cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
coriumintl
New Contributor III

Replacing my core switch

Jump to solution

Back story: a year ago we rolled out a ShoreTel phone system and part of that project we deployed 1 Netvanta 1534p, 4 Netvanta 1234p, and 7 Netvanta 1238ps at our main site among 2 buildings. However we kept a 3Com 4500G switch as our core which is responsible for our 6 vlans and routing to our internet gateways.

Since then we deployed another Netvant 1534p, Netvanta 1234p, and Netvanta 1238p to a second site succesfully. this location works exactly as we expected (after we turned on l3 Express Cache).

At each location we have Windows handling DHCP. And our Implementor handled QOS and Spanning-tree on all of the new switches but I don't remember if they even touched the 3Com for QOS or Spanning Treesettings.

We recently discovered a problem with the 3com switch and throughput between VLANs and did some testing at our second site with the L3 express cache settings to successfully correct the issue and ordered a third Netvanta 1534p to replace the 3com.

After confguring to match the 1534 from our second site and cutting over from the 3com switch as our head we didn't configure something right and here are our symptoms:

First thing we noticed was DHCP leases went from 1-5 seconds to get a lease to greater than 30 seconds.

Our shoretel phones nolonger would get their proper IP but may have been getting to their proper VLAN.

Our File transfers where still slow between VLAN's.

I'm not sure where start in figuring out what i missconfigured, Anyone able to help me troubleshoot?

Thanks in Advance!

0 Kudos
1 Solution

Accepted Solutions
coriumintl
New Contributor III

Re: Replacing my core switch

Jump to solution

Turns out the 1534's ARP cache isn't big enough, have a 1544 on order.

View solution in original post

0 Kudos
10 Replies
jayh
Honored Contributor
Honored Contributor

Re: Replacing my core switch

Jump to solution

You may not have misconfigured anything!  A key hint is:

  "At each location we have Windows handling DHCP."

Windows DHCP servers have a nasty habit of not respecting VLANs.

Make sure that every Windows server used as a DHCP server is connected to an access port on the switch, configured for access only on the VLAN for which that server is the DHCP server.

For example, you have your switch configured where all ports are trunks with the data VLAN native and the voice VLAN not. If you connect a Windows DHCP server to such a port, it will assign addresses on the data VLAN to phones on the voice VLAN, even if the ethernet adapter on the Windows server doesn't have the voice VLAN configured!


To fix it, ensure that the port to which the Windows server is connected is set up as an access port on the data VLAN and not a trunk.  And then label it as such because someone else will later move it to another port and break DHCP again.

coriumintl
New Contributor III

Re: Replacing my core switch

Jump to solution

I'll include a redacted config file below. Port 18 is set to access default vlan, instead of Trunk. My DHCP server is responsible for 6 scopes.

I just noticed now that i have an ip-helper defined for the default vlan which explains why my phones weren't working when plugged into that vlan.

Is there any explaination why if i have l3 express caching enabled that i'll have intermittent drops?

Redacted switch config:

ip subnet-zero
ip classless
ip default-gateway 192.168.3.253
ip routing
!
!
ip route-cache express
!
no auto-config
!
event-history on
no logging forwarding
no logging email
!
no service password-encryption
!
username "admin" password "1mix2slit"
ip forward-protocol udp time
ip forward-protocol udp nameserver
ip forward-protocol udp tacacs
ip forward-protocol udp domain
ip forward-protocol udp bootps
ip forward-protocol udp tftp
ip forward-protocol udp netbios-ns
ip forward-protocol udp netbios-dgm
!
!
no dot11ap access-point-control

no dos-protection

no desktop-auditing dhcp

no network-forensics ip dhcp
!
!
!
vlan 1
  name "Default"
!
vlan 2
  name "dot 3 B51"
!
vlan 10
  name "VOIP"
!
vlan 20
  name "dot 20 Wifi"
!
vlan 21
  name "Secondary WiFi"
  shutdown
!
vlan 30
  name "IP Cameras"
!
vlan 31
  name "Total Chrom"
!

interface gigabit-switchport 0/18

  description GRITSVR15

  spanning-tree edgeport

  no shutdown

  switchport voice vlan 10

  qos trust cos

!

!

interface vlan 1

  ip address  192.168.2.253  255.255.255.0

  ip helper-address  xxx.xxx.xxx.xxx

  ip route-cache express

  no shutdown

!

interface vlan 2

  ip address  192.168.3.253  255.255.255.0

  ip helper-address  xxx.xxx.xxx.xxx

  ip route-cache express

  no shutdown

!

interface vlan 10

  ip address  10.10.0.253  255.255.254.0

  ip helper-address  xxx.xxx.xxx.xxx

  ip route-cache express

  no shutdown

!

interface vlan 20

  ip address  192.168.20.253  255.255.255.0

  ip helper-address  xxx.xxx.xxx.xxx

  ip route-cache express

no shutdown

!

interface vlan 21

  ip address  192.168.22.253  255.255.255.0

  ip helper-address  xxx.xxx.xxx.xxx

  ip route-cache express

  no shutdown

!

interface vlan 30

  ip address  192.168.30.253  255.255.255.0

  no awcp

  ip route-cache express

  no shutdown

!

interface vlan 31

  ip address  192.168.31.253  255.255.255.0

  ip helper-address  xxx.xxx.xxx.xxx

  no awcp

  ip route-cache express

  no shutdown

!

