internet access

hi! i've 2 6509(catos) with 2 links that are connected to our corporate office. Currently we encounter slow internet access for vlan that go throuth core2 wherease it's fast for those vlan that go through core1. Within our intranet, access to our internal portal is fast. So it's defintely no issue wiht the internal network.

i also did a traceroute to our corporate proxy and it's able to hit the proxy (for both core 1 n 2) wihout any delay.

when i disable the port on our core 2 that's connected to our corporate switch (LAN), all the PCs are automatically switch over to go through the link on core1 n internet access is fast.

I've also checked the bandwidth utilization for both of our link to our corporate sw, utilization is low. all the modules and interface are with ok status.

This actually happened previously, and it worked fine after i resetted both the core sw + sometimes by shutting down and no shut for the vlan interface for the 2 link to corporate sw, but it doesn't seems to work this time.

can anyone advise on how can i troubleshoot on this?



Re: internet access

What do you get when you traceroute out of your network to an external destination? Does your core2 router have the same default route, or does it go through a different ISP?



Re: internet access

hi! I'm not able to see which isp does it goes to as it's from the corporate side. I do understand that there are about 5 "sites" (we are one of them) that are connected to the corporate which then shared the 2x wan outgoing link to the internet with 2 different isp, but so far only us have this problem. So, i don't think it's their proxy or isp issue.

Re: internet access

hi! ANyone got any idea on this? Is there any tools or anything that i can enabled from my side to troubleshoot this?


Re: internet access


What kind of link is it that connects your site to the central site? Is it the same through both of your switches? Is there a possibility of transmission errors on the link from switch2?

If you go from your site to one of the other sites, and if you force that traffic to go through your switch2 is that also slow? (is it just Internet that is slow or is everything slow that goes through this switch?)

Can you check for packet loss on the interfaces you go through when you go through switch2? Can you check for possible duplex mismatch on these interfaces?



Re: internet access

hi! Rick

our cores are connected to the central office through 2 fiber links (1 link from each core), thus yes, both the links are the same which is fiber. I checked the msfc on core 2 by using the sh interface command, there's no errors or crc logged. As for the sw, what command can i use? the 6509 sw is running on catOS. Not too familiar with the CatOS command.

So far, for this link to our main office from this pair of 6509 is only for internet access. For access of corporate portal,email or app is through another core. We can;t access the corporate app from this core sw. So no way to test.

i tried to do a ping to the proxy seesm normal the reply is consistent. time<1ms. We're confirmed that there isn't any mismatch. I did a sh port 9/9 It's full duplex with speed 1000.

In the core 2 sw, i saw a command to show errordetecion? it's currently disabled? Can i enabled it? will it help to troubleshoot?

Pls advise again. Thanks

Re: internet access

hi! I used the command sh port and here's the msg output. It seems that...there isn't any error as well.

Port Name Status Vlan Duplex Speed Type

----- -------------------- ---------- ---------- ------ ----- ------------

9/9 to-Corp2 connected 82 full 1000 1000BaseSX

Port Security Violation Shutdown-Time Age-Time Max-Addr Trap IfIndex

----- -------- --------- ------------- -------- -------- -------- -------

9/9 disabled shutdown 0 0 1 disabled 36

Port Num-Addr Secure-Src-Addr Age-Left Last-Src-Addr Shutdown/Time-Left

----- -------- ----------------- -------- ----------------- ------------------

9/9 0 - - - - -

Port Broadcast-Limit Multicast Unicast Total-Drop Action

-------- --------------- --------- ------- -------------------- ------------

9/9 - - - 0 drop-packets

Port Send FlowControl Receive FlowControl RxPause TxPause

admin oper admin oper

----- -------- -------- --------- --------- ---------- ----------

9/9 desired off off off 0 0

Port Status Channel Admin Ch

Mode Group Id

----- ---------- -------------------- ----- -----

9/9 connected auto silent 35 0

Port Status ErrDisable Reason Port ErrDisableTimeout Action on Timeou

---- ---------- ------------------- ---------------------- ----------------

9/9 connected - Enable No Change

Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize

----- ---------- ---------- ---------- ---------- ---------

9/9 0 0 0 0 0

Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants

----- ---------- ---------- ---------- ---------- --------- --------- ---------

9/9 0 0 0 0 0 0 0

Re: internet access

You could have someone flooding the link between core2 and yours corporate office. Have you already checked for errors between these interfaces? What kind of interfaces are we talking about?

Can you better explain your setup ? Perhaps do quick draft showing it's really connected and what are the internet links. Also, how about QoS? have you been doing anything either on core 1 or core 2?


Re: internet access

hi!...I checked out network monitoring tools on the port 9/9...the traffic is only 2-3mbps. So, the link is not flooded. There isn't any errors on our end...and the corporate side also told us their interface is ok too.

each core has 2 sups and mod 9/9 is connected to the corporate through 1 fiber link...1 links from each core sw to 2x core sw at corp - 1 to 1 connection

Each of this routers are configured with different vlans (eg. vlan 5,6 in c1r1, vlan 7,8 in c1r1). some of the vlans will go through 9/9 of core 1 to the corp 1 core and some of the vlans will go through 9/9 of our core 1 to corp 2 core. (c1r1 above means core1 router1)

The link to the corp 1 are configured with 2 vlans 82, and 81.


Re: internet access

Hi. I'm sorry but i'm still have some doubts regarding how the connections are being made.. can you post an diagram?

Re: internet access

hi! Here's the drafted diagram. Thanks.

i've also found the following errors

corp2> (enable) sh counters supervisor

Forwarding Engine Error Stats Counters


IP len against Physical length err = 0

IP min. length check error = 0

IP pkts with cksum error = 4

IPX len against Physical length err = 0

IPX min. length check error = 0

Routers/sup (all the 4 sups)


%MROUTE-4-MTU_MISMATCH: WARNING: With IP multicast enabled, in

terfaces which transmit traffic from larger to smaller MTU interfaces may not be

hardware switched due to fragmentation. A degradation in performance may occur.

