HPE Community
Comware Based
1751897 Members
5193 Online
108783 Solutions
New Discussion

Re: 5120-48G EI & Cisco ASA 5510 - VLAN Issue

 
Johan_Finland
Advisor

‎04-26-2015 06:52 AM

‎04-26-2015 06:52 AM

Re: 5120-48G EI & Cisco ASA 5510 - VLAN Issue

IT is same devices I test against.

At least we have seen latency problems between VLAN 1 and 2 (files copy takes too long time so we get problem with appications) and between 6 and 1 (printing is slow).

 

Maybe 1-30 i "Normal" if it priorotize traffice but I dont want any prio... I want it to work as it have done before, then everythign have shown under 1 ms when doing ping and then we have had no problem. Now when is shows up to 15 ms then we have problem, this is facts that I know and users are not happy...

 

I have not done an actual speedtest betwee devices.

 

Wireshark I have used a few times but Im not so good in analyzing that data, it is so much to go through.....

 

ASA is running ver 8.2.5 (did not have currage to go higher with only 256 memory and all core switches and ASA have been restarted several times, latest this morning I did it before doing some tests.

 

/Johan

0 Kudos
jonare
Advisor

‎04-26-2015 08:00 AM

‎04-26-2015 08:00 AM

Re: 5120-48G EI & Cisco ASA 5510 - VLAN Issue

Ok,

 

Can you do a "sh interfaces" on the asa. And get the stats for me ?

Jon Are Endrerud
0 Kudos
Johan_Finland
Advisor

‎04-26-2015 08:17 AM

‎04-26-2015 08:17 AM

Re: 5120-48G EI & Cisco ASA 5510 - VLAN Issue

I will do that, what I also wanted to say was that when I ping something a device from 5120 core 2 to a device on a procurve switch and that procurve is connected to core 2 swit Ch (both devices on same VLAN) then I have no latency or very very little, just to confirm that it something with the ASA communication I think is not as it should be.

I will get back to you wit ASA info.

/Johan
0 Kudos
Johan_Finland
Advisor

‎04-26-2015 10:44 AM

‎04-26-2015 10:44 AM

Re: 5120-48G EI & Cisco ASA 5510 - VLAN Issue

Hi !

 

Here it the interface info from ASA.

 

/Johan

0 Kudos
Johan_Finland
Advisor

‎04-27-2015 11:49 AM

‎04-27-2015 11:49 AM

Re: 5120-48G EI & Cisco ASA 5510 - VLAN Issue

Hi!

Have you found anything that could cause this? Users still say applications are slow.

/Johan
0 Kudos
Johan_Finland
Advisor

‎04-28-2015 11:04 PM

‎04-28-2015 11:04 PM

Re: 5120-48G EI & Cisco ASA 5510 - VLAN Issue

Hi Everyone !

Have found the problem, it is a camera survailance server on VLAN 3 that is causing the problem.

As soon as the recording software are started on the server then the latency get high between all other VLANn.

 

BUt is it funny becuse it have never caused any problem before when connected to ProCurve switches 2510-24G, so I tried to move it back to that switch but the problems comes right away.

 

So now is the question, why ? Could it be becuse I have all the "trunks" betweens switches (except the port to ASA firewall) set to "hybride mode" ? Could "hybirde" mode cause problem ?

 

Maybe the Trunk mode on all ports that goes to a another switch  would fix it ? does anyone have some idea ?

 

I changed all ports earilier that goes to another switch to hybride becuse trunk mode made everything go slow also then for some reason.

But yesterday morning I changed the port to ASA firewall back to trunk from hybride and then i started to add tagging for VLANs one after one and it was then i saw the problem when comming to VLAN 3.

But all other ports that links to other switches (includeing 10 gb fiber) i have in Hybride mode.

 

It is not so nice to start doing changes just "to try" sinece everything is in production so therefore I would gladly have some "input" from someone that maybe have any idea regarding this behaivior.

What is casuing the recording softwar (running on WIndows XP) to do this ? can it be to big packets ? MTU size ?

 

Pleas come back to me if someone have any idea!

