10 Replies Latest reply on Feb 20, 2014 9:34 AM by coriumintl

    Replacing my core switch

    coriumintl New Member

      Back story: a year ago we rolled out a ShoreTel phone system and part of that project we deployed 1 Netvanta 1534p, 4 Netvanta 1234p, and 7 Netvanta 1238ps at our main site among 2 buildings. However we kept a 3Com 4500G switch as our core which is responsible for our 6 vlans and routing to our internet gateways.

       

      Since then we deployed another Netvant 1534p, Netvanta 1234p, and Netvanta 1238p to a second site succesfully. this location works exactly as we expected (after we turned on l3 Express Cache).

       

      At each location we have Windows handling DHCP. And our Implementor handled QOS and Spanning-tree on all of the new switches but I don't remember if they even touched the 3Com for QOS or Spanning Treesettings.

       

      We recently discovered a problem with the 3com switch and throughput between VLANs and did some testing at our second site with the L3 express cache settings to successfully correct the issue and ordered a third Netvanta 1534p to replace the 3com.

       

      After confguring to match the 1534 from our second site and cutting over from the 3com switch as our head we didn't configure something right and here are our symptoms:

       

      First thing we noticed was DHCP leases went from 1-5 seconds to get a lease to greater than 30 seconds.

       

      Our shoretel phones nolonger would get their proper IP but may have been getting to their proper VLAN.

       

      Our File transfers where still slow between VLAN's.

       

      I'm not sure where start in figuring out what i missconfigured, Anyone able to help me troubleshoot?

       

      Thanks in Advance!

        • Re: Replacing my core switch
          jayh Hall_of_Fame

          You may not have misconfigured anything!  A key hint is:

           

            "At each location we have Windows handling DHCP."

           

          Windows DHCP servers have a nasty habit of not respecting VLANs.

           

          Make sure that every Windows server used as a DHCP server is connected to an access port on the switch, configured for access only on the VLAN for which that server is the DHCP server.

           

          For example, you have your switch configured where all ports are trunks with the data VLAN native and the voice VLAN not. If you connect a Windows DHCP server to such a port, it will assign addresses on the data VLAN to phones on the voice VLAN, even if the ethernet adapter on the Windows server doesn't have the voice VLAN configured!


          To fix it, ensure that the port to which the Windows server is connected is set up as an access port on the data VLAN and not a trunk.  And then label it as such because someone else will later move it to another port and break DHCP again.

          1 of 1 people found this helpful
            • Re: Replacing my core switch
              coriumintl New Member

              I'll include a redacted config file below. Port 18 is set to access default vlan, instead of Trunk. My DHCP server is responsible for 6 scopes.

               

              I just noticed now that i have an ip-helper defined for the default vlan which explains why my phones weren't working when plugged into that vlan.

               

              Is there any explaination why if i have l3 express caching enabled that i'll have intermittent drops?

               

               

              Redacted switch config:

              ip subnet-zero
              ip classless
              ip default-gateway 192.168.3.253
              ip routing
              !
              !
              ip route-cache express
              !
              no auto-config
              !
              event-history on
              no logging forwarding
              no logging email
              !
              no service password-encryption
              !
              username "admin" password "1mix2slit"
              ip forward-protocol udp time
              ip forward-protocol udp nameserver
              ip forward-protocol udp tacacs
              ip forward-protocol udp domain
              ip forward-protocol udp bootps
              ip forward-protocol udp tftp
              ip forward-protocol udp netbios-ns
              ip forward-protocol udp netbios-dgm
              !
              !
              no dot11ap access-point-control

              no dos-protection

              no desktop-auditing dhcp

              no network-forensics ip dhcp
              !
              !
              !
              vlan 1
                name "Default"
              !
              vlan 2
                name "dot 3 B51"
              !
              vlan 10
                name "VOIP"
              !
              vlan 20
                name "dot 20 Wifi"
              !
              vlan 21
                name "Secondary WiFi"
                shutdown
              !
              vlan 30
                name "IP Cameras"
              !
              vlan 31
                name "Total Chrom"
              !

              interface gigabit-switchport 0/18

                description GRITSVR15

                spanning-tree edgeport

                no shutdown

                switchport voice vlan 10

                qos trust cos

              !

               

               

              !

              interface vlan 1

                ip address  192.168.2.253  255.255.255.0

                ip helper-address  xxx.xxx.xxx.xxx

                ip route-cache express

                no shutdown

              !

              interface vlan 2

                ip address  192.168.3.253  255.255.255.0

                ip helper-address  xxx.xxx.xxx.xxx

                ip route-cache express

                no shutdown

              !

              interface vlan 10

                ip address  10.10.0.253  255.255.254.0

                ip helper-address  xxx.xxx.xxx.xxx

                ip route-cache express

                no shutdown

              !

              interface vlan 20

                ip address  192.168.20.253  255.255.255.0

                ip helper-address  xxx.xxx.xxx.xxx

                ip route-cache express

              no shutdown

              !

              interface vlan 21

                ip address  192.168.22.253  255.255.255.0

                ip helper-address  xxx.xxx.xxx.xxx

                ip route-cache express

                no shutdown

              !

              interface vlan 30

                ip address  192.168.30.253  255.255.255.0

                no awcp

                ip route-cache express

                no shutdown

              !

              interface vlan 31

                ip address  192.168.31.253  255.255.255.0

                ip helper-address  xxx.xxx.xxx.xxx

                no awcp

                ip route-cache express

                no shutdown

              !

