Cisco WAN :: 3560 And Mls Qos Drops
Jun 6, 2012
We have a problem with our WS-C3560V2-24TS running IOS c3560-ipservicesk9-mz.122-53.SE2.bin. The equipment keep dropping packets for no apperent reason.
This is what we are seeing:
LAN-port
Router0#sh interfaces fastEthernet 0/2 | include drops:
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 20595
WAN-port
[Code]....
We are shaping the gig uplink to 100Mbps, the equipment is dropping pakets randomly and not because the shaper kicks in and starts to drop pakets.
View 1 Replies
ADVERTISEMENT
May 31, 2012
i am not sure if this is something with my DHCP setup or not, but it certainly seems to be the culprit. I am running a 3560G and using it as DHCP and to do V LAN routing (Geiger protocol). I have 10 pools configured with a few static addresses per pool. Now to get down to the problem. I have a computer (and this problem seems to be a gremlin as it changes what computer is affected quite often) that will connect, get its IP, immediately disconnect, then send out a DHCP req again. The computer has a static assignment in the pool, and for the brief second that it connects, it gets the right address. If i move the computer to another v lan, all works right. If i delete the static entry it will get an address in the right v lan no problem. The command i have been using to add static entries is:
address xxx.xxx.xxx.xxx client-id 01xx.xxxx.xxxx.xx
That seems to have been working on all my static routes except for a bank of computers in vlan3. I have went as far as to delete the pool and recreate it, heck i even recreated the v lan and i am still having issues. Below are some snippets of the running config for review.
The DHCP Pool for the affected LAN:
ip dhcp pool Dev3
network 192.168.3.0 255.255.255.0
boot file bootx86wdsnbp.com
next-server 192.168.1.78
dns- server 192.168.1.8 192.168.1.78
[Code] .....
View 4 Replies
View Related
Feb 10, 2012
I feel that 3560 and 3750 perform differently with the following two commands:
srr-queue bandwidth shape 5 0 0 0
srr-queue bandwidth limit 50
On 3750, the bandwidth for queue 1 is limited to 100mbps x 50% / 5 = 10mbps
On 3560, the bandwidth for queue 1 is limited to the smaller value of BW / shape weight and BW x limit%.
Does it sound about right? is there a way to check for mls qos input queue drops? The show mls qos interface xxx stat only shows the output queue drops. Maybe for some reason the input queue never drops?
View 6 Replies
View Related
Nov 6, 2011
i have an 2921 connected to an Catalyst 3560. My router interface shows quite a lot of input queue drops. Load is not too much max 5/255.
View 1 Replies
View Related
Jan 10, 2013
I've been fighting what seems to be an increased number of outqueue drops on our core stack and edge switches for the last 3 or 4 weeks.(The core consists of a stack of 5 3750s in 32-gig stack mode. The wkgrp switches are 3560s. all are at 12.2.52) The wkgrp switches are directly connected to users. We use Nortel IP phones with the phone inline with the user PC. auto-neg to 100/full. [code] However I have tried turning off QOS on a couple of workgroup switches (no mls qos, but left individual port configurations the same) but am still seeing drops.Since I have disabled qos on the switches in question (no mls qos) (not the core tho) I am presuming these commands have no affect on the switch operation and therefore cannot be related to the problem. With QOS turned off one would presume that it is general congestion - especially at the user edge where busy PC issues might contribute. So I wanted to see if I could see any instances of packets in the output queues building up.
I wrote some scripts and macros that essentially did a snapshot of 'show int' every 20 seconds or so, and looked for instances of 'Queue: x/' where x was greater than zero.What I found after several days of watching the core stack, and a few of the workgroup switches that are most often displaying the behavior, was that I NEVER saw ANY packets in output queues. I often saw packets in Input queues for VLAN1, once in a great while I would see packets on input queues for fa or Gi interfaces, but NEVER on output queues. [ code] Additionally, when I look (via snmp) at interface utilization on interfaces showing queue drops (both core and wkgroup), they are occurring at ridiculously low utilization levels (as low as 4 to 8%). I've tried to look for microbursts between the core and a wkgroup switch where the core interface was experiencing drops, but haven't seen any (using observer suite). [code] While the queue-drop counts aren't critically high at this point, they are happening more frequently than in the past and I would like to understand what is going on... In most cases, no error counters are incrementing for these interfaces. Is there some mechanism besides congestion that could cause output queue drops?
View 4 Replies
View Related
Jun 19, 2011
We have a 3560 on our head office acting as an aggregare switch as well as Hub terminating remote wan links(one trunk link from provider terminated on FE port with several SVIs for remote location) and routing via OSPF. We have 1800 series at remote locations.
Now, If I want to prioritize say SQL traffic outbound from our head office to each remote brach I cant seem to do it with 3560 as it says... cannot apply service policy out blah blah.
