This discussion is locked

Ask the Expert: Access LAN Switches (Cisco Catalyst 4500E, 3750-X, 3560-X, and 2960)

Unanswered Question
Jul 13th, 2012

With Nikolay Karpyshev

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about architecture and troubleshooting Access LAN Switches such as Cisco Catalyst 4500E, 3750-X, 3560-X, and 2960 with Cisco Expert Nikolay Karpyshev.

Nikolay Karpyshev is a Customer Support Engineer in the high touch technology support  team (HTTS)  at Cisco specialized in LAN Switching. Karpyshev supports the Cisco Switches Nexus 7000, Catalyst 6500, 3750, 3560, 4500, 2900, among others, and works as senior and escalation engineer. He was previously a part of Cisco Sales Associate program. He holds a specialist degree in Mathematics and Mechanics from Novosibirsk State University in Russia. Nikolay also holds these Cisco Certifications:  CCNP, CCSP, and CCDP.   

Remember to use the rating system to let Nikolay know if you have received an adequate response. 

Nikolay might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Network Infrastructure sub-community discussion forum shortly after the event. This event lasts through July 27, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4.8 (12 ratings)
sean_evershed Sun, 07/15/2012 - 02:56

Hi Nikolay,

Are there any plans to release a 40 Gbps blade for the 4500E now that the technology is available for the Nexus 7K and 6500 range of switches?

Thanks

Sean

nkarpysh Sun, 07/15/2012 - 18:08

Hi Sean,

It is planned yes, but unfortunately I have no exact products or dates to share. Current fabric provides 48 G per slot so for 40G port we can provide only single non-blocking port. I guess it will come with next fabric to have at least 2 non-blocking 40G ports in same card.

Nik

Reza Sharifi Sun, 07/15/2012 - 11:31

Hi Nikolay,

This question has come up here several times, and we have had different dates from Cisco as to when and what IOS will support VSS for the 4500 series. So, can you provide us the latest on this?

Thanks,

Reza

Leo Laohoo Sun, 07/15/2012 - 15:10
when and what IOS will support VSS for the 4500 series.

Hi Reza,

I've seen a Cisco presentation that states that end of 2012 to mid-2013. 

Reza Sharifi Sun, 07/15/2012 - 15:15

Hi Leo,

Thanks!

Do you know what version of software?

Reza

nkarpysh Sun, 07/15/2012 - 17:51

Hello Guys,

It is planned in  new feature release 15.1(2)SG, XE 3.4.0SG along with ISSU. Unfortunately no exact date set and I agree with Leo that those should be in range end of 2012 to mid-2013. We just had one new release  XE 3.3.0SG, 15.1(1)SG on CCO.

Nik

Leo Laohoo Sun, 07/15/2012 - 21:28
Do you know what version of software?

Sorry Reza, I ain't THAT good.

Nik's probably the best source.

I'm suspecting it could be a 4.X.X IOS number.

Alot of people who's purchased the Sup7E and the 4500X would be keen to know the release date.

sean_evershed Mon, 07/16/2012 - 02:12

Hi Nik,

I have another future release question.

When searching for an IOS for the 4510 I couldn't find any that supported OSPFv3 authentication with IPSEC.

Did I miss one or is this a feature that will be released in the future? If so do you have a timeframe?

Thanks

Sean

nkarpysh Mon, 07/16/2012 - 04:10
nkarpysh Mon, 07/16/2012 - 07:27

Hello Chai,

Not sure if I understood your question correctly but I think you need a command which will show you only the interfaces with 0 In and Out packets.

Well pipe should be working here. The only thing is to build the best expression for it. After pipe you can use different regular expressions. See more about it here:

http://www.cisco.com/en/US/docs/ios/12_2/termserv/configuration/guide/tcfaapre_ps1835_TSD_Products_Configuration_Guide_Chapter.html

I was just playing in my lab and came with the following one which match 0 in the middle coulmns of "show int counter":

sh int count | i _0_.|In|Out

it gives smth like:

