Search Results

Search found 28 results on 2 pages for '3750'.

Page 1/2 | 1 2  | Next Page >

• Cisco Catalyst 3750 connected to Cisco ASA 5505 and dropping packets

  - by Bo102010

  (Cross posted from Super User per suggestion there) At the office, I have inherited a network that I am still trying to fully comprehend. I have a problem today with a new connection between: A port on a Cisco Catalyst 3750 [WS-C3750G-48TS-S running C3750-IPSERVICESK9-M version 12.2(53)SE1] A port on a Cisco ASA 5505 [ASA Software version 8.3(2)] The 3750 is home to a Vlan that has a few ports assigned to it. interface Vlan3 description Internal network (172.18.160.0/24) ip address 172.18.160.1 255.255.255.0 I have a host (outside of my control) that needs to be in this VLAN (i.e it must have an address 172.18.160.something/24) that also needs to access the Internet. To accomplish this, I ran a link from the Catalyst (Gi1/0/13) to the ASA (Ethernet 0/5). I configured the Catalyst port like so: interface GigabitEthernet1/0/13 description To ASA, 172.18.160.69 switchport access vlan 3 switchport mode access speed 100 duplex full I configured the ASA like so: interface Vlan1 nameif inside security-level 100 ip address 172.18.160.69 255.255.255.0 interface Ethernet0/5 speed 100 duplex full Then I plugged the host into Ethernet 0/4 on the ASA and instructed its owner to make its default gateway 172.18.160.69. I made a NAT rule in the ASA and set up some rules, and it's able to access the Internet without issue. However, I noticed that the Catalyst reports a ton of packets being dropped toward the ASA. Catalyst3750#show interfaces GigabitEthernet 1/0/13 | include counters|drops Last clearing of "show interface" counters 00:28:13 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 136909347 This is a huge number of drops, since there's not much traffic on this VLAN at all. I tried these things: Make sure speed and duplex agree on both sides (100 Mbps / Full) Set no cdp enable on the Catalyst Gi10/13 Set no keepalive on the Catalyst Gi10/13 Checked for excessive CPU usage on both Checked for excessive traffic on both Am I missing something? Any help would be appreciated.

  Read the article

• Problem connecting a 3Com 2952-Plus switch to a Cisco 3750 switch

  - by Noel

  Connected a 3Com 2952-SFP Plus switch to a Cisco 3750 switch via fibre. There is a light on the 3Com end, but nothing at the Cisco end, and no traffic will flow. Have swapped SFP's, have swapped fibre cables, have used a different port on the Cisco, have even swapped the 3Com switch, but still no joy. When I connect a 3Com 2948 switch over fibre that works OK. Any ideas?

  Read the article

• How to Enable Ports 25 - 28 on a Cisco Catalyst 3750

  - by Jared Brown

  I am trying to enable ports 25 - 28 on my 28 port Catalyst 3750. These four ports are my fiber ports. I am using the following command to bring up that interface. interface range Gi1/0/25 - 28 That works and it dumps me in the config-if-interface prompt. This is where I get stuck. I just want to enable these four ports and have them be in VLAN1 and On just like ports 1 - 24. How do I do this?

  Read the article

• How to block all multicast traffic travelling through a Cisco Catalyst 3750

  - by TrueDuality

  Something changed today. I can't seem to track down what, but one of our 3750s decided that it was going to forward all the multicast traffic it saw from the ghost server across every VLAN it has. I've tried writing a simple access group that consists of the following: access-list 100 deny ip any 224.0.0.10 0.0.0.255 access-list 100 permit ip any any I apparently mistakenly assumed that once applied to an interface that it would block all of the multicast traffic on that interface regardless of VLAN. I do not want any multicast traffic flowing through this particular switch to any VLAN or even to stay on the same VLAN beyond this switch. Does anyone have any ideas?

  Read the article

• Abnormally high amount of Transmit discards reported by Solarwinds for multiple switches

  - by Jared

  I have several 3750X Cisco switches that, according to our Solarwinds NPM, are producing billions of transmit discards per day. I'm not sure why it's reporting these discards. Many of the ports on the 3750X's have 2960's connected to them and are hardcoded as trunk ports. Solarwinds NPM version 10.3 Cisco IOS version 12.2(58)SE2 Total output drops: 29139431: GigabitEthernet1/0/43 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is XXXX (bia XXXX) Description: XXXX MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:47, output 00:00:50, output hang never Last clearing of "show interface" counters 1w4d Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 29139431 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 35000 bits/sec, 56 packets/sec 51376 packets input, 9967594 bytes, 0 no buffer Received 51376 broadcasts (51376 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 51376 multicast, 0 pause input 0 input packets with dribble condition detected 115672302 packets output, 8673778028 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out sh controllers gigabitEthernet 1/0/43 utilization: Receive Bandwidth Percentage Utilization : 0 Transmit Bandwidth Percentage Utilization : 0

  Read the article

• How does Brocade (Foundry) FastIron CX compare to Cisco 3750 stackable switches?