How can I achieve my goal with 3560, Is it a good design to use 3560 as a Hub? our port utilization isnt that much..Wouldnt it be better to use 1800 or 2800 series?
View 5 Replies
View Related
Jul 3, 2012
We have 512 link and observe output drops and application timeouts. Link utilization is not very high.When ping with 1500 bytes, it shows output drops and when ping with default packet size, no output drops observed.
Service policy also in effect and shows some drops.
View 6 Replies
View Related
Jun 26, 2011
We have cisco 3560G switch I need to configure QOS in this switch. video & vice Is it possible to configure port wise policy ?
View 1 Replies
View Related
Jul 8, 2011
I have a cisco cat 3560 and the present IOS is 12.2(46)SE and i want to upgrade the IOS to 12.2(58)se1.As there is only 8mb of frees space i cant straightly copy the new IOS on the switch. Any convenient way to Upgrade IOS.
View 2 Replies
View Related
Jan 25, 2012
I am trying to see how can configure MQC in Etherchannel. I know that i need to do this in the memeber physical interfaces of the etherchannel.The etherchannel is a trunk port allowing few VLANs. SVIs are created in the switch for this VLANs as well. tell me where i need to apply the QOS ? Is it under the member physical interfaces ?.
What will happen if QOS applied under the SVIs?
View 5 Replies
View Related
Nov 6, 2011
I connected the AP [1140 - Version 12.4(21a)JA1, RELEASE SOFTWARE (fc1)] to the switch (3560) and the switch with the WLC (5500 series), but I get the below error:
*Nov 7 09:07:59.916: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 192.168.10.22:5246
*Nov 7 09:07:59.954: %CAPWAP-5-CHANGED: CAPWAP changed state to
[Code]....
The access point cannot join the controller. Is this a misconfiguration at the WLC or something else?
View 3 Replies
View Related
Feb 4, 2011
just found your site poking around for some information. I'm pretty green with routing and firewalling so I'm hoping someone can point me in the right direction.I'm trying to setup a remote access VPN for the off site employees we have. I would eventually like to have this setup to use either the cisco VPN client or the webVPN option, but this question is about my VPN client setup.I'm using a Cisco ASA 5505 at the head end and the Cisco VPN client 5.0.06.0160 on the client side.In the logs the client authenticates, grabs an IP, DNS and domain info and then drops the connection.
View 19 Replies
View Related
Jul 8, 2011
We have ASA 5580 with multiple context in our company. On the one of the context (where the DNS servers are located) i can see a lot of DNS drops.
View 1 Replies
View Related
Dec 16, 2011
I have a 887 setup as a EasyVPN server, and a 861 as an EasyVPN remote - network extension mode with split tunnelling.This works fine - I can ping and connect to machines across the tunnel.However if I setup a VOIP handset to connect across the tunnel it registers and calls work, but drop after 30secs....I know this is normally a firewall or nat problem, are easyvpns firewalled or natted?
View 9 Replies
View Related
Nov 11, 2012
I have an RV042 connected via VPN to the office (to a LinkSys DFL-700). Sometimes the VPN is dropped and never activates again. In this state, if I try to connect to the WEB interface, I can log in, but the router hangs at the login screen. I have to power recycle the router to make it work again.
Updated to latest firmware 4.2.1.02 for V3 hardware. The funny thing is that services from the WEB routed through to local IP adresses on the lan is still accessible. I have setup PPPT VPN on the router, and that also fails to work.
Is there, as a workaround, any possibility to access the routers reset page or access via TELNET to reset the router? This migth be useful, when I'm out. (I have a backup solution to access the local network at home).
View 3 Replies
View Related
Jun 13, 2012
I've been having a major problem with our Internet service. Our ISP insists it's the firewall.
I'm not a Pix expert by any means, but here's what's happening:
- Our Internet service drops.
- When this happens I try to ping the PIX on the inside interface and it times out.
- Our Internet service comes back up and I am able to ping the Pix.
- I connect to the Pix and issue a SHOW INTERFACE command to look for errors. I FIND NONE.
