Packets dropped to Access layer switch???

Similar Messages

• MSTP on Access Layer Switches

  Hello everyone,
  When configuring MST for STP, is there a need to configure it on access layer switches in a collapsed core design?  I can find docs to configure the root and secondary root bridges but I don't see anything about configuring access layer switches.  In RSTP, you configure it on all switches cooperating in STP and set the root and secondary bridges accordingly.  Any help is appreciated.
  Regards,
  Terence

  Hi,
  You should configure your access switches for MST as well so you are using the same STP for core and access.  The only difference between the core and access is that the core is root and back up root for STP and the access layer is just default (32768).
  HTH

• Bandwidth from Access Layer to Distribution Layer

  Folks:
  I am currently on Chapter 12 of “CCNP Switching 642-813, Official Certification Guide” ISBN: 978-1-58720-243-8. I am currently not grasping the three layers entirely, and I was hoping someone could offer insight in a different way.
  I believe I understand, that switches in the Access-Layer can be layer2 devices (2950, etc), and devices in the Distribution Layer should be Multilayer devices such as Layer-3 switches (3750) and inter-vlan routing takes place at the Distribution layer. But what I do not understand – how does one account for bandwidth and traffic from the Access Layer switches to the Distribution Switches?
  Let use a 24 port 2950 switch located at the Access-Layer. If everyone was online and communicating, the total traffic for the switch would be 4.8 Gbps. The latter is due to each port providing 100 Mbps but in Full-Duplex, so (100*2)*24. So, how does an engineer spec out the required uplink ports from the Access Layer to the Distribution?
  I am sure this is easy; however, I am not getting the concepts. Any insight is great.

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  As noted by Peter, edge hosts don't generally all concurrently push/pull their full port bandwidth for substained periods.  However, host bandwidth usage often varies much by "kind" of host.  For example, many server hosts are "busier" than most user hosts, so when designing networks you normally design for lower oversubscription ratios for server hosts than for user hosts.  Old rule-of-thumbs ratios suggest oversubscription ratios of about 8:1 to 4:1 for servers, and about 48:1 to 24:1 for users.
  Keep in mind that oversubscription ratios can be "skewed" by what the host is doing, i.e. not all server or user hosts have similar bandwidth demands.  For example, your primary mail server or primary file server might be much "busier" than other server hosts.  Likewise, some user hosts might be much "busier", for example, years ago I supported a LAN segment of CADD (20) workstations which had more traffic on their local LAN than the (2,000 user) corporate backbone.

• Creating Vlans at Core layer switches ?

  Is there a need to create vlans at core layer switches ? If yes what are the pros and cons for this practice ?
  Actually i have seen some networks doing that!

  Well this is the topology that i'm working on.
  we have implemented the 3 layer approach.
  1. At access layer: Switches are all L2 (for sure :) )
  2. At distribution layer: All switches are L3 are routes for incoming data.
  3. At core we have 2 6500 switches. One is configured as L3 and all vlans are created in it. Second is just as regular L2 device.
  and ofcourse there are some switch blocks for server farms and the likes.
  My issue is
  1. why don't we create vlans at distribution layer switches.
  2. Why one core switch is acting as L2 and other is acting as L3. What will happen in case of failure to the one acting as L3.
  Ps: the second issue just came up in my mind.

• Core layer switches IP address for routing

  For routing process I add a IP address of each Vlans subnet that active on each Access and Distribution switches (Have a port with that Vlan on the switch) to the corresponding Vlan Interface of them.
  Which IP address should I add to the Core switch for routing?
  Should I add a IP of each vlan that in the LAN to each vlan interface of Core layer switch?
  I want run OSPF routing protocol on the LAN.

