16 Replies Latest reply on Feb 11, 2014 11:03 AM by coriumintl

    At what point should I get a Router instead of lean on my 1534 for L3 routing?

    coriumintl New Member

      smbMy network is around 200 machines (including servers) large between 2 ethernet subnets (my wifi is segregated to a seperate subnet and runs off AP150s). I have 6 Vlan's currently and my 1534 handles passing off to the internet gateway.

       

      My pain point is bad SMB latency during inter VLAN communications. When accessing an application on my servers from an opposite VLAN, latency is in the 2+ second range.

       

      I will add that this application is built on server 2003 so its using SMB 1, and the client computers are Win 7.

       

      At what point do I need to get a router to better handle this switching? or is my issue more with how Win7 doesn't seem to handle SMB1 well?

       

      I know i need to get a better handle on QOS as well.

        • Re: At what point should I get a Router instead of lean on my 1534 for L3 routing?
          Employee

          coriumintl - You mentioned that you are experiencing latency during interVLAN communications. Do you have any other layer 3 switches in the network? It would be helpful to see a network diagram if possible. Also, I would be more than happy to review the 1534 configuration. Please remember to remove any sensitve information.

           

          Please do not hesitate to let us know if you have any questions.

           

          Thanks,

          Noor

            • Re: At what point should I get a Router instead of lean on my 1534 for L3 routing?
              coriumintl New Member

              My network map is below. I will call out that the switch named GRSW-00 is intended to be a 1534, but we fell back to the 3COM listed as it has fewer issues than we detected when we cut over to the 1534.

               

              So the switch named GRSW-00 is the edge switch and our internet gateways are also on it. GRSW-08 is also a 1534 and currently handles our AP150s and one AP160, it's also the home of the majority of our servers.

               

              The consistant issues we get are when using devices on GRSW-10 communicating to the servers on GRSW-08.

               

              Part of the pain i believe was that i didn't have the ip-helper configured correctly on the first cut over, just haven't had the opportunity to try it again due to the difficulty to schedule maintenance time.

               

              Part of the issue also is making sure that VLAN 10 is QOS'd so that it has priority as it's where our ShoreTel VOIP system is at.

               

              Thanks for looking this over, i have since had the cange to update my 1534's to Firmware 10.9.1, and my 123X's are at 17.09.01.00

               

              The configuration I was trying to use with 1534 GRSW-00 is as follows:

               

              !

              !

              ! ADTRAN, Inc. OS version R10.5.1

              ! Boot ROM version 17.09.01.00

              ! Platform: NetVanta 1534P, part number 1702591G1

              ! Serial number LBADTN1331AC214

              !

              !

              hostname "GRSW-00"

              enable password

              !

              clock timezone -5-Eastern-Time

              clock no-auto-correct-DST

              !

              ip subnet-zero

              ip classless

              ip default-gateway 192.168.3.253

              ip routing

              !

              !

              ip route-cache express

              !

              no auto-config

              !

              event-history on

              no logging forwarding

              no logging email

              !

              no service password-encryption

              !

              username "admin" password ""

              ip forward-protocol udp time

              ip forward-protocol udp nameserver

              ip forward-protocol udp tacacs

              ip forward-protocol udp domain

              ip forward-protocol udp bootps

              ip forward-protocol udp tftp

              ip forward-protocol udp netbios-ns

              ip forward-protocol udp netbios-dgm

              !

              !

              !

              !

              !

              !

              no dot11ap access-point-control

               

               

              no dos-protection

               

               

              no desktop-auditing dhcp

               

               

              no network-forensics ip dhcp

              !

              !

              !

              !

              !

              !

              !

              !

              !

              vlan 1

                name "Default"

              !

              vlan 2

                name "dot 3 B51"

              !

              vlan 10

                name "VOIP"

              !

              vlan 20

                name "dot 20 Wifi"

              !

              vlan 21

                name "Secondary WiFi"

                shutdown

              !

              vlan 30

                name "IP Cameras"

              !

              vlan 31

                name "Total Chrom"

              !

              interface gigabit-switchport 0/1

                description ShoreGear Switch

                spanning-tree edgeport

                no shutdown

                switchport access vlan 10

                switchport trunk native vlan 2

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/2

                description ShoreGear Switch

                spanning-tree edgeport

                no shutdown

                switchport access vlan 10

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/3

                description ShoreGear Switch

                spanning-tree edgeport

                no shutdown

                switchport access vlan 10

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/4

                description ShoreGear Switch

                spanning-tree edgeport

                no shutdown

                switchport access vlan 10

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/5

                description UPLNK GRSW-03

                no shutdown

                switchport mode trunk

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/6

                description UPLNK FIREBOX X1000

                spanning-tree edgeport

                no shutdown

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/7

                description UPLNK GRSW-02

                no shutdown

                switchport mode trunk

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/8

                description UPLNK GRSW-06

                no shutdown

                switchport mode trunk

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/9

                description UPLNK GRSW-04

                no shutdown

                switchport mode trunk

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/10

                description UPLNK GRSW-01

                spanning-tree edgeport

                no shutdown

                switchport mode trunk

                qos trust cos

              !

