Solved

Help in connecting 3COM and Cisco switches

Posted on 2008-06-19
13
2,787 Views
Last Modified: 2012-06-21
We have a small network here at a plant. In the office there is a Catalyst 3750 switch and that in turn is connected to a 3COM 2426 Baseline Switch (3C16491) out in the plant. There are 3 other 3COM switches in the plant connected to the "main" 3COM switch that connects back to the office.

We are getting some poor performance on this network. There are also 3COM 3102 IP Phones (3C10402B) that everyone has in the company. Ping times from my machine in the office to the 3COM "main" switch range from 5ms to 700ms. Physically the switch is about 100ft from me so the ping time shouldn't be that high. The ping times will be low for a few seconds and then spike for a few seconds and just keep repeating this pattern. I did not setup this network, so I'm just now starting to take a look at what is really going on. There are only around 50 pc's total and same with the IP phones, so this network should really be moving fast.

My question is the following:

1. In the plant with the 4 3COM devices (3 are in different parts of the plant and connect back to the one "main" 3COM switch that connects via fiber back to the office), what should the ports be set to? Should I have link aggregation turned on the "main" switch in the port that each connects to?

2. Should I turn on link aggregation for the fiber port on the "main" plant 3COM switch back to the Cisco 3750 in the office? And what should be my port settings on the port of the 3750 that connects back to the 3COM?

From reading the manuals of each switch, I cannot explicitly set the speed and duplex. The 3COM is hardcoded to be 1000/auto (it negotiates to 1000/full) and the 3750 is coded to auto/auto (it negotiates to 1000/full). There is no spanning tree or switchport configured on the 3750.

I'm kind of at a loss as to what could be causing the ping times to just cycle like that and then to hear from people in the plant that things are just terribly slow all the time. Like I said, I'm new here and trying to see what's up with this network. The equipment here seems to be good and with the amount of users they have, it should be a fast network in my opinion.

Thanks for your help!
0
Comment
Question by:kruskovac
  • 7
  • 6
13 Comments
 
LVL 11

Expert Comment

by:TreyH
Comment Utility
I would first do a little packet sniffing just to see what is causing the high latency on the network. Half the time it's usually someone's pc infected with a virus/spyware. A decent protocol analyzer to use would be Wireshark:
http://www.wireshark.org/
 You'll need a dumb 'hub' (not a switch) or set a free port on the Cisco to 'mirror'. In a switched environment you will not see all the packets unless they are multi/broadcast or destined for that MAC address of the pc you are using to sniff with. The best place to start would be to put a non-switching hub before the internet gateway router if you have one.
0
 

Author Comment

by:kruskovac
Comment Utility
I've setup a SPAN port on the Cisco 3750 (port 15) to capture the information from the port that goes out to the plant (port 25). How do I setup Wireshark to now just look at port 15 on the Cisco 3750 from my machine?
0
 
LVL 11

Expert Comment

by:TreyH
Comment Utility
 Plug a pc running wireshark into your span port (15). If you've never used it before, you might google some faqs and forums about it and just play around with it. The FAQ on wireshark.org is a good place to start.
   After you get the hang of wireshark, I would just look for a large amount of traffic to/from any particular pc's on your network; especially a large amount of traffic from any pc out to your internet gateway. Isolate any suspect machines and see if the network is any better. If so, scan and put those machines back on-line one at a time, checking network performance as you go. You could also have a bad nic somewhere flooding the switches.
 
0
 

Author Comment

by:kruskovac
Comment Utility
Is there a way to do the port sniffing if I'm not plugged into the port physically? Say, I want to sniff different monitored ports on different switches throughout the network. Can I do that with Wireshark? Something like: I want to capture from my NIC to the physical switchport 24 on a switch in the plant even though my NIC is on a totally different switch in the office?
0
 

Author Comment

by:kruskovac
Comment Utility
If this helps, here's the config's of each of the ports on the 2 switches. What I'm wondering is really if some type of trunking needs to be done on one or the other or both?

3COM 2426 Baseline PWR Plus:
Following is in the Port>Administration section
Port State: Enabled
Flow Control: Disabled
Speed: 1000
Duplex: Full
Link Type: Hybrid
PVID: 1
Following is in the Port>Link Aggregation section
Nothing setup
Following is in the Port>Spanning Tree per Port section:
Status: Enabled
Edged Port: Disabled
Link Type: Auto[Point-to-Point]
Path Cost: 10000
State: Forwarding
Port Priority: 128 (the other ports are set to this as well, but this has a lower path cost than the others)

Cisco 3750 Model WS-C3750G-24TS:
This is from a "sho run":
The only thing set is the description of "Fiber to Plant"

The strange thing is that I don't see many errors on the Cisco side, but we still have that weird ping cycle going on and things seem to be slow. Like yesterday, the network between the plant and the office effectively just went down and was unusable. That's why I'm wondering if there needs to be some tweaking done on the ports for each of the switches and if the 3COM phones need to have their own VLAN.
0
 
LVL 11

Expert Comment

by:TreyH
Comment Utility
<< Is there a way to do the port sniffing if I'm not plugged into the port physically?>>
Not to my knowledge. The wireshark machine must be plugged into the span port. You have to start looking into network TAP devices to do something like that.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 11

Expert Comment

by:TreyH
Comment Utility
You've basically got the switches 'cascaded' (no trunk). With just one VLAN that would work ok. I'd sniff a few packets first and see what's flying down the wires before you make any layer changes.
0
 

Author Comment

by:kruskovac
Comment Utility
Will do. Thanks for the info Trey. I'm going to work on it some this weekend and will give an update after that.
0
 

Author Comment

by:kruskovac
Comment Utility
Ok. Well, me and the guys who work for me came in yesterday (Sunday) and worked on the switches.

