SWITCH 5 CONFIG

Current configuration : 2067 bytes

!

! Last configuration change at 11:08:52 UTC Fri Dec 30 2005

! NVRAM config last updated at 09:35:03 UTC Fri Dec 30 2005

!

version 12.1

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname xxxxxx

!

enable secret x $x$xxxx$xxxxxxxxxxxxxxxxxxx

!

clock timezone UTC -4

clock summer-time EDT recurring

ip subnet-zero

!

!

cluster commander-address xxxx.xxxx.xxxx member xx name xxx vlan 1

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

!

!

!

interface FastEthernet0/1

!

interface FastEthernet0/2

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

switchport access vlan 16

!

interface FastEthernet0/10

description FinSol

switchport access vlan 16

switchport mode access

!

interface FastEthernet0/11

description Warranty Title Uplink

switchport access vlan 24

switchport mode access

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

description Link from Switch6

!

interface GigabitEthernet0/2

description Link to Switch4

!

interface Vlan1

ip address 192.168.xxx.xxx 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.xxx.xxx

ip http server

!

line con 0

exec-timeout 0 0

line vty 0 4

password x xxxxxxxxxxxxxxxxxxxxx

login

line vty 5 15

password x xxxxxxxxxxxxxxxxxxxxx

login

!

ntp clock-period 17179922

ntp server 192.168.xxx.xxx key 0 prefer

!

!

monitor session 1 source interface Gi0/1 - 2

monitor session 1 destination interface Fa0/17

end

FastEthernet0/10 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is 0012.d9c1.32ca (bia 0012.d9c1.32ca)

Description: FinSol

MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, media type is 100BaseTX

input flow-control is unsupported output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:00, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 10000 bits/sec, 10 packets/sec

5 minute output rate 10000 bits/sec, 8 packets/sec

703473 packets input, 94188293 bytes, 0 no buffer

Received 245772 broadcasts (0 multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 192 multicast, 0 pause input

0 input packets with dribble condition detected

482748 packets output, 305239527 bytes, 0 underruns

0 output errors, 0 collisions, 2 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

User A was moved to a over to a VLAN on our network yesterday, which contains (6) 2950 switches trunked together via the GigabitEthernet ports, routing through a 2801, through a firewall, to a 2600 router and out to the Internet now he's having problems sending E-mail's with attachments larger than 40K. User A can get to the internet fine and use e-mail without attachments, but when sending e-mails with attachments, whether the service is web-based or POP3, the SMTP message time's out.

When

When User A is on the native VLAN he has no problems with E-mail attachments. MTU on both the router and firewall are at default 1500. Even if it was a MTU issue, which I don't think it is, that would effect the native VLAN users as well, or so I would think. Could this be an MSS problem?

We're using an Internet Web Filter so we do use SPAN to monitor ports

Someone stated

"I don't see the other vlans being trunked to the switch. You should trunk your two GIG links"

Even if that is the case, that wouldn't cause this e-mail problem would it?

INTERNAL ROUTER

Current configuration : 4669 bytes

!

version 12.3

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

boot-start-marker

boot system flash flash:c2801-advipservicesk9-mz.123-11.T3.bin

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 30000 debugging

!

clock timezone EST -5

clock summer-time EDT recurring

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

no ip source-route

ip cef

!

!

ip tcp synwait-time 10

!

!

no ip bootp server

ip ips po max-events 100

no ftp-server write-enable

!

!!

!

interface FastEthernet0/0

description $FW_INSIDE$$ETH-LAN$$INTF-INFO-FE 0$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

speed 100

full-duplex

no cdp enable

no mop enabled

!

interface FastEthernet0/1

description $ETH-LAN$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

speed 100

full-duplex

no cdp enable

no mop enabled

!

interface FastEthernet0/1.1

encapsulation dot1Q 1 native

ip address 192.168.10.35 255.255.255.0

no cdp enable

!

interface FastEthernet0/1.12

encapsulation dot1Q 12

ip address 192.168.12.1 255.255.255.0

ip helper-address 192.168.10.10

no cdp enable

!

interface FastEthernet0/1.13

encapsulation dot1Q 13

ip address 192.168.13.1 255.255.255.0

ip helper-address 192.168.10.10

no cdp enable

!

interface FastEthernet0/1.14

encapsulation dot1Q 14

ip address 192.168.14.1 255.255.255.0

ip helper-address 192.168.10.10

no cdp enable

!

interface FastEthernet0/1.15

encapsulation dot1Q 15

ip address 192.168.15.1 255.255.255.0

ip helper-address 192.168.10.10

no cdp enable

!

interface FastEthernet0/1.16

encapsulation dot1Q 16

ip address 192.168.16.1 255.255.255.0

ip helper-address 192.168.10.10

no cdp enable

!

interface FastEthernet0/1.17

encapsulation dot1Q 17

ip address 192.168.17.1 255.255.255.0

ip helper-address 192.168.10.10

no cdp enable

!

interface FastEthernet0/1.18

encapsulation dot1Q 18

ip address 192.168.18.1 255.255.255.0

ip helper-address 192.168.10.10

no cdp enable

!