!

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 255
ip route xxx.xxx.xxx.xxx 255.255.255.248 xxx.xxx.xxx.xxx
ip route xxx.xxx.xxx.xxx 255.255.255.0 xxx.xxx.xxx.xxx
ip route xxx.xxx.xxx.xxx 255.255.255.0 xxx.xxx.xxx.xxx
!
no tftp server
no tftp server overwrite
http server
http secure-server
snmp agent
no ip ftp server
ip ftp server default-filesystem flash
no ip scp server
no ip sntp server
!
!
!
!
!
snmp-server location "4558 50th Street Southeast, Grand Rapids, MI 49512-5401"
snmp-server community monitor RO
!
!
auto-link
auto-link server xxx.xxx.xxx.xxx
auto-link recontact-interval 300
!
!
line con 0
  no login
!
line telnet 0 4
  login
  password xxxxxxx
  no shutdown
line ssh 0 4
  login local-userlist
  no shutdown
!
!
monitor session 1 destination interface gigabit-switchport 0/15
monitor session 1 source interface gigabit-switchport 0/5 both
monitor session 1 source interface gigabit-switchport 0/6 both
monitor session 1 source interface gigabit-switchport 0/7 both
monitor session 1 source interface gigabit-switchport 0/8 both
monitor session 1 source interface gigabit-switchport 0/9 both
monitor session 1 source interface gigabit-switchport 0/10 both
monitor session 1 source interface gigabit-switchport 0/13 both
monitor session 1 source interface gigabit-switchport 0/14 both
monitor session 1 source interface gigabit-switchport 0/16 both
monitor session 1 source interface gigabit-switchport 0/17 both
monitor session 1 source interface gigabit-switchport 0/18 both
monitor session 1 source interface gigabit-switchport 0/19 both
monitor session 1 source interface gigabit-switchport 0/21 both
monitor session 1 source interface gigabit-switchport 0/22 both
!
!
end

jayh
Honored Contributor
Honored Contributor

Re: Replacing my core switch

Jump to solution

coriumintl wrote:



I'll include a redacted config file below. Port 18 is set to access default vlan, instead of Trunk. My DHCP server is responsible for 6 scopes.



I just noticed now that i have an ip-helper defined for the default vlan which explains why my phones weren't working when plugged into that vlan.



OK, so that's fixed?  Is there a  separate DHCP server on the voice VLAN and that server is on an access port just for that VLAN?


Is there any explaination why if i have l3 express caching enabled that i'll have intermittent drops?



No, but there are a couple of odd things, hard to tell due to redactions.

(And, you might want to do service password-encryption in the future and delete user admin)

You have:  ip default-gateway 192.168.3.253 which is the address of VLAN 3 itself.  This won't be of much use, I'd delete it.  ip default-gateway is used when IP routing is disabled for management and isn't really appropriate here.  In addition, pointing the next-hop to your own interface isn't going to be of much value.

What is connected to port 18?  Is that the DHCP server?

interface gigabit-switchport 0/18

  description GRITSVR15

More specifically, what's the IP of the DHCP server, to what VLAN is it connected, and what does its interface configuration look like?

coriumintl
New Contributor III

Re: Replacing my core switch

Jump to solution

the DHCP server (192.168.2.1) is on port 18 which is flagged as the Default Vlan (1), it does DHCP for all VLANs except for 30. all of the ip helper-address  xxx.xxx.xxx.xxx should be ip helper-address  192.168.2.1.

all the x'd out addresses in the IP-routess are our firewalls.

jayh
Honored Contributor
Honored Contributor

Re: Replacing my core switch

Jump to solution

OK, on port 18 try the following:

!

interface gigabit-switchport 0/18

  description GRITSVR15

  spanning-tree edgeport

  no shutdown

  no switchport voice vlan 10

  switchport mode access

  switchport access vlan 1

  qos trust cos

!

Anonymous
Not applicable

Re: Replacing my core switch

Jump to solution

:

I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi

coriumintl
New Contributor III

Re: Replacing my core switch

Jump to solution

My question isn't answered, though we are employing an Adtran Certified consultant to get us sorted.

Anonymous
Not applicable

Re: Replacing my core switch

Jump to solution

:

Would you like to reply to this post with any additional information (from your last post on 10/4/13) as to the current status, and what you need assistance on?

Levi

coriumintl
New Contributor III

Re: Replacing my core switch

Jump to solution

Due to this being the core switch, we are unable to cut back and forth for testing. Therefore we elected to bring in a professional. I'm planning to share back adjustments made to get this live and working.

coriumintl
New Contributor III

Re: Replacing my core switch

Jump to solution

Turns out the 1534's ARP cache isn't big enough, have a 1544 on order.

View solution in original post

0 Kudos