TCP delay on catalyst switch

Similar Messages

• TCP delay on same host

  Hi there. I have two TCP applications running on the same host and one app needs to periodically send messages to the other at very short intervals. I am noticing an 80 to 100 millisecond delay from when the sender does a send() and the receiver's select() indicates the message has been received. It is very important for our application that there be as little latency as possible so 80-100ms is way too much. I cannot understand why this is so because as I said both processes are on the same host.
  Do I need to tune some TCP parameters or do something special in setting up the sockets to avoid this delay? Any help or hints would be greatly appreciated!
  [In case it helps: 1) if a message is transmitted after a gap of 1 second or greater, the receiver gets the message immediately without the latency mentioned above  2) the two processes are binding to the IP address of their host and not "localhost" or INADDR_ANY].
  Thanks a lot in advance.
  Sam.

  hi gp and thank you very much for responding to this unusual problem.
  - switch ports to the PCs are configured as portfast.
  - switch ports between two catalyst switches are not configured (default)
  - i didnt use the 'switchport access' command since they are default layer 2 interfaces. would 'switchport access vlan 1' command make any difference?
  - i looked at the port status and confirmed connection is 100 mbps full duplex.
  unusual issue is; ping, udp, multicast shows up in a very short time after I re-plug the uplink. that proves all ports are in forwarding state. only TCP shows up with delay, which doesnt occur on 200 $ unmanaged switch??
  thanks in advance for any suggestions

• Cisco Catalyst switch

  Hi,
  Can I know the answer for the following questions?
  1. What is the maximum MAC-address entry per Catalyst switch?
  2. Is there specific interval that I need to wait before issuing snmp polling to the switch after the LAN port turned into “green”?

  1. Depends on the Switch/Supervisor you have. For example Sup1/2 in a CAT6500 can have upto 128k MAC addresses
  http://www.cisco.com/warp/public/765/tools/quickreference/catalyst6000supervisors.pdf
  4k Supervisors can have upto 32k
  http://www.cisco.com/warp/public/765/tools/quickreference/catalyst4000supervisors.pdf
  3750/3560 can have upto 12k
  http://www.cisco.com/warp/public/765/tools/quickreference/catalyst3x00.pdf
  2.I am not an SNMP expert but would not think there would be any network delay other then the poll interval delay.

• Do Catalyst switches forward Precision Time Protocol (PTP) packets?

  I understand that the Catalsyt Switch range do not provide PTP Boundary Clocks. However can they still forward PTP packets from a PTP server to a PTP client connected to a port on Catalyst Switch, in particular the 4900M and 3750-X series. I do understand that any switching delay would affect the accuracy of the PTP clock.

  So if I have a L2 network consisting of severall access switches connected via trunks to a distribution, with PTP clients in differing VLAN's, as long as each VLAN has a connection to the PTP source then the client will receive the PTP timestamp allthough subject to switching delays?

• Intel MAC Compatibility with 3560/Other Catalyst Switches

  Some of our users recently reported problems with their new Intel based Macintosh computers when we upgraded from old Extreme Summits to Catalyst 3560 series switches. They report sluggish response from the network. We have checked the ports for negotiation issues and errors and do not find any. Suspect the Intel Mac; but wanted to find out if anyone else is experiencing the same or has suggestions. Thanks.

  Hello,
  to my understanding MAC issues should not be the cause of your issues. Either the Ethernet frame is standard compliant, then there should not be an issue with Catalyst switches and no port errors. Or the Ethernet frames or MAC in use is non standard then the switch would report an error.
  Network response times depend on many things and negotiation might be the first thing to check - as you did. I would still recommend fixed settings for port speed and especially duplex. Just to avoid also intermittend problems (f.e. between PC reboots).
  Have you also checked for MTU and TCP window size settings? What else did change when you upgraded to the 3560s? Did you also check Router and switch ports for duplex and speed settings?
  Hope this helps! Please rate all posts.
  regards, Martin

• The difference between VTP server and transparent mode on Catalyst Switch.

  Hello 
  I have a question about the difference between VTP server mode and VTP transparent mode on general catalyst switch.
  Basically VTP server mode can create and modify VLAN configuration but  actually there is not any VLAN configuration through running-config, is it true?  When I checked it on Cat3550, certainly there is not VLAN configuration on VTP server mode. But VTP transparent can create VLAN and configuration but does not synchronize with other switch VLAN status. I appreciate any related information and reason of the VTP server mode specification, thank you very much.
  [VTP Transparent mode]
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Transparent
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *omit
  vlan 99
   name TEST-VLAN
  [VTP Server mode]
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Server
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *no VLAN like above configuration on VTP transparent mode.
  Best Regards,
  Masanobu Hiyoshi

  Hi mhiyoshi,
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Transparent
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *omit
  vlan 99
   name TEST-VLAN
  The above out put indicates that Vlan is created and then mode changed to transparent. i.e why revision no is 0.
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Server
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *no VLAN like above configuration on VTP transparent mode.
  This indicates that vlan never created in server mode nor learnt from another switch as revision no is 0

• The difference of the IEEE802.1x Auth between Cisco Routers and Catalyst switches

