VLAN SLOWNESS

VLAN Slowness




Hello Everyone,

 
I have issues with slowness when it comes to VLANS and switching.

 
 
I have a Core 3560 Switches that takes care of vlan and set as layer 3 switch\router

 
Fiber Trunk  with encap dot1q

 
I have a Remote 3560 Switch that has VLAN 171 on the remote locations ports.  This is a 10/100 Switch

 
¿When I try to ping  From a pc that is attached to the switch, I do not drop packets but it is a slow ms ping times and we are having issues with database being slow.  I have checked the PC plus checked for updates for the computer.   But we still have the issue on all computers that are within the VLAN.

 
Here are the ping times that we were able to get from the Dell Comptuer

 
¿Reply from 192.168.XX.254 bytes=32 time=497ms TTL=64

Reply from 192.168.XX.254 bytes=32 time=387ms TTL=64

Reply from 192.168.XX.254 bytes=32 time=232ms TTL=64

Reply from 192.168.XX.254 bytes=32 time=674ms TTL=64

Reply from 192.168.XX.254 bytes=32 time=419ms TTL=64

Reply from 192.168.XX.254 bytes=32 time=35ms TTL=64

Reply from 192.168.XX.254 bytes=32 time=542ms TTL=64

 
This is a contants times between these switches and still have same issues.
ftgasAsked:
Who is Participating?
 
Netman66Connect With a Mentor Commented:
Inter-vlan routing is as simple as just using the ip route command on the core.  Unless you want to "steer" traffic, all routes will get learned and don't explicitly need to be set (on a simple network).
0
 
Netman66Commented:
Could be a number of reasons.

Can you post the config for both switches?
0
 
ftgasAuthor Commented:
CORE LOCATION

no aaa new-model
clock timezone UTC -5
vtp interface lo1
ip subnet-zero
ip routing
!
no file verify auto
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/27
 description LINK TO REMOTE OFFICE
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan171
 description REMOTE OFFICE
 ip address 192.168.XX.254 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 G.G.G.254
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
ftgasAuthor Commented:
REMOTE SWITCH

no aaa new-model
clock timezone UTC -5
ip subnet-zero
ip routing
no ip domain-lookup
!
no file verify auto
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet0/1
 description LINK TO CORE SWITCH
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/1
 switchport access vlan 171
!
interface FastEthernet0/2
 switchport access vlan 171
!
interface FastEthernet0/3
 switchport access vlan 171
!
interface FastEthernet0/4
 switchport access vlan 171

interface Vlan1
 no ip address
 shutdown
!
interface Vlan171
 description Default Route to CORE SWITCH
 ip address 192.168.XX.253 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.XX.254
ip http server
0
 
Netman66Commented:
For both switches on the trunk interface, you need to allow the vlan.

Switchport trunk allowed add vlan 171.
0
 
Netman66Commented:
You might also want to consider the following:

Making the core switch a vtp server:
vtp mode server

Making all other switches vtp clients:
vtp mode client

Creating a vtp domain:
vtp domain {make something up} <= needs to be on all switches to participate.

Changing the vtp interface to vlan1.  I see you aren't using vlan1 though, so just remove vlan interface l01.

When making the core a vtp server and the other switches vtp clients, then all you need to do is create the vlan on the core and it is available to all client switches automagically.

You also do not need a vlan interface on remote switches if all is setup correctly.  Dot1q tagging and vtp take care of sending it to the core.  Nor do you need routing unless you want layer3 at the access layer.  Layer2 will work fine.
0
 
Netman66Commented:
Also, can you post a result for this:

sho ip int bri
0
 
ftgasAuthor Commented:
CORE SWITCH


Vlan171                192.168.71.254  YES manual up                    up
GigabitEthernet0/27    unassigned      YES unset  up                    up

REMOTE SWITCH

Vlan171                192.168.71.253  YES manual up                    up
FastEthernet0/1        unassigned      YES unset  up                    up
FastEthernet0/2        unassigned      YES unset  up                    up
FastEthernet0/3        unassigned      YES unset  up                    up
FastEthernet0/4        unassigned      YES unset  up                    up
FastEthernet0/5        unassigned      YES unset  up                    up
FastEthernet0/6        unassigned      YES unset  up                    up
GigabitEthernet0/1     unassigned      YES unset  up                    up
0
 
Netman66Commented:
So you have the vtp interface as loopback1 but do not have it defined as an interface.

If you remove the vtp interface statement, then the lowest vlan ID should become the local updater address.

If you don't need layer 3 routing at the access layer, then you can remove the routing and the layer 3 vlan interface and let layer 2 do the work.
0
 
ftgasAuthor Commented:
show vtp status on CORE

VTP Version                     : 2
Configuration Revision          : 52
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 25
VTP Operating Mode              : Server
VTP Domain Name                 : testnetwork
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xD8 0x84 0xF1 0x73 0x7E 0xAC 0x8F 0x38


Show VTP STATUS on REMOTE SWITCH

VTP Version                     : 2
Configuration Revision          : 52
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 25
VTP Operating Mode              : Client
VTP Domain Name                 : testnetwork
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xD8 0x84 0xF1 0x73 0x7E 0xAC 0x8F 0x38
0
 
Netman66Commented:
ok, that's fine.  Did you add vlan to trunk?
0
 
ftgasAuthor Commented:
yes
0
 
ftgasAuthor Commented:
Can I have routing on the Main switch but not on the remote switch.
0
 
Netman66Commented:
See, you have layer 3 and layer 2 configured on the remote switch.

I would remove the routing stuff and work with layer 2 unless you need layer 3 at the access switch.

Since I don't know the entire core config, I'm not sure where you go with you wan stuff or how you're routing there.
0
 
Netman66Commented:
yes to your routing q.
0
 
ftgasAuthor Commented:
This is what I am getting from a PC on the remote switch pinging 192.168.71.254 which is the ip on the core switch.

Pinging 192.168.71.254 with 32 bytes of data:
Reply from 192.168.71.254: bytes=32 time=35ms TTL=255
Reply from 192.168.71.254: bytes=32 time=249ms TTL=255
Reply from 192.168.71.254: bytes=32 time=452ms TTL=255
Reply from 192.168.71.254: bytes=32 time=2ms TTL=255
Reply from 192.168.71.254: bytes=32 time=265ms TTL=255
Reply from 192.168.71.254: bytes=32 time=468ms TTL=255
Reply from 192.168.71.254: bytes=32 time=62ms TTL=255
Reply from 192.168.71.254: bytes=32 time=265ms TTL=255
Reply from 192.168.71.254: bytes=32 time=468ms TTL=255
Reply from 192.168.71.254: bytes=32 time=62ms TTL=255
Reply from 192.168.71.254: bytes=32 time=265ms TTL=255
Reply from 192.168.71.254: bytes=32 time=467ms TTL=255
Reply from 192.168.71.254: bytes=32 time=62ms TTL=255
0
 
Netman66Commented:
Getting better, but still not good.

Can you repost the configs now?

If you want anonymity, then send them to my alias here at gmail.
0
 
AkinsdNetwork AdministratorCommented:
Confirm that IP CEF is running, if not turn it on.

Also, confirm if QoS is configured, if not, configure it. "Auto QoS" suffices in most cases
0
 
ftgasAuthor Commented:
netman I sent you an email
0
 
Netman66Commented:
Haven't seen it arrive.
0
 
ftgasAuthor Commented:
netman66@gmail.com correct
0
 
ftgasAuthor Commented:
sent from another email
0
 
AkinsdNetwork AdministratorCommented:
Did you confirm IP CEF and CoS, or you haven't had time to check it?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.