Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3002
Views
20
Helpful
19
Replies

VLAN Segmentation

Go to solution
haggittmark@tm-america.com
Level 1
Level 1

‎10-15-2020 11:20 AM

We are a manufacturer, so we have PLCs that do much multicasting.  Sometimes a PLC message doesn't get to a computer or database in time.  I believe we are having timeouts.  
I have many VLANs for different hardware or usage types, but I don't think they are segmenting the traffic the way I thought they should.  For instance, if I put wireshark on a computer, I can see conversations on other vlans.  I think in ignorance, I have just been making VLANs without making routing rules.  We have a core stack of Cisco 3850 Layer 3 switches.  Can I make the type of rules I need to to separate VLAN traffic so that the network can send packets in a timely fashion?

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎10-16-2020 12:38 AM

Hello

"I think in ignorance, I have just been making VLANs without making routing rules. We have a core stack of Cisco 3850 Layer 3 switches. Can I make the type of rules I need to to separate VLAN traffic so that the network can send packets in a timely fashion?"

 

Few things you can do before you think about applying any QOS  design (if you dont already have it).

  • Manually apply prunnng to all your trunk interconnects to allow only the vlans that need to traverse the interconnect.
  • Enable dhcp-snooping on all access switches, and If you have lan multicast enable igmp snooping also.
  • On all access-ports (edge ports) apply -stp portfast, bpduguard & storm-control for broadcast/multicast/unicast

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

19 Replies 19

Go to solution
haggittmark@tm-america.com
Level 1
Level 1

‎10-15-2020 11:27 AM

Solarwinds is showing lots of timeouts too.

0 Helpful

Go to solution
haggittmark@tm-america.com
Level 1
Level 1

‎10-15-2020 11:32 AM

Also, I can ping any host on any other VLAN.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-15-2020 12:00 PM

You need to start collecting information - where is PLC connected, where the message trying to send end device, how far what is the path to reach source and destination., how many network device in the path. what errors you see them

 

PLC most of them i observed was 100MB, so try to set up a port 100MB and see if that improves, if not post your network topology along with configuration to understand along with interface output.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
haggittmark@tm-america.com
Level 1
Level 1
In response to balaji.bandi

‎10-22-2020 07:44 AM

I added a bunch of Information.

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP

‎10-15-2020 02:27 PM

Creating VLANs on the switches provides L2 segregation between the broadcast domains, you can still route between the VLANs by enabling routing on the core or by using a downstream router.

You should not see the traffic of other VLANs on a switch port configured in access mode. How the switch ports are configured? Do you see any CRCs/errors on the switch ports? did you check if the switches CPUs are high?

 

0 Helpful

Go to solution
haggittmark@tm-america.com
Level 1
Level 1
In response to Aref Alsouqi

‎10-22-2020 07:44 AM

I added a bunch of information.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎10-15-2020 07:00 PM

this solved by config QoS, 
this make your PLC multicast have priority than other traffic.
segment VLAN not very useful here. 

0 Helpful

Go to solution
paul driver
VIP
VIP

‎10-16-2020 12:38 AM

Hello

"I think in ignorance, I have just been making VLANs without making routing rules. We have a core stack of Cisco 3850 Layer 3 switches. Can I make the type of rules I need to to separate VLAN traffic so that the network can send packets in a timely fashion?"

 

Few things you can do before you think about applying any QOS  design (if you dont already have it).

  • Manually apply prunnng to all your trunk interconnects to allow only the vlans that need to traverse the interconnect.
  • Enable dhcp-snooping on all access switches, and If you have lan multicast enable igmp snooping also.
  • On all access-ports (edge ports) apply -stp portfast, bpduguard & storm-control for broadcast/multicast/unicast

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
haggittmark@tm-america.com
Level 1
Level 1
In response to paul driver

‎10-21-2020 07:25 AM

Can IGMP Snooping and proxy be enabled on a layer 3 routing enabled switch?  We don't have a true router.

0 Helpful

Go to solution
haggittmark@tm-america.com
Level 1
Level 1

‎10-19-2020 11:50 AM

What would happen if I just enabled VLAN Pruning (not manually)?  Would there be downtime and would it be long?

Experts Exchange is also recommending IGMP Snooping.  Is that a good idea?

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to haggittmark@tm-america.com

‎10-22-2020 02:14 AM

Hello
I wouldn't enable pruning dynamically as it isn't deterministic enough, If you have to prune vlans off trunks suggest you do this manually.

As for IGMP snooping, as stated previously if you have Lan multicast I would enable this also.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
haggittmark@tm-america.com
Level 1
Level 1
In response to paul driver

‎10-22-2020 04:15 AM

All the PLCs are on the same VLAN.  The the switch trunks are on the default VLAN.  We are using VTP.  What exactly would I show you?  Our map doesn't really show which switches are just for PLC's cause most of the switches have PLC, computer, phone, printer, access points all mixed together.  Maybe a sh int status or an example of o trunk, or sh int sum?

So, will VLAN Pruning and IGMP help? And including the commands below on each trunk?
spanning-tree portfast disable
 spanning-tree bpduguard disable
We are very sophisticated here.  15 years ago this network was set up for a small business, and we are now a big medium business without much network change.  I am more or less a novice.

0 Helpful

Go to solution
haggittmark@tm-america.com
Level 1
Level 1
In response to paul driver

‎10-22-2020 07:43 AM

I added a bunch of information.

 

0 Helpful

Go to solution
haggittmark@tm-america.com
Level 1
Level 1

‎10-19-2020 11:53 AM

If the following can be done, would applying "switchport trunk allowed vlan aaa, bbb, ccc" to a trunk between switches help reduce the number of VLANs passed to a switch that only needed certain VLANs?  While applying that command to both sides of the trunk (both connected switches) would traffic be temporarily interrupted?  If I am also using a port channel on that trunk, would I also add that command to the port channel (or perhaps just the port channel)?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card