Michael
asked on
3750 Slow internet when using vlans
Hi Guys,
I am playing around in my lab making sure I can do what I need to do for a job I have coming up. I have a 3750 and a 1941 to play with and a bunch of ip phones. The practice was supposed to ensure I can configure the switch to assign correct VLAN to cisco phones and ensure that the data port on the back of the phone is assigned to the correct VLAN also. However that aside, I have found since configuring the data vlans and assigning my wifi access point to the vlan that the internet is flakey. I mean it works however some sites just don't, when I do a speedtest.net check, it takes forever to execute the ping test however then does the transfer which is fine. I have another Wi-Fi access point that is not vlanned or going through the 1941 however using the same internet gateway and it works flawlessly.
I have configured two VLANS on the switch, I have one switch port configured for trunking passing the two vlans through to the 1942 for gateway and also DHCP.
My 3750 config:
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname my01suj01sw01
!
enable secret 5
enable password
!
username root privilege 15 secret 5
aaa new-model
!
aaa session-id common
switch 2 provision ws-c3750-24p
system mtu routing 1500
vtp mode transparent
ip subnet-zero
ip domain-name rancho-relaxo.com
!
ip ssh time-out 60
ip ssh authentication-retries 5
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
!
vlan 100
name Data_Vlan
!
vlan 201
name DataVlan
!
vlan 202
name Voice_Vlan
!
vlan 221
!
vlan 300
name Wireless_Vlan
!
vlan 301
!
vlan 950
name Equant_admin
!
!
interface FastEthernet2/0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 201
switchport mode trunk
!
interface FastEthernet2/0/2
switchport access vlan 201
!
interface FastEthernet2/0/3
switchport access vlan 201
!
interface FastEthernet2/0/4
!
interface FastEthernet2/0/5
!
interface FastEthernet2/0/6
!
interface FastEthernet2/0/7
!
interface FastEthernet2/0/8
!
interface FastEthernet2/0/9
switchport access vlan 201
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 202
spanning-tree portfast
!
interface FastEthernet2/0/10
!
interface FastEthernet2/0/23
description trunk to 1941 router
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-255
switchport mode trunk
!
interface FastEthernet2/0/24
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
!
interface Vlan1
ip address 192.168.20.225 255.255.255.0
!
interface Vlan201
no ip address
!
interface Vlan202
ip address 192.168.30.254 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
!
interface Vlan202
ip address 192.168.30.254 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
!
radius-server source-ports 1645-1646
!
control-plane
!
!
My 1941 looks like this
Current configuration : 6151 bytes
!
! Last configuration change at 09:38:04 UTC Fri Jul 28 2017 by root
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname brannellykl01
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $xxxxx
enable password xxxxxx
!
aaa new-model
!
!
!
!
aaa session-id common
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
!
!
!
!
!
!
!
!
!
!
ip dhcp pool sdm-pool
import all
network 192.168.20.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.20.1
lease 0 2
ip dhcp pool voice
import all
network 192.168.30.0 255.255.255.0
dns-server 8.8.8.8
option 150 ip 192.168.30.10
default-router 192.168.30.1
lease 0 2
!
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip ddns update method no-ip
HTTP
add http://xxxxx:xxxxx@dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a>
interval maximum 0 0 1 0
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
crypto pki trustpoint my-trustpoint
enrollment selfsigned
serial-number
subject-name CN=brannellykl-certificate
revocation-check crl
rsakeypair my-rsa-keys
!
!