/Johan

0 Kudos
Vince-Whirlwind
Honored Contributor

‎04-29-2015 04:36 PM

‎04-29-2015 04:36 PM

Re: 5120-48G EI & Cisco ASA 5510 - VLAN Issue

It's a bit hard to advise anything without knowing what this "recording software" is, and it doesn't seem like you have enough information to be going ahead and changing anything in your production environment.

  

What kind of traffic does it generate? Is it multicast?
Have you configured your network for multicast?

Does it use jumbo frames?

What is the server's IP config?

What is the server's switchport's config? Is it an Access port or does it have 802.1q enabled? If so, then how many VLANs are on the port, should they be there? Does the server have an IP interface for each VLAN it can see from its switchport?

 

Maybe also capture traffic and see what it looks like.

 

Finally, why would anybody use "hybrid" mode?
Multiple untagged VLANs on the same port sounds both dumb and dangerous.

Just use Trunks.

0 Kudos
Vince-Whirlwind
Honored Contributor

‎04-29-2015 04:38 PM

‎04-29-2015 04:38 PM

Re: 5120-48G EI & Cisco ASA 5510 - VLAN Issue

Also, do you monitor your switches' CPU % and mem %?
If you do, I presume you would have told us if anything weird was happening.

If you don't, you need to.

 

Also set the switch logging to info/debug and see if anything interesting is happening.

0 Kudos
Johan_Finland
Advisor

‎05-01-2015 08:04 PM

‎05-01-2015 08:04 PM

Re: 5120-48G EI & Cisco ASA 5510 - VLAN Issue

Well, since Camera system is something that have been delivered by another company I dont know so much about it... And I have not been able to get hold of anyone at that company that know anything more "in depth" how it is "working".

 

If I had known this then I had wrote it here of course, it was therefor I asked the question here, maybe someoen have some "general knowledge" of camera recording systems.

And my bad also, I did not write how the port and server was configured but I thought that sine I did not write anything in specific then "people" would understand that it is configured as you normally configure a port and the ip settings/VLAN for a computer, ie. Port in switch is set to Untagged VLAN 3, no tagged traffic.

 

And regarding, multicast and jumbo frames, I have no clue about this, it was therefore I was asking questions..., where to start and how to do it.....

 

WHen starting recording software and latency gets higher, then CPU % in both core swtiches goes up with 2% (ie 10% > 12% and 15% > 17%) and as soon i stop the recording program the CPU % goes down by 2%.

 

THis is what I know at this point and maybe someone can tell me what is the most logical step next to do ?

 

/Johan

0 Kudos
Johan_Finland
Advisor

‎05-01-2015 08:28 PM - edited ‎05-01-2015 08:33 PM

‎05-01-2015 08:28 PM - edited ‎05-01-2015 08:33 PM

Re: 5120-48G EI & Cisco ASA 5510 - VLAN Issue

And also, ansert to your question " why would anyone use hybride mode on a port".... that was because alrealy from first day i installed the swtiches and move equipment over to new core switches I alreay then had this problem, all networks and VLANs was slow, especially between VLANS but also Def VLAN.

And then when I had to find the problem I of course tried different settings in trunkt ports and when I changed port that is going to ASA firewall from trunk mode > Hybride mode the the def. VLAN (where I have the servers) started to behave "Noramally", ie no latency......

 

SO then  I thought that the latency issu had to do with trunk mode was the problem and started to change trunk mode to Hybride mode on all ports going between switches....., so it therefore "I used Hybride mode".....

ANd if you have read everything in this post from beginngin you can see that I wrote:

 

"If I have port going to ASA 5510 set as "trunk" in the 5120 swtich then are also Def VLAN "slow", but if I have it set to "hybride" then Def VLAN acts "normal" ie under 1 ms."

 

And to last I jmust ask, why do you have to sound so "superior" Vince-Whirlwind in you writing ? is int the idea with forums to help??!, those who have knowledge and have maybe been in same situation can help othere..?!

I more get the feeling from you that "dont ask anything here if you dont knwo what you are talking about"... and that is not any nice feeling.....

 

/Johan

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.