  - by Paul

  We're considering Brocade's CX series vs. Cisco's 3750 at both core and distribution layers for a new site with gig to desktop, without POE. If you have any hands-on experience with FastIron CX switches, I would greatly value your impressions. I'll gladly add mine to the discussion when we get some quality time with our eval units (one just arrived yesterday, another's on the way). Thank you!

  Read the article

• How to get access to console to reset Cisco 3750?

  - by genehack

  I acquired two Cisco 3750 switches from another part of my organization. I was able to complete the standard password/config reset procedure on one without any issues -- boot it, put it into express config mode, telnet in, reset the passwords, etc. The second one doesn't ever boot to the point where it displays anything on the console. When power cycled, the 'SYST' light flashes green a few times, then comes on a solid green and stays lit. None of the other lights ever flash or light up. Holding down the 'MODE' button for up to 30 seconds produces no noticeable effects. Nothing ever comes out on the console. Since I was able to configure the first one without any problems, I know my connectinon is good -- console port configured right, good cable, etc. Is this just a hardware problem with the switch? Is there any way I can recover from this and get the switch back into a state where I can configure it?

  Read the article

• Is there Muticast routing support on a Cisco 3750?

  - by mrtechalot

  We have a switch (Cisco WS-C3750G-48TS) with only a C3750-IPBASE-M image (not a 'C3750-IPSERVICES-M' license). Is there any kind of multicast support here? All I need it to do is route multicast packets to an RP (ip pim sparse-mode). Do we really need the service (C3750-IPSERVICES-M) license/image?. The uplink switch is running C3750-IPSERVICES-M, but this switch doesn't seem to carry any ability to configure multicast on an interface.

  Read the article

• Connecting office to data center via Metro-ethernet

  - by Eric

  I am installing a metro ethernet link from my office to my data center. The office will have a cisco 3750 with several vlans. The data center end will have a more complicated set up. The metro e from the office will connect to a 2960, which will have two other 2960s with a few vlans and a 2811 router connected to it for connectivity to our other environments and the internet. I am looking at implementing this by connecting the office 3750 and the data center 2960 with a dot1q trunk and doing all routing at the 2811. I will configure subinterfaces for gateways for each of the vlans on the 2811. I work for a small company and don't have much of a budget for an ideal architecture. I can post a simple diagram if needed for clarification. Is there anything I am missing here? I feel like I am forgetting something very basic and want to make sure I eliminate any boneheaded mistakes.

  Read the article

• Cisco: changing VTP mode server/client to transparent

  - by J. Smith

  I have around 40 L2 switches (2960, 3560, 3500, 3750) running in VTP client mode and one L3 switch (6500) running in VTP server mode, all connected together. I would like to switch everything in VTP transparent mode without any interruption of service. I've already test on a poc version with 3 switches (Catalyst 2950, 3560 and 3750). Using serial and SSH connection, it is seems working but i'm not sure it is enough representative compare to the real network. Knowing that the VTP Pruning is enabled, I am wondering what would be the best procedure to proceed the changement. I've read that we could lost connection by keeping it enabled. Should I change the server or clients first? Is it important to change the VTP domain and VTP Pruning parameters?

  Read the article

• VLAN help on ESX 4/vSphere

  - by user49032

  I setup a new VLAN with ID 153 in vSphere for my ESX4 server. The VLAN is setup for virtual machines and then I added a new NIC to the VM I want to be able to access the VM. The NIC is added to VLAN 153, but yet I am unable to ping the VLAN .1 IP that is setup on our Cisco 3750. The IP is properly setup on the Cisco 3750 because I'm able to ping the interface IP from other machines on the network. I'm guessing there must be an issue with the cabling. Any ideas?

