Solved: 3750 24 - Noob question

robertorojas · ‎01-30-2019

Hi guys!

I've a "brand new" 3750 24p switch to be the replacement of my ISP 4 port router that died a days ago.

I'll try to brief a little each port is mented to work.

PORT DSL - Goes to a Ubiquiti antenna with IP 192.168.20.1/24 no DHCP and it's management it's from my ISP.

PORT ADMIN - Main computer

PORT WIFI - Goes to and access point with DHCP for wireless devices that connects to it with IP's 192.168.243.0/24

ISP old router was set up with IP 192.168.20.100 and gateway 192.168.20.1 and DHCP for clients with 192.168.243.0/24

The point is that everything is working "fine" but I can feel the system takes a long time to manage queries from any device.

Can you guysd help me if I did something wrong?

Config attached:

Building configuration...

Current configuration : 1946 bytes
!
! Last configuration change at 19:18:49 UTC Tue Jan 29 2019
! NVRAM config last updated at 19:18:51 UTC Tue Jan 29 2019
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXXXXXXXXXX
!
!
!
no aaa new-model
clock timezone UTC 1
clock summer-time UTC recurring last Sun Mar 2:00 last Sun Oct 3:00
switch 1 provision ws-c3750-24ts
system mtu routing 1500
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet1/0/1
 description ADMIN
!
interface FastEthernet1/0/2
 description DSL
!
interface FastEthernet1/0/3
 description WIFI
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
!
interface FastEthernet1/0/8
!
interface FastEthernet1/0/9
!
interface FastEthernet1/0/10
!
interface FastEthernet1/0/11
!
interface FastEthernet1/0/12
!
interface FastEthernet1/0/13
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
!
interface FastEthernet1/0/22
!
interface FastEthernet1/0/23
!
interface FastEthernet1/0/24
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface Vlan1
 ip address 192.168.243.2 255.255.255.0 secondary
 ip address 192.168.20.2 255.255.255.0
!
ip default-gateway 192.168.20.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.20.1
ip route 192.168.20.0 255.255.255.0 192.168.243.0
ip route 192.168.243.0 255.255.255.0 192.168.20.0
ip http server
ip http secure-server
!
!
vstack
!
line con 0
line vty 0 4
 password XXXXXXXX
 login
line vty 5 15
 password XXXXXXXX
 login
!
end

Switch#

Thanks!

vb10 · ‎01-30-2019

Hello,

Based on your config and routing, it seems, that your traffic is switched in software now, which means that it's processed by CPU, instead of ASIC. And it causes the slowness. Check CPU utilization "show proc cpu sort", most likely it's high.

There reason of software switching is same-interface-forwarding scenario and "ip redirect" mechanism. Your traffic arrives and being forwarded via same L3 interface - VLAN1, switch should generate ICMP redirect packet in this scenario, that's why traffic is punted to CPU.

Quick solution is to disable ip redirect on SVI VLAN1. After that performance should be better.

interface Vlan1
ip address 192.168.243.2 255.255.255.0 secondary
ip address 192.168.20.2 255.255.255.0

no ip redirect <<<< this command

You can check CPU utilization after that, it should decrease.

Better option is distribute L3 networks to different VLANs/SVIs

Also, what is the purpose of static routes with next-hop as network address? I guess, both your networks should be already in routing table as "connected". You can check routing table "show ip route"

ip route 192.168.20.0 255.255.255.0 192.168.243.0
ip route 192.168.243.0 255.255.255.0 192.168.20.0

So, probably, you could remove this routes as well, because they might cause software switching.

View solution in original post

Seb Rupik · ‎01-30-2019

Hi there,

Try the following command:

!
int range fa1/0/1-24
  spanning-tree portfast
!

cheers,

Seb.

Georg Pauwen · ‎01-30-2019

Hello,

--> I can feel the system takes a long time to manage queries from any device

What exactly takes a long time, Internet connectivity ?

robertorojas · ‎01-30-2019

No, internet connection is fine. It's when you ask for something like play a youtube video, netflix, music... It takes some time to retrieve this petition. Either, made some tests and ping it's perfect and speed also.

Mark Malone · ‎01-30-2019

has the internet connection got latency on it when you try to connect to these specific websites ,
if i ping youtube average is 15ms and streaming is fine , whats yours responding as ?

does the issue occur on both wireless and wired ?

robertorojas · ‎01-30-2019

The sites have a correct ping. Also I noticed playing Fortnite xD

It's like a gap between the request and the response, when the request it's made and got the response the streaming is fluent, but for example, in Fortniteas it's always making requests it goes laggy as hell.