crypto pki certificate chain my-trustpoint
certificate self-signed 01
30820271 308201DA A0030201 02020101 300D0609 2A864886 F70D0101 05050030
54312030 1E060355 04031317 6272616E 6E656C6C 796B6C2D 63657274 69666963
61746531 30301206 03550405 130B4647 4C313733 30323046 59301A06 092A8648
86F70D01 0902160D 6272616E 6E656C6C 796B6C30 32301E17 0D313630 37313931
34333733 365A170D 32303031 30313030 30303030 5A305431 20301E06 03550403
13176272 616E6E65 6C6C796B 6C2D6365 72746966 69636174 65313030 12060355
5FB124BE DB6F38A7 42E1D055 D060C4ED D1352D24 2FD57DE8 EB9B6F74 08E4EC30
3CA823D3 E3104F5F CB9A4D71 63807E3C 2816E2B2 27B3BF3F 85ADFDD5 B98A9CB3
D2ACDEEC 4D2D11DD 02030100 01A35330 51300F06 03551D13 0101FF04 05300301
01FF301F 0603551D 23041830 16801414 20A2DE26 EBA3302B 13F84ADF 0E668965
48E0FD30 1D060355 1D0E0416 04141420 A2DE26EB A3302B13 F84ADF0E 66896548
E0FD300D 06092A86 4886F70D 01010505 00038181 00795809 DF15B571 9E24B20D
E50CD7AF 90C936F5 2EEE9435 4DB0DB96 29A97674 5DD6458F B5174F45 1EA468A9
E370D1A5 7EDC0C14 5828130B 4CE09096 DA82EFA6 4EF2F62D 3392078E E142FB22
8024E46F 1D9C5B49 AB07FC49 D6D7779B A4565B15 A2087D2F 6AC40DC3 DC3C4CD8
083F5A3F A6B1E386 4443B25F 22ECAE0F 3F5C8281 19
quit
license udi pid CISCO1941/K9 sn FGL173020FY
license boot module c1900 technology-package securityk9
!
!
username root privilege 15 secret 5 xxxxx
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/0.201
encapsulation dot1Q 201
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.202
encapsulation dot1Q 202
ip address 192.168.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
no ip address
no ip redirects
no ip unreachables
ip flow ingress
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer1
ip ddns update hostname xxxxx
ip ddns update no-ip
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxx
ppp pap sent-username xxxxx password 0 xxxx
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
!
ip dns server
ip nat inside source list 23 interface Dialer1 overload
ip nat inside source static tcp 192.168.20.205 32400 interface Dialer1 32400
ip nat inside source static tcp 192.168.20.211 80 interface Dialer1 81
ip nat inside source static tcp 192.168.20.212 80 interface Dialer1 82
ip nat inside source static tcp 192.168.20.32 80 interface Dialer1 80
ip nat inside source static tcp 192.168.20.199 21 interface Dialer1 1021
ip nat inside source static tcp 192.168.20.198 5061 interface Dialer1 5061
ip route 192.168.200.0 255.255.255.0 192.168.10.2
!
!
!
access-list 23 permit 192.168.20.0 0.0.0.255
!
!
!
!
!
!
end
I am playing around in my lab making sure I can do what I need to do for a job I have coming up. I have a 3750 and a 1941 to play with and a bunch of ip phones. The practice was supposed to ensure I can configure the switch to assign correct VLAN to cisco phones and ensure that the data port on the back of the phone is assigned to the correct VLAN also. However that aside, I have found since configuring the data vlans and assigning my wifi access point to the vlan that the internet is flakey. I mean it works however some sites just don't, when I do a speedtest.net check, it takes forever to execute the ping test however then does the transfer which is fine. I have another Wi-Fi access point that is not vlanned or going through the 1941 however using the same internet gateway and it works flawlessly.
I have configured two VLANS on the switch, I have one switch port configured for trunking passing the two vlans through to the 1942 for gateway and also DHCP.
My 3750 config:
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname my01suj01sw01
!
enable secret 5
enable password
!
username root privilege 15 secret 5
aaa new-model
!
aaa session-id common
switch 2 provision ws-c3750-24p
system mtu routing 1500
vtp mode transparent
ip subnet-zero
ip domain-name rancho-relaxo.com
!
ip ssh time-out 60
ip ssh authentication-retries 5
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
!
vlan 100
name Data_Vlan
!
vlan 201
name DataVlan
!
vlan 202
name Voice_Vlan
!
vlan 221
!
vlan 300
name Wireless_Vlan
!
vlan 301
!
vlan 950
name Equant_admin
!
!
interface FastEthernet2/0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 201
switchport mode trunk
!
interface FastEthernet2/0/2
switchport access vlan 201
!
interface FastEthernet2/0/3
switchport access vlan 201
!
interface FastEthernet2/0/4
!
interface FastEthernet2/0/5
!
interface FastEthernet2/0/6
!
interface FastEthernet2/0/7
!
interface FastEthernet2/0/8
!
interface FastEthernet2/0/9
switchport access vlan 201
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 202
spanning-tree portfast
!
interface FastEthernet2/0/10
!
interface FastEthernet2/0/23
description trunk to 1941 router
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-255
switchport mode trunk
!
interface FastEthernet2/0/24
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
!
interface Vlan1
ip address 192.168.20.225 255.255.255.0
!
interface Vlan201
no ip address
!
interface Vlan202
ip address 192.168.30.254 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
!
interface Vlan202
ip address 192.168.30.254 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
!
radius-server source-ports 1645-1646
!
control-plane
!