  Hello Reza,
  >> Which IP address should I add to the Core switch for routing?
  if you want to implement a L3 routed core every link betweeen core device and a distribution device is a L3 link with its own IP subnet.
  For example if you have 16 distribution pairs and two core switches:
  10.10.10.0/30 dis11 to core1
  10.10.10.4/30 di12 to core2
  10.10.10.8/30 dis21 to core1
  10.10.10.12/30 di22 to core2
  10.10.10.128/30 disF1 to core1
  10.10.10.132/30 disF2 to core2
  this under the idea to have not a full mesh between core routers and distribution devices
  then you need also a L3 link between the two cores (at least one)
  Each L3 device should also have a loopback interface to be used as OSPF router-id and for management purposes (telnet and so on)
  you can use /32 loopbacks taken from same block for example
  10.255.254.1/32 core1
  10.255.254.2/32 core2
  10.255.254.3/32 dis11
  10.255.254.4/32 dis12
  to make the routing function the core switches have to talk OSPF on all links to distribution nodes
  router ospf 10
  router-id 10.255.254.1
  network 10.10.10.0 0.0.0.255 area 0
  network 10.255.254.1 0.0.0.0 area 0
  network area commands work like ACL statements and first statement starts OSPF on each interface whose ip address belongs to 10.10.10/24 space
  Second command is used to advertise its own loopback.
  router-id command allows to define the OSPF router-id.
  Distribution nodes have to advertise client Vlans and to take part in OSPF communication on point to point link.
  if you use a L2 access layer design client vlans are served by distribution nodes.
  if you use a L3 access layer design the access layer switches take part in OSPF and have to advertise their own client vlans.
  Hope to help
  Giuseppe

• High Latency and Patket drop towards Access Switches.

  Hi,
    My network Infrastructure consists of 2 core switches(cisco 3950, 24 port) and 3 access switches (cisco 2960G, 48port). No distribution layer.Both Core switches are connected to the BVI of a VPN router.PVST is running in all switches. The STP results are all good. We have 3 VLAN's in the LAN an IP routing is enables in the core switch. The network diagram is attached.
  The issue we are facing is that , we get intermittent packet drops while pinging towords the access switches, and there is always a higher latency towords these assess switches.These issues are present even with no other users using the LAN. But these issues are not present while pinging towards the GW.
    I guess, it is because of this, we have issues the accessing file server in the LAN. How do we go ahead with the troubleshooting. Will upgrading the IOS help resolve this.The present version details is..
  WS-C2960G-48TC-L   12.2(44)SE6           C2960-LANBASEK9-M
  Thanks in advance for the help.

  Hi,
  Do you still have this problem of is it solved?
  i have the same kind of issue, so any help or information is welcome!
  Tom

• Packet drops and High CPU on Cisco 3845 Switch

  Hello Experts,
  We are facing a lot of packet drops in our LAN.
  When we try to ping one of the access switches from the CE router, we get the follwoing output:
  pdel1799#ping 10.132.136.17 so 10.132.164.1 si 100 re 500
  Type escape  sequence to abort.
  Sending 500, 100-byte ICMP Echos to 10.132.136.17, timeout  is 2 seconds:
  Packet sent with a source address of  10.132.164.1
  Success  rate is 98 percent (491/500), round-trip min/avg/max = 1/9/44  ms
  pdel1799#
  Success  rate is 98 percent (491/500), round-trip min/avg/max = 1/9/44  ms
  pdel1799#
  Some command outputs and show tech of all switches attached from the customer which I have attached.
  I have also attached a diagram but the only router''s IP address is correct in the diagram while IP address of switches in the diagram are incorrect. Here are the correct IPs of the switches:
  Core Switch : 10.132.139.2
  Access Switches:
  10.132.136.17
  10.132.136.18
  10.132.136.29
  Apart from packet drops on VLAN 1 we are seeing  high CPU utilization on core switch
  ingur-msl-coresw#sh processes cpu sorted | ex 0.0
  Core 0: CPU utilization for five seconds: 61%; one minute: 45%;  five minutes: 47%
  Core 1: CPU utilization for five seconds: 63%; one minute: 46%;  five minutes: 56%
  Core 2: CPU utilization for five seconds: 36%; one minute: 74%;  five minutes: 69%
  Core 3: CPU utilization for five seconds: 85%; one minute: 69%;  five minutes: 65%
  PID    Runtime(ms) Invoked  uSecs  5Sec     1Min     5Min     TTY   Process
  5638   2374911     23863975 131    52.03    52.24    52.58    1088  fed               
  9227   43623       21191441 182    8.36     5.53     5.71     0     iosd              
  6146   1437288     13888905 56     0.95     0.68     0.70     0     pdsd              
  5639   1292905     86276135 11     0.13     0.13     0.11     0     platform_mgr      
  6161   2831440     20952285 955    0.13     0.12     0.10     0     cpumemd    
  I can get more details required to resolve this, please help!!