  Read the article

• HP to Cisco spanning tree root flapping

  - by Tim Brigham

  Per a recent question I recently configured both my HP (2x 2900) and Cisco (1x 3750) hardware to use MSTP for interoperability. I thought this was functional until I applied the change to the third device (HP switch 1 below) at which time the spanning tree root started flapping causing performance issues (5% packet loss) between my two HP switches. I'm not sure why. HP Switch 1 A4 connected to Cisco 1/0/1. HP Switch 2 B2 connected to Cisco 2/0/1. HP Switch 1 A2 connected to HP Switch 2 A1. I'd prefer the Cisco stack to act as the root. EDIT: There is one specific line - 'spanning-tree 1 path-cost 500000' in the HP switch 2 that I didn't add and was preexisting. I'm not sure if it could have the kind of impact that I'm describing. I'm more a security and monitoring guy then networking. EDIT 2: I'm starting to believe the problem lies in the fact that the value for my MST 0 instance on the Cisco is still at the default 32768. I worked up a diagram: This is based on every show command I could find for STP. I'll make this change after hours and see if it helps. Cisco 3750 Config: version 12.2 spanning-tree mode mst spanning-tree extend system-id spanning-tree mst configuration name mstp revision 1 instance 1 vlan 1, 40, 70, 100, 250 spanning-tree mst 1 priority 0 vlan internal allocation policy ascending interface TenGigabitEthernet1/1/1 switchport trunk encapsulation dot1q switchport mode trunk ! interface TenGigabitEthernet2/1/1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Vlan1 no ip address ! interface Vlan100 ip address 192.168.100.253 255.255.255.0 ! Cisco 3750 show spanning tree: show spanning-tree MST0 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 0004.ea84.5f80 Cost 200000 Port 53 (TenGigabitEthernet1/1/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address a44c.11a6.7c80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Te1/1/1 Root FWD 2000 128.53 P2p MST1 Spanning tree enabled protocol mstp Root ID Priority 1 Address a44c.11a6.7c80 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 1 (priority 0 sys-id-ext 1) Address a44c.11a6.7c80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Te1/1/1 Desg FWD 2000 128.53 P2p Cisco 3750 show logging: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up HP Switch 1: ; J9049A Configuration Editor; Created on release #T.13.71 vlan 1 name "DEFAULT_VLAN" untagged 1-8,10,13-16,18-23,A1-A4 ip address 100.100.100.17 255.255.255.0 no untagged 9,11-12,17,24 exit vlan 100 name "192.168.100" untagged 9,11-12,17,24 tagged 1-8,10,13-16,18-23,A1-A4 no ip address exit vlan 21 name "Users_2" tagged 1,A1-A4 no ip address exit vlan 40 name "Cafe" tagged 1,4,7,A1-A4 no ip address exit vlan 250 name "Firewall" tagged 1,4,7,A1-A4 no ip address exit vlan 70 name "DMZ" tagged 1,4,7-8,13,A1-A4 no ip address exit spanning-tree spanning-tree config-name "mstp" spanning-tree config-revision 1 spanning-tree instance 1 vlan 1 40 70 100 250 password manager password operator HP Switch 1 show spanning tree: show spanning-tree Multiple Spanning Tree (MST) Information STP Enabled : Yes Force Version : MSTP-operation IST Mapped VLANs : 2-39,41-69,71-99,101-249,251-4094 Switch MAC Address : 0021f7-126580 Switch Priority : 32768 Max Age : 20 Max Hops : 20 Forward Delay : 15 Topology Change Count : 363,490 Time Since Last Change : 14 hours CST Root MAC Address : 0004ea-845f80 CST Root Priority : 32768 CST Root Path Cost : 200000 CST Root Port : 1 IST Regional Root MAC Address : 0021f7-126580 IST Regional Root Priority : 32768 IST