              interface gigabit-switchport 0/11

                spanning-tree edgeport

                no shutdown

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/12

                spanning-tree edgeport

                no shutdown

                switchport access vlan 10

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/13

                description UPLNK FIREBOX XTM

                spanning-tree edgeport

                no shutdown

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/14

                description UPLNK GRSW-10

                no shutdown

                switchport mode trunk

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/15

                description Monitor Port

                no shutdown

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/16

                spanning-tree edgeport

                no shutdown

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/17

                spanning-tree edgeport

                no shutdown

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/18

                description GRITSVR15

                spanning-tree edgeport

                no shutdown

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/19

                spanning-tree edgeport

                no shutdown

                switchport access vlan 2

                switchport trunk native vlan 2

                qos trust cos

              !

              interface gigabit-switchport 0/20

                spanning-tree edgeport

                no shutdown

                switchport access vlan 2

                qos trust cos

              !

              interface gigabit-switchport 0/21

                description UPLNK GRSW-07

                no shutdown

                switchport mode trunk

                switchport trunk native vlan 2

                qos trust cos

              !

              interface gigabit-switchport 0/22

                description GRITSVR14

                spanning-tree edgeport

                no shutdown

                switchport access vlan 2

                switchport trunk native vlan 2

                qos trust cos

              !

              interface gigabit-switchport 0/23

                spanning-tree edgeport

                no shutdown

                switchport access vlan 2

                switchport trunk native vlan 2

                qos trust cos

              !

              interface gigabit-switchport 0/24

                spanning-tree edgeport

                no shutdown

                switchport access vlan 2

                switchport trunk native vlan 2

                qos trust cos

              !

              interface gigabit-switchport 0/25

                no shutdown

                switchport mode trunk

                switchport trunk native vlan 2

                qos trust cos

              !

              interface gigabit-switchport 0/26

                no shutdown

                switchport mode trunk

                switchport trunk native vlan 2

                qos trust cos

              !

              interface gigabit-switchport 0/27

                description From GRSW-08 FIBER

                no shutdown

                switchport mode trunk

                switchport trunk native vlan 2

                qos trust cos

              !

              interface gigabit-switchport 0/28

                no shutdown

                switchport mode trunk

                qos trust cos

              !

              !

              !

              interface vlan 1

                ip address  192.168.2.253  255.255.255.0

                ip route-cache express

                no shutdown

              !

              interface vlan 2

                ip address  192.168.3.253  255.255.255.0

                ip helper-address  192.168.2.1

                ip route-cache express

                no shutdown

              !

              interface vlan 10

                ip address  10.10.0.253  255.255.254.0

                ip helper-address  192.168.2.1

                ip route-cache express

                no shutdown

              !

              interface vlan 20

                ip address  192.168.20.253  255.255.255.0

                ip helper-address  192.168.2.1

                ip route-cache express

                no shutdown

              !

              interface vlan 21

                ip address  192.168.22.253  255.255.255.0

                ip helper-address  192.168.2.1

                ip route-cache express

                no shutdown

              !

              interface vlan 30

                ip address  192.168.30.253  255.255.255.0

                no awcp

                ip route-cache express

                no shutdown

              !

              interface vlan 31

                ip address  192.168.31.253  255.255.255.0

                ip helper-address  192.168.2.1

                no awcp

                ip route-cache express

                no shutdown

              !

              !

              !

              !

              !

              ip route 0.0.0.0 0.0.0.0 192.168.2.250 255

              ip route 68.166.218.0 255.255.255.248 192.168.2.35

              ip route 192.168.4.0 255.255.255.0 192.168.2.35

              ip route 192.168.10.0 255.255.255.0 192.168.2.35

              !

              no tftp server

              no tftp server overwrite

              http server

              http secure-server

              snmp agent

              no ip ftp server

              ip ftp server default-filesystem flash

              no ip scp server

              no ip sntp server

              !

              !

              !

              !

              !

              snmp-server location ""

              snmp-server community monitor RO

              !

              !

              auto-link

              auto-link server

              auto-link recontact-interval 300

              !