!
My 1941 looks like this
Current configuration : 6151 bytes
!
! Last configuration change at 09:38:04 UTC Fri Jul 28 2017 by root
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname brannellykl01
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $xxxxx
enable password xxxxxx
!
aaa new-model
!
!
!
!
aaa session-id common
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
!
!
!
!
!
!
!
!
!
!
ip dhcp pool sdm-pool
import all
network 192.168.20.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.20.1
lease 0 2
ip dhcp pool voice
import all
network 192.168.30.0 255.255.255.0
dns-server 8.8.8.8
option 150 ip 192.168.30.10
default-router 192.168.30.1
lease 0 2
!
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip ddns update method no-ip
HTTP
add http://xxxxx:xxxxx@dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a>
interval maximum 0 0 1 0
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
crypto pki trustpoint my-trustpoint
enrollment selfsigned
serial-number
subject-name CN=brannellykl-certificate
revocation-check crl
rsakeypair my-rsa-keys
!
!
crypto pki certificate chain my-trustpoint
certificate self-signed 01
30820271 308201DA A0030201 02020101 300D0609 2A864886 F70D0101 05050030
54312030 1E060355 04031317 6272616E 6E656C6C 796B6C2D 63657274 69666963
61746531 30301206 03550405 130B4647 4C313733 30323046 59301A06 092A8648
86F70D01 0902160D 6272616E 6E656C6C 796B6C30 32301E17 0D313630 37313931
34333733 365A170D 32303031 30313030 30303030 5A305431 20301E06 03550403
13176272 616E6E65 6C6C796B 6C2D6365 72746966 69636174 65313030 12060355
5FB124BE DB6F38A7 42E1D055 D060C4ED D1352D24 2FD57DE8 EB9B6F74 08E4EC30
3CA823D3 E3104F5F CB9A4D71 63807E3C 2816E2B2 27B3BF3F 85ADFDD5 B98A9CB3
D2ACDEEC 4D2D11DD 02030100 01A35330 51300F06 03551D13 0101FF04 05300301
01FF301F 0603551D 23041830 16801414 20A2DE26 EBA3302B 13F84ADF 0E668965
48E0FD30 1D060355 1D0E0416 04141420 A2DE26EB A3302B13 F84ADF0E 66896548
E0FD300D 06092A86 4886F70D 01010505 00038181 00795809 DF15B571 9E24B20D
E50CD7AF 90C936F5 2EEE9435 4DB0DB96 29A97674 5DD6458F B5174F45 1EA468A9
E370D1A5 7EDC0C14 5828130B 4CE09096 DA82EFA6 4EF2F62D 3392078E E142FB22
8024E46F 1D9C5B49 AB07FC49 D6D7779B A4565B15 A2087D2F 6AC40DC3 DC3C4CD8
083F5A3F A6B1E386 4443B25F 22ECAE0F 3F5C8281 19
quit
license udi pid CISCO1941/K9 sn FGL173020FY
license boot module c1900 technology-package securityk9
!
!
username root privilege 15 secret 5 xxxxx
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/0.201
encapsulation dot1Q 201
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.202
encapsulation dot1Q 202
ip address 192.168.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
no ip address
no ip redirects
no ip unreachables
ip flow ingress
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer1
ip ddns update hostname xxxxx
ip ddns update no-ip
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxx
ppp pap sent-username xxxxx password 0 xxxx
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
!
ip dns server
ip nat inside source list 23 interface Dialer1 overload
ip nat inside source static tcp 192.168.20.205 32400 interface Dialer1 32400
ip nat inside source static tcp 192.168.20.211 80 interface Dialer1 81
ip nat inside source static tcp 192.168.20.212 80 interface Dialer1 82
ip nat inside source static tcp 192.168.20.32 80 interface Dialer1 80
ip nat inside source static tcp 192.168.20.199 21 interface Dialer1 1021
ip nat inside source static tcp 192.168.20.198 5061 interface Dialer1 5061
ip route 192.168.200.0 255.255.255.0 192.168.10.2
!
!
!
access-list 23 permit 192.168.20.0 0.0.0.255
!
!
!
!
!
!
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You're welcome.
ASKER