Regional Root Path Cost : 0 IST Remaining Hops : 20 Root Guard Ports : TCN Guard Ports : BPDU Protected Ports : BPDU Filtered Ports : PVST Protected Ports : PVST Filtered Ports : | Prio | Designated Hello Port Type | Cost rity State | Bridge Time PtP Edge ----- --------- + --------- ---- ---------- + ------------- ---- --- ---- A1 | Auto 128 Disabled | A2 10GbE-CX4 | 2000 128 Forwarding | 0021f7-126580 2 Yes No A3 10GbE-CX4 | Auto 128 Disabled | A4 10GbE-SR | Auto 128 Disabled | HP Switch 1 Logging: I removed the date / time fields since they are inaccurate (no NTP configured on these switches) 00839 stp: MSTI 1 Root changed from 0:a44c11-a67c80 to 32768:0021f7-126580 00839 stp: MSTI 1 Root changed from 32768:0021f7-126580 to 0:a44c11-a67c80 00842 stp: MSTI 1 starved for an MSTI Msg Rx on port A4 from 0:a44c11-a67c80 00839 stp: MSTI 1 Root changed from 0:a44c11-a67c80 to 32768:0021f7-126580 00839 stp: MSTI 1 Root changed from 32768:0021f7-126580 to 0:a44c11-a67c80 00839 stp: MSTI 1 Root changed from 0:a44c11-a67c80 to ... HP Switch 2 Configuration: ; J9146A Configuration Editor; Created on release #W.14.49 vlan 1 name "DEFAULT_VLAN" untagged 1,3-17,21-24,A1-A2,B2 ip address 100.100.100.36 255.255.255.0 no untagged 2,18-20,B1 exit vlan 100 name "192.168.100" untagged 2,18-20 tagged 1,3-17,21-24,A1-A2,B1-B2 no ip address exit vlan 21 name "Users_2" tagged 1,A1-A2,B2 no ip address exit vlan 40 name "Cafe" tagged 1,13-14,16,A1-A2,B2 no ip address exit vlan 250 name "Firewall" tagged 1,13-14,16,A1-A2,B2 no ip address exit vlan 70 name "DMZ" tagged 1,13-14,16,A1-A2,B2 no ip address exit logging 192.168.100.18 spanning-tree spanning-tree 1 path-cost 500000 spanning-tree config-name "mstp" spanning-tree config-revision 1 spanning-tree instance 1 vlan 1 40 70 100 250 HP Switch 2 Spanning Tree: show spanning-tree Multiple Spanning Tree (MST) Information STP Enabled : Yes Force Version : MSTP-operation IST Mapped VLANs : 2-39,41-69,71-99,101-249,251-4094 Switch MAC Address : 0024a8-cd6000 Switch Priority : 32768 Max Age : 20 Max Hops : 20 Forward Delay : 15 Topology Change Count : 21,793 Time Since Last Change : 14 hours CST Root MAC Address : 0004ea-845f80 CST Root Priority : 32768 CST Root Path Cost : 200000 CST Root Port : A1 IST Regional Root MAC Address : 0021f7-126580 IST Regional Root Priority : 32768 IST Regional Root Path Cost : 2000 IST Remaining Hops : 19 Root Guard Ports : TCN Guard Ports : BPDU Protected Ports : BPDU Filtered Ports : PVST Protected Ports : PVST Filtered Ports : | Prio | Designated Hello Port Type | Cost rity State | Bridge Time PtP Edge ----- --------- + --------- ---- ---------- + ------------- ---- --- ---- A1 10GbE-CX4 | 2000 128 Forwarding | 0021f7-126580 2 Yes No A2 10GbE-CX4 | Auto 128 Disabled | B1 SFP+SR | 2000 128 Forwarding | 0024a8-cd6000 2 Yes No B2 | Auto 128 Disabled | HP Switch 2 Logging: I removed the date / time fields since they are inaccurate (no NTP configured on these switches) 00839 stp: CST Root changed from 32768:0021f7-126580 to 32768:0004ea-845f80 00839 stp: IST Root changed from 32768:0021f7-126580 to 32768:0024a8-cd6000 00839 stp: CST Root changed from 32768:0004ea-845f80 to 32768:0024a8-cd6000 00839 stp: CST Root changed from 32768:0024a8-cd6000 to 32768:0004ea-845f80 00839 stp: CST Root changed from 32768:0004ea-845f80 to 32768:0024a8-cd6000 00435 ports: port B1 is Blocked by STP 00839 stp: CST Root changed from 32768:0024a8-cd6000 to 32768:0021f7-126580 00839 stp: IST Root changed from 32768:0024a8-cd6000 to 32768:0021f7-126580 00839 stp: CST Root changed from 32768:0021f7-126580 to 32768:0004ea-845f80