              !

              line con 0

                no login

              !

              line telnet 0 4

                login

                password

                no shutdown

              line ssh 0 4

                login local-userlist

                no shutdown

              !

              !

              monitor session 1 destination interface gigabit-switchport 0/15

              monitor session 1 source interface gigabit-switchport 0/5 both

              monitor session 1 source interface gigabit-switchport 0/6 both

              monitor session 1 source interface gigabit-switchport 0/7 both

              monitor session 1 source interface gigabit-switchport 0/8 both

              monitor session 1 source interface gigabit-switchport 0/9 both

              monitor session 1 source interface gigabit-switchport 0/10 both

              monitor session 1 source interface gigabit-switchport 0/13 both

              monitor session 1 source interface gigabit-switchport 0/14 both

              monitor session 1 source interface gigabit-switchport 0/16 both

              monitor session 1 source interface gigabit-switchport 0/17 both

              monitor session 1 source interface gigabit-switchport 0/18 both

              monitor session 1 source interface gigabit-switchport 0/19 both

              monitor session 1 source interface gigabit-switchport 0/21 both

              monitor session 1 source interface gigabit-switchport 0/22 both

              !

              !

              end


              (I hope this map posts larger than what it looks like in this input field)

              networkmap.png

                • Re: At what point should I get a Router instead of lean on my 1534 for L3 routing?
                  Employee

                  coriumintl - I took a look at the 1534 configuration you provided and I had a couple of questions and suggestions. I'm not sure it has anything to do with the issues you were experiencing but perhaps it may help clear it up.

                   

                  1. The command switchport voice vlan <VLAN ID> is used to assign a voice vlan ID to those phones that are LLDP-MED capable and enabled. As a result. it is important to remember that the command switchport voice vlan 10 is not required and will not do anything on those switchports that are configured as trunk ports.

                   

                  2. I noticed in the configuration posted, that your default route has an admin distance of 255. Was there a reason for this?

                   

                  3. Currently, your switchports have qos trust enabled. This means the switch will use the CoS value that incoming traffic is using. If you need to change any of these settings, then I would suggest looking at the guide below on setting this up:

                   

                  Configuring Ethernet Switch QoS and CoS in AOS

                   

                  4. I also wanted to confirm that gig 0/27 (uplink to GRSW-08) should have a native vlan of 2, while gig 0/14 (uplink to GRSW-10) should have a native vlan of 1.

                   

                  I really didn't see anything that may affect performance but let us know if you still run into issues when you get a chance to put the switch back in.

                   

                  Thanks,

                  Noor

                    • Re: At what point should I get a Router instead of lean on my 1534 for L3 routing?
                      coriumintl New Member

                      For 1, i guess that explains why the phones will find their way to VLAN 10 if the voice vlan isn't configured.

                       

                      For 2, I copied the configuration from my switch GRSW-08 for this one. How should this value be considered? I can't find much in the AOS command reference guide. As for the value of it on GRSW-08 do I even need a default route since this switch isn't acting as a router, or shouldn't be? it's configured this way: ip route 0.0.0.0 0.0.0.0 192.168.3.253 255 and 192.168.3.253 is the VLAN 2 gateway.

                       

                      For 3, sounds good; once i get GRSW-00 cut over from the 3com switch that it is currently our QoS for phones might improve then.

                       

                      For 4, switches 8, 9, 11, and 15 are the only VLAN 2 default switches; however there are a couple of pockets of VLAN 2 over on a few of the other switches, and switches 10, 1, 2, 3, and 4 will eventually offer VLAN 31.

                       

                      It sounds like my missconfiguration of the ip helper was the big contributor, though once I understand the admin distance setting better it might get some improvement as well.

                       

                      Thanks! looking forward to an explanation/reccomendation on the admin distance setting.

                        • Re: At what point should I get a Router instead of lean on my 1534 for L3 routing?
                          Employee

                          coriumintl -

                           

                          Do you have any devices pointing to any of the 1534's VLAN interface IP addresses? If so, then you will need to leave routing enabled on it.

                           

                          The admin distance is used by the router to decide the best path when there are 2 or more routes available for a specific network. By default, static routes have an admin distance of 1. Your configuration changed this admin distance to 255. The lower the admin distance, the more preferred it is. It probably isn't hurting anything because there is no other default route configured.

                           

                          Let us know if you have any questions.

                           

                          Thanks,

                          Noor

                            • Re: At what point should I get a Router instead of lean on my 1534 for L3 routing?
                              coriumintl New Member

                              That was my guess, and i noticed when i tried to change the admin distance on the GRSW-08 switch it complained about routing needing to be turned on, so that's not interfering with anything.