View 4 Replies
View Related
Aug 16, 2011
a few of my links (all BT ADSL on Cisco IAD887s) suffer from drops in PPP, the physical circuit doesn't drop out, just the PPP and LCP
000489: Aug 12 12:13:22.085: Vi2 PPP: Missed 5 keepalives, taking LCP down
000490: Aug 12 12:13:22.085: Vi2 PPP DISC: Missed too many keepalives
000491: Aug 12 12:13:22.085: Vi2 PPP: Sending Acct Event[Down] id[19]
000492: Aug 12 12:13:22.085: Vi2 IPCP: Event[DOWN] State[Open to Starting]
000493: Aug 12 12:13:22.085: Vi2 IPCP: Event[CLOSE] State[Starting to Initial]
View 1 Replies
View Related
Nov 8, 2010
We have a fairly major problem with some of our Cisco 877 units (5 in all). All are running 15.2(2)T2 in order to make use of zone-based firewalls and virtual reassembly, and all are exhibiting the same problem. When our ADSL line drops this si shown in syslog
2010-11-09 01:03:06 Local7.Info 192.168.7.1 4733: Nov 9 01:03:05.707: %FW-6-DROP_PKT: Dropping tcp session 192.168.7.2:25 109.224.142.52:41799 on zone-pair OutsideToInside class cm-MainServerServices due to RST inside current window with ip ident 02010-11-09 01:04:06 Local7.Info 192.168.7.1 4734: Nov 9 01:04:05.946: %FW-6-DROP_PKT: Dropping tcp session 192.168.7.2:25 109.224.142.52:41809 on zone-pair OutsideToInside class cm-MainServerServices due to RST inside current window with ip ident
[code]...
The "no retrain. sleep 20 seconds" messages continue forever more until somebody power-cycles the router - which is a bit inconvenient as two are 300 miles away. Surprisingly, our event manager applet isn't triggering the reload either, which defeats the object.
View 15 Replies
View Related
Apr 1, 2012
my current network setup is like this.. a cisco 3560 is connected on an access port to an adjacent dlink stack. i want to enable trunking between the cisco and the dlink. what i know is that dlink doesnot support per vlan STP while dlink only run single instance of the STP.. how can i make the trunking possible without messing with the network.
the idea that i have is to run MSTP instance on the 3560 so that it appears as a single STP to the dlink switch and then all good. is there any other way to do that. if i just make both the adjacent ports on both the switches as trunk and connect them, will it cause any problem in terms of STP issues or convergence ?
View 1 Replies
View Related
Aug 8, 2011
how can i upload IOS in Switch when it is in ROMMAN Mode , its show IOS in flash but may pe Corrupt, show how can i put New ios in Switch 3560.
View 1 Replies
View Related
Jun 10, 2011
have a problem with my 3560 Series PC gets a dhcp of the switches but not on the Internet?
View 1 Replies
View Related
Apr 28, 2013
My HO is connected to BOs over MPLS Links.The links are terminated on routers but i dont have access on those routers as it is maintained by the ISP.Behind of the HO router there is s 3560 switch. Can i configure this switch to prioritize some traffic over the WAN link to the BOs.
View 4 Replies
View Related
Apr 22, 2011
can i use normal two L3 Switch(3560) for BGP Multihoming with 2 different isp
View 4 Replies
View Related
May 28, 2013
By default there 2 input queues. 2nd is priority queue and has 10% of link assigned. Weights for two queues are 4 and 4. For example we have 1Mbps link. ANd we also have saturated link with voice and other traffic. Will voice get 550k bandwidth? As I undestood 100k is assigned to voice strictly. Remaining 900k is evenly divided by two queues according to 4 and for ratio.
View 7 Replies
View Related
Apr 1, 2012
I'm working on a new network design for my company. We're expanding and opening some more offices and satalite sites. We're a UK based company but opening some US sites.We have a main UK office (Office A on the diagram) a call centre (Office B) and then two buildings on another site (Office C). The USA offices will be very small and only require a couple of computers, hence the small IP allocation. I have marked the IP addresses of the links on the diagram, I intend to use 3560 switches for all the switches marked and all links will be layer 3 to route multiple VLANs from each site to each site (where permitted). question is this: How do I achieve this in the switches? I'm thinking that OSPF is the way forward, is this right? I want to do as little configuration on the switches as possible to allow for dynamic updates of the network (i.e. I don't want to add static routes for everything).
View 7 Replies
View Related
Mar 25, 2012
If i have 3 x 3560s do i need 3 cables connect one to each other then the top one to the bottom one - like the 3750s stacking stacks -- or is it just one cable between each device no cable between top and bottom
View 3 Replies
View Related
Jun 26, 2011
How to configure SLA monitoring in 3560 switch. I have 2 DSL links terminating in switch and want to do WAN failover. I know how to do in ASA and router. I found IP SLA and track commands on switch but don't know exactly how to use them.
View 2 Replies
View Related
May 1, 2012
I want to upgrade a Catalyst 3560-48PS to the last IOS.I get an errormessage stating that there is insufficient space in flash: I have deleted all files in flash - but I still get the same error message. According to the documentation there should be enough memory. Messages are pasted below:
Switch#dir
Directory of flash:/
No files in directory
15998976 bytes total (15997952 bytes free)
Switch#archive download-sw tftp://192.168.9.13/c3560-ipservicesk9-tar.122-55.SE.tar
Loading c3560-ipservicesk9-tar.122-55.SE.tar from 192.168.9.13 (via Vlan9): !!!!!!!