HTTS-VSS#sh int count | i _0_.|In|Out

Port                InOctets   InUcastPkts   InMcastPkts   InBcastPkts

Te1/1/1                    0             0             0             0

Te1/1/2                    0             0             0             0

Te1/1/3                    0             0             0             0

Te1/1/4                    0             0             0             0

Gi2/2/1                    0             0             0             0

Gi2/2/2                    0             0             0             0

Gi2/2/3                    0             0             0             0

Port               OutOctets  OutUcastPkts  OutMcastPkts  OutBcastPkts

Te1/1/1                    0             0             0             0

Te1/1/2                    0             0             0             0

Te1/1/3                    0             0             0             0

Te1/1/4                    0             0             0             0

Gi2/2/1                    0             0             0             0

Gi2/2/2                    0             0             0             0

Port               OutOctets  OutUcastPkts  OutMcastPkts  OutBcastPkts

Gi2/2/3              2013885             0          4840             0

It is at least excluding interfaces which had 0 only in last column. You can play with expression to build your own which matching your needs better.

Nik

elguen.hasanov Tue, 07/17/2012 - 00:02

Hi Nikolay

.

I have some problem with my cisco asa 8.2. I have to know how shoud i connect 2 inside interfaces. I am writing what i have.

I have 5 network connection on Cisco ASA.

1. Interface Ethernet 0/0 - outside 200.200.200.200 255.255.255.240

2. Interface Ethernet 0/1 - 1_firm 10.0.1.1 255.255.255.0

3. Interface Ethernet 0/2 - 2_firm 192.168.1.1 255.255.255.0

4. Interface Ethernet 0/3 - DMZ-Server 10.10.10.1 255.255.255.0 (Just one Server)

5. Management -  no need

I have to connect 2 Interfaces, (1_firm) with Interface (2_firm). I've tried

route 1_firm 192.168.1.0 255.255.255.0 10.0.1.1 ,

but i resiving following error "Cannot add route,connected route exists".

But i have no route configuration. What i have cheking? Or maked i some wrong?

Thanks for your help

nkarpysh Tue, 07/17/2012 - 00:19

Hi Elguen,

Basically you will not be able to add static route for this subnet because you have alredy that network configured on the interface Ethernet0/2. This automatically adding that route as connected to the routing table.

I'm not the expert in ASA thus might not be the best resource to answer you in more details. I recomend you to open you query in our Security forum:

https://supportforums.cisco.com/community/netpro/security/firewall

HTH

Nik

elguen.hasanov Tue, 07/17/2012 - 02:47

Hi Nikolay,

Thank you for your answer.

Have a nice day.

Elguen

manumohan200 Tue, 07/17/2012 - 00:38

Hi Nikolay,

I have a customer having a VDI server infrastructure. He is connecting his VDI servers to a Catalyst 6500 switch with WS-X6548 module.  With this setup, he is having some performance issues where the VDI application is functioning very slowly. This happens in any of WS-X6548 modules we have in our network.

We changed these servers to connect to our Catalyst 4500 switches in their Ws-X4248 module. After this there was no application issues.

Do you have any difference in terms of the buffer size or the througput capacity of these line cards. If yes, what are those values?  Please revert.

Thanks,

Manu

Leo Laohoo Tue, 07/17/2012 - 15:35
I have a customer having a VDI server infrastructure. He is connecting his VDI servers to a Catalyst 6500 switch with WS-X6548 module. 

Servers connected to a 6548 line card????

The 6548 was NOT designed to be used by servers.  The 6548 was designed as a desktop line card (hence the PoE daughter card module as an option).  Servers are recommended to use the 6748 line cards.

The use of 6548 connected to servers will cause the line cards to drop packets due to buffer overflow.

*** Sorry Nikolay for hijacking this post. ***

manumohan200 Tue, 07/17/2012 - 16:41

Hi leolaohoo,

Thanks for the reply. I got your inputs already from a Cisco URL. I understand that the buffer size of the 6548 line cards is 1MB per 8 ports.

I want the same parameter for  4500 line cards., ie buffer size of each of the ports in WS-X4248 line cards. I am not getting this informatiom from any of the Cisco documents?

Thanks,

Manu

nkarpysh Tue, 07/17/2012 - 19:51

Hi Manu,

I'm a bit confused. Afaik the 4248 card provide only 10/100 speed for ports. And the buffer of 1MB per 8 port you talk about are specific to 1 GB per port 6548 line cards only. 100Mb 6548 line cards have different buffer specifications. Did you have a server on 1GB port having a problem and then moved to 100MB port solving the issue?