  Hello
  I am investigating the difference of the IEEE802.1x Auth between Routers and Switches.
  Basically dot1x auth is availlable on Catalyst Switches. however if I want to check to
  PortBased Multi-Auth , MAC address Auth and any certification Auth with this feature,
  Is it possible to integrate into Cisco Router such as Cisco 891F ?
  In my opinion Cisco891F is also available to use basic IEEE802.1x but if it compares with Catalyst switches such as Cat3560X
  I think there might be any unsupported feature on Cisco 891F.
  I appreciate any information. thank you very much in advance.
  Best Regards,
  Masanobu Hiyoshi

  Many time in interviews asked comaprison between cisco  routers and switches that i was answerless bcoz i dont have much knowledge about that.Can anyone provide me the compariosin sheet of the same.how are the cisco devices differ with each other how much Bandwidth each routres support and Etc...
  Ummmm ... The most common question I get is "what is the difference between a router and a switch".
  However, if you get a question like this, then my impression to this line of questioning are:
  1.  The candidate they are looking for has in-depth knowledge of routers and switches.  And I mean IN-DEPTH!;
  2.  They are not looking for a candidate.  They just want to stroke their ego.  There is not alot of people who can give you the "names and numbers" of routers and switches at a snap of a finger.  And if you do happen to know the answer, then and there, then expect a tougher follow-up question. 

• Can a Catalyst switch terminate a QinQ (double vlan tagged) connection on an SVI?

  Can a Catalyst switch terminate a QinQ connection on an SVI?  Is anything similar possible?
  I know I can pass through QinQ traffic through a switch at L2, but can I take it in at L2 with double tags and terminate it on a L3 SVI somehow?
  Im looking for a simple way of making a WAN lab environment.
  IE I want to do the equivalent of this on a Catalyst such as a 3560/3750:
  interface GigabitEthernet0/0.1
   encapsulation dot1Q 101 second-dot1q 1
   ip vrf forwarding 100101
   ip address 1.1.1.1/24
  interface GigabitEthernet0/0.2
   encapsulation dot1Q 101 second-dot1q 2
   ip vrf forwarding 100102
   ip address 2.2.2.2/24
  thanks in advance.

  Can a Catalyst switch terminate a QinQ connection on an SVI?  Is anything similar possible?
  I know I can pass through QinQ traffic through a switch at L2, but can I take it in at L2 with double tags and terminate it on a L3 SVI somehow?
  Im looking for a simple way of making a WAN lab environment.
  IE I want to do the equivalent of this on a Catalyst such as a 3560/3750:
  interface GigabitEthernet0/0.1
   encapsulation dot1Q 101 second-dot1q 1
   ip vrf forwarding 100101
   ip address 1.1.1.1/24
  interface GigabitEthernet0/0.2
   encapsulation dot1Q 101 second-dot1q 2
   ip vrf forwarding 100102
   ip address 2.2.2.2/24
  thanks in advance.

• Differences between MSFC1 and MSFC2 in Catalyst switches

  Hi,
  Want to know the differences between MSFC1 and MSFC2 in Catalyst switches.

  Hi,
  There is not much difference between MSFC1 and MSFC2, the main difference is how the MSFCs send the hardware programming to the PFC. The MSFC1 uses MLS to program the hardware by using the first packet of the traffic. While the MSFC2 uses CEF-based MLS to program the PFC so that the supervisor can make the hardware switching of the packet. NOtice the difference if the MSFC1 needs to see the first packet while the MSFC2, in theory will not need to see a first packet as it uses the CEF routing table to program the PFC2. Now, the kicker, if MSFC2 in sup1A , all this CEF-based MLS is not used since it needs PFC2 to be able to do this. Sup1A does not come with PFC2 only Sup2 comes with PFC2. The MSFCs gives the Cat6K a L3 ability and it's important but the switching performance of the switch depends on the PFC.
  Here is a link on MSFC2 data sheet:
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_data_sheet09186a00800887fd.html
  Please rate helpful posts.

• Dacl on ACS 5.1 and Catalyst switch 3560

  Dear all
  I have ACS 5.1 and Catalyst switch 3560 with version 12.2(53)SE. I configure a dacl on the ACS and I use it on authorization profile.
  This authrization profile is used on access policy.
  I tried the authentication but it doesn't work. I checked the ACS logs and I found that the user is authenicated successfuly but the dacl gives this error (The Access-Request for the requested dACL is missing a cisco-av-pair attribute with the value aaa:event=acl-download. The request is rejected)
  Steps:
  11001  Received RADIUS Access-Request
  11017  RADIUS created a new session
  11025  The Access-Request for the requested dACL is missing a cisco-av-pair attribute with the value aaa:event=acl-download. The request is rejected
  11003  Returned RADIUS Access-Reject
  DACL:
  deny ip host 1.2.3.4 1.2.3.0 0.0.0.255 log
  permit ip any any log
  Thanks on advance,

