How to manage LAN user's and database server's traffic on single cisco 2960 switch.

Answered Question
Sep 2nd, 2012

Hi Experts,

For my Lan, I have created two Vlan; Vlan 10 = for Users   and    Vlan 20 = For Database Servers

there are 15 Lan computer/laptop and 5 SQL database server (Dell Server) connected through same 24 port cisco 2960 switch. Means, 15 + 5 port occupied.

I have applied access list on cisco switch to restrict communication between vlan 10 and vlan 20.

But My main purpose to create two Vlan is not for any kind of communication or restriction. My main Purpose is that Users traffic do not distrub or choke or affect the Database servers. then what will i need to do for that 

is VLAN Concept is sufficient for my concern  OR  I will need to buy seperate Cisco Switch to connect 5 database servers   OR  Else.  ???

I have this problem too.
0 votes
Correct Answer by Richard Burts about 1 year 7 months ago

Thanks for posting the configuration of the switch. It helps to make clear what is going on. And what it shows is that there is one port configured for a trunk connection between your 2960 and the core. Interface Gig0/1 carries all traffic from the 2960 to the core. the servers are sending their traffic that needs to get to the core over this interface. And the user traffic that needs to get to the core uses this interface as well. So it is possible (and perhaps likely) that traffic from servers attempting to use this interface is competing with traffic from users attempting to use this interface.

In my post I attempted to explain how you could avoid competition between user traffic and server traffic attempting to get to the core. But since my explanation was not clear, then let me try to explain it again. When you have one trunk port carrying traffic for both VLANs there is competition for access to that interface. So the solution is that you do not configure interface Gig0/1 as a trunk (and as member of a port channel) but you configure it as an access port in the server VLAN (which appears to be VLAN 20 if I understand your config correctly). And then you connect interface Gig0/2 from the 2960 to the core. In my previous post I suggested that you make this interface an access port for the user VLAN (which appears to be VLAN 10). But I see that this switch has both VLAN 10 and VLAN 13. You have not told us about VLAN 13 or what it is. But assuming that it needs to communicate with the core then I would suggest that interface Gig0/2 be configured as a trunk and that it carry traffic for VLANs 10 and 13. If you do this then the traffic from the user VLAN can not compete with the traffic from the server VLAN.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
anshsarthak Fri, 09/07/2012 - 06:32

Hi Experts,

                   Is there anybody who can resolve this issue with confirm answer..

JosephDoherty Fri, 09/07/2012 - 08:38

Disclaimer


The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

VLANs only logically separate traffic.  Physically, hardware resources may be shared.  What's shared depends on the physical architecture of the device.  What particular/specific 2960 switch are you using?

Richard Burts Fri, 09/07/2012 - 09:52

The original poster does not tell us how the 2960 is connected to achieve inter vlan routing, but since it is a layer 2 switch I assume that it is connected to something that does inter vlan routing. If that connection is a trunk port then I believe that the trunk port is a place where user traffic might be able to impact server traffic. If the connection for users is an access port in the user vlan to the layer 3 device and the connection for servers is an access port in the server vlan to the layer 3 device then I believe that user traffic on the 2960 will not be able to impact the server traffic on the 2960.

HTH

Rick

JosephDoherty Fri, 09/07/2012 - 11:39

Disclaimer


The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

If the switch doesn't support full wire-rate for all its ports, then it's possible non-related traffic on different ports to be adverse to other traffic.  It's also possible, even on some "full wire-rate" switches, there are rare corner conditions that might impact shared hardware.  (I'm thinking of odd-ball situations where frames need to be "abnormally" processed.)  A more common issue might be an ASIC's capacity used for a group of ports.

Looking at the 2960 series performance, I see a 2960G's forwarding and switching bandwidth is listed as 32 Gbps (duplex), which is only enough for 16 Gbps full duplex ports, not enough for 20 gig hosts.  Athough very unlikely, 15 user hosts could compete for this bandwidth with the 5 SQL server hosts, which means the latter could be impacted by usage of the former. (Again, since we don't know what model 2960, nor host connected bandwidths, this may or may not apply.)

Also looking at 2960 series information, I didn't find (may have missed it) explicit documentation that it's architecture is non-blocking.  I suspect it's very similar to same vintage 3560s/3750s.