Can you specify exact line cards you used for me to come with the correct answer for you.

Nik

manumohan200 Tue, 07/24/2012 - 06:13

Hi Nikolay,

This is the setup.

I have some set of servers. If we connect to 4248 module, there is no issue with the application.

If I connect to 6548 module, the application is slow.

From one technote related to WS-X6548 module, I understand that 6548 modules are not suitable to connect the servers, but only end computers.

I would like to know the technical reasons behind this in terms of some values (say some buffer sizes) so that I can convince my customer to go for some higher module for server connectivity.

Thanks,

Manu

nkarpysh Tue, 07/24/2012 - 19:28

Hi Manu,

If you talk about 10/100 6548 LC like WS-X6548-RJ-45 then it has 1.2MB of buffer per port and is designed for Server Farms.

If you talk about 10/100/1000 card like WS-X6548-GE-TX then it has 1MB per 8 ports as you said above and is designed for Gig to desktop. Other thasn buffer restriction this card has 8:1 oversubscription to fabric and that is a major problem for servers.

http://www.cisco.com/en/US/partner/prod/collateral/switches/ps5718/ps708/product_data_sheet0900aecd8017376e.html

The reason why this card is recomended for desktop or IP Telephony is that those end stations rarely goes up to the line speed thus usually don't need to queue traffic and use the buffers. They also can share this speed easily with other ports as desktops and Ip Phones rarely start to talk all at same time at big speed.  Thus buffers are quite small here and oversubscription is present.

In case of servers -those can get multiple connections and easily reach the line speed - thus queueing will be needed and so Higher buffers are requirement and also non-blocking connection to fabric.

Thus all depends about the type of card you talk which I still did not get

Nik

manumohan200 Tue, 07/24/2012 - 19:41

Hi Nikolay,

Thanks for the response.

I understood the limitations on 6548-GE-TX module.

Can you tell me what is the buffer size per port for WS-4248-RJ-45 module and the subscription rates?  I am not able to see this values in any of the Data Sheets.

Thanks,

Manu

nkarpysh Tue, 07/24/2012 - 20:35

                   Hi Manu,

Afaik 4500 use different buffering model. Supervisor provides a certain buffer space (depending on SUP version) for all line cards and ports. Thus that buffer space will be dynamicaly spread among all line cards/ports. So single port can get from few hundreds of bytes up to several MB if no other need it.

In regards to oversubscription - 4248 10/100 MB LC has 6 GB connection to SUP thus not oversubscribed at all.

Thus to your situation. It can be that you connected server to 6548-GE card first which has already some servers connected to the same port-group. Those servers might have eaten the 1GB badwidth already thus the new one had to compete even for fw megs.

When you moved to 4248 you provided dedicated 100MB link which solved a problem. So it may be related to over-subscription to backplane only and did not come to buffers yet.

That is just  guess and one of the posibilities based on the symptoms discibed.

HTH

Nik

njackson40416 Tue, 07/17/2012 - 06:03

Hi Nikolay,

I have another question. We have a computer that is going into error-disable due to a link flap.

The thing that is confusing us is the port security only trips on Monday evenings. This has been ongoing for over a month now.

Cables have been replaced, but it still confuses me as to why the error only happens every Monday.

We have automatic updates, could that be a cause? Or perhaps a misconfiguration of IPv6?

Any help would be greatly appreciated.

Thank you

V/r

Chai

shillings Tue, 07/17/2012 - 06:28

Hi Nikolay,

What can you tell us about the future of the current 10/100 2960 series switches?

It's has a good lifespan already, so any plans you can share with us?

Many Thanks,

nkarpysh Tue, 07/17/2012 - 20:04

Hello,

2960 is still in and developing. 2960-s is one of the new platforms which will be there on market for a while. Here you can find a list of Q&A for this platform:

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/qa_c67-577519.htmlhttp://www.cisco.com/en/US/partner/prod/collateral/switches/ps5718/ps6406/qa_c67-577519.html

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/prod_qas0900aecd80322c37.html

And the plans are to grow further. Let me know if you have any specific question and I will help you with it.

