I'm having a problem with a connection to a storage device in our DC.
I have multiple there and there are many ACL's in on our Core (Bonded Pair) but they are the same rules to each storage device.
Applied via switch to get to the DC. I've compared the ACL's on each Core to see if there was a miss match but couldn't find any.
I keep getting packet loss to one on the storage nodes. Clients are on Vlan10 and Storage is on Vlan100.
Clients are currently configured to Vlan10 and ACL gives access to the storage.
If I did a trunk mode to the Client with a native vlan10
Would this allow me to trick/cheat the ACLs and give me a direct/better connection to confirm it's an ACL or possibly something else?
Or is there a better way to check and test this?
I do the below test :
1. This may be due to load balance or physical port issues.
- if this is port-channel, shutdown 1 of the port and test, same test other links too, see any difference.
2. as suggested, remove ACL for temporary and test.
Do you see any errors on the interface?
The dropped packets still creeping up even when switch dropping one of the ports in the port channel group.
As far as the ACL's go. I've allowed all tcp traffic and only denied 443 so users can't get to the storage UI.
And no change.
I'm starting to think there is something else going on here.
--> The dropped packets still creeping up even when switch dropping one of the ports in the port channel group.
If you are using a port channel, the default load balancing algorithm is src-dest-ip. You might want to try a different algorithm and check if that makes a difference, using the global command ' port-channel load-balance'. Your options are: