Switch Troubleshooting

ray_stone · ‎05-16-2012

Hello Experts,

We have a Cat Switch placed on Internet circuit and users are reporting an issue of Network Slowness & the basic problem is that we have a software which works based on Netflow feature to gather the traffic data but switch doesn't have this feature so we need to troubleshoot the issue manually so please help in this of what steps need to be performed one by one.

Thanks.

smehrnia · ‎05-16-2012

i guess you have to put a little more information about ur network, CAT chasis and if everyone has this problem..?

Hope it Helps!

Soroush.

hobbe · ‎05-16-2012

Hi

What you do is setup a netflow probe and one or two SPAN ports (depending on your needs) that leads traffic to the probe. The probe will send the netflow data to the collector. (fprobe or ndsad might be interesting)

The switch does not need to have the netflow feature as long as the probe can get all the traffic you want to inspect.

We do not know of what switch you have there is a quite new feature called smartlog that might be interesting to use if your equipment have it.

Good luck

Hope This Helps

ray_stone · ‎05-17-2012

Hi Hobbe,

Can you please post the conf here in order to monitor the switch traffic and can we monitor live traffic on our software that we have placed in Production.

Thanks..

smehrnia · ‎05-17-2012

ray_stone wrote:

Hi Hobbe,

Can you please post the conf here in order to monitor the switch traffic and can we monitor live traffic on our software that we have placed in Production.

Thanks..

here is config for SPAN:

config your source port or ports

monitor session session {source {interface type number} | {vlan vlan-id}} [, | - | rx | tx | both]

config your destination (probe or collector software) port

monitor session session {destination {interface type number} [, | -]} | {vlan vlan-id}}

and you can filter SPAN based on vlans (optional)

monitor session session {filter {vlan vlan-id} [, | -]}

plz rate if it helped.

Soroush.

Hope it Helps!

Soroush.

hobbe · ‎05-18-2012

Hi

I agree with Glen.grant here, I was a little carried away and just answer half your question. ie what to do to get netflow data.

The first thing you should do is check the counters on the interface to see if there are any errors or problematic situations going on

Show interface nameoftheinternetinterface

Another thing is to check the logs if there is anything there that explains slownes of the

sh logs

Another thing is to check if the link is saturated, ie are you simply just filling up the Internet link ?

if you are paying för a 20 Mbit Internet link

how much is your interface sending out and recieving ? this i think is best done via snmp and graphs.

one free software that I like is the solarwinds Orion to monitor for things like this, but that is way over the top for just checking a thing so they have a small free easy solution that is called real-time bandwith monitor. it is perfect for things like this.

Another thing is to check configuration for fx QoS things that can give the type of symptoms that you are experiencing.

>sh run

we have not spoken of a firewall/router and the throughput of that but that is also a point where you should take a look at the same things.

If you find that the link is saturated. then fx netflow can be a nice thing to find out what and who is the big culprit, if there is one.

so Soroushm is right the way he have told you to do SPAN ports. but he have not explained why.

First you need to know if you need one or two ports to span,

the way to determin that is.

if the destination interface speed must be more than 2x the speed of the internet link. (traffic inbound and outbound)

if you fx have a 100 Mbit link but the interface speed of the destination interface is gig then you need only one.

if the destination interface is not more than 2x the internet speed then you need to split the traffic to two interfaces, one interface for outgoing traffic (tx) and one for incoming (rx). or you will risk loosing information.

you connect the netflow probe to the correct ports ie 1 or 2 ports and then you connect another port to the netflow monitor to recieve the information.

from this point on it is all different dependant on your tools.

Good luck

HTH

glen.grant · ‎05-17-2012

First thing to check for is any speed /duplex mismatches on your switch. Unless you know the far ends of a link is hardcoded on switch settings should be left as auto . Most interconnects from an ISP are left at auto/auto . If you hardcoded anything on your end that could be an issue. On the switch do a " show interf counters errors" and see if any ports are incrementing errors . Clear the counters and then watch is again. Do a show int status command , anything that shows up as half duplex is also suspect.