Both, wired and wireless.

I'm thinking if could be because all interfaces are connecting to the antenna and before the router was managing those connections?

I tried to replicate the old router config, but I wasn't able on the Cisco :S

Georg Pauwen · ‎01-30-2019

Hello,

--> I've a "brand new" 3750 24p switch to be the replacement of my ISP 4 port router that died a days ago.

What brand/model was the ISP 4 port router that you replaced ?

robertorojas · ‎01-30-2019

Hi, it was a NuCom N300. It's a basic router and worked fine until a couple of days that the WAN port "died" and only works at helf-duplex.

Georg Pauwen · ‎01-30-2019

Hello,

so I assume that before you only had the NuCom N300, and now you have the Ubiquiti together with the 3750 ? How are your wireless clients connected ? There is a port on the 3750 with the description 'WiFi' - what device is connected to that port ?

robertorojas · ‎01-30-2019

Yes, on the interface called WIFI is connected the old NuCom as an AP, because the wireless clients connected are just Chromecast and Google Home, so there's no issue with being in a half-duplex port.

vb10 · ‎01-30-2019

Hello,

Based on your config and routing, it seems, that your traffic is switched in software now, which means that it's processed by CPU, instead of ASIC. And it causes the slowness. Check CPU utilization "show proc cpu sort", most likely it's high.

There reason of software switching is same-interface-forwarding scenario and "ip redirect" mechanism. Your traffic arrives and being forwarded via same L3 interface - VLAN1, switch should generate ICMP redirect packet in this scenario, that's why traffic is punted to CPU.

Quick solution is to disable ip redirect on SVI VLAN1. After that performance should be better.

interface Vlan1
ip address 192.168.243.2 255.255.255.0 secondary
ip address 192.168.20.2 255.255.255.0

no ip redirect <<<< this command

You can check CPU utilization after that, it should decrease.

Better option is distribute L3 networks to different VLANs/SVIs

Also, what is the purpose of static routes with next-hop as network address? I guess, both your networks should be already in routing table as "connected". You can check routing table "show ip route"

ip route 192.168.20.0 255.255.255.0 192.168.243.0
ip route 192.168.243.0 255.255.255.0 192.168.20.0

So, probably, you could remove this routes as well, because they might cause software switching.

robertorojas · ‎01-30-2019

@vb10

I've made the changes you mentioned and it work awesome!

Thanks a lot.

Here's the graph for last 72h

    12539334252327242147
    74039120930192816818
100     *
 90     *
 80     *              *
 70     *        *     *
 60     *        *     *
 50   * *    *   *     *
 40   * *  * *   * *  **
 30   ******** ****** **
 20 ********************
 10 **#*##***#***##***##
   0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
             0    5    0    5    0    5    0    5    0    5    0    5    0
                   CPU% per hour (last 72 hours)
                  * = maximum CPU%   # = average CPU%

I'm really new to Cisco enviroinment, but I know L3 would be better, but I'm really lost on how to do it xD

Many thanks buddy!!!

vb10 · ‎01-30-2019

Great, I'm glad that it helped.

Regarding L3, basically you need to create vlans, create SVIs, move appropriate IP addresses from VLAN1 to new SVIs, and put physical interfaces into appropriate VLANs. Config might look like below. But please, don't take it as direct recommendation, since actual config might depend on some other factors. Also, you may loose remote access to switch during the changes, and they cause some downtime for services, so changes should be planned carefully.

vlan 20
name DSL
vlan 30
name WIFI

interface Vlan1
no ip address 192.168.243.2 255.255.255.0 secondary
ho ip address 192.168.20.2 255.255.255.0

int vlan 20
ip address 192.168.20.2 255.255.255.0
no shut

int vlan 30
ip address 192.168.243.2 255.255.255.0
no shut

interface FastEthernet1/0/1
description ADMIN
switchport mode access
switchport access vlan <#> <<< appropriate vlan

interface FastEthernet1/0/2
description DSL
switchport mode access
switchport access vlan 20
!
interface FastEthernet1/0/3
description WIFI
switchport access vlan 30
switchport mode access

robertorojas · ‎01-30-2019

Thanks a lot for your time!!!

I'll schedule those changes and meantime test it on Cisco Packet Tracer :)

Many thanks for you help!