cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

CISCO 2960 - Packet Loss Between VLANs

Jump to solution

Hello,

I have recently inherited an existing network which has two stacked Cisco 2960's that connect to a Cisco 5510 ASA.  Currently the Cisco 2960's handles its own routing for gateways via the VLAN classifications.  Which look like this:

interface Vlan1

description Production

ip address 10.x.99.1 255.255.255.0

ip helper-address 192.168.x.4

no ip redirects

no ip unreachables

no ip proxy-arp

!

interface Vlan5

description IP Phones

ip address 10.x.50.1 255.255.255.0

ip helper-address 192.168.x.4

no ip redirects

no ip unreachables

no ip proxy-arp

!

interface Vlan11

description Production

ip address 10.x.100.1 255.255.255.0

ip helper-address 192.168.x.4

no ip redirects

no ip unreachables

no ip proxy-arp

!

interface Vlan22

description Legacy Production

ip address 192.168.x.254 255.255.255.0

ip helper-address 192.168.x.4

no ip redirects

no ip unreachables

no ip proxy-arp

!

192.168.x.4 is the DC for the domain. 

ip route 0.0.0.0 0.0.0.0 192.168.x.250

ip http server

ip http secure-server

We are experiencing a 2 to 14 % packet loss on our traffic from the 10.x.100.1 network to the 192.168.x.254.  The other issue we seem to be having is that same traffic is making its way out to our firewall.  For example back up server (Port 1/0/30 VLAN11) 10.x.100.22 (Subnet 255.255.255.0 - GW: 10.x.100.1) is backing up (Port 1/0/45 VLAN22) 192.168.x.15 (Subnet 255.255.255.0 - GW: 192.168.x.254) using Netbackup.  The traffic for this operation is still going through the firewall which is creating unnecessary traffic for the network.

Do we need to have a layer 3 switch to do the gateway routing?

Why is there such high packet loss on a local switch?

Why does local traffic go outside of the switch?

Help on any one of these would be great.

Labels (1)
0 Kudos
1 Solution

While true that the 2960 is not a full Layer 3 switch, a 2960 does support inter-VLAN routing using up to 16 static routes (need to update IOS to LAN BASE and at least the version below). Routing protocols aren't supported though so no EIGRP, OSPF, BGP, RIP, etc.

Release Notes for the Catalyst 3750, 3560, 2975, 2960-S, and 2960 Switches, Cisco IOS Release 12.2(5...

Instructions here:

Catalyst 2960 and 2960-S Software Configuration Guide, 12.2(55)SE - Configuring Static IP Unicast Ro...

A larger environment would be better off with a layer 3 switch but a small environment should be able to get by with the 2960.

View solution in original post

9 Replies
Level 8

Cisco 2960 is a layer 2 switch, which supports inter-VLAN routing using up to 16 static routes. To meet your requirement, you need layer 3 switches like Cisco 3560, Cisco 3750, Cisco 3650 etc,

0 Kudos
Level 9

What is 192.168.x.250?  Does that lie beyond your firewall?

You have a static route stating that if a packing is coming from (anyIP, any subnet) send it to 192.168.x.250.  Static routes have a cost of 1 which means they are taken prior to any dynamic, or learned routing.

So, if 10.x.100.1 is trying to get to 192.168.x.254, it would first need to hit 192.168.x.250.  Is 192.168.x.250 between your switch and 192.168.x.254?

I believe your switch is capable of basic routing based on the fact you have "ip route" command in there.  Take a look at your routing tables with the command "show ip route".

It's been a while since I worked on Cisco (I truely miss it - Avaya blows but this new code I got today seems better) and I don't know how your network is set up in full, but I hope this helps.

Edit:  If you are capable of static routing, you can run a lot of static routes for a network.  The question would be, would a strict routing table be the right choice for your network?  If you only have a few subnets, it really wouldn't matter.  If you plan on getting a bigger network, then I would look into getting a routing protocol for your network.  Each protocol scales differently and depends on your network.  This is about as basic of an answer as I can give because it really depends on your network.

