Slow Throughput - Cisco 3850

EE Folks:

I have just set up a fresh install of two Cisco 3850's. My client the following:

1 - Sonicwall NSA220
2 - Cisco 3850's (linked in the back of the switch)

Internet is 100 Mb down / 100 Mb up fiber

When I run a speed test from my Mac Book Pro (15" - 2013 Model Retina) through the switch connected via Thunderbolt -> Ethernet adapter - I get about 6Mb down and about 8Mb up.

When I unplug my cable and plug in directly to the sonicwall, I get about 98Mp down / 96Mb up.

So I plugged back in to the Cisco ad do another speed test, same server, same everything and then it goes back to 6Mb (or so) down and 8Mb up (or so).

So I am lost, can someone direct me where or what needs to change on the Cisco since clearly the Cisco is limiting throughput for some reason. Also, I have checked counters, no collisions, packet loss, etc. Everything is 100%

I have set speed/duplex to auto/auto, 100/auto, 100/full both for my Mac and the Sonicwall. Regardless, when I bypass the Cisco, I get throttled.

I have another client wither two Cisco 3750's and a Sonicwall NSA3500 and they get the full bandwidth and I have compared config's and everything matches (regarding the internet).

Please help, thanks.
JustinBMakAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zephyr ICTCloud ArchitectCommented:
Are you connected on the same switch as where the firewall is connected or the second one in the stack?
0
JustinBMakAuthor Commented:
Yes.

My Mac is plugged in to

int gi 2/0/16

The Sonicwall is plugged in to:

int gi 2/0/25
0
Zephyr ICTCloud ArchitectCommented:
interesting ... Did you try setting port and laptop on fixed 100mb? Also, what "server" are you using?
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

JustinBMakAuthor Commented:
Yes, tried that port/duplex text.

I've tried using Softlayer (via speedtest.net) for both on and off the Cisco 3850. That's where I get the 98/96 w/o the Cisco 3850 and then the 6/8 through the switch

Also tried TWC's speedtest (since the fiber is through twcbc) and I get the same

Speed-test through Cisco
0
Zephyr ICTCloud ArchitectCommented:
could you provide a show interface of both? I'm sure you've checked it all, but a third eye can't hurt :)
0
JustinBMakAuthor Commented:
Yea, of course:

My Mac Pro

TS-3850-Core#sho int gi 2/0/14
GigabitEthernet2/0/14 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 6899.cdf8.1a0e (bia 6899.cdf8.1a0e)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 7000 bits/sec, 6 packets/sec
  5 minute output rate 9000 bits/sec, 9 packets/sec
     5887 packets input, 705011 bytes, 0 no buffer
     Received 718 broadcasts (552 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 552 multicast, 0 pause input
     0 input packets with dribble condition detected
     14936 packets output, 1932805 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out
TS-3850-Core#



The Sonicwall:

TS-3850-Core#sho int gi 2/0/25
GigabitEthernet2/0/25 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 6899.cdf8.1a19 (bia 6899.cdf8.1a19)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 73000 bits/sec, 94 packets/sec
  5 minute output rate 61000 bits/sec, 78 packets/sec
     511235 packets input, 193957472 bytes, 0 no buffer
     Received 4 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     384367 packets output, 60423301 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out
0
Zephyr ICTCloud ArchitectCommented:
Hmmm, seems ok indeed ...

Are both machines in the same VLAN? Probably, but need to go over the possibilities... I see they are 1Gb ports
0
JustinBMakAuthor Commented:
Vlans? Technically - no

Because I want the Cisco 3850 to be my default GW and not the sonicwall.

There is a vlan (VLAN75) for Internet w/ a ip of 10.143.75.254

VLAN75 Config:

ip address 10.143.75.0 255.255.255.0


Then there a route on the Cisco 3850

ip route 0.0.0.0 0.0.0.0 10.143.70.1 (10.143.70.1 is the ip of the SW)

I wasn't expecting to run in to so many problems on this conversion. Obviously you can only test so much stuff but I've been on this conversion now for 16 hours (that including moving servers from one rack to the other).


If there is a better way to set up the sonicwall, I'm all ears. But the way I just previously mentioned is set up exactly the same way over at another site w/o issues.
0
Zephyr ICTCloud ArchitectCommented:
Do you know the software version of the switches? I know of a bug in inter VLAN routing slowing down traffic, but this was a while ago, so if you upgraded the software it's probably not the case.

Might try to see if it helps putting the Mac into the same VLAN as the firewall ... If you haven't done this yet.
0
JustinBMakAuthor Commented:
TS-3850-Core#sho ver
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version
03.02.03.SE RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Mon 23-Sep-13 18:24 by prod_rel_team


Will try that next (same vlan)
0
Zephyr ICTCloud ArchitectCommented:
I think the bug was in IOS 03.02.02.SE so normally you should be ok I think ...
0
JustinBMakAuthor Commented:
-Spravtek:

Thanks, but I don't think the bug (if it was 03.02.02 SE) was fixed in 03.02.03.SE. I just put my self on the same VLAN as the Sonicwall and did another speed test and I get full bandwidth through the Cisco 3850

So the "bug" must still be around in 03.02.03.SE with inter-vlan routing mechanism. Do you agree?
0
Zephyr ICTCloud ArchitectCommented:
Yep, seems to be, strange ... Would've thought it would be fixed by now.
I don't have access to the Cisco archives right now... You could check if there's a newer version.

The only other part might be the config ... I'll go over your comments again to see if I missed something, might be tomorrow though, getting late here :)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JustinBMakAuthor Commented:
Just to let you know, the IOS is for general download w/o a tac membership.

I have not tftp over yet and installed it, but will keep you posted. Still working on getting a tac just for that "just in case"  moment if you know what I mean.

Will keep you posted once I get it installed. Today, I moved all my users back to the old HP 5u switch until I (we) get the inter-routing issue resolved.

But like I said, I will keep you posted. Thanks again for the "thought".
0
Zephyr ICTCloud ArchitectCommented:
Hi,

No worries, take your time, will be interesting to know if it helps/solves your issues ... One to take with me to certain clients.
0
JustinBMakAuthor Commented:
-Spravtek:

So I have downloaded, tftp and installed:

cat3k_caa-universalk9.SPA.03.03.05.SE.150-1.EZ5.bin

from Cisco's website. Extracted it and installed, did a reload and the switch came up fine.

The ONLY con, was Ports gi 1/0/1-6 at their lights on the front turned on (nothing connected) and solid. I plug in a machine to each port, and then unplugged it and the lights went off. Other than that, the IOS upgrade went smoothly as expected.

Hooked back up the internet (had to take the switch out of production), and ran a speed test and I got almost the full bandwidth (during the day with others sharing the same 100mb fiber). So, so far the test went well since before I was lucky if I got 7Mb (both up and down) before.

My next text is copying a file over from one machine to another (on a different vlan) to see if I get it transferred FASTER than 170k. lol

Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.