Solved: Cisco 2960x 48P internet choking when a lot connected devices

sevaho · ‎05-09-2022

Hi

I have setup a cisco 2960x 48P switch with 5 linksys LAPAC 2600 access points.

PC ----> Linksys LAPAC 2600 Wifi Access Point ----> cisco 2960x ----> modem ---> fiber (1Gbps down and up)

At some point when too many devices (20 ish I think) are connected, the internet chokes for almost everyone getting speeds in Kbps and sometimes even no internet at all, people cannot connect (even people using cat 6 cable directly in their PC, connected to switch). If I am alone at the office the speed is great on ethernet and wifi (300-500Mbps on wifi).

I've called my ISP and they said that there is something wrong with my internal ip ranges, but I can't figure it out, does someone see my problem?

PS. my modem has DHCP off and Access Points are configured with POE+ and use DHCP.

wg-switch-0#show running-config 
Building configuration...

Current configuration : 6409 bytes
!
! Last configuration change at 20:23:56 GMT Sun May 8 2022
! NVRAM config last updated at 20:24:39 GMT Sun May 8 2022
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname wg-switch-0
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone GMT -23 0
clock summer-time GMT recurring
switch 1 provision ws-c2960x-48fpd-l
!
ip dhcp excluded-address 192.168.0.1 192.168.0.2
!
ip dhcp pool office
 network 192.168.0.0 255.255.240.0
 default-router 192.168.0.1 
 dns-server 9.9.9.9 1.1.1.1 
 class CLASS1
  address range 192.168.0.100 192.168.15.254
!
ip dhcp class CLASS1
!
ip domain-name wg-switch-0
ip name-server 9.9.9.9
ip name-server 8.8.8.8
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
interface Bluetooth0
 no ip address
 shutdown
 downshift disable
!
interface FastEthernet0
 no ip address
 no ip route-cache
!
interface GigabitEthernet1/0/1
 switchport access vlan 13
 switchport mode access
 power inline consumption 30000
 power inline police action log
!
interface GigabitEthernet1/0/2
 switchport access vlan 13
 switchport mode access
 power inline consumption 30000
 power inline police action log
!
interface GigabitEthernet1/0/3
 switchport access vlan 13
 switchport mode access
 power inline consumption 30000
 power inline police action log
!
interface GigabitEthernet1/0/4
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/5
 switchport access vlan 10
 switchport mode access
 power inline port 2x-mode
 power inline consumption 30000
 power inline police action log
!
interface GigabitEthernet1/0/6
 switchport access vlan 13
 switchport mode access
 power inline consumption 30000
 power inline police action log
!
interface GigabitEthernet1/0/7
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/8
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/9
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/10
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/11
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/12
 switchport access vlan 13
 switchport mode access
!         
interface GigabitEthernet1/0/13
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/14
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/15
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/16
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/17
 switchport access vlan 13
 switchport mode access
 power inline consumption 30000
 power inline police action log
!
interface GigabitEthernet1/0/18
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/19
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/20
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/21
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/22
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/23
 switchport access vlan 13
 switchport mode access
!         
interface GigabitEthernet1/0/24
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/25
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/26
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/27
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/28
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/29
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/30
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/31
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/32
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/33
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/34
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/35
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/36
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/37
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/38
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/39
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/40
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/41
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/42
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/43
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/44
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/45
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/46
 switchport access vlan 13
 switchport mode access
!         
interface GigabitEthernet1/0/47
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/48
 switchport access vlan 13
 switchport mode access
!
interface GigabitEthernet1/0/49
 switchport mode trunk
!
interface GigabitEthernet1/0/50
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface Vlan1
 no ip address
 no ip route-cache
!
interface Vlan13
 ip address 192.168.0.3 255.255.240.0
 no ip route-cache
!
ip default-gateway 192.168.0.1
!
ip http server
ip http authentication local
ip http secure-server
ip ssh version 2
!
banner motd ^C
WeGroup NV
wg-switch-0
Authorized Access Only!
^C
!
line con 0
line vty 0 4
 login local
 transport input ssh
 transport output none
line vty 5 10
 login local
 transport input ssh
 transport output telnet
line vty 11 15
 login local
 transport input ssh
!
!
end

EDIT:

When Devices connected to the switch and devices connected to the modem directly, speed can go from 1 Gbps (when we're a few at the office) to Kbps. I've tried to limit speed per client to 50 Mbps on the access points (which worked quite well) and still it chokes.

Greetings

Sebastiaan

sevaho · ‎05-12-2022

Hi @Georg Pauwen

Tried that already but no luck.

What I found out is that the 5 AP's where on the same channel (44) with 80Mhz on 5Ghz. Changed all of em to be on a different channel with 20Mhz on 5Ghz. This might actually be the culprit.

Greetings

Sebastiaan

View solution in original post

Georg Pauwen · ‎05-12-2022

Hello,

keep us updated if that actually helped.

View solution in original post

Flavio Miranda · ‎05-09-2022

Hi

Sounds to me like a Wireless problem. So, probably we are not going to find anything on the switch. What you need to do is, when Access Point gets fully loaded, access the Access Point and see the percentage of Channel utilization. Make sure your users are using 5.0Ghz, as per the speed you mentioned, your machine is 5 Ghz but make sure all of them is as well. With 2.4 Ghz and if client is one spatial stream, you can not go more then 72Mbps in the best scenario.