So, it's possible different VLAN traffic, on the same 2960 switch, can be adverse to each other, even without contention on a shared trunk.  (NB: BTW, I wholly agree with you, a shared trunk port is a much more likely point of contention, but it shouldn't normally impact same VLAN traffic between ports on the same device [because such traffic shouldn't be on the trunk].)

anshsarthak Sat, 09/08/2012 - 01:16

Hi Richard,

                My Network Diagram is like as:

                Cisco 1841 Router------->Cisco3560Switch (trunk)----------->all of eight Cisco2960Switch(trunk)------>User/Server

                You are saying that "If that connection is a trunk port then I believe that the trunk port  is a place where user traffic might be able to impact server traffic."  i am unable to understand....Plz tell me what need to do to remove trunk..........

anshsarthak Sat, 09/08/2012 - 00:57

Hi Joseph / Richard,

1. Cisco 2960 model is Cisco Catalyst 2960-24TT-L

2. Bandwidth for LAN Components, 15 user's have 100Mb nic and 5 Dell database server's have 1GB nic each........

Plz find attached two files for Cisco 3560  and one of my cisco 2960 switch configuration...

One more thing, i want to know about VLAN1. Actually i read out many Blogs/forms/article that VLAN1 should not be used for User's or Server for  Security Purpose but you can see in my Cisco 3560 switch configuration that all of my Cisco 2960 switch configured in VLAN1.. So is there any need to change in L2 Switch's Vlan..........  

JosephDoherty Sat, 09/08/2012 - 05:31

Disclaimer


The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

The Cisco Catalyst 2960-24TT-L's performance specs are listed as: 16 Gbps forwarding bandwidth, 32 Gbps switching bandwidth and 6.5 Mpps; all equal or exceed capacity needs of all ports.

Again, unsure what's the architecure of the switch, so there might be blocking conditions although on later generations switch usually at least head-of-line blocking is designed out.

As Rick noted, your most likely congestion points are your (gig) trunks.  Consider on your 2960s, you have the potential for 24 FE and 1 gig port to want to transmit up your gig uplink.  I.e. potentially 3.4 gig out a gig link.  Unless you enable QoS, all traffic going up the uplink competes "equally" for the gig bandwidth (but that's not what you say you want).

However, with "ordinary" user hosts, it very unlikely there will be this much concurrent demand on your uplink's bandwidth.  Some old rules of thumb recommend 24:1 bandwidth for user hosts and 4:1 for server hosts.  Considering your at 3.4:1, you're already better than both recommendations.

Yes, there are best practice recommendations to avoid explicitly using VLAN 1, as it's also often used for "special" control packets, but in such a small topology, and if you don't have normal hosts on it, I wouldn't worry too much about it.

anshsarthak Sat, 09/08/2012 - 09:09

Hi Joseph,

                As Richard stated that "If  that connection is a trunk port then I believe that the trunk port  is a  place where user traffic might be able to impact server traffic."  I am not getting this sentence bcoz Trunking between Core switch and Access switch are necessary to carry VLAN traffic....

Then how can i remove this ???????.......... Plz assist me in simple Words

Correct Answer
Richard Burts Sat, 09/08/2012 - 19:03

Thanks for posting the configuration of the switch. It helps to make clear what is going on. And what it shows is that there is one port configured for a trunk connection between your 2960 and the core. Interface Gig0/1 carries all traffic from the 2960 to the core. the servers are sending their traffic that needs to get to the core over this interface. And the user traffic that needs to get to the core uses this interface as well. So it is possible (and perhaps likely) that traffic from servers attempting to use this interface is competing with traffic from users attempting to use this interface.

In my post I attempted to explain how you could avoid competition between user traffic and server traffic attempting to get to the core. But since my explanation was not clear, then let me try to explain it again. When you have one trunk port carrying traffic for both VLANs there is competition for access to that interface. So the solution is that you do not configure interface Gig0/1 as a trunk (and as member of a port channel) but you configure it as an access port in the server VLAN (which appears to be VLAN 20 if I understand your config correctly). And then you connect interface Gig0/2 from the 2960 to the core. In my previous post I suggested that you make this interface an access port for the user VLAN (which appears to be VLAN 10). But I see that this switch has both VLAN 10 and VLAN 13. You have not told us about VLAN 13 or what it is. But assuming that it needs to communicate with the core then I would suggest that interface Gig0/2 be configured as a trunk and that it carry traffic for VLANs 10 and 13. If you do this then the traffic from the user VLAN can not compete with the traffic from the server VLAN.

HTH

Rick

Actions

Login or Register to take actions

This Discussion

Posted September 2, 2012 at 1:22 AM
Stats:
Replies:9 Avg. Rating:5
Views:591 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,155
3 7,745
4 7,088
5 6,747
Rank Username Points
135
83
80
69
38