One of my customers claims that incorrect config and/or sw hw fault is
causing problems in his LAN.

there are 4 vlans:
1 management, untagged (subnet 10.10.10.0/24)
2 net1 (subnet 10.1.2.0/24)
3 net2 (subnet 10.1.3.0/24)
4 net3 ( subnet 10.20.30.0/26 !! )

each of the vlans 2-4 have its own router/gateway (x.x.x.1). Those routers
are not managed by my customer neither me. I cannot see their config.
They are connected to switch' ports: vlan2 - port Gi0/2, vlan3 - Gi0/3,
vlan4 - Gi0/4

On vlan4 there are PC users running citrix client and connecting to remote
server (vlan4 gateway act also as vpn tunnel)

The problem is that clients in vlan4 have randomly disconnected their citrix
sessions for 1-30 minutes and then have link back again.
During that periods vlan4 gateway is reachable from remote side, man tries
to ping any of clients or switch (10.20.30.2) but those are unreachable.
On same time ping from the switch does not reach vlan4 router.

In Log of the switch there are no layer2 broken-link errors concerning Gi0/4
port.

Do You can verify below config - can be a source of problems?

Please help


version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service sequence-numbers
!
hostname SW3560
!
logging buffered 128000 debugging
!
username xxx privilege 15 password 0 xxx
no aaa new-model
clock timezone UTC 1
clock summer-time UTC recurring last Sun Mar 2:00 last Sun Oct 3:00
system mtu routing 1500
ip subnet-zero
ip routing
!
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22
23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39
48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55
56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30
31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46
47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46
47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30
31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54
55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62
63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22
23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38
39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
switchport mode access
macro description cisco-desktop
!
interface GigabitEthernet0/2
switchport access vlan 2
switchport mode access
macro description cisco-desktop
!
interface GigabitEthernet0/3
switchport access vlan 3
switchport mode access
macro description cisco-desktop
!
interface GigabitEthernet0/4
switchport access vlan 4
switchport mode access
macro description cisco-desktop
!
interface GigabitEthernet0/5
switchport access vlan 2
switchport mode access
macro description cisco-desktop
..
..
..
..
!
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/25
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/26
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/27
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/28
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface Vlan1
ip address 10.10.10.1 255.255.255.0
!
interface Vlan2
ip address 10.1.2.3 255.255.255.0
ip access-group MY-ACL in
!
interface Vlan3
no ip address
!
interface Vlan4
ip address 10.20.30.2 255.255.255.192
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.2.1
ip route 10.20.30.0 255.255.255.0 10.20.30.1
ip http server
ip http authentication local
!
ip access-list extended MY-ACL
permit ip host 10.1.2.1 10.10.10.0 0.0.0.255
permit ip host 10.1.2.16 10.10.10.0 0.0.0.255
permit ip host 10.1.2.17 10.10.10.0 0.0.0.255
deny ip any any log
!
logging facility daemon
logging 10.1.2.14
!
control-plane
!
!
line con 0
login local
length 0
line vty 0 4
login local
length 0
line vty 5 15
login local
length 0
!
end

On 7 May, 20:23, "PrzemekD" <ba...@koncept-l.sp.am.wy.wal.pl> wrote:
It is certainly possible that the QoS configuration is
dropping traffic. I can not understand the QoS
behaviour without doing a lot of reading so can
not offer any detailed suggestions.

You could always take out the QoS and see what happened?

It will probably be possible to see if the QoS is dropping traffic.

sh int

and have a look at any drops.

There may be other commands too.

There are quite a few bugs in auto-qos on the 3560/3750 platform. Cisco had
some very serious issues with dropped traffic due to QoS on the 3750
platform but most of the issues have been resolved in 12.2(25)SEA code and
higher. The problem you are having does not sound like QoS problems because
you have a complete loss of traffic. If QoS was a problem you would have
problems with applications running slow not a complete loss of connectivity.

When having the problem does switch have the MAC address of the default
gateway in the CAM table? Does it appear in the are ARP table? If you don't
see it in both places, you have a layer 2 problem that needs to be
addressed. You should not have "spanning-tree
link-type point-to-point" on your switch port connections! This command is
recommended if your switch AND the switch other end is running rapid-PVST+.
This could be the source of your problem (you are running PVST+ not
rapid-PVST+) and you are having spanning-tree issues. Do you see
spanning-tree messages in the log with date-time stamps just before or
during this problem?