When you explain packet loss I think a bad cable SOMEWHERE on the path (including media converters), an overburdened CPU (on some device on the network like a firewall, router, switch, concentrator, multiplexer, etc), or a split horizon.  Unless your code is buggy like early Avaya ERS 4500 software versions... ugh... I wouldn't think that Cisco would be buggy.

Please, let me know if you need help or if this answers your question.  I wouldn't mind brushing up on my Cisco configurations.

The 192.168.x.250 is the gateway for all of the subnets on the 2960.  It connects to our Cisco 5510 Firewall.

You have a static route stating that if a packing is coming from (anyIP, any subnet) send it to 192.168.x.250.  Static routes have a cost of 1 which means they are taken prior to any dynamic, or learned routing.

So, if 10.x.100.1 is trying to get to 192.168.x.254, it would first need to hit 192.168.x.250.  Is 192.168.x.250 between your switch and 192.168.x.254?  They are on the same switch.  I believe there is an issue that both 192.168.x.250 and 192.168.x.254 are both acting as gateways. 

I believe your switch is capable of basic routing based on the fact you have "ip route" command in there.  Take a look at your routing tables with the command "show ip route".

It's been a while since I worked on Cisco (I truely miss it - Avaya blows but this new code I got today seems better) and I don't know how your network is set up in full, but I hope this helps.

Edit:  If you are capable of static routing, you can run a lot of static routes for a network.  The question would be, would a strict routing table be the right choice for your network?  I am not sure....

Gateway of last resort is 192.168.x.250 to network 0.0.0.0

     10.0.0.0/24 is subnetted, 10 subnets

C       10.1.100.0 is directly connected, Vlan11

C       10.1.3.0 is directly connected, Vlan30

C    192.168.x.0/24 is directly connected, Vlan22

S*   0.0.0.0/0 [1/0] via 192.168.x.250

0 Kudos

Okay, I am having difficulty imagining your network.  Here's what I would do.

1.  Go to the end user's computer/server initiating the connection - the 10.x.100.0 network device?

2.  Find the default gateway for that device.

3. Log into the gateway (should be the DHCP relay/router) possibly your 2960, but I'm not sure with the information provided.

4. Check the routing table(like you just did).  if the 192.168.x.0 network is directly connected (2960 is your default gateway), then follow the layer 2 path to the end device.

     4.1.  If the VLAN/layer 2 connections if not directly connected, follow  static route/routing table to get to the 192.168.x.0 network.

5.  Check the collisions and port statistics of every port along the path.

If it doesn't touch your firewall, then it doesn't touch your firewall, but also check the path that the packets take back.  Sometimes it is different and that could be your problem (Split horizon).  Since you aren't using a routing protocol, your path will never change/bounce so it should make it easy to trace.  It appears to me that routing is not your problem.  Basically the only information that I can't tell from what is here is the default gateway of the end devices., and logically how  your firewall connects to either the ASA or your 2960s..
This sounds like a OSI layer 1 or 2 problem to me.  Unless the firewall, or an ACL, is blocking a specific port and your applications use multiple ports?  Or, your network is saturated and 802.1q (QoS) is being the problem...

There's a few possilities I guess.  Hope I didn't confuse you with my rambling.

Good luck!

0 Kudos

The 2960 is not a full layer 3 switch. It does not support the ip routing command. He'll be fine if he puts in a layer 3 switch.

0 Kudos

While true that the 2960 is not a full Layer 3 switch, a 2960 does support inter-VLAN routing using up to 16 static routes (need to update IOS to LAN BASE and at least the version below). Routing protocols aren't supported though so no EIGRP, OSPF, BGP, RIP, etc.

Release Notes for the Catalyst 3750, 3560, 2975, 2960-S, and 2960 Switches, Cisco IOS Release 12.2(5...

Instructions here:

Catalyst 2960 and 2960-S Software Configuration Guide, 12.2(55)SE - Configuring Static IP Unicast Ro...

A larger environment would be better off with a layer 3 switch but a small environment should be able to get by with the 2960.

View solution in original post

Thanks for the assist... it's been a while but that is what I was trying to say.  I wasn't sure if the 2960s were capable of a routing protocol.

This is porbably a L3 switch but the routing is not enabled. Try to run "ip routing" in the global configuration mode.

0 Kudos

Yes you will need a Layer 3 switch.

0 Kudos