Back story: a year ago we rolled out a ShoreTel phone system and part of that project we deployed 1 Netvanta 1534p, 4 Netvanta 1234p, and 7 Netvanta 1238ps at our main site among 2 buildings. However we kept a 3Com 4500G switch as our core which is responsible for our 6 vlans and routing to our internet gateways.
Since then we deployed another Netvant 1534p, Netvanta 1234p, and Netvanta 1238p to a second site succesfully. this location works exactly as we expected (after we turned on l3 Express Cache).
At each location we have Windows handling DHCP. And our Implementor handled QOS and Spanning-tree on all of the new switches but I don't remember if they even touched the 3Com for QOS or Spanning Treesettings.
We recently discovered a problem with the 3com switch and throughput between VLANs and did some testing at our second site with the L3 express cache settings to successfully correct the issue and ordered a third Netvanta 1534p to replace the 3com.
After confguring to match the 1534 from our second site and cutting over from the 3com switch as our head we didn't configure something right and here are our symptoms:
First thing we noticed was DHCP leases went from 1-5 seconds to get a lease to greater than 30 seconds.
Our shoretel phones nolonger would get their proper IP but may have been getting to their proper VLAN.
Our File transfers where still slow between VLAN's.
I'm not sure where start in figuring out what i missconfigured, Anyone able to help me troubleshoot?
Thanks in Advance!
Turns out the 1534's ARP cache isn't big enough, have a 1544 on order.
You may not have misconfigured anything! A key hint is:
"At each location we have Windows handling DHCP."
Windows DHCP servers have a nasty habit of not respecting VLANs.
Make sure that every Windows server used as a DHCP server is connected to an access port on the switch, configured for access only on the VLAN for which that server is the DHCP server.
For example, you have your switch configured where all ports are trunks with the data VLAN native and the voice VLAN not. If you connect a Windows DHCP server to such a port, it will assign addresses on the data VLAN to phones on the voice VLAN, even if the ethernet adapter on the Windows server doesn't have the voice VLAN configured!
To fix it, ensure that the port to which the Windows server is connected is set up as an access port on the data VLAN and not a trunk. And then label it as such because someone else will later move it to another port and break DHCP again.
I'll include a redacted config file below. Port 18 is set to access default vlan, instead of Trunk. My DHCP server is responsible for 6 scopes.
I just noticed now that i have an ip-helper defined for the default vlan which explains why my phones weren't working when plugged into that vlan.
Is there any explaination why if i have l3 express caching enabled that i'll have intermittent drops?
Redacted switch config:
ip subnet-zero
ip classless
ip default-gateway 192.168.3.253
ip routing
!
!
ip route-cache express
!
no auto-config
!
event-history on
no logging forwarding
no logging email
!
no service password-encryption
!
username "admin" password "1mix2slit"
ip forward-protocol udp time
ip forward-protocol udp nameserver
ip forward-protocol udp tacacs
ip forward-protocol udp domain
ip forward-protocol udp bootps
ip forward-protocol udp tftp
ip forward-protocol udp netbios-ns
ip forward-protocol udp netbios-dgm
!
!
no dot11ap access-point-control
no dos-protection
no desktop-auditing dhcp
no network-forensics ip dhcp
!
!
!
vlan 1
name "Default"
!
vlan 2
name "dot 3 B51"
!
vlan 10
name "VOIP"
!
vlan 20
name "dot 20 Wifi"
!
vlan 21
name "Secondary WiFi"
shutdown
!
vlan 30
name "IP Cameras"
!
vlan 31
name "Total Chrom"
!
interface gigabit-switchport 0/18
description GRITSVR15
spanning-tree edgeport
no shutdown
switchport voice vlan 10
qos trust cos
!
!
interface vlan 1
ip address 192.168.2.253 255.255.255.0
ip helper-address xxx.xxx.xxx.xxx
ip route-cache express
no shutdown
!
interface vlan 2
ip address 192.168.3.253 255.255.255.0
ip helper-address xxx.xxx.xxx.xxx
ip route-cache express
no shutdown
!
interface vlan 10
ip address 10.10.0.253 255.255.254.0
ip helper-address xxx.xxx.xxx.xxx
ip route-cache express
no shutdown
!
interface vlan 20
ip address 192.168.20.253 255.255.255.0
ip helper-address xxx.xxx.xxx.xxx
ip route-cache express
no shutdown
!
interface vlan 21
ip address 192.168.22.253 255.255.255.0
ip helper-address xxx.xxx.xxx.xxx
ip route-cache express
no shutdown
!
interface vlan 30
ip address 192.168.30.253 255.255.255.0
no awcp
ip route-cache express
no shutdown
!
interface vlan 31
ip address 192.168.31.253 255.255.255.0
ip helper-address xxx.xxx.xxx.xxx
no awcp
ip route-cache express
no shutdown
!
!
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 255
ip route xxx.xxx.xxx.xxx 255.255.255.248 xxx.xxx.xxx.xxx
ip route xxx.xxx.xxx.xxx 255.255.255.0 xxx.xxx.xxx.xxx
ip route xxx.xxx.xxx.xxx 255.255.255.0 xxx.xxx.xxx.xxx
!
no tftp server
no tftp server overwrite
http server
http secure-server
snmp agent
no ip ftp server
ip ftp server default-filesystem flash
no ip scp server
no ip sntp server
!
!
!
!
!
snmp-server location "4558 50th Street Southeast, Grand Rapids, MI 49512-5401"
snmp-server community monitor RO
!
!
auto-link
auto-link server xxx.xxx.xxx.xxx
auto-link recontact-interval 300
!
!
line con 0
no login
!
line telnet 0 4
login
password xxxxxxx
no shutdown
line ssh 0 4
login local-userlist
no shutdown
!
!
monitor session 1 destination interface gigabit-switchport 0/15
monitor session 1 source interface gigabit-switchport 