Inventory:
*************
Cisco 3850 core Switch
3 Cisco 3650 Access switches
MPLS Router 2900 series
Checkpoint Firewall
2 Aps 2600 series.
We have 3 Vlans in the network. These are Vlan 1, Vlan 133 and Vlan 164.
Please refer to the attached network diagram(lan.jpg), ignore the Ip addresses in the diagram as they are wrong and from a previous configuration. Correct IP addresses mentioned below:
Core L3 interfaces:
10.132.136.1--Vlan 1
10.132.133.1--Vlan 133
10.132.164.2--Vlan 164
MPLS Router: 10.132.164.1
Firewall ( not in the n/w diagram) connected on Sw2 : 10.132.164.10
This firewall is connected for 25 users of a client on sw2 on port1-25 to isolate them from the network.
Sw1: 10.132.136.17, 10.132.133.2
Sw2: 10.132.136.18
Sw3: 10.132.136.29
During the issue, no drop is seen on clients on same Vlans in the network on any switch ( except for VLan 164 whose DG is behind the checkpoint firewall connected to Sw2)
All outbound traffic for Vlans 1 and 132 is going through MPLS router as can be seen the config of the 4 switches. The outbound traffic for Vlan 164 goes to the checkpoint firewall as the firewall is directly connected to sw2 and should override the default route on the switch. Sw2 has access ports for all 25 clients needed in the network on Vlan 164.
As of now, we are ignoring connectivity of Vlan 164 with other 2 Vlans and back as the DG is the firewall and we simply don’t care about it. We are just concentrating on connectivity between Vlan 1 and 133.
With no load on the MPLS network, no issues are reported with intra and inter Vlan connectivity.
During testing on a weekend with only 2 users
With load on the MPLS network we see inter Vlan ping drops, intra Vlan connectivity works fine.
No drops between layer 3 interfaces on the core switch.
No drops from L3 interface on core to the client connected directly to other Vlan port on the core switch and vice versa.
Drops seen between clients connected directly to core switch on different Vlans. Intra Vlan connectivity bw these clients is fine.
Drops seen bw clients connected to different Vlans on same L2 switch or different L2 switches.
It does not seem to be an issue with ports, SFPs or cables as we have tried changing them ( some of them just for the heck of it) as the issue starts with connectivity between hosts connected directly to core switch in different vlans.
Attached ping tests are for clients directly connected to core switchports in VLan 133 and Vlan 1. Both intra Vlan and interVlan tests are attached during load.
Attached Show tech and cdp nei detail for Core sw, Sw1,sw2,sw3.
Please let me know if :
- I am missing something?
- Is it correct to have two L3 interfaces on Sw1?
- Could this be related to the hardware or software version as I am not very familiar with these new 3850’s and the CATOS/XE.
- Why is the issue only seen when we put load on the MPLS network.
Please let me know if more information is required. Any advice will be greatly appreciated.
Thanks
