Solved

SG300-10 10-Port Gigabit Managed Switch packet loss and reduced bandwidth, layer 2

Posted on 2016-10-18
12
43 Views
Last Modified: 2016-11-21
Hi,


We use SG300 to deliver internet layer 2 connections for our customers but have discovered a problem.
It occour when there is more than 1 customer connected to the SG300, each on separate lan ports and separate vlans
Each port is configured with the customers speed by shaping bw per port.
Lets say the customer on port 1 has 11Mbit shaped speed, and the customer on port 2 has 12Mbit shaped.
Uplink is gigabit.

When one of the customers, lets say on port 1 uses more then the bandwith shaped on port then i get packet loss to the management ip of the SG300, and the customer on port 2 is suffering from very slow internet and packet loss too.

Anyone have a solution to this?
sg300.docx
0
Comment
Question by:TAFJORDMIMER
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
What is the overall network topology around this switch?
1
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
Can you show the CPU stats from the switch while the problem is occurring?
1
 

Author Comment

by:TAFJORDMIMER
Comment Utility
cpu stats are normal
we notice packet drops only when one of the customer uses more than their bandwith limit.
Lets say the customer on lan port 1 with 11Mbit bw shaping uses 14Mbit then we notice paket drop against the management vlan 4 ip address to the svitsj, and the customer on port 2 is affected also with slow internett and web pages loading slow.
network.png
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 125 total points (awarded by participants)
Comment Utility
I don't think that switch is up to it if I'm honest.

As a test, if you configure both ports to be 10/half, then ask each customer to max their link, does it do the same?
0
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 250 total points (awarded by participants)
Comment Utility
Have you tried increasing the burst size?
https://supportforums.cisco.com/discussion/11792586/cisco-sg300-vlan-rate-limit

More information how rate limit can cause dropped packets
http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html

Personally I've had much better success with multitenant sharing internet config a in a firewall, with specific experience with sonicwall.
1
 
LVL 20

Assisted Solution

by:masnrock
masnrock earned 125 total points (awarded by participants)
Comment Utility
I've had similar experience to Aaron in that regard. Either get a better switch, or move the duties to the firewall.

I've used SG300-10 units for Layer 3 duties, but it was only for one organization. Works alright, but nothing impressive. Took some work to get it working right. The bandwidth controls did not really seem to work the way that they should, so I gave up on it. I had initially configured everything right, didn't work. Had to blow out everything, upgrade the firmware, then configure all over again (using backup and restore did not work, as it left me with the same issue).

I've also used one for Layer 2 duties from an ISP connection, been a mixed bag. Definitely took some work to get it working correctly. I had to deal with the ISP (Cox in that instance) because somehow a public IP was getting associated with it, even though the switch had a static local IP, and they had to grant the use of an extra IP.

But I would also ask if you updated the switch to the latest firmware. I have had issues with all sorts of functions within the SG300-10 switch itself that forced me to reset the switch to factory settings, update the firmware, then configure again. That was literally the only way that some things ended up working correctly. (Updating the firmware before the reset to factory is fine as well, but don't expect to be able to have the firmware upgrade along fix issues)
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:TAFJORDMIMER
Comment Utility
Thanks for your answer.
We have aproximately 2000 units of  SG300 in our isp network for our company cutomers and never had issues except this bandwith problem.
I dont understand why high traffic up to the bandwith limit set on one lan port should affect the other lan port.

I found a setting on the system summary menu and click on lan port where the settings to open port are. Its called protected port enable setting. I dont know if that should be on or off.
0
 

Author Comment

by:TAFJORDMIMER
Comment Utility
We have tryed firmware and boot code upgrade but it have no effect on this problem
0
 
LVL 20

Expert Comment

by:masnrock
Comment Utility
Did you reset the switch to factory settings, then configure it again from scratch after the upgrades? Like I had mentioned, you have to do it that way to notice any benefit from the upgrades.
0
 

Author Comment

by:TAFJORDMIMER
Comment Utility
No, we havent tried reset, but will try that too in a while to see if it helps
thanks again
0
 

Author Comment

by:TAFJORDMIMER
Comment Utility
I have discovered one or two more things to try.
One is Enable "TCP Congestion Avoidance" under Quality of Service Menu

The other is mentioned before and is a setting direct on port setting and is called Enable "Protected Port"

Hopefully this will solve it but i dont know yet since i have little deep info about what those settings really do on layer 2.
0
 
LVL 20

Expert Comment

by:masnrock
Comment Utility
Advised that switch is not up to the job
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
If you’re like me and you like peace and quiet, saving money, and pretty lights, then this article is for you. For financial reasons, I buy all the Cisco equipment for my home lab second-hand. The first thing to wear out is usually one of the coo…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now