Channel utilization should be between 50, 60% maximum. Above that, your network crashes.

Make sure also that the uplink netween AP and Switch is OK. This access point has 2 Gigabit ports and works in link aggregation so take benefit of it.

I saw many times Access Point gigabit interface with the command "speed 100" on the switch side. all you switch ports seems to be auto but make sure they are negocianting properly by issuing the command "show int Gxx status"

This access point seems very good, I never used but I can see on the Data sheet, but the whole infrastructure must follow.

sevaho · ‎05-09-2022

Hi @Flavio Miranda

I will try and disable the 2.4ghz and checkout the channel utilization.

It might be a wifi problem, but even with devices connected to the switch and devices connected to the modem directly, speed can go from 1 Gbps (when we're a few at the office) to Kbps. I've tried to limit speed per client to 50 Mbps on the access points (which worked quite well) and still it chokes.

Do you think of any other information I mis to clarify the problem?

Flavio Miranda · ‎05-09-2022

The behavior you described looks like wireless problem but with this new information that when connected to switch and modem directly you face problems, then, can be something else.

But, it worh it take a look on the wireless side, as I said. But, also take a look on the switch CPU during the problem and if possible, the ISP modem.

Clearly it is a capacity problem but now not sure if on the wireless side.

sevaho · ‎05-10-2022

Hi as you see above the CPU of the switch is 45%, 30 devices connected atm, no more 2.4ghz only 5ghz and internet is choking for people.

Flavio Miranda · ‎05-10-2022

Did you manage to see the Channel Utilization on the Access Point?

Georg Pauwen · ‎05-10-2022

Hello,

which of the switchports is connected to the modem ? Post the output of:

show interfaces x

where 'x' is the interface on the switch that is connected to the modem...

sevaho · ‎05-10-2022

Hi @Georg Pauwen

Thanks for your interest!

did this when internet was choking:

wg-switch-0#show interfaces gigabitEthernet 1/0/47
GigabitEthernet1/0/47 is up, line protocol is up (connected) 
  Hardware is Gigabit Ethernet, address is ac4a.5651.ceaf (bia ac4a.5651.ceaf)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, 
     reliability 255/255, txload 5/255, rxload 6/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported 
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 3
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 26993000 bits/sec, 3037 packets/sec
  5 minute output rate 22862000 bits/sec, 2468 packets/sec
     19918270 packets input, 21827115483 bytes, 0 no buffer
     Received 41396 broadcasts (17740 multicasts)
     0 runts, 0 giants, 0 throttles 
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 17740 multicast, 0 pause input
     0 input packets with dribble condition detected
     12694712 packets output, 9107142720 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

Georg Pauwen · ‎05-10-2022

Hello,

--> ip dhcp pool office
network 192.168.0.0 255.255.240.0

Usually, modems dish out Class C addresses. Since you have DHCP turned off on the modem, try and make the changes marked in bold:

ip dhcp pool office
--> network 192.168.0.0 255.255.255.0

interface Vlan13
--> ip address 192.168.0.3 255.255.255.0

sevaho · ‎05-10-2022

Hi

I will try this out and let you know in the morning!

Greetings

Sebastiaan

sevaho · ‎05-11-2022

Hi @Georg Pauwen I tried it but did not work, still internet issues.

The conifg now looks like:

ip dhcp excluded-address 192.168.0.1 192.168.0.2
ip dhcp excluded-address 192.168.0.1 192.168.0.10
!
ip dhcp pool office
 network 192.168.0.0 255.255.255.0
 default-router 192.168.0.1 
 dns-server 9.9.9.9 1.1.1.1 
!
!
ip domain-name wg-switch-0
ip name-server 9.9.9.9
ip name-server 8.8.8.8

I also updated the access points to use NAT instead of DHCP.

What I see is that the switch CPU is spiking:

      449444444444444445944448444444444444444444497944444444444444444444444444
      168471122112122217982786222111111121221242785982322321222221122222222225
  100   *               *                        * *                        
   90   *               *    *                   * *                        
   80   *               *    *                   ***                        
   70   *               *    *                   ***                        
   60   *              **    *                   ***                        
   50  ** *            *** ***                  *****                       
   40 ######################################################################
   30 ######################################################################
   20 ######################################################################
   10 ######################################################################
     0....5....1....1....2....2....3....3....4....4....5....5....6....6....7..
               0    5    0    5    0    5    0    5    0    5    0    5    0  
                   CPU% per hour (last 72 hours)
                  * = maximum CPU%   # = average CPU%

How should I debug this?

Georg Pauwen · ‎05-12-2022

Hello,

that obviously did not help.

One other thing you could try is to shut down all unused ports (if there are any) on the switch, e.g.:

interface GigabitEthernet 1/0/46

shut

sevaho · ‎05-12-2022

Hi @Georg Pauwen

Tried that already but no luck.

What I found out is that the 5 AP's where on the same channel (44) with 80Mhz on 5Ghz. Changed all of em to be on a different channel with 20Mhz on 5Ghz. This might actually be the culprit.

Greetings

Sebastiaan

Georg Pauwen · ‎05-12-2022

Hello,

keep us updated if that actually helped.

sevaho · ‎05-24-2022

Yes, my problem is solved!