cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
277
Views
0
Helpful
3
Replies

Weird traffic throttling on gigabit switch

gratelord
Beginner
Beginner

Hello,

 

I recently setup a pfsense as gateway and firewall box for my fancy new Gigabit internet service and am using C3560E as a L2 switch between pfsense and several devices. I did reset the switch before deploying.

I noticed that I am able to get around 600-900Mbps via direct connection to pfsense, but when I introduce the switch in between no matter what, traffic cannot exceed beyond 250Mbps.

My topology is something like:

pfsense igb2(vlan 10) -> gi0/5(trunk vlan 10) -> gi0/7(access vlan 10) ->PC

I have confirmed that all the interfaces are able to negotiate Full-duplex 1000Mb/s connection.

 

Please note that if we take the switch out I can get full gigabit speed, so I am quite sure both pfsense and PC have correct configuration.

Relevant switch config:

Current configuration : 4844 bytes
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
no aaa new-model
system mtu routing 1500
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
interface GigabitEthernet0/5
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10
 switchport mode trunk
!
interface GigabitEthernet0/6
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/7
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 ip address 192.168.10.2 255.255.255.0
!
!
ip http server
ip http secure-server
!
vstack
!

sh int gi0/5 (interface connected to pfsense)

GigabitEthernet0/5 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is XXXRedactedXXX
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1157995 packets input, 1709446554 bytes, 0 no buffer
     Received 32 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     343000 packets output, 101309468 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

sh int gi0/7(access port connected to PC)

GigabitEthernet0/7 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is XXXRedactedXXX
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 260
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 21000 bits/sec, 46 packets/sec
  5 minute output rate 3242000 bits/sec, 255 packets/sec
     359992 packets input, 101105448 bytes, 0 no buffer
     Received 1286 broadcasts (922 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 922 multicast, 0 pause input
     0 input packets with dribble condition detected
     1263727 packets output, 1862726179 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

Please let me know if I can provide any more info. I am very surprised to see this behavior. I hope you guys can assist me with this issue.

Thanks.

 

3 Replies 3

AlexS1
Beginner
Beginner
The ISP may be receiving alot of BPDU's from your spanning tree topology...

Perhaps enable BPDU filter on your trunk interface to limit the BPDU's from your device getting sent to the ISP (dont enable bpdu guard though, this will kill your connection)

Also why is int gi 0/5 both an access and trunk port... Perhaps just make it an access port?

Also change your SDM template on your switch to represent what you're trying to do.

Are you routing with this switch or using it purely for layer 2?
Should be forwarding at line rates but also depends on how you've set everything else up.

If there was more info - whole config (omit the passwords though) we could possibly help more.


Deepak Kumar
Advocate
Advocate

Hi,

Is it possiable to modify your network design as 

 

pfsense igb2 -> gi0/5(Access vlan 10) -> gi0/7(access vlan 10) ->PC

      Access-Port --> Access port 

 

and as I am checking that your switch port number Gi0/5 is having duel configuration. Please reset gig0/5 port with the command "Default interface gig0/5" and reconfigure the switch port. 

 

Second: As per my knowledge your switch configuration command "system mtu routing 1500" is not putting any effect on your SVI communication but can you change it to maximum "system mtu routing 9000" and allow a jumbo frame also "system mtu jumbo 9198". My target to avoid packet fragmentation on your switch processor. 

 

 Third: Check your IP CEF table. 

 

Regards,

Deepak Kumar

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Georg Pauwen
VIP Master VIP Master
VIP Master

Hello,

 

in addition to the other posts, what is the default gateway your PC is using when the 3560E is connected ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers