Solved: Re: Best practice lan configuration

netacaduser575395547 · ‎03-07-2024

Hi

I have 4 Cisco 2960 switches and 3 unmanaged switches. All are connected via fiber cable to a core switch 4503-3 and it is connected to a VPN router and internet router. (still don't have access to the routers yet)

I know I have to replace the unmanaged switches but it will be soon. Meanwhile, I have done the following in the managed switches:

In each switch and its ports:

udld enable
udld aggressive

ip subnet-zero
no ip source-route
!
no ip domain-lookup
!
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree loopguard default
spanning-tree extend system-id
spanning-tree uplinkfast
!
vlan internal allocation policy ascending

and in each access port:

switchport access vlan 8
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root

The ports that are connected to the core switch configuration are switch port trunk only.

The core sw configurations are:

power redundancy-mode redundant
no file verify auto
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree vlan 1-250 priority 8192
!
vlan internal allocation policy ascending

ports between managed switches:

switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree guard loop

ports between unmanaged switches:.

switchport access vlan 139

ports between servers:

switchport access vlan 100
switchport mode access
spanning-tree portfast

port to the routers

no switchport
ip address **
spanning-tree portfast

router rip
version 2
network ***
no auto-summary

ip route 0.0.0.0 0.0.0.0 ***
ip route *** *** ***
ip http serve

I want the best practice network and I am trying to see why internet is slow

Many thanks

balaji.bandi · ‎03-07-2024

i would suggest always control allowing vlan required trunk port connected to switch

ports between managed switches:

switchport trunk encapsulation dot1q
switchport mode trunk

switchport trunk allowed vlan x,y,z
spanning-tree guard loop

avoid RIP and use any other IGP like OSPF and if cisco EIGRP

if you using IGP avoid static routes.

I am trying to see why internet is slow

this is different issue, many possibilities here - port negotiation end to end, any packet drops on the interface ?

Routing loops, Layer looops ? like list goes on.

you need to check below :

1. directly connecting to ISP router is the internet works ?

2. how about connecting to Core internet works ?

3. Access switch internet works ?

4. i would not expect great test on hub/ un managed switch expected greater results. ? but testing good ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎03-07-2024

i would suggest always control allowing vlan required trunk port connected to switch

ports between managed switches:

switchport trunk encapsulation dot1q
switchport mode trunk

switchport trunk allowed vlan x,y,z
spanning-tree guard loop

avoid RIP and use any other IGP like OSPF and if cisco EIGRP

if you using IGP avoid static routes.

I am trying to see why internet is slow

this is different issue, many possibilities here - port negotiation end to end, any packet drops on the interface ?

Routing loops, Layer looops ? like list goes on.

you need to check below :

1. directly connecting to ISP router is the internet works ?

2. how about connecting to Core internet works ?

3. Access switch internet works ?

4. i would not expect great test on hub/ un managed switch expected greater results. ? but testing good ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

netacaduser575395547 · ‎04-24-2024

Dear Mr Balahi

Thank you very much for the support. I have done the setting you recommanded.

I am not able to access the router yet. but the core switch 4503E is connected to two routers ( vpn&internet) vpn connection is fast but the internet is not. vpn setting is rip while the internet is static.

I connected my laptop to the router and the speed was 10mb which is what is the subscription but when I connected to the core switch, the speed was 100kb. I disabled all other ports too but still the same speed.

balaji.bandi · ‎04-24-2024

the speed was 100kb. I disabled all other ports too but still the same speed.

post again the configuraiton of the switch port connected.

check the port have any errors, speed negotiation ? any MTU issue on the ports ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

netacaduser575395547 · ‎04-25-2024

Dear Balaji, thank you. here is the configuration and outpot of the interface connected to the router

interface GigabitEthernet3/10
description LINK TO INTERNET ROUTER
no switchport
ip address 10.x.x.x
spanning-tree portfast

GigabitEthernet3/10 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet Port, address is xxx.xxxx(bia xx.xxx)
Description: LINK TO INTERNET ROUTER
Internet address is 10.x.x.x/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000-TX
input flow-control is on, output flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:02, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 6451000 bits/sec, 587 packets/sec
5 minute output rate 602000 bits/sec, 468 packets/sec
L3 in Switched: ucast: 160638916 pkt, 217254623710 bytes - mcast: 0 pkt, 0 byt es
L3 out Switched: ucast: 144936451 pkt, 18444109246 bytes - mcast: 0 pkt, 0 byt es
161236946 packets input, 220210434866 bytes, 0 no buffer
Received 539695 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
145030831 packets output, 21296450280 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

sh int g 3/10 status

Port Name Status Vlan Duplex Speed Type
Gi3/10 LINK TO INTERNET R connected routed a-full a-1000 10/100/1000-TX

sh int g 3/10 mtu

Port Name MTU
Gi3/10 LINK TO INTERNET R 1500

#sh int g 3/10 stats
GigabitEthernet3/10
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 0 0
Route cache 0 0 0 0
Hardware 161402067 220441944095 145165937 21313112630
Total 161402067 220441944095 145165937 21313112630