  Read the article

• SCOM2012 monitor detail changes on switch

  - by siyang

  Could I use SCOM2012 monitor the changes on switch(CISCO 3750 2960 4906 etc), such as VLAN changes, Port shutdown, open any services on switch. I noticed there is one reports named configuration changes report, but seems like no any detail configuration could be monitor on switch? Should I download any MP to monitor the detail changes on SW. Really appreciated your suggestion. Thanks and Regards Siyang

  Read the article

• Time display and Cursor bug in Ubuntu 14.04 LTS

  - by user291774

  Just installed Ubuntu 14.04. Noticed the time in seconds speeds up then slows down to normal speed. The cursor for the keyboard has a strange rhythm; it stays normal, then slowly speeds up faster and faster till it looks like it's not blinking anymore, then goes back to normal and starts the process again. It almost seems like my whole operating system speeds up then slows down again. Even the hour circle that spins when it's loading starts slowly then it picks up speed till it spins so fast it looks like it's not even spinning. It interferes with video and the whole system. I have a Dell Vostro 3750 dual video cards and dual boot with Windows 7. Windows is running fine.

  Read the article

• internal DNS server limiting the speed as 55kb/sec ?

  - by kartook

  Hi all , Thanks in advance to everyone . Here is my Question . 1 .We have LAN internal DNS server ( 192.168.205.200 ) 2. DNS server Running on my ADDITIONAL DOMAIN CONTROLLER 3. Tested with Nslookup IPADDRESS and hostname resolving without any error . 4 .DHCP server Running on 3750 Switch ( Checked with CISCO Confirmed the configuration ) .DNS name server pointed to 192.168.205.200 . ISSUE : 1.Host getting ipaddress and DNS from DHCP server .Maximum file transfer Bandwidth 55KB/sec . 2. Assigned Static DNS on Host as ISP DNSServer Address, host getting full bandwidth whihc is 1mb/sec Thanks Kartook

  Read the article

• How to integrate Windows Server 2008 R2's NPS with Cisco switches?

  - by Massimo

  I need to evaluate in a lab environment the use of Windows Server 2008 R2's NPS for 802.1x authentication with Cisco Catalyst 3750 switches; the general idea is to only let clients connect to the company network if they can provide valid domain logon credentials, placing them in a restricted VLAN instead if they can't. NAP would also be a bonus, but it can be evaluated later; the main point now is only 802.1x authentication. Although I have very good knowledge of Windows and Active Directory (on the Microsoft side) and quite good knowledge of Catalyst switches (on the Cisco side), I'm totally new to 802.1x; I'd really like some general guidelines and help here, and some sort of implementation guide would also be very useful.

  Read the article

• hung up troubleshooting packet discards

  - by Chris Satola

  I realize my question is generic, but hopefully someone may have some guidance for me. My network consists of Cisco switches. I am seeing a significant amount (upwards of millions of packets per day) transmit drops between two switches. One being a 3750 and the other a 3560. The peak throughput of this link is only upper 400Mbps, so it shouldn't be a bandwidth issue. At this point, I am sort of clueless where to look or what tools I can use to determine what packets are dropping and why. I can setup a SPAN port on that link and wireshark it, but I don't know if that could tell me anything. Does anyone have any suggestions? Thanks in advance.

  Read the article

• Why do I have to manually 'Restart Management Network' on vSphere 5 host after reboot to get networking available?

  - by growse

  I've got a couple of vSphere 5.0 hosts in a small lab environment here and I've noticed a strange behaviour. When on of the hosts gets rebooted, it is unresponsive to the network until I log into the ESX console, Press F2 to customize and select Restart management network. Once this is done, the networking works perfectly as expected. Each host has two NICs which are trunked together using Etherchannel to a Cisco 3750. The link is also a .1q VLAN trunk and the management network is configured on VLAN121 with the VM traffic configured on VLAN118. Why would the host be completely dead to the world until I physically kick it? Edit Sample switch config for trunk: interface Port-channel2 description Blade 1 EtherChannel Trunk switchport trunk encapsulation dot1q switchport mode trunk end ! ! interface GigabitEthernet4/0/1 description Bladecenter1 CPM 1A switchport trunk encapsulation dot1q switchport mode trunk speed 1000 duplex full channel-group 2 mode on end Vswitch teaming settings: Management port group settings:

  Read the article

• Encryption over gigabit carrier ethernet

  - by Roy

  I would like to encrypt traffic between two data centres. Communication between the sites is provided as a standard provider bridge (s-vlan/802.1ad), so that our local vlan tags (c-vlan/802.1q) are preserved on the trunk. The communication traverse several layer 2 hops in the provider network. Border switches on both sides are Catalyst 3750-X with the MACSec service module, but I assume MACSec is out of the question, as I don't see any way to ensure L2 equality between the switches over a trunk, although it may be possible over a provider bridge. MPLS (using EoMPLS) would certainly allow this option, but is not available in this case. Either way, equipment can always be replaced to accommodate technology and topology choices. How do I go about finding viable technology options that can provide layer 2 point-to-point encryption over ethernet carrier networks?

  Read the article

• Switch to switch encryption over a wireless bridge (TrustSec?)