Nik

nkarpysh Tue, 07/17/2012 - 19:56


Hi Chai,

The thing to start with  - please tell me what is the switch you have a problem on. Also here port is error-idsabled not by port-security but by the non-stable link factor to keep switch control protocols safe of it. The next thing to consider - what is connected to that port and what kind of traffic going through it at that time. Is it copper or optical port? Is there any patch pannel in between?

For the first tests to do I would recomend following:

- Try different speed/duplex settings on that port:

--- speed/duplex hardcoded to 100 ro 1000 (if supported)

--- spped/duplex configured to auto

--- speed negotiation disabled

Nik

Leo Laohoo Tue, 07/17/2012 - 20:43

Nikolay Karpyshev wrote:


Hi Chai,

The thing to start with  - please tell me what is the switch you have a problem on. Also here port is error-idsabled not by port-security but by the non-stable link factor to keep switch control protocols safe of it. The next thing to consider - what is connected to that port and what kind of traffic going through it at that time. Is it copper or optical port? Is there any patch pannel in between?

For the first tests to do I would recomend following:

- Try different speed/duplex settings on that port:

--- speed/duplex hardcoded to 100 ro 1000 (if supported)

--- spped/duplex configured to auto

--- speed negotiation disabled

Nik

How about doing a TDR to check if Chai has a Layer 1 issue?

nkarpysh Tue, 07/17/2012 - 20:50

Thats is a good idea Leo.

However we still first need to find out what is the switch used and if it has TDR in built. If we consider external TDR then that wont be of much use I guess as the cable was replaced already. Anyway that will be still good to have the results of such tests during the problem and normal work.

So Chai - you can talk to your site team to include these tests on their radar.

Nik

Mrnghiaht Tue, 07/17/2012 - 07:22

Hi Nikolay

I have problem with Switch Cisco 3560E-24TD

My system have 22 Camera IP, use one 3560E. each Camera IP have bw is 2Mbps. System Camera have worked not good, Video of Camera are transmitted to the shock. I tried ping from my PC to all Camera, very low packet. Time and TTL were very hight

But when i decreased Bandwidth of all Camera to 1Mbps, The Signal Video was better . I tried ping again, Time and TTL very good

What is this issue ?it is related to Bandwidth or throughput of Switch 3560E ?

Thanks !

nkarpysh Tue, 07/17/2012 - 20:13

Hello,

To start with analysis we need to know following:

- 3560 configuration

- if IP cameras do any DSCP marking

- where do you ping from? Did you connect PC to same 3560 switch to ping? If not then please explain the path (L2 and L3) between PC and Camera

- Where do cameras send their video stream? Is the collector server connected to same 3560 switch? If not what is the topology between the server and IP cameras.

The thing is that is your PC and Collector Server are connected to same  switch -  then we need to consider 3560 switch performance. But if video is sent through some other devices or even WAN link then bottleneck can be there as well and we need to heck that first.

Please provide me with the information above and I can share with you some basic guidelines on further analysis.

Nik

iskoy.istem Wed, 07/18/2012 - 04:24

hi nikolay,

by the way, whats the significance of buffer limit size?

nkarpysh Wed, 07/18/2012 - 11:54

Hi Joseph,

Good questions and not that simple to answer as it depend on many factors. Buffer limit comes into picture when speed of the wire /port is not enough to transmit all the traffic which is supposed to go out there. In that case port is starting the queuing (queueing strategies are very different so I will not consider those in this answer and take the First In First out queueing for example). Traffic is being stored then in port buffer. If there is too much traffic going out that buffer is exausted then the excess is just dropped.

Thus size of the buffer does matter. Other thing is that few ports may share the same buffer pool - thus most agressive port might eat the buffers for the rest of the ports and make them starve. And so on.

The above was said related to HW buffers which are pre-built for particular line card. If you talk about queue-limit, then it is sometimes differ from HW buffers. Queue-limit specify the number of traffic which needs to be handled by CPU and queued when CPU is busy handling other processes. Usually most of current platform are able to use their HW resource to handle traffic. In some cases you need to send that to CPU for decision (common examples are - traffic sent to the switch management interface or traffic with TTL=1, etc). If traffic needs to be sent to CPU and CPU is busy - it is stored in SW queue and the size of that queue is limited by queue-limit. Again if that limit is reached - all excessive traffic is dropped.