  Hi,
  I can see several Mac Flaps in the logs provided.... i.e. on int gi 1/1/3.  have you verified you don't have any bridging loop occurring on the network?
  Regards,
  Yaseen

• Packet drop when clients moving from one Access point to another

  HI  All ,
  I am new to wireless . I am using  WS-SVC-WISM-1-K9  wism module and using 5 Access points . When my clients are moving from one access point to another we are getting packet drops .
  Kindly anyone suggest me what all configuration i need to verify on the controller  for Proper client roaming so that i can resolve my issues..
  Please let me know in case of any explanations requiered .
  Thanks  in Advance !!!
  Regards
  Angus

  For radius authenticated SSIDs, you need WPA2-aes or wpa1-tkip-CCKM. It depends on what the client supports.
  For pre-shared key, any WPA should be decent enough for roaming speed.
  If you're on WEP ... no comment.
  If you covered the above point, check if it's not a coverage problem. If the 2 APs coverage zone are not overlapping there will be a hole where you don't have signal and logically will have packet drops.

• EEM -automatic shut down or switch over of WAN link in OSPF when packet drop increase

  Hi,
  Need help..
  can any one help me how can EEM help for automatic shut down or switch over of WAN link in OSPF when packet drop increase a predefined level.
  I have a set up different branches connected together...OSPF is the routing protocol and need to communicate with two branches via hub locations.
  need to shut or switch some percent of traffic from primary to back up when packet drop in the link.

  I am not sure EEM can do what you want.
  Another option could be to use SLA tacking/monitoring. But you will fall back to the new route when you lose some percentage of pings, you can't switch only part of the traffic.
  I hope it helps.
  PK

• Why access switch has flapping lead another distribution layer switch has root guard blocking and unblocking log

  is it misconfiguration in Access Point's access switch or hacker attack from this switch?
  many MATM-4-MACFLAP_NOTIF Host 0015.5dc1XXX VLAN 1 is flapping between port 1 and port 2
  many MATM-4-MACFLAP_NOTIF Host 0015.5dc2XXX VLAN 1 is flapping between port 1 and port 2
  many MATM-4-MACFLAP_NOTIF Host 0015.5dc3XXX VLAN 50 is flapping between port 1 and port 2
  many MATM-4-MACFLAP_NOTIF Host 0015.5dc4XXX VLAN 50 is flapping between port 1 and port 2
  last time we do not have these switch also meet the same issue about distribution layer switch have many ports down
  last time someone mention a switch lost config, but today, i remember that the switch has reloaded and can be login again with radius, 
  today i do not connect any notebook with this switch and just have configured radius setting for window NPS radius server and then reload, then
  i have dinner and come back and after a while, last time's issue happen again. 
  it seems port channel easy to have problem when abnormal traffic coming from access switch  result in down port in distribution layer switch
  i wonder whether someone can hack through the switchport access mode port and send some broadcast message

  From that output and your description it looks like you have an STP issue as a result of misconfiguration somewhere.
  Are your access points connected to switches with ports in access mode or trunk mode?

