irb
!
!
!
interface FastEthernet1
no ip address
no ip directed-broadcast
bridge-group 1
!
!
! ... Ports F1 - F46 are in VLAN 1
!
!
interface FastEthernet47
no ip address
no ip directed-broadcast
bridge-group 1
!
! F48 is my link to the Router, .1 for management, .2 for routing
!
interface FastEthernet48
no ip address
no ip directed-broadcast
!
interface FastEthernet48.1
encapsulation isl 1
no ip redirects
no ip directed-broadcast
bridge-group 1
!
interface FastEthernet48.2
encapsulation isl 2
no ip redirects
no ip directed-broadcast
bridge-group 2
!
! G49 is my ISL trunk to the 3548XL stack, thus all the sub-interfaces
!
interface GigabitEthernet49
no ip address
no ip directed-broadcast
!
interface GigabitEthernet49.1
encapsulation isl 1
no ip redirects
no ip directed-broadcast
bridge-group 1
!
interface GigabitEthernet49.2
encapsulation isl 2
no ip redirects
no ip directed-broadcast
bridge-group 2
!
interface GigabitEthernet49.10
encapsulation isl 10
no ip redirects
no ip directed-broadcast
bridge-group 10
!
interface GigabitEthernet49.20
encapsulation isl 20
no ip redirects
no ip directed-broadcast
bridge-group 20
!
interface GigabitEthernet49.30
encapsulation isl 30
no ip redirects
no ip directed-broadcast
bridge-group 30
!
interface GigabitEthernet49.40
encapsulation isl 40
no ip redirects
no ip directed-broadcast
bridge-group 40
!
interface GigabitEthernet49.50
encapsulation isl 50
no ip redirects
no ip directed-broadcast
bridge-group 50
!
interface GigabitEthernet49.60
encapsulation isl 60
no ip redirects
no ip directed-broadcast
bridge-group 60
!
interface GigabitEthernet49.70
encapsulation isl 70
no ip redirects
no ip directed-broadcast
bridge-group 70
!
interface GigabitEthernet49.80
encapsulation isl 80
no ip redirects
no ip directed-broadcast
bridge-group 80
!
! G50 doesn't run to anything
!
interface GigabitEthernet50
no ip address
no ip directed-broadcast
shutdown
!
! And of course, a BVI for each VLAN which I use as the default gateway
of the end-stations
!
interface BVI1
ip address 10.10.10.1 255.255.255.0
no ip directed-broadcast
!
interface BVI2
ip address 192.168.0.1 255.255.255.0
no ip directed-broadcast
!
interface BVI10
ip address 192.168.1.254 255.255.255.0
ip access-group 100 in
ip helper-address 192.168.0.101
no ip directed-broadcast
!
interface BVI20
ip address 192.168.2.254 255.255.255.0
ip access-group 100 in
ip helper-address 192.168.0.101
no ip directed-broadcast
!
interface BVI30
ip address 192.168.3.254 255.255.255.0
ip access-group 100 in
ip helper-address 192.168.0.101
no ip directed-broadcast
!
interface BVI40
ip address 192.168.4.254 255.255.255.0
ip access-group 100 in
ip helper-address 192.168.0.101
no ip directed-broadcast
!
interface BVI50
ip address 192.168.5.254 255.255.255.0
ip access-group 100 in
ip helper-address 192.168.0.101
no ip directed-broadcast
!
interface BVI60
ip address 192.168.6.254 255.255.255.0
ip access-group 100 in
ip helper-address 192.168.0.101
no ip directed-broadcast
!
interface BVI70
ip address 192.168.7.254 255.255.255.0
ip access-group 100 in
ip helper-address 192.168.0.101
no ip directed-broadcast
!
interface BVI80
ip address 192.168.8.254 255.255.255.0
ip access-group 100 in
ip helper-address 192.168.0.101
no ip directed-broadcast
!
! OSPF makes sure the 3620 will know the way home
!
router ospf 100
network 10.10.10.0 0.0.0.255 area 0
network 192.168.0.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 0
network 192.168.5.0 0.0.0.255 area 0
network 192.168.6.0 0.0.0.255 area 0
network 192.168.7.0 0.0.0.255 area 0
network 192.168.8.0 0.0.0.255 area 0
!
ip classless
! My static route for internet access
ip route 0.0.0.0 0.0.0.0 192.168.0.2
ip http server
!