So buffer limit tells you how much traffic you can store before starting to drops if your media/CPU is busy. The bigger buffer/limit - more traffic you can store. Not always that is good as that add the latency to packet handling and not all kinds of traffic fine with it. But now we are coming to QoS which is different topic.

Sorry for confusing answer but I hope I answered your question or at least shared some food for next questions.

Nik

praetoleiad Tue, 07/24/2012 - 10:09

thank you Nikolay for replying to the query. i understand it now.

support.cisco@e... Wed, 07/18/2012 - 06:40

Hi Nikolay,

I have a question regarding the Management Port on SUP7-E for C4503-E. It seems that this port "fastethernet1" cannot be brought to the UP status when connected to another catalyst switch (in access vlan 1) (3500 or 2960), for out-of band management. LED never come to green or orange when connected, even after many tries with tuning in mdix or speed/duplex..

When this port is connected to a PC or event to a linecard of same or other C4503, it is immediately up.

Do you have any clue ?

Thank you very much

Yoann

nkarpysh Wed, 07/18/2012 - 12:12

Hi Yoann,

In earlier IOS versions mangement port was used only for disaster recovery of the switch. E.G. from ROMMON and thus it is not coming up with the other switches. See limitation section for SUP7e:

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/release/note/OL_23474.html#wp2525034

The supervisor engine front-panel management port (FastEthernet1 interface) is not supported.

As far as I know they included it in the last release available on CCO. I will check later on it.

Nik

njackson40416 Mon, 07/16/2012 - 06:51

Hi Nikolay,

We work on a huge LAN, and one of the responsibilities I have is port security. 

If I go through one of our switches and any port isn't connected my job is to shut it down.

Currently I use #sh int count to verify that nothing is on that port, and it is safe to shut down with interfering with a user, (who just happens to have their computer off)

The problem I am running into is that I have not found a proficient way for me to see only ports that have 0s only on their In and Out packet count.

The pipe command hasn't proved to be very useful in this case, and I was just hoping for a very practical tip in this.

Thank you

V/r

Chai

jhippen@advance... Wed, 07/18/2012 - 07:13

Nikolay,

Does the 3560-X support IPv6 VRF-lite? Everytime I try to configure "address-family ipv6", I get "IPv6 VRF not supported for this platform or this template".

Justin

nkarpysh Wed, 07/18/2012 - 19:55

Hi Justin,

IPV6 in a VRF is not supported on 3750/3650 switches currently, while you

can do IPV6 in the global routing table, according to the product managers,

there is no planned support for this feature yet on the 3K switches.

For the 4500 IPV6 features are supported in Supervisor Engine 6-E only, you

can check this on the following link:

http://tools.cisco.com/squish/e16cE

For the 6500 switches, I was checking on the available IPV6 features

available one is the "MPLS VPN - VRF CLI for IPv4 & IPv6 VPNs", you can

check this on the following link:

http://tools.cisco.com/squish/33614

After IOS version 12.2(33)SXI the feature "IPv6 unicast forwarding (vrf-lite

IPv6)" is supported.

I hope this information is useful for you, please let me know if you have any questions or doubts.

Nik

rafaelmendes Wed, 07/18/2012 - 07:38

Hello Nikolav,

How do I know the total consumption of traffic in real time on a 3750 and 2960 switches?

For example, i need to know this number to find out if my switch is not overloaded(throughput).

Tks.

nkarpysh Wed, 07/18/2012 - 20:08

Hi Rafael,

As these platforms are capable to send traffic in HW I would start with checking the TCAM to see if it is reaching it's limits or not:

show platform tcam utilization

For backplane and interface utilization you can use following commands

:       
- Switch#show controllers utilization   -------------  display bandwidth utilization on the switch or specific ports.
- Switch#show switch stack-ring activity detail ---------------- display the number of
frames per stack member that are sent to the stack ring. (This command was introduced on IOS version 12.2[25] SE)

Other useful commands for interface statistics.

Sh interface counters
Sh interface summary
Sh interface stats

Please keep in mind that result or availability of each command may depend on the particular switch or IOS.