• 6500 access layer QoS

  I have 6506E Sup32 PFC3B 12.2(18)SXE device at the access layer of the network and would like to implement QoS (for access ports) for Voice, Video.
  I suppose that untrusted microflow policing is best for me. But documents say that such kind functionality works for L3 MSFC routed traffic. For PFC3b I can use "mls qos bridged" for bridged traffic on specified vlans. Does it really work for input service policy on access ports for traffic from user ports (if I use this command on user's int VLAN)?
  Distribution and core layers of my networks are MPLS based.
  Config:
  interface FastEthernet2/1
  switchport
  switchport access vlan 10
  switchport mode access
  switchport voice vlan 30
  no ip address
  spanning-tree portfast
  service-policy input IPPHONE+VIDEO
  interface Vlan30 ! also for Vlan 30
  ip vrf forwarding VOICE
  ip address 10.168.8.254 255.255.255.0
  ip helper-address 10.168.2.33
  ip helper-address 10.168.2.34
  ip pim sparse-dense-mode
  mls qos bridged
  policy-map IPPHONE+VIDEO
  class VOICE
  police flow mask src-only 320000 8000 conform-action set-dscp-transmit ef exceed-action drop
  class VIDEO-INTERACTIVE
  police flow mask src-only 2400000 8000 conform-action set-dscp-transmit af41 exceed-action drop
  class CALL-SIGNALING
  police flow mask src-only 32000 8000 conform-action set-dscp-transmit cs3 exceed-action policed-dscp-transmit
  class class-default
  police flow mask src-only 5000000 8000 conform-action transmit exceed-action policed-dscp-transmit

  This URL should help you:
  http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801c8c4b.shtml

• Is it recommended to use HSRP or multiple default between Core Layer Switch and Customer Edge Router?

  My client is asking me for following
  Client is using Router as edge device. 2  WAN links from different service provider ( each 20 Mbps)  are getting terminated on the router. There are internal servers present in the network. Client want to make setup such that even if one wan link fails  internet users should be able to access web server. Moreover if the edge router fails there should be secondary edge device so that there is device redundancy ?
  As per my understanding, in this scenario we need to do static one - to - one natting(belonging to WAN interface subnet). If we use two routers as Customer edge ans if we connect core layer switch to these two router, is it recommended to use HSRP/VRRP/GLBP or two default route on core switch pointing to two routers with equal ad value. we will also track the wan link with help of ip sla.
  which is recommended solution  Router redundancy protocol or Default routes.?

  Just had another read of this post and some other points have come up.
  1) I assumed your secondary link was for redundancy but you talk about terminating both SP links on the same router in your first paragraph.
  Did you mean this or are you going to be terminating a link per router ?
  2) are you using the second router purely for backup ?
  3) something you didn't ask about but is relevant is the IP addressing. Are you using provider independent addressing or does each SP provide you with an address block.
  If it is the second then you are going to have an issue with the web server. The problem is which provider's IP do you use for the web server ie.
  if you use the primary provider IP then that will be the DNS record on the internet. If the primary router fails then the IP address will change on the secondary router but DNS will still be handing out the primary IP.
  If you enter both IPs (primary and secondary) into DNS then you would get load balancing but this means both links will be used and the secondary would not just be backup.
  In addition if one of the links fails then DNS does not know this so it will still be handing out the failed address as well as the address that is still up which means some connections will work and some won't.
  Jon

