05-21-2014 10:06 AM - edited 03-04-2019 11:00 PM
I have a few vlans. 1 vlan i created using router on the stick has no issues getting to vlan 1. But a third that I created using regular svi vlan configuration on all my 3750-X switches and 4500 switch/router is having issues getting to some things on vlan 1. I have several servers that have http resources that vlan 3 can't access and also when trying to log into the computer using AD credentials it is very slow. My native vlan is 10.5.64.0/20, while vlan 3 is 10.5.112.0/20. As I said on all the switches in my setup VLAN3 interface is created with its gw being on the 4500 which is also VLAN1's GW device. So for VLAN 1 the gw is 10.5.64.1 and for VLAN3 it is 10.5.112.1. I can ping all my VLAN 1 devices with no issues, but the second you attempt to access something using TCP I show checksum errors in wireshark. Has anyone seen this? Have a ticket open with Cisco, but even the tech can't figure it out.
Solved! Go to Solution.
05-22-2014 07:57 AM
Hello ccarter81,
Thank you for adding the topology diagram, I think you are facing a problem with MTU going from LAN to WAN, since Ping normally use a small packet size "I think for Microsoft Windows it is 32 bytes by default", so it will pass with no problem, when you switch to another type of traffic "ex: TCP, FTP and so on" the size will be bigger.
If you are using PPPoE it will add 8 bytes of header overhead, with ethernet servers using a default 1500 bytes MTU, this will cause fragmentation over the PPPoE link, which might cause the checksum error.
Try generating traffic with sizes smaller than 1492 (1500 - 8 ), also keep in mind that this number could be smaller if you are using IPSec or other tunneling technologies since it adds more overhead.
05-21-2014 11:07 AM
Hello ccarter81,
Can you please add more information like the topology diagram, and the config.
05-21-2014 12:23 PM
OK so attached is a visio of our current configuration. Have 2 buildings one called Vickery and the other Hulen. Each floor in Hulen has a set of 3750's connected via 10 GB SFP. On second floor is where the 4500 is and it is where all the devices are connecting to. We have a charter PTP link from building to building that connects the 4th floor to our Vickery Building's IDF 1 closet. Each of the connections in this building feed into MDF which is essentially where I have a laptop connected that is on VLAN 3 with a DHCP address of 10.5.112.11/20. Let me know if you need any other info that helps you help me out with this.
05-22-2014 07:57 AM
Hello ccarter81,
Thank you for adding the topology diagram, I think you are facing a problem with MTU going from LAN to WAN, since Ping normally use a small packet size "I think for Microsoft Windows it is 32 bytes by default", so it will pass with no problem, when you switch to another type of traffic "ex: TCP, FTP and so on" the size will be bigger.
If you are using PPPoE it will add 8 bytes of header overhead, with ethernet servers using a default 1500 bytes MTU, this will cause fragmentation over the PPPoE link, which might cause the checksum error.
Try generating traffic with sizes smaller than 1492 (1500 - 8 ), also keep in mind that this number could be smaller if you are using IPSec or other tunneling technologies since it adds more overhead.
05-22-2014 11:49 AM
Ahmed,
Yes this makes sense. These servers I am attempting to access are virtual and the host in VMWare uses a vSwitch with an MTU of 1500. So you are saying if I lower that to say 1492 that should possibly fix the problem?
05-22-2014 09:08 PM
Try doing doing some test before by generating traffic with variable sizes and see what passes through to determine which MTU value is best.
05-30-2014 01:05 PM
So I foind that our ISP had too low of an MTU for the addition of VLAN tag to the packet. so insted of it being 1500 its more like 1508 or so upstream. Having them change it so can get this working. Thanks for the reply. I appreciate your help Ahmed!
05-31-2014 12:09 PM
Hello ccarter81,
Thank you very much for your kind words.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide