cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
702
Views
0
Helpful
2
Replies
Highlighted
Beginner

Low bandwith on 3750 from vlan to vlan

Hi There.

We have a low bandwith (15-20 Mbit/s) to the ASA from our Client vlan. If i connect the Client to the same vlan as the ASA is, the bandwith (90 Mbit/s) is good.

Here are the Layer 3 Design:

Client     ->     vlan 2 - Switch - vlan 7     ->     vlan 1 - ASA 5505     ->     ISP

The Layer 2 Design:

Client     ->     Gig2/0/13 - Switch - Gig4/0/43     ->     Eth0/1 ASA5505     ->     ISP

IP Address:

Client: 172.16.2.10
Vlan2: 172.16.2.1
Vlan7: 172.16.7.1
ASA: 172.16.7.2

I assuming the switch has a problem with routing ?

It is a stacked Switch with following members:

switch 1 provision ws-c3750g-12s
switch 2 provision ws-c3750g-24ts
switch 3 provision ws-c3750g-24ts
switch 4 provision ws-c3750x-48

And we have following error message in the log from the switch:

%PLATFORM_UCAST-4-PREFIX:  One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded


I first get the idea that the switch is overloaded with router traffic. Thats why i assuming i have to check the sdm templates, but i'm not sure if this resolves the issue, maybe you guys know more.

Here are the relevant config:

ASA Interface on the Switch:

interface GigabitEthernet4/0/43
description ASA-inside LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast

Client Interface on the Switch:

interface GigabitEthernet3/0/1
switchport access vlan 2
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable

Routing:

ip route 0.0.0.0 0.0.0.0 172.16.7.2
ip route 10.0.0.0 255.255.0.0 172.16.7.2
ip route 10.4.1.0 255.255.255.0 172.16.7.5
ip route 10.4.16.1 255.255.255.255 172.16.7.5
ip route 10.6.5.0 255.255.255.0 172.16.7.5
ip route 10.7.2.0 255.255.255.0 172.16.7.5
ip route 10.7.3.0 255.255.255.0 172.16.7.5
ip route 10.7.4.0 255.255.255.0 172.16.7.5
ip route 194.56.145.128 255.255.255.128 172.16.7.5

sh ip route

Gateway of last resort is 172.16.7.2 to network 0.0.0.0

     194.56.145.0/25 is subnetted, 1 subnets
S       194.56.145.128 [1/0] via 172.16.7.5
     172.16.0.0/24 is subnetted, 8 subnets
C       172.16.8.0 is directly connected, Vlan8
C       172.16.4.0 is directly connected, Vlan4
C       172.16.5.0 is directly connected, Vlan5
C       172.16.6.0 is directly connected, Vlan6
C       172.16.7.0 is directly connected, Vlan7
C       172.16.1.0 is directly connected, Vlan1
C       172.16.2.0 is directly connected, Vlan2
C       172.16.3.0 is directly connected, Vlan3
     10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
S       10.7.4.0/24 [1/0] via 172.16.7.5
S       10.6.5.0/24 [1/0] via 172.16.7.5
S       10.0.0.0/16 [1/0] via 172.16.7.2
S       10.7.3.0/24 [1/0] via 172.16.7.5
S       10.7.2.0/24 [1/0] via 172.16.7.5
S       10.4.1.0/24 [1/0] via 172.16.7.5
S       10.4.16.1/32 [1/0] via 172.16.7.5
S*   0.0.0.0/0 [1/0] via 172.16.7.2

VLAN-Interfaces:

interface Vlan2
description Server
ip address 172.16.2.1 255.255.255.0
ip access-group 102 in

interface Vlan7
description Wan
ip address 172.16.7.1 255.255.255.0

SDM:

sh sdm prefer
The current template is "desktop vlan" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

  number of unicast mac addresses:                  12K
  number of IPv4 IGMP groups + multicast routes:    1K
  number of IPv4 unicast routes:                    0
  number of IPv4 policy based routing aces:         0
  number of IPv4/MAC qos aces:                      0.5K
  number of IPv4/MAC security aces:                 1K

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted

Dear Patrick,

First at all, interfaces are free of errors? Check also if any of connections is on half.

for the error mesage see:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swsdm.html

(is a message that tells you that the number of IP routes is higher then the TCAM CEF entries for IP prefixes).

View solution in original post

Highlighted

As Christos already the error message indicated TCAM table doesn't have enough room te store all the routes in your routing table.

If the routes are not able to store in the TCAM that means the traffic to that destination isn't switched in hardware anymore.

Packets may be switched in software (thru CPU) which could explain the performance issieu.

u should consider using  another SDM template :

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_58_se/configuration/guide/swsdm.html

to show the current utilization u can use the command:sh platform tcam utilization

View solution in original post

2 REPLIES 2
Highlighted

Dear Patrick,

First at all, interfaces are free of errors? Check also if any of connections is on half.

for the error mesage see:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swsdm.html

(is a message that tells you that the number of IP routes is higher then the TCAM CEF entries for IP prefixes).

View solution in original post

Highlighted

As Christos already the error message indicated TCAM table doesn't have enough room te store all the routes in your routing table.

If the routes are not able to store in the TCAM that means the traffic to that destination isn't switched in hardware anymore.

Packets may be switched in software (thru CPU) which could explain the performance issieu.

u should consider using  another SDM template :

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_58_se/configuration/guide/swsdm.html

to show the current utilization u can use the command:sh platform tcam utilization

View solution in original post

Content for Community-Ad