  - by metatheorem

  I am planning to connect an existing Cisco 3750 switch to a 3560C switch over a wireless PTP bridge. The bridge will be WPA2 protected, but I am looking for an additional measure of security between the switches to prevent other wireless access through either switch. They do not support IPSec, only 802.1Q tunnels, and buying additional hardware is not likely an option. I am looking into using TrustSec manual mode between the switches. After some effort reading into TrustSec and MACsec, I am mostly certain this is a good choice over the wireless bridge, keeping in mind it is a shared medium. Two questions: Can I reliably prevent other wireless traffic from accessing the switches using TrustSec? Does anyone know of any better options with the 3000 series switches?

  Read the article

• Load balanced IIS. Should I use NLB, or linux-based reverse proxy, or something else?

  - by growse

  What would be the best approach for load-balancing at least 2-3 Windows 2008 R2 IIS webservers running a multitude of .NET applications? My choices appear to be: 1) Hardware-based network device load balancer, like a Cisco CSS 2) Windows NLB 3) Some sort of linux based proxy, either haproxy or other The three servers sit as VMs on a vSphere farm, so I have the ability to clone to up the instance count in times of high load. I control the switch that the vSphere hosts are plugged into (Cisco 3750), but don't control the switching/routing infrastructure beyond that to the clients. (1) Is too expensive, and probably overkill for my needs. I've included this in case someone figures out a cunning way to do it on my existing network kit, which I doubt. (2) would seem to be the obvious "built-in" option, but seems to be quite fiddly messing around with network interfaces, multicast, and generally other things that seem to be needlessly complex. It's also fairly stupid, in that it can't remove hosts from the pool if they start throwing 500 errors or otherwise go wrong (3) is the most interesting option, as it would appear to offer the most flexibility and customizability, but without having to mess around with the network. However, while I'm familiar with the reverse-proxy capabilities of lighttpd etc, I'm not that well read on other options like HAProxy, which might be able to offer a lot more. Which would you go for, and is there anything I've not thought of?

  Read the article

• Why Would one VLAN have no Communication on one Switch?

  - by Webs

  So the problem is we have a device or host that needs to communicate on a specific VLAN. This VLAN is not new, it is running all throughout our environment and works fine. But the VLAN was recently configured on the switch in question, a Cisco 3750. The DHCP server is handing out addresses on that VLAN with no problem. I have verified the cable between the host and switch and tried multiple hosts, but none of them can communicate or get an address. I plugged my laptop into an empty port which had a different VLAN assigned and immediately got a DHCP address. When I changed that port to the same VLAN I'm having issues with I got the same problem. The laptop just sits there and tries to DHCP an address but nothing happens. I double checked the cores and their Layer 3 VLAN config and its fine too. Plus I figured the issue couldn't be with them because the VLAN works fine everywhere else it exists. So the only other thing I can think of is the switch, but the VLAN exists on the switch and seems to be configured correctly. The trunks appear to be configured just fine as well too. Anyone have any ideas? I'm lost on this one.

  Read the article

• Spanning-tree setup with incompatible switches

  - by wfaulk

  I have a set of eight HP ProCurve 2910al-48G Ethernet switches at my datacenter that are set up in a star topology with no physical loops. I want to partially mesh the switches for redundancy and manage the loops with a spanning-tree protocol. However, our connection to the datacenter is provided by two uplinks, each to a Cisco 3750. The datacenter's switches are handling the redundant connection using PVST spanning-tree, which is a Cisco-proprietary spanning-tree implementation that my HP switches do not support. It appears that my switches are not participating in the datacenter's spanning-tree domain, but are blindly passing the BPDUs between the two switchports on my side, which enables the datacenter's switches to recognize the loop and put one of the uplinks into the Blocking state. This is somewhat supposition, but I can confirm that, while my switches say that both of the uplink ports are forwarding, only one is passing any real quantity of data. (I am assuming that I cannot get the datacenter to move away from PVST. I don't know that I'd want them to make that significant of a change anyway.) The datacenter has also sent me this output from their switches (which I have expurgated of any identifiable info): 3750G-1#sh spanning-tree vlan nnn VLAN0nnn Spanning tree enabled protocol ieee Root ID Priority 10 Address 00d0.0114.xxxx Cost 4 Port 5 (GigabitEthernet1/0/5) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32mmm (priority 32768 sys-id-ext nnn) Address 0018.73d3.yyyy Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Gi1/0/5 Root FWD 4 128.5 P2p Gi1/0/6 Altn BLK 4 128.6 P2p Gi1/0/8 Altn BLK 4 128.8 P2p and: 3750G-2#sh spanning-tree vlan nnn VLAN0nnn Spanning tree enabled protocol ieee Root ID Priority 10 Address 00d0.0114.xxxx Cost 4 Port 6 (GigabitEthernet1/0/6) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32mmm (priority 32768 sys-id-ext nnn) Address 000f.f71e.zzzz Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Gi1/0/1 Desg FWD 4 128.1 P2p Gi1/0/5 Altn BLK 4 128.5 P2p Gi1/0/6 Root FWD 4 128.6 P2p Gi1/0/8 Desg FWD 4 128.8 P2p The uplinks to my switches are on Gi1/0/8 on both of their switches. The uplink ports are configured with a single tagged VLAN. I am also using a number of other tagged VLANs in my switch infrastructure. And, to be clear, I am passing the tagged VLAN I'm receiving from the datacenter to other ports on other switches in my infrastructure. My question is: how do I configure my switches so that I can use a spanning tree protocol inside my switch infrastructure without breaking the datacenter's spanning tree that I cannot participate in?