  Dear Tiago
  I applied the command "radius-server vsa send". Now I can see the dacl is applied but I can't see it on the switch and even the authentication is succueeded ont the ACS logs but it give me unauthoized on the switchport. You can see the logs( started with the username acstest and the access-list is applied but it doesn't work and you can see theat it goes for mab after eap timed out). I hope you can help on this issue.
  Dec 13,10 10:29:00.513 AM
  00-23-AE-7A-58-A6
  00-23-AE-7A-58-A6
  Default Network Access
  Lookup
  Dot1x-3560-Switch
  1.2.3.4
  FastEthernet0/5
  TESTACS
  22056 Subject not found in the applicable identity store(s).
  Dec 13,10 10:28:29.186 AM
  #ACSACL#-IP-Guest-4cfcc14d
  Dot1x-3560-Switch
  1.2.3.4
  TESTACS
  Dec 13,10 10:28:28.726 AM
  acstest
  00-23-AE-7A-58-A6
  Default Network Access
  PEAP (EAP-MSCHAPv2)
  Dot1x-3560-Switch
  1.2.3.4
  FastEthernet0/5
  TESTACS
  Thanks,

• I don't understand correlation between ACL and dACL. If dACL is downloaded to the Catalyst switch what is the status of the ACL

  Understanding  ISE and dACL.
   I don't understand correlation between ACL and dACL.
   If dACL is downloaded to the Catalyst switch what is the status of the ACL attached to physical port. Is dACL appended to the existing ACL? When I typed ‘sh ip access-list int fa0/1’ I can see only dACL for access domain and dACL for voice domain appended to the previous dACL and no ACL lines.
   Regards,
  Vice

  Hi,
  Downloadable ACLs (dACL) are applied from your RADIUS server based on authentication and authorization policies.  It overrides any standard interface ACL.
  Standard interface ACLs are in place to limit traffic on the port before 802.1x or MAB authentication.
  When an authenticated session terminates on the interface the standard ACL will be re-applied until the next authentication.

• Cryptographic IOS versions on Catalyst Switches

  1. Where can one find the differences between Catalyst switch IOS with cryptographic features and without cryptographic features?
  2. In order to access Cat switches over SSH and HTTPS, do we require Cryptographic versions of the Cat IOS?
  3. What does "k9" stands for in IOS names? e.g. "3560-ipservicesk9"
  Thanks

  Hi
  Answer to Q1 :
  Best plase to compare the Catos and IOS is
  www.cisco.com/go/fn
  there you can search by ios names or platforms or features and compare images.
  Answer to Q2 :
  Yes you need Cryptographic version
  Answer to Q3 :
  K9 stand for Cryptographic version if you have ipservicesk9 you can do SSH in the feature navigator if you search the ios without K9 you will find this :
  IP SERVICES W/O Crypto
  that means this catos does not support Cryptographic.
  Best Regards Bahman Mozaffari.
  Please Rate if Helpful.

• Router "snmp-server contact" command for catalyst switches??

  From the router you can configure the "snmp-server contact <text>" command
  to set the system contact for SNMP. Is there any equivalent command for
  Catalyst switches? I know that there's a "set system contact" command for
  CatOS but i'm sure if it has something to do with SNMP.
  Thanks in advance.

  Yes, set system contact on switch is the same that on the router for the above command. Once you use this this command to enter the contact info, it can be polled via the SNMP MIB Object sysContact (.1.3.6.1.2.1.1.4) from RFC1213-MIB. Example, if I use 'set system contact foo', I see the following using the 'show system' output:
  System Name System Location System Contact CC
  foo
  Polling the above via the above MIB object on the switch:
  % snmpwalk .1.3.6.1.2.1.1.4
  system.sysContact.0 = foo
  Similarly, if you set the 'System Name' on the switch using the command 'set system name ', can be polled via sysName (.1.3.6.1.2.1.1.5) from RFC1213-MIB
  Lastly, 'set system location ', once set can be polled via sysLocation (.1.3.6.1.2.1.1.6) from RFC1213-MIB

• Update table which provide information about NAT feature support in Catalyst switches?

  Hi,
  I'm searching an update table which provide information about NAT feature support in Catalyst switches.
  I would like to know if the Nexus 7000 support NAT but my table below is too old -> Updated: Apr 05, 2006.
  From my research, it's not possible but i'm looking for an official documentation.
  http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a008011c629.shtml
  Thanks in advance
  François

  Hi,
  No support of NAT on N7ks, see this posthttps://supportforums.cisco.com/thread/2045647
  Your table is the latest one I know of so you'll have to look at the switches datasheets to really know but I highly doubt that newer switches not in the table support this feature.
  Regards
  Alain
  Don't forget to rate helpful posts.

• Cisco 4507 Catalyst switch goes down

  Hi,
      We have  cisco 4507 catalyst switch in which end users are connected. today this catalyst switch goes down , i checked the input power was normal but the Switch is not running. All the notification lights like supervisior engine and Fan status lights are showing in RED colur . So i switched off the SMPS and wait for some time and i switched ON , the switch starts running and in 3-4 minutes it again goes down.  
  Thanks and Best Regards,

    Get on the console port and watch it while it is booting up.  It will usually tell you why it is failing in the logs or messages as it is booting up .