<Bod43@hotmail.co.uk> wrote in message
news:3a1e6eba-f829-4a07-beff-8430cb043844@d1g2000hsg.googlegroups.com...
On 7 May, 20:23, "PrzemekD" <ba...@koncept-l.sp.am.wy.wal.pl> wrote:
It is certainly possible that the QoS configuration is
dropping traffic. I can not understand the QoS
behaviour without doing a lot of reading so can
not offer any detailed suggestions.

You could always take out the QoS and see what happened?

It will probably be possible to see if the QoS is dropping traffic.

sh int

and have a look at any drops.

There may be other commands too.

U¿ytkownik "Thrill5" <nospam@somewhere.com> napisa³ w wiadomo¶ci
news:N72dnVQYooQ167vVnZ2dnUVZ_tXinZ2d@comcast.com. ..

I removed all QoS related config, but problem occured few times again
I enabled udld aggresive on all switches and I will be observing effects...

thanks for suggestions

I did not noticed any of spanning tree messages /or packets (I starded
shiffing using port SPAN and WireShark).


Any other idea?

Przemek

Is the router for VLAN 4 directly connected to port gi 0/4 ?

Check if the router for Vlan 4 is sending CDP on interface Gi 0/4

sh cdp nei

If it is being received then check if you continue to receive CDP
during an outage event

If CDP is not enabled, discuss we admin for router for vlan 4 if CDP
can be enabled for troubleshooting purpose.

You need to know if the router and the switch have a link during the
outage event.

Please post output of show interface Gi 0/4 and show interface gi 0/4
status

Uzytkownik "Merv" <merv.hrabi@rogers.com> napisal w wiadomosci
news:92b9980e-a9eb-4daf-b53b-25864cd97cee@p25g2000hsf.googlegroups.com...
cdp is turned off, moreover there is a Netscreen 5G (or something like that)
on the other side.

No line/protocol down/up messages occurs in syslog.

I can not give now any other than show interface GigabitEthernet0/4
controller ouput grabbed shortly after last "break", but here is nothing
strange:


SW3560#sh int gi0/4 controller
GigabitEthernet0/4 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 001f.279c.2684 (bia
001f.279c.2684)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 3000 bits/sec, 3 packets/sec
5 minute output rate 3000 bits/sec, 3 packets/sec
15985653 packets input, 1402420887 bytes, 0 no buffer
Received 8159 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 42 multicast, 0 pause input
0 input packets with dribble condition detected
22318368 packets output, 1568791617 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

Transmit GigabitEthernet0/4 Receive
11710456 Bytes 9946272 Bytes
158978 Unicast frames 119594 Unicast frames
6979 Multicast frames 0 Multicast frames
1292 Broadcast frames 76 Broadcast frames
0 Too old frames 9941408 Unicast bytes
0 Deferred frames 0 Multicast bytes
0 MTU exceeded frames 4864 Broadcast bytes
0 1 collision frames 0 Alignment errors
0 2 collision frames 0 FCS errors
0 3 collision frames 0 Oversize frames
0 4 collision frames 0 Undersize frames
0 5 collision frames 0 Collision fragments
0 6 collision frames
0 7 collision frames 74958 Minimum size frames
0 8 collision frames 38074 65 to 127 byte frames
0 9 collision frames 4206 128 to 255 byte frames
0 10 collision frames 1390 256 to 511 byte frames
0 11 collision frames 518 512 to 1023 byte frames
0 12 collision frames 524 1024 to 1518 byte
frames
0 13 collision frames 0 Overrun frames
0 14 collision frames 0 Pause frames
0 15 collision frames
0 Excessive collisions 0 Symbol error frames
0 Late collisions 0 Invalid frames, too
large
0 VLAN discard frames 0 Valid frames, too large
0 Excess defer frames 0 Invalid frames, too
small
27168 64 byte frames 0 Valid frames, too small
139581 127 byte frames
109 255 byte frames 0 Too old frames
278 511 byte frames 0 Valid oversize frames
21 1023 byte frames 0 System FCS error frames
92 1518 byte frames 0 RxPortFifoFull drop
frame
0 Too large frames
0 Good (1 coll) frames
0 Good (>1 coll) frames

On May 13, 9:50 am, "PrzemekD" <ba...@koncept-l.sp.am.wy.wal.pl>
wrote:



You need to find out ALL of the devices between your switch and the
default gateway router and create a network topology diagram with all
of the information.

Also there needs to be an agreed upon troubleshooting process between
all parties that support these devices

For example the problem in question might be caused by the
firewall ...