Nik

fernando-augusto Wed, 07/18/2012 - 10:04

Hello,

The Switch 3750-x REP does not support the protocol right? So what can I use (the closest) in his place?

Thanks,

nkarpysh Wed, 07/18/2012 - 20:31

Hello Fernando,

REP is included into the coming 15.0(2)SE release for 3750X. AFAIK this release will be available by end of Q3CY12. At the moment it is supported by ME platforms (e.g. 3750-ME or ME-3400, ME-3800).

HTH

Nik

cebuladavid Wed, 07/18/2012 - 16:05

I have stack of 3750-X switches running IOS 15.0.x. Switch 2 is the master. If I do a:

show controllers ethernet-controller port-asic statistics

I only see results for switch 2.

1. Is there any way to see the statistics for the other switches? Appending a .... switch 1 to that command returns remote statistics not currently supported.

2. For switch 2 I see results for port-asic's 0-2 for a  WS-C3750X-48P. How are those asics allocated across the ports?

Thanks

nkarpysh Wed, 07/18/2012 - 20:37

Hi David,

For your Q1:

By default you are connecting to the master switch. To see the details for the other peer in stack you can either switch to the other console using "session #" (session 1). Then you will come into switch 1 console and will be able to run necessary commands.

You can also try to run thos commands from mane console prepending command with "remote command #" (e.g. remote command 1 show controllers ethernet-controller port-asic statistics).

For Q2:

You can find the port-to-ASIC mapping with any of the commands below:

Show platform pm if-numbers

Show platform pm platform-block

HTH

NIk

Oleg Gnedikh Wed, 07/18/2012 - 22:20

Hi Nikolay !!!

Cisco ME3400 Per-VLAN QoS

I want to limit the speed on a particular VLANs on trank-ports.

I'm created child and parent policy, and applyed it on the  appropriate ONE interface.

And all OK, but only in one direction (of cours).

But this rule work correctly only on ONE interface, and nothing on the second interface :-(

class-map match-any vlan

match vlan  2

!

policy-map child1

  class class-default

  police cir 100000

!

policy-map 1

class vlan

service-policy child1

!       
interface GigabitEthernet0/1

switchport trunk allowed vlan 2  

switchport mode trunk

service-policy input 1

!                                                                                                                                                                                  
interface GigabitEthernet0/2

switchport trunk allowed vlan  2

switchport mode trunk

service-policy input 1

BUT "CONFERM PACKET" ONLY ON INTERFACE G0/2

Switch#sh policy-map interface

GigabitEthernet0/1

Service-policy input: 1

Class-map: vlan (match-any)

0 packets

Match: vlan  2

Service-policy : child1

Class-map: class-default (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: any

police cir 100000 bc 8000

conform-action transmit

exceed-action drop

conform: 0 (packets) exceed: 0 (packets)

Class-map: class-default (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: any

GigabitEthernet0/2

Service-policy input: 1

Class-map: vlan (match-any)

0 packets

Match: vlan  2

Service-policy : child1

Class-map: class-default (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: any

police cir 100000 bc 8000

conform-action transmit

exceed-action drop

conform: 2214 (packets) exceed: 821 (packets)Class-map: class-default (match-any)0 packets, 0 bytes30 second offered rate 0 bps, drop rate 0 bps

Match: any

Switch#

PS: All ports have absolutely identical configuration

nkarpysh Thu, 07/19/2012 - 00:02

Hi Oleg,

Can you please share the IOS version you use on ME3400. Please also share the port config from the devices connected to Gi0/1 and Gi0/2.

One mor etest I want you to run.  Can you please create the dummy class "class vlanx" and put it above the "class vlan" in the config. E.G. like below:

class-map match-any vlanx

match vlan 3 ---------------------------- can be any VLAN different from 2 even if that is not allowed by trunk

class-map match-any vlan

match vlan 2

!

policy-map child1

class class-default

police cir 100000

!

policy-map 1

class  vlanx

service-policy child1

class vlan

service-policy child1

Can you please apply this config to both port Gi0/1 and Gio/2 and see if you get counters on both for class VLAN. I want to check one known defect here.

Nik

Oleg Gnedikh Thu, 07/19/2012 - 07:30

Hi Nikolay!

Thank you very much for your paid attention!