• Layer 3 to the Access Layer and MPLS Design Considerations

  Hi,
  We are about to install a new network consisting of Cat 4500s with Sup7E at the Access Layer, with Nexus 7000 at the Distribution and Core layers.
  We have 14 floors with at least three 4500s on each floor. Within the office block where the Access Layer and Distribution Layer reside we need to support secure borderless networking using 802.1x to place users from different parts of the business into segregated networks at layer 3.
  All switches will have the feature sets to support MPLS/ VRF / OSPF / EIGRP / BGP etc.
  We quickly dismissed the idea of using VRF-Lite due to the sheer number of Vlans we would need to managage and maintain,  the point to point links alone just to get one additional VRF on each floor required far too many Vlans.
  As a result we are now considering deploying MPLS. The obvious benefits include scalability and manageability, the fact that all switch to switch links can now be routed, instead of having to using SVIs.
  My query is one of design surrounding MPLS and how this maps to an enterprise network with a routed access layer. Do Cat 4500s become the CEs and take part in MPLS / BGP and Label Distribution, or does the BGP peering and Label Distribution only occur between the Distrubtion - Core - Distrubtion layers, mapping to the PE - P - PE topology in an ISP environment, the access layer simply uses the IGP (OSPF in this case) to learn routes ?
  Any help would be greatly appreciated.
  Chris.

  Hi Andy,
  Thanks for your response.
  I have been doing a little bit more research it seems the Cat 4500s do not support MPLS!! Nor do Cisco have any plans to support it on this platform. I find this a little rediculous considering the level that Cisco are pitching this platform. With the Sup 7E only VRF Lite is supported, with plans to support EVN (which still uses trunk links for logical separation).
  So it looks like we are going to have to go back to the drawing board.
  (perhaps we should have gone HP or Juniper!)
  Chris.

• Calculating oversubscription on access layer

  So, the situation is that we have about 240 users (max, no further expansion to this figure) on each floor of a building, spanning across 10 floors. As I understood from the basic calculation, for every 240 users @ 100/1000, I need to deploy 5(48 port stacked switches within each IDF on each floor) (5x48) will share 2x1GigE uplinks(etherchannel) terminated into two different cores with a redundant 2x1G uplink (passive).
  Someone tells me that this will result in an oversubscription ratio of 120:1 in the best case scenario when we fully utilize both uplinks in an active/active setup. Is this ratio unacceptable at access layer?
  Should I consider dual 10GigE uplinks from the access layer to core, to start with, irrespective?
  I currently am working with 1G uplinks and don't see any major hassles. My applications though utilise 3D and CAD drawings but I still feel that 2-4Gig uplink would be more than sufficient for me as I can link aggregate further upto 8Gigs using Cisco Cat 3750E.
  Should we go for 10Gig uplink straightway?
  Your thoughts!!

  You really need to look at your traffic endpoints to determine what the possible bottlenecks are. If most of your users are only going to a couple of servers, then it's likely the bottleneck will be the server links, not you access uplinks.
  With that in mind, a 10 gig link works better than channeled gig links. First, you don't have the problem of multiple flows using the same saturated gig link of a bundle while others are not being used. Second, you don't need to concern yourself that the correct channel hash method is being used.
  Although 10 gig ports are more expensive than gig ports, if you factor in the possible need for additional cable runs and the cost of multiple gig modules, 10 gig might becomes less expensive sooner then you might expect.
  You note you don't have any problems with gig uplinks today. Assuming your moving users from 10/100 to 10/100/1000 and they will be using 1000, unlikely performance will be any worse, but possible it won't improve much either.
  PS:
  Deja-vu - reminds me of moving from 10 to 100 Mbps for users and 100 to gig for uplinks

• Wireless AP 1262 getting packet drops whille buffering videos for 18 users.

  Hi Team,
  Please help for this issue
  We are having 1262 Access point model and we are getting packet drops when 20  users are connected and users do Video streaming and buffering online.
  Even our AD IP address also getting packet drops during the users are connected and using youtube or someother video sites.
  Please help on this issue.
  Best regards,
  Arun

  Well if you have 802.11n enabled and also have 802.11n capable devices, then you would have max of 144mbps on the 2.4ghz and up to 300mbps on the 5ghz with 40 MHz channels. If you are using 20mhz on the 5ghz you will have the same as the 2.4ghz which is again 144mbps.
  So if you have clients working fine on the 5ghz and its set to 20mhz, then I would look at interference on the 2.4ghz. See if your SNR is low as that will identify a poor 2.4ghz spectrum.
  Sent from Cisco Technical Support iPhone App