               

              !

              ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 255
              ip route xxx.xxx.xxx.xxx 255.255.255.248 xxx.xxx.xxx.xxx
              ip route xxx.xxx.xxx.xxx 255.255.255.0 xxx.xxx.xxx.xxx
              ip route xxx.xxx.xxx.xxx 255.255.255.0 xxx.xxx.xxx.xxx
              !
              no tftp server
              no tftp server overwrite
              http server
              http secure-server
              snmp agent
              no ip ftp server
              ip ftp server default-filesystem flash
              no ip scp server
              no ip sntp server
              !
              !
              !
              !
              !
              snmp-server location "4558 50th Street Southeast, Grand Rapids, MI 49512-5401"
              snmp-server community monitor RO
              !
              !
              auto-link
              auto-link server xxx.xxx.xxx.xxx
              auto-link recontact-interval 300
              !
              !
              line con 0
                no login
              !
              line telnet 0 4
                login
                password xxxxxxx
                no shutdown
              line ssh 0 4
                login local-userlist
                no shutdown
              !
              !
              monitor session 1 destination interface gigabit-switchport 0/15
              monitor session 1 source interface gigabit-switchport 0/5 both
              monitor session 1 source interface gigabit-switchport 0/6 both
              monitor session 1 source interface gigabit-switchport 0/7 both
              monitor session 1 source interface gigabit-switchport 0/8 both
              monitor session 1 source interface gigabit-switchport 0/9 both
              monitor session 1 source interface gigabit-switchport 0/10 both
              monitor session 1 source interface gigabit-switchport 0/13 both
              monitor session 1 source interface gigabit-switchport 0/14 both
              monitor session 1 source interface gigabit-switchport 0/16 both
              monitor session 1 source interface gigabit-switchport 0/17 both
              monitor session 1 source interface gigabit-switchport 0/18 both
              monitor session 1 source interface gigabit-switchport 0/19 both
              monitor session 1 source interface gigabit-switchport 0/21 both
              monitor session 1 source interface gigabit-switchport 0/22 both
              !
              !
              end

                • Re: Replacing my core switch
                  jayh Hall_of_Fame

                  coriumintl wrote:

                   

                  I'll include a redacted config file below. Port 18 is set to access default vlan, instead of Trunk. My DHCP server is responsible for 6 scopes.

                   

                  I just noticed now that i have an ip-helper defined for the default vlan which explains why my phones weren't working when plugged into that vlan.

                   

                  OK, so that's fixed?  Is there a  separate DHCP server on the voice VLAN and that server is on an access port just for that VLAN?

                   

                  Is there any explaination why if i have l3 express caching enabled that i'll have intermittent drops?

                   

                  No, but there are a couple of odd things, hard to tell due to redactions.

                   

                  (And, you might want to do service password-encryption in the future and delete user admin)

                   

                  You have:  ip default-gateway 192.168.3.253 which is the address of VLAN 3 itself.  This won't be of much use, I'd delete it.  ip default-gateway is used when IP routing is disabled for management and isn't really appropriate here.  In addition, pointing the next-hop to your own interface isn't going to be of much value.

                   

                  What is connected to port 18?  Is that the DHCP server?

                   

                  interface gigabit-switchport 0/18

                    description GRITSVR15

                   

                  More specifically, what's the IP of the DHCP server, to what VLAN is it connected, and what does its interface configuration look like?

                  1 of 1 people found this helpful
                    • Re: Replacing my core switch
                      coriumintl New Member

                      the DHCP server (192.168.2.1) is on port 18 which is flagged as the Default Vlan (1), it does DHCP for all VLANs except for 30. all of the ip helper-address  xxx.xxx.xxx.xxx should be ip helper-address  192.168.2.1.

                       

                      all the x'd out addresses in the IP-routess are our firewalls.

                        • Re: Replacing my core switch
                          jayh Hall_of_Fame

                          OK, on port 18 try the following:

                           

                          !

                          interface gigabit-switchport 0/18

                            description GRITSVR15

                            spanning-tree edgeport

                            no shutdown

                            no switchport voice vlan 10

                            switchport mode access

                            switchport access vlan 1

                            qos trust cos

                          !

                  • Re: Replacing my core switch
                    levi Employee

                    coriumintl:

                     

                    I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                     

                    Thanks,

                    Levi

                    • Re: Replacing my core switch
                      coriumintl New Member

                      Turns out the 1534's ARP cache isn't big enough, have a 1544 on order.