Here's what we did:
1. In the shop on the "main" switch that connects back to the office, we left one pc connected to the switch and physically unplugged every other port.
2. Pinged the switch and were still getting the strange cycle of a few millisecond return and then spiking into the 600-700 range and then back down. (It does this cycle ad nauseum every 8 seconds or so).
3. We decided to do the same test taking the IP phone out of the equation and got the same thing.
4. Tried the ping test again setting the card and port to auto/auto and 100/full on both sides but still the same thing.
5. Updated the NIC card drivers, same results (and tried the auto/auto and 100/full with same results).
6. Looked at some switch settings for the 3Com 2426 and turned off spanning tree. Same results.
7. Went ahead and updated the switch software and then we started seeing something different. Instead of the 8 second cycle it was now a roughly 2 second cycle and the spike now goes to in the 100's. So it'll go from a couple ms and then spike to around 120ms. Again with the constant cycle.

What's strange is that if I ping the Cisco 3750 from the shop (or any pc for that matter) I get a response time of <1ms. Great. What it should be. But, if I ping any of the (7) 3Com 2426 switches I get the exact same resultant ping cycle. Really strange. I got the same 8 second ping cycle on each until I updated each of the switches software and now I consistently get the small ping cycle on each 3Com switch.

I'm puzzled at this point. It doesn't matter from what pc I ping from, whether I'm running the pc's connection straight to a switch or through an IP phone, or anything else for that matter. There's got to be some setting on the 3Com that I'm missing. Do you think at this point that I need to start doing link aggregation on the 3Com's?
0
 
LVL 11

Accepted Solution

by:
TreyH earned 500 total points
Comment Utility
For troubleshooting the 3coms, you probably want to ping another pc attached to it instead of the switch itself. I'm sure the priority for the processor on the 3Com is not answering igmp ping request so it might not give a true time.  Instead, when you have the switch isolated, hook up only 2 pc's that you know are clean. Ports should be auto/auto. Do a file transfer between the two pc's and check performance. Ping between the two pc's and check the ping times and if they fluctuate. Here's a link to a  little program I use to check bandwidth between 2 pc's (Aida32):

http://www.majorgeeks.com/download181.html

If file transfer between 2 benchmarked pc's (with nothing else attached to the switch, not even another switch) is poor, then you probably have a switch problem.

<<What's strange is that if I ping the Cisco 3750 from the shop (or any pc for that matter) I get a response time of <1ms>>
The 3750 you have is a higher end switch than the 3Coms and has a faster processor which might be why it returns a decent ping time. It also indicates that the ping time is ok through the 3com. (if you were connected to the 3Com when you pinged the Cisco.

<<Do you think at this point that I need to start doing link aggregation on the 3Com's?>>
Have you done any packet sniffing to see if you have a pc or device that is hosing the network? Link aggregation simply groups ports together to create a higher bandwidth pipe between the switches. It requires 2 or more wires between the switches.

Do you have any users tranferring large files back and forth?





0
 
LVL 11

Expert Comment

by:TreyH
Comment Utility
(1) Are the pc's running any virus/spyware protection?
(2) Do the pc's all have internet access?
0
 

Author Comment

by:kruskovac
Comment Utility
Hello again. I have an update after having some time to do some more testing. I was able to finally get one of the 3Com switches cleared of all users so I now have one just for testing and backup purposes. I went ahead and dowloaded aida and iperf and did the testing with just 2 pc's attached to the 3Com.

I got roughly a 10-11Mbps throughput between the pc's. I got the same results when switching the pc's from master>slave and slave>master. Those times are based on each NIC set to auto and the switch ports set to auto. I also hardcoded the NICs and the switchports to 100/full and got the same results. I did the same with the pc's while hooked up to the Cisco 3750.

What has me wondering as well is if I'm hardcoded to 100/full or auto-negotiated to 100/full why doesn't the throughput come anywhere near that? Also, while plugged into the Cisco, each pc auto-negotiated to 1000/full, but the throughput time was only in the low 40Mbps range.

To answer a couple of the other questions, I don't really see users passing large files across the network (consistently at any rate), most pc's do have Internet access (some are shut off because of people using it too much), and all have CA's eTrust Antivirus running (not the anti-spyware).

I guess I'm satisfied after doing more tests and looking up on the Internet, that the 3Com switch is just underpowered as far as ping results. Does that lead to the lower throughput? For instance, if I were to have all Cisco 3750's, would I get the 100Mbps throughput then from all pc's? Wait! I just looked at the output results again and noticed that they are in Mega bytes per second and Kilo bytes per second--and everything else is rated in bits. Well, then I should be okay then as far as the throughput is concerned?
0
 

Author Closing Comment

by:kruskovac
Comment Utility
Trey, thanks for your help and input on this. It steered me in the right direction.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

If you’re like me and you like peace and quiet, saving money, and pretty lights, then this article is for you. For financial reasons, I buy all the Cisco equipment for my home lab second-hand. The first thing to wear out is usually one of the coo…
Do you have a computer or other electronic gear that is attached to a rat nest of cables, or alternatively have your cables all bundled nice at neat?  If so then read this post to sidstep common pitfalls. When I was a student at DeVry University,…
This video discusses moving either the default database or any database to a new volume.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now