[OK - 15964160 bytes]
Loading c3560-ipservicesk9-tar.122-55.SE.tar from 192.168.9.13 (via Vlan9): !!!!!!!!
examining image...
extracting info (109 bytes)
[code]....
Error: There is insufficient space in flash: to install the required
Error: image. Clean up some old images, and try again.
View 20 Replies
View Related
Jul 13, 2011
The traffic flow on the network is fine, but we are not able to access our remote locations.Using the example in that thread:Let's use your example. If your Vlan interfaces are configured on the 3560:
interface Vlan10
description LAN A
ip address 10.20.102.1 255.255.255.0
interface Vlan 104
description LAN B
ip address 10.20.104.1 255.255.255.0
Device A has his default gateway set to 10.20.102.1 (interface Vlan10) and device B has his default gateway configured to 10.20.104.1 (interface Vlan104). If device A (10.20.102.55) wants to talk to device B (10.20.104.25), the traffic would have been routed on the 3560 between Vlans 102 and 104.
As for DHCP, if there is a server on a separate network (let's give the DHCP server an ip: 192.168.2.15) you would configure an 'ip helper-address' on each vlan, which will forward each DHCP Discover broadcast to the DHCP server as a unicast packet. This is done because by default the router (3560) will not forward broadcasts.
interface Vlan10
description LAN A
ip address 10.20.102.1 255.255.255.0
ip helper-address 192.168.2.15
interface Vlan 104
description LAN B
ip address 10.20.104.1 255.255.255.0
ip helper-address 192.168.2.15
Now lets say LAN A and LAN B are located in SITE1. A second site, SITE2, has the address of 10.20.128.1. I can't ping the Site2 location from the LAN B (10.20.104.x) segment in Site1. I think I should set a static route on our switch with something like this:
ip route 10.20.0.0 255.255.0.0 10.20.102.10
The address 10.20.102.10 would be a wan router in this example.
View 42 Replies
View Related
Nov 9, 2011
Our HQ Location dont support high bandwidth pipe served by ISP, so will go ahead with 3 different ISP at 2MB each.Goal is to provide Email / Application access to Remote office using site to site VPN.In Total will have 10 to 15 Branch offices each with around 25 to 35 users
Each ISP will give
/29 subnet of public IPCopper Interface for WANdefault Gateway and Two DNS server IP will be provide Existing hardware we got are Cisco 2821 Router with 2 FastEthernet ports ( not in use )24 port switch 2900 series ( not in use ) Can we use the above hardware to terminate all 3 ISP link and use the Router for site to site VPN.
Our Lan Core is Cisco 3560 which is uplink to 3X2950 user switch?how should we terminate the link and use each ISP for VPN.
View 3 Replies
View Related
Jul 25, 2012
We have the configuration below set up in a 3560 switch (addresses and names modified for privacy). We are running out of dynamic IP’s in the current pool (6.35.159.0 – 6.35.159.255). We have a new set of IP’s that we can use (6.44.56.0 – 6.44.57.255 – an additional 512 addresses). Although I can figure out the commands to add a new dhcp pool, secondary subnet, etc., I’ve never done this before so I’m not sure of everything I need to do. The end result I need is that the 3560 needs to be able to hand out IP addresses from the current and new pool to anything connecting to vlan 300 – our datanet where computers access the Internet. What I need to do as far as modifying the vlan, adding the secondary subnet, defining helper IP’s, gateways, whatever, so that computers connecting via vlan 300 have Internet access via either of the pools? I have been told that all I need to do is create the pool, but not sure if that is correct...
[code]....
View 3 Replies
View Related
Apr 17, 2013
I have a question regarding QOS and possibly dedicated bandwidth. The environment is ISP goes into an ASA that up links to a 3560 and fiber up links to other 2960s throughout the building for internet. My question is for certain sections of the building if I segment the network can I guarantee them a certain amount of bandwidth. For example, if 1 gigabit is coming into the building from the ISP and into the ASA, can I guarantee one room in the building no less than say 200 Mb of the full internet pipe at all times?
View 7 Replies
View Related
Aug 22, 2011
Here is my basic network layout for multicasting for Syn-apps
Multicast Source-->3750 SW (add PIM SM-DM? Yes/No)-->3845 WAN Router (add PIM SM-DM? Yes/No)-->T1-->2821 (add PIM SM-DM? Yes/No)-->3560 SW (add PIM SM-DM? Yes/No)
OK, in this is it necessary to configure "IP Multicast-routing" on the switches? Do I configure PIM on all interfaces that will handle multicasting (router and switches?) If PIM is enabled on the 3750 do I need PIM configured between the 3845 and the 2821 ? Do I configure the Auto-RP on the 3750 or the 3845 ?
View 3 Replies
View Related
