Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

5300xl Vlan

Mike Fisher_4
Occasional Contributor

5300xl Vlan

I've setup a network with a 5308xl connecting to 2524's running two Vlans (Vlan1 and Vlan2) on the links between the vlans i have Vlan1 untagged and Vlan2 tagged is this correct? Does this mean the data on Vlan1 has to cope with managment data, would it be better to have 3 Vlans and the two data Vlans on Vlan 2 & 3. If it would does the Vlan1 managment Vlan need an ip address. Also do the gigabitstacking modules that fit in the 2524's act the same as a 1000BaseT module and need Vlan tagging info etc.
I have included the config of the 5300xl and a 2524, what do you think? The 2524's are on ports A1,A2,E1,E2,E3. (i'm posting this as the customer is complaining of a slow Vlan1)

; J4819A Configuration Editor; Created on release #E.06.05

hostname "HP Switch 5308XL"


max-vlans 3
time daylight-time-rule None
cdp run
module 7 type J4821A
module 8 type J4821A
module 2 type J4820A
module 5 type J4821A
module 6 type J4821A
module 3 type J4820A
module 4 type J4820A
module 1 type J4878A
ip default-gateway 0.0.0.0
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "CURRIC"
untagged A1-A4,B1-B24,C1-C24,D1-D5,D13-D24,E1-E3,F1-F4,G1-G4,H1-H4
ip address 195.168.5.30 255.255.255.0
no untagged D6-D12,E4
exit
vlan 2
name "ADMIN"
untagged D6-D12,E4
ip address 192.168.0.10 255.255.255.0
tagged A1-A2,E1-E3
exit
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
ip route 0.0.0.0 0.0.0.0 195.168.5.1
no aaa port-access authenticator active

; J4813A Configuration Editor; Created on release #F.05.09

hostname "Switch B1"
snmp-server location "Cab B Library"
max-vlans 3
time daylight-time-rule None
cdp run
ip default-gateway 195.168.5.30
snmp-server community "public" Unrestricted
vlan 1
name "CURRIC"
untagged 1-26
ip address 195.168.5.31 255.255.255.0
exit
vlan 2
name "ADMIN"
tagged 25-26
exit
stack commander "CabB"
stack auto-grab
stack member 1 mac-address 000883d9ec40
stack member 2 mac-address 00088396e280
stack member 3 mac-address 0008832a4040
stack member 4 mac-address 000883d90800
stack member 5 mac-address 000883da4200
stack member 6 mac-address 000883d5ad40
stack member 7 mac-address 00088398c140
stack member 8 mac-address 000883def8c0
no aaa port-access authenticator active


3 REPLIES
Ron Kinner
Honored Contributor

Re: 5300xl Vlan

Management data is trivial so I wouldn't worry about it. It is best to have an ip address (in vlan1) on each switch. Helps to manage them and is especially necessary if you want to use something like MRTG to get their traffic.

I do wonder why you have vlan2 tagged on 25-26 of Switch B1. I assume 25 and 26 are the gigabit links back to the 5308XL. If you had an appearance of vlan2 on the switch then you would need the vlan2 tagging on both ends but since there is no appearance of vlan2 other than on the link I guess you are just doing it for simplicity's sake in case you ever add a vlan2 port.


I would look for an auto negotiate failure as the cause of the slowness. Look for a port which has a lot of errors or collisions then manual set both ends to the appropriate duplex and speed.

If that's not it then check each port for too heavy traffic during the slowdown period. This is where MRTG shines.

Could also be STP flapping for some reason. Also make sure that the root bridge is the 5308. It would be sort of ugly if one of the 2524's became the root bridge.

I assume you are running the latest code on each switch?

Ron
Mike Fisher_4
Occasional Contributor

Re: 5300xl Vlan

Thanks for the reply Ron,
Port 25-26 on the 2524 have vlan2 tagged because port 25 is the gigabit link to the 5308xl and port 26 is a gigastack link to another 2524.
What do you mean when you say the 5308 should be the root bridge?

Mike
Ron Kinner
Honored Contributor

Re: 5300xl Vlan

Root Bridge is a Spanning Tree Protocol (STP) concept. If STP is not on (You don't need STP if there is no chance of a loop or a redundant link in your network and it is off by default on your switch) then you don't care. If it is on each switch picks the inter-switch port which is closest to the switch designated as the root bridge and blocks all others which also connect to the root bridge. This forces all traffic to other switches (those connected somehow to the root bridge) to communicate via the root bridge. Say you had 3 switches set up in a triangle pattern with the 5308 at the top of the diamond in positon A. B and C (clockwise around the triangle) are 2524s. After STP finishes its selection of the root bridge ideally A would be the root. Then the link between either B and C would be cut so that there is no chance of a loop and the resulting broadcast storm. Now when C wants to talk to B it has to send the traffic to A which sends it to B. The return path is the reverse. This causes extra traffic through A but since A is a big boy he can handle it. If one of the 2524s (say B) was selected as the root bridge then the link from A to C would be cut so all traffic from and to C would have to flow through B. This could create a bottleneck if the traffic was more than it could handle. See http://www.cisco.com/en/US/tech/tk389/tk689/technologies_configuration_example09186a008009467c.shtml for more info.

A redundant loop in your topology without STP can cause a broadcast storm where the same broadcast gets sent around the loop many times until it uses up all the trunk capacity. This is one cause of slow networks.

Getting back to your slow network. It may just be a case of too much traffic. You may have to play with QoS to give your complainers a higher priority or to lower the priority of high volume services (so they can't hog all of the bandwidth). Check your interface counters on your interswitch links the next time the network seems slow and see if you can identify bottlenecks by which links have the most traffic or which have the most collisions or other errors. Also talk to your complainers and find out who they are talking to and when. (Could also be that the server they are talking to is overloaded and it's not the network at all.) Maybe you can move your complainers closer to the 5308 or maybe you need to reduce the number of broadcasts that are clogging the network by adding a third LAN or blocking unnecessary broadcasts (by their UDP port number) or maybe somebody left RIP turned on and it is clogging your network with updates every 30 seconds. If you don't have a sniffer you can find a freeware one on the web fairly easily. I use snort which is actually an intrusion detector but it does a good job of sniffing the network. www.snort.org It is not the easiest to setup tho. tcpdump is popular plus there are a lot of others at www.shareware.com

Ron