  Read the article

• VLAN issues between linux kernels 2.6 / 3.3 in an ESX / Cisco environment

  - by David Griffith

  I shall attempt to explain an issue I have encountered - I have a VM running on esx 4.1 with an interface connected to VLAN800 via an access port on a cisco 3750. It runs linux - kernel 2.6.24, and has about 5 to 10 Mbit of chatter on 10.10.0.0/16 and various multicast addresses to look after. I needed to isolate certain devices from certain other devices on the network, with all of them having to talk to that one VM. No, the address space can't be separated, nor can the networks be easily vlan'd apart. The software on the VM listens to one interface only. Private vlans appear to be the way to go. So as a test, I built a bridge on the VM that globs together the vlans as needed. All good, everything works as expected. But occasionally (sigh) there's some latency that trips up a couple of profinet devices on the network because, you know, you're not really supposed to trunk real-time protocols around the place willy-nilly. I shift it to our test/backup server - works nicely, but I don't want it to be running on the test server as we muck around with that a lot. So I says to myself, "I'll put it on a new VM for testing and tweaking." I download a small linux distro with kernel 3.3, and install as a new VM with a the vlans as separate interfaces for testing. I power up the testing VM - ok. I bring up all the separate interfaces - ok. I can ping the production VM, see all sorts of traffic going past with tshark, etc. I build a bridge and put the primary vlan on it - the production VM running 2.6 immediately loses its multicast traffic - Unicast is fine. (?) I shut down the bridge - still no multicast traffic (!?) I power-cycle the production VM(!?!?) - multicast traffic returns. I trunk everything into the testing VM and create vlan interfaces under linux instead - same result, as soon as I start the bridge.... no multicast on the production VM. Ok, so I take a break and leave things alone. I decide to play with a couple of ubiquiti bullet radios - I'm testing various firmware as a side project. I flash a radio with Open-wrt-12.09. I enable a trunk on a port on a cisco on our network so I can muck around with multiple vlans and SSIDs I power up the radio and connect - ok. I create a vlan interface from the trunk.... the same vlan as the production VM wayyyyy over there, three cisco routers away. Ok. I bridge the vlan interface to the wifi interface and immediately get a phone call. The production VM has (suprise!) lost its multicast traffic. Again, nothing comes back until I power-cycle the VM. What the hell is going on?

