cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
290
Views
15
Helpful
7
Replies
Highlighted
Beginner

Odd inter vlan routing behavior

I have a few vlans. 1 vlan i created using router on the stick has no issues getting to vlan 1. But a third that I created using regular svi vlan configuration on all my 3750-X switches and 4500 switch/router is having issues getting to some things on vlan 1. I have several servers that have http resources that vlan 3 can't access and also when trying to log into the computer using AD credentials it is very slow. My native vlan is 10.5.64.0/20, while vlan 3 is 10.5.112.0/20. As I said on all the switches in my setup VLAN3 interface is created with its gw being on the 4500 which is also VLAN1's GW device. So for VLAN 1 the gw is 10.5.64.1 and for VLAN3 it is 10.5.112.1. I can ping all my VLAN 1 devices with no issues, but the second you attempt to access something using TCP I show checksum errors in wireshark. Has anyone seen this? Have a ticket open with Cisco, but even the tech can't figure it out.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Hello ccarter81,Thank you for

Hello ccarter81,

Thank you for adding the topology diagram, I think you are facing a problem with MTU going from LAN to WAN, since Ping normally use a small packet size "I think for Microsoft Windows it is 32 bytes by default", so it will pass with no problem, when you switch to another type of traffic "ex: TCP, FTP and so on" the size will be bigger.

 

If you are using PPPoE it will add 8 bytes of header overhead, with ethernet servers using a default 1500 bytes MTU, this will cause fragmentation over the PPPoE link, which might cause the checksum error.

Try generating traffic with sizes smaller than 1492 (1500 - 8 ), also keep in mind that this number could be smaller if you are using IPSec or other tunneling technologies since it adds more overhead.

 

 

View solution in original post

7 REPLIES 7
Highlighted
Beginner

Hello ccarter81,Can you

Hello ccarter81,

Can you please add more information like the topology diagram, and the config.

 

Highlighted
Beginner

OK so attached is a visio of

OK so attached is a visio of our current configuration. Have 2 buildings one called Vickery and the other Hulen. Each floor in Hulen has a set of 3750's connected via 10 GB SFP. On second floor is where the 4500 is and it is where all the devices are connecting to. We have a charter PTP link from building to building that connects the 4th floor to our Vickery Building's IDF 1 closet. Each of the connections in this building feed into MDF which is essentially where I have a laptop connected that is on VLAN 3 with a DHCP address of 10.5.112.11/20. Let me know if you need any other info that helps you help me out with this.  

Highlighted
Beginner

Hello ccarter81,Thank you for

Hello ccarter81,

Thank you for adding the topology diagram, I think you are facing a problem with MTU going from LAN to WAN, since Ping normally use a small packet size "I think for Microsoft Windows it is 32 bytes by default", so it will pass with no problem, when you switch to another type of traffic "ex: TCP, FTP and so on" the size will be bigger.

 

If you are using PPPoE it will add 8 bytes of header overhead, with ethernet servers using a default 1500 bytes MTU, this will cause fragmentation over the PPPoE link, which might cause the checksum error.

Try generating traffic with sizes smaller than 1492 (1500 - 8 ), also keep in mind that this number could be smaller if you are using IPSec or other tunneling technologies since it adds more overhead.

 

 

View solution in original post

Highlighted
Beginner

Ahmed,Yes this makes sense.

Ahmed,

Yes this makes sense. These servers I am attempting to access are virtual and the host in VMWare uses a vSwitch with an MTU of 1500. So you are saying if I lower that to say 1492 that should possibly fix the problem?

Highlighted
Beginner

Try doing doing some test

Try doing doing some test before by generating traffic with variable sizes and see what passes through to determine which MTU value is best.

Highlighted
Beginner

So I foind that our ISP had

So I foind that our ISP had too low of an MTU for the addition of VLAN tag to the packet. so insted of it being 1500 its more like 1508 or so upstream. Having them change it so can get this working. Thanks for the reply. I appreciate your help Ahmed!

Highlighted
Beginner

Hello ccarter81,Thank you

Hello ccarter81,

Thank you very much for your kind words.