Switch#sh ver

Cisco IOS Software, ME340x Software (ME340x-METROIPACCESSK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)

I use tow ordinary devices to make one tag-port and one access-port (Dlink) for both sides. Tag-ports with VID2,3 I connected to Cisco g0/1 and g0/2. PCs connectetd to access ports.

     I created your stand and tested traffic in both directions and from both VLANs.

As a result, I saw counters only on g0/2 in any cases.

I thought it trouble with port g0/1, but  I saw counters on g0/1 when I turn off service-policy on g0/2 !!!

Switch#sh policy-map interface

GigabitEthernet0/1

Service-policy input: 1

Class-map: vlan (match-any)

0 packets

Match: vlan  2

Service-policy : child1

Class-map: class-default (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: any

police cir 100000 bc 8000

conform-action transmit

exceed-action drop

conform: 0 (packets) exceed: 0 (packets)

Class-map: vlan3 (match-any)

0 packets

Match: vlan  3

Service-policy : child1

Class-map: class-default (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: any

police cir 100000 bc 8000

conform-action transmit

exceed-action drop

conform: 0 (packets) exceed: 0 (packets)

Class-map: class-default (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: any

GigabitEthernet0/2

Service-policy input: 1

Class-map: vlan (match-any)

0 packets

Match: vlan  2

Service-policy : child1

Class-map: class-default (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: any

police cir 100000 bc 8000

conform-action transmit

exceed-action drop

conform: 27 (packets) exceed: 0 (packets)

Class-map: vlan3 (match-any)

0 packets

Match: vlan  3

Service-policy : child1

Class-map: class-default (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: any

police cir 100000 bc 8000

conform-action transmit

exceed-action drop

conform: 189 (packets) exceed: 1619 (packets)

Class-map: class-default (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: any

Switch#

This is "show" when I turn off  polices on g0/2

Switch#sh policy-map in
GigabitEthernet0/1

Service-policy input: 1

Class-map: vlan (match-any)
0 packets
Match: vlan  2

Service-policy : child1

Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
police cir 100000 bc 8000
conform-action transmit
exceed-action drop
conform: 0 (packets) exceed: 0 (packets)

Class-map: vlan3 (match-any)
0 packets
Match: vlan  3

Service-policy : child1

Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
police cir 100000 bc 8000
conform-action transmit
exceed-action drop
conform: 173 (packets) exceed: 1536 (packets)

Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
Switch#

nkarpysh Thu, 07/19/2012 - 19:56

Oleg,

Can you please open the new thread in LANSW are for this problem. It is getting hard to manage it here as we will get more questions for different topics in this thread and I may loose a track of this issue. Please send me the link to it via private message.

Regarding the test bed - can you please change the places of classes - put class for vlan 3 on top of class for VLAN2. There was a problem when top class never gave statistics but the bottom ones did thus I want to check/eliminate it.

Nik

Jessica Deaken Fri, 07/20/2012 - 09:24

Hello Nikolay,

I have been experiencing some high CPU issues in some of the 4500 and 3700s in my network. Can you kinldy provie some troubleshooting guidelines for High CPU issues?

Thanks a lot..

- Jessica

nkarpysh Sat, 07/21/2012 - 17:28

Hi Jessica,

Thanks for your question.

When you troubleshoot High CPU problem on any catalyst switch you need first to understand dif CPU load is related to some services/processes or to the traffic hitting it. That split problem in two parts and analysis for both is different.

I have the links below which help to start TS for the platforms you mentioned:

3750:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/troubleshooting/cpu_util.html

4500:

http://www.cisco.com/en/US/customer/products/hw/switches/ps663/products_tech_note09186a00804cef15.shtml

Both share step-by-step process to verify all the details beyond the High CPU utilization. Start with those to understand first if CPU is processes or traffic driven and then continue TS of it.

If you want me to look closer to your problem please send me "show proc cpu sort | ex 0.00" to see what is happening and I will advise of the next commands later once I check this one.

Nik

Actions

Login or Register to take actions

This Discussion

Posted July 13, 2012 at 1:20 PM
Stats:
Replies:81 Avg. Rating:4.75
Views:17767 Votes:0
Shares:1

Related Content

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,725
4 7,083
5 6,742
Rank Username Points
165
82
69
65
55