interface FastEthernet0/1.19

encapsulation dot1Q 19

ip address 192.168.19.1 255.255.255.0

ip helper-address 192.168.10.10

no cdp enable

!

interface FastEthernet0/1.20

encapsulation dot1Q 20

ip address 192.168.20.1 255.255.255.0

ip helper-address 192.168.10.10

no cdp enable

!

interface FastEthernet0/1.21

description PPTE

encapsulation dot1Q 21

ip address 192.168.21.1 255.255.255.0

ip helper-address 192.168.10.10

no cdp enable

!

interface FastEthernet0/1.22

encapsulation dot1Q 22

ip address 192.168.22.1 255.255.255.0

ip helper-address 192.168.10.10

no cdp enable

!

interface FastEthernet0/1.23

encapsulation dot1Q 23

ip address 192.168.23.1 255.255.255.0

ip helper-address 192.168.10.10

no cdp enable

!

interface FastEthernet0/1.24

encapsulation dot1Q 24

ip address 192.168.24.1 255.255.255.0

ip helper-address 192.168.10.10

no cdp enable

!

interface FastEthernet0/1.25

encapsulation dot1Q 25

ip address 192.168.25.1 255.255.255.0

ip helper-address 192.168.10.10

no cdp enable

!

interface Serial0/1/0

ip address 192.168.254.1 255.255.255.0

service-module t1 clock source internal

no cdp enable

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.10.1

ip route 10.0.0.0 255.255.254.0 192.168.25.2

ip route 172.16.0.0 255.255.0.0 192.168.25.2

ip route 172.16.45.0 255.255.255.0 192.168.254.2

ip route 192.168.11.0 255.255.255.0 192.168.10.200

Hello,

have you tried to adjust the MSS yet, as suggested in my previous post ? You also might want to try and send pings with different sizes and the DF bit set from the client computer, in order to find out what the largest MTU is:

C:>ping -f -l 1522 www.cisco.com

Regards,

GP

C:\Documents and Settings\Administrator>ping -f -l 1472 www.yahoo.com

Pinging www.yahoo.akadns.net [216.109.118.78] with 1472 bytes of data:

Reply from 216.109.118.78: bytes=1472 time=40ms TTL=53

Reply from 216.109.118.78: bytes=1472 time=38ms TTL=53

Reply from 216.109.118.78: bytes=1472 time=38ms TTL=53

Reply from 216.109.118.78: bytes=1472 time=38ms TTL=53

Ping statistics for 216.109.118.78:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 38ms, Maximum = 40ms, Average = 38ms

C:\Documents and Settings\Administrator>ping -f -l 1473 www.yahoo.com

Pinging www.yahoo.akadns.net [216.109.118.79] with 1473 bytes of data:

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Ping statistics for 216.109.118.79:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

I saw this posted and tried it,

interface Vlan2

ip tcp adjust-mss 1350

!

interface FastEthernet0/0

ip tcp adjust-mss 1350

I executed the second command, changing the MSS on the FastEthernet ports, but Vlan isn't showing as an option in config t.

OPP(config)#int vlan ?

% Unrecognized command

OPP(config)#int ?

Async Async interface

BVI Bridge-Group Virtual Interface

CDMA-Ix CDMA Ix interface

CTunnel CTunnel interface

Dialer Dialer interface

FastEthernet FastEthernet IEEE 802.3

Group-Async Async Group interface

Lex Lex interface

Loopback Loopback interface

MFR Multilink Frame Relay bundle interface

Multilink Multilink-group interface

Null Null interface

Serial Serial

Tunnel Tunnel interface

Vif PGM Multicast Host interface

Virtual-PPP Virtual PPP interface

Virtual-Template Virtual Template interface

Virtual-TokenRing Virtual TokenRing

range interface range command

OPP(config)#int

No problems downloading e-mail attachments, just attaching them to e-mails, or uploading.

So it's an uploading issue.....

no problem getting data to come down just going up....

All the VLANs are having this same problem.

Using an E-mail client, I tried sending an e-mail with an attachment and got the following message.

"65.x.xxx.xxx (our external router) has too many connections (2) on sccrmhc11"

sccrmhc11 is a service provider e-mail server.

Try removing this command from your router:

ip tcp synwait-time 10

no ip tcp synwait-time 10

It looks like the remote mail server is busy or slow for whatever reason and the router is resetting the connection because of this command.

If you have this command on other routers along the path remove it from them as well.

-Mark

I removed the command from both routers, with no results. I also changed the MSS size on the VLAN and the FE ports.

This problem not only occurs with service providers but standard internet mail as well, ie. (Yahoo Mail - can't attach files larger than 20K)

OPP(vlan)#vlan 16 state mtu ?

% Unrecognized command

OPP(vlan)#vlan 16 mtu ?

<1500-18190> Value of VLAN Maximum

OPP(vlan)#vlan 16 mtu 10000

VLAN 16 modified:

MTU 10000

OPP(vlan)#exit

APPLY completed.

Exiting....

OPP#

When I try to attach files to e-mails, the internet browser just times-out.

I'm trying just about anything at this point.

Here are the configs with suggested changes. Someone posted in another discussion that NATIVE VLAN doesn't use dot1q encapsulation, so it's most likely a MTU/MSS problem.

Please look these over and let me know what you think.