  Read the article

• IBM "per core" comparisons for SPECjEnterprise2010

  - by jhenning

  I recently stumbled upon a blog entry from Roman Kharkovski (an IBM employee) comparing some SPECjEnterprise2010 results for IBM vs. Oracle. Mr. Kharkovski's blog claims that SPARC delivers half the transactions per core vs. POWER7. Prior to any argument, I should say that my predisposition is to like Mr. Kharkovski, because he says that his blog is intended to be factual; that the intent is to try to avoid marketing hype and FUD tactic; and mostly because he features a picture of himself wearing a bike helmet (me too). Therefore, in a spirit of technical argument, rather than FUD fight, there are a few areas in his comparison that should be discussed. Scaling is not free For any benchmark, if a small system scores 13k using quantity R1 of some resource, and a big system scores 57k using quantity R2 of that resource, then, sure, it's tempting to divide: is  13k/R1 > 57k/R2 ? It is tempting, but not necessarily educational. The problem is that scaling is not free. Building big systems is harder than building small systems. Scoring  13k/R1  on a little system provides no guarantee whatsoever that one can sustain that ratio when attempting to handle more than 4 times as many users. Choosing the denominator radically changes the picture When ratios are used, one can vastly manipulate appearances by the choice of denominator. In this case, lots of choices are available for the resource to be compared (R1 and R2 above). IBM chooses to put cores in the denominator. Mr. Kharkovski provides some reasons for that choice in his blog entry. And yet, it should be noted that the very concept of a core is: arbitrary: not necessarily comparable across vendors; fluid: modern chips shift chip resources in response to load; and invisible: unless you have a microscope, you can't see it. By contrast, one can actually see processor chips with the naked eye, and they are a bit easier to count. If we put chips in the denominator instead of cores, we get: 13161.07 EjOPS / 4 chips = 3290 EjOPS per chip for IBM vs 57422.17 EjOPS / 16 chips = 3588 EjOPS per chip for Oracle The choice of denominator makes all the difference in the appearance. Speaking for myself, dividing by chips just seems to make more sense, because: I can see chips and count them; and I can accurately compare the number of chips in my system to the count in some other vendor's system; and Tthe probability of being able to continue to accurately count them over the next 10 years of microprocessor development seems higher than the probability of being able to accurately and comparably count "cores". SPEC Fair use requirements Speaking as an individual, not speaking for SPEC and not speaking for my employer, I wonder whether Mr. Kharkovski's blog article, taken as a whole, meets the requirements of the SPEC Fair Use rule www.spec.org/fairuse.html section I.D.2. For example, Mr. Kharkovski's footnote (1) begins Results from http://www.spec.org as of 04/04/2013 Oracle SUN SPARC T5-8 449 EjOPS/core SPECjEnterprise2010 (Oracle's WLS best SPECjEnterprise2010 EjOPS/core result on SPARC). IBM Power730 823 EjOPS/core (World Record SPECjEnterprise2010 EJOPS/core result) The questionable tactic, from a Fair Use point of view, is that there is no such metric at the designated location. At www.spec.org, You can find the SPEC metric 57422.17 SPECjEnterprise2010 EjOPS for Oracle and You can also find the SPEC metric 13161.07 SPECjEnterprise2010 EjOPS for IBM. Despite the implication of the footnote, you will not find any mention of 449 nor anything that says 823. SPEC says that you can, under its fair use rule, derive your own values; but it emphasizes: "The context must not give the appearance that SPEC has created or endorsed the derived value." Substantiation and transparency Although SPEC disclaims responsibility for non-SPEC information (section I.E), it says that non-SPEC data and methods should be accurate, should be explained, should be substantiated. Unfortunately, it is difficult or impossible for the reader to independently verify the pricing: Were like units compared to like (e.g. list price to list price)? Were all components (hw, sw, support) included? Were all fees included? Note that when tpc.org shows IBM pricing, there are often items such as "PROCESSOR ACTIVATION" and "MEMORY ACTIVATION". Without the transparency of a detailed breakdown, the pricing claims are questionable. T5 claim for "Fastest Processor" Mr. Kharkovski several times questions Oracle's claim for fastest processor, writing You see, when you publish industry benchmarks, people may actually compare your results to other vendor's results. Well, as we performance people always say, "it depends". If you believe in performance-per-core as the primary way of looking at the world, then yes, the POWER7+ is impressive, spending its chip resources to support up to 32 threads (8 cores x 4 threads). Or, it just might be useful to consider performance-per-chip. Each SPARC T5 chip allows 128 hardware threads to be simultaneously executing (16 cores x 8 threads). The Industry Standard Benchmark that focuses specifically on processor chip performance is SPEC CPU2006. For this very well known and popular benchmark, SPARC T5: provides better performance than both POWER7 and POWER7+, for 1 chip vs. 1 chip, for 8 chip vs. 8 chip, for integer (SPECint_rate2006) and floating point (SPECfp_rate2006), for Peak tuning and for Base tuning. For example, at the 8-chip level, integer throughput (SPECint_rate2006) is: 3750 for SPARC 2170 for POWER7+. You can find the details at the March 2013 BestPerf CPU2006 page SPEC is a trademark of the Standard Performance Evaluation Corporation, www.spec.org. The two specific results quoted for SPECjEnterprise2010 are posted at the URLs linked from the discussion. Results for SPEC CPU2006 were verified at spec.org 1 July 2013, and can be rechecked here.

  Read the article

1 2  | Next Page >