! None of the other networks need to reach the management VLAN
! So I have blocked them with AL 100
!
access-list 100 deny ip any 10.10.10.0 0.0.0.255
access-list 100 permit ip any any
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
bridge 10 protocol ieee
bridge 10 route ip
bridge 20 protocol ieee
bridge 20 route ip
bridge 30 protocol ieee
bridge 30 route ip
bridge 40 protocol ieee
bridge 40 route ip
bridge 50 protocol ieee
bridge 50 route ip
bridge 60 protocol ieee
bridge 60 route ip
bridge 70 protocol ieee
bridge 70 route ip
bridge 80 protocol ieee
bridge 80 route ip
!
line con 0
exec-timeout 0 0
password *removed*
login
transport input none
line aux 0
line vty 0 4
password *removed*
login
!
end
And the config for the 3620:
------------------------------------------------------
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname C3620
!
logging rate-limit console 10 except errors
enable password *removed*
!
ip subnet-zero
!
!
no ip finger
no ip domain-lookup
!
ip audit notify log
ip audit po max-events 100
no ip dhcp-client network-discovery
!
call rsvp-sync
!
! E0/0 is not currently in use
!
interface Ethernet0/0
shutdown
half-duplex
!
! My internet connection (Point-to-point frame relay T1, 1.544 100%CIR)
!
interface Serial0/0
no ip address
encapsulation frame-relay
service-module t1 remote-alarm-enable
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
description connected to Internet
ip address 10.27.7.194 255.255.255.252
ip nat outside
frame-relay interface-dlci 101 IETF
!
! Here's my ISL trunk to the 2948G-L3, I left this an ISL trunk because
I didn't want
! the other networks accessing the 10.10.10.0/24 network, but wanted an
IP
! accessable by both.
!
interface FastEthernet1/0
description connected to Private Network
no ip address
duplex auto
speed auto
!
! This is the interface I use for management
!
interface FastEthernet1/0.1
encapsulation isl 1
ip address 10.10.10.6 255.255.255.0
no ip redirects
ip nat inside
!
! This is the interface the 2948G-L3 uses as the default route for my
internet traffic.
!
interface FastEthernet1/0.2
encapsulation isl 2
ip address 192.168.0.2 255.255.255.0
ip nat inside
!
router ospf 100
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
network 192.168.0.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 0
network 192.168.5.0 0.0.0.255 area 0
network 192.168.6.0 0.0.0.255 area 0
network 192.168.7.0 0.0.0.255 area 0
network 192.168.8.0 0.0.0.255 area 0
!
ip kerberos source-interface any
ip nat pool C3620-natpool-8191 66.35.166.233 66.35.166.238 netmask
255.255.255.248
ip nat inside source list 1 pool C3620-natpool-8191 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0.1
no ip http server
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.6.0 0.0.0.255
access-list 1 permit 192.168.7.0 0.0.0.255
access-list 1 permit 192.168.8.0 0.0.0.255
access-list 106 deny ip any 10.10.10.0 0.0.0.255
access-list 106 permit ip any any
!
dial-peer cor custom
!
line con 0
exec-timeout 0 0
password *removed*
login
transport input none
line aux 0
line vty 0 4
password *removed*
login
!
end
And just in case, I'll throw in the config for the first 3548XL
------------------------------------------------------
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname C3548XLA
!
enable password *removed*
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
switchport access vlan 10
spanning-tree portfast
!
! ... Ports F0/1 - F0/48 are usually split in half on these switched
providing
! 24 ports each to two VLANs. The eight 192.168.x.0/24 networks are
! spread evenly this way accross the four switches.
!
interface FastEthernet0/48
switchport access vlan 20
spanning-tree portfast
!
! Standard Gbic 1000Mbit interface ISL trunk to the 2948G-L3
!
interface GigabitEthernet0/1
switchport mode trunk
!
! Cisco GigaStack 1000Mbit interface ISL trunk to the next 3548XL
!
interface GigabitEthernet0/2
switchport mode trunk
!
interface VLAN1
ip address 10.10.10.7 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.10.10.6
!
line con 0
exec-timeout 0 0
password *removed*
login
transport input none
stopbits 1
line vty 0 4
password *removed*
login
line vty 5 15
password *removed*
login
!
end
------------------------------------------------------
Anyhow, maybe one of the gurus in the group can look at this and spot my
problem right off, or I'll keep you guys updated as I continue
researching it.
Thanks,
Don Pezet
Enterprise Technology Solutions
[EMAIL PROTECTED]
(352) 248-1010
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51161&t=51161
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