                               

                              Will be cutting back over to the 1534 as GRSW-00 the second weekend of February, so i'll know then if i'm good.

                              • Re: At what point should I get a Router instead of lean on my 1534 for L3 routing?
                                coriumintl New Member

                                Well, the cutover worked better with the DHCP. however the most important issue is that any phones on VLAN 1 won't get their vlan801.2q status correct. But the phones that are on VLAN 2 are just fine.

                                 

                                For now if anyone's phone get's reset I'm going to have to statically configure that phone unless I can figure out what's glitched. I'm awaiting responses from a Shoretel forum that has been helpful in the past but i'm not sure how well they know Adtran.

                                 

                                Secondly the speed issue for VLAN transversal appears to be happening when Im trying to transfer files to a server on a ESXi host that is handing VLAN tagging. Perhaps that's an issue with VMware but on a different segment of my network this isn't an issue with a fairly similarly configured ESXi host.

                                 

                                Thanks for helping out, really excited to be 100% Adtran for our infrastructure now!

                                  • Re: At what point should I get a Router instead of lean on my 1534 for L3 routing?
                                    jhall New Member

                                    Actually saw and responded to your post on the Shoretel forum earlier this morning

                                     

                                    "Whats doing DHCP for your network? Do you have option 156 configured in your dhcp server to force the phones in the right vlan? With the adtran switches you can use LLDP to move the phone into the right vlan and add qos tagging. Under the config for the ports that will have phone you just need to add "switchport voice vlan X" where X is the vlan. You can also add "switchport voice-signaling vlan X" to to get signaling traffic tagged."

                                     

                                    Hope this helps. We almost exclusively use Adtran with our Shoretel installs and they work great together. If you needed to setup all the ports on the switch you can use interface ranges from the command line. "interface range gigabit-switchport 1/1-48" would drop you into configuring all the ports on the switch. You could then add the "switchport voice vlan" option to all ports at once. This has been the way I've done my installs for awhile and it's great not having to have the option 156 on your main DHCP server. This makes it so the phones don't even grab an address in vlan 1 when they first boot. You do still need to have something doing DHCP in your second vlan.

                                      • Re: At what point should I get a Router instead of lean on my 1534 for L3 routing?
                                        coriumintl New Member

                                        Windows server is doing my DHCP. Option 156 is still in place.

                                         

                                        The only change i made this weekend was cut over to an Adtran, we didn't change DHCP as that was handled by Windows. so this adtran took over VLAN routing and L3 routing for our intnernet gateway. all other services are handled by Windows.

                                         

                                        Does VOICE VLAN 10 need to be on trunk ports also?

                                          • Re: At what point should I get a Router instead of lean on my 1534 for L3 routing?
                                            jhall New Member

                                            Not that I know of though I usually have it on there just in case. I've not had any issues when I've not had it there. I'd double check and make sure you have option 156 set correctly in your vlan 1 dhcp scope. I'm guessing 192.168.2.1 is your dhcp server. I'm not sure where thats plugged into in your network but I'd check that vlan 10 is build on that switch and all other switches in the network that has phones attached. If you program a port to be in vlan 10 and hook up a PC to that port do you get an address?

                                              • Re: At what point should I get a Router instead of lean on my 1534 for L3 routing?
                                                coriumintl New Member

                                                yeah, my Shoregears hang off this 1534 in ports 1-4. my config is attached above in this thread along with a network map, yes my DHCP server is 192.168.2.1 and hangs on port 15.

                                                 

                                                if i flag a port as vlan 10 i do get an appropriate IP from a PC.

                                                 

                                                A new issue that has been raised is slowness in general. I can measure a 45ms average response time and about 2% packet loss across my fiber link on this switch. But SMB file transfers between vlan 1 and vlan 2 are fine. a couple of other apps i have are slow and time out, or when working with a file across vlan's it's slow.

                                                  • Re: At what point should I get a Router instead of lean on my 1534 for L3 routing?
                                                    jhall New Member

                                                    Just to verify when you tried with a PC you did it from a remote switch and not the local switch where the vlan 10 gateway is? I'm just thinking it sounds like the packets are not getting across a trunk link somewhere. Also from one of the phones thats not working can you a do a MUTE I-N-F-O (4-6-3-6) and confirm that tagging is turned on and it's in the right vlan?

                                                     

                                                    Not sure about your slowness. Maybe someone from Adtran will jump back into this thread. Does it only appear when it's across the fiber? IE is it fine if you copy traffic between 2 pc's on the same switch? I'd look at the port statistics on each end and check for duplex mismatch and see if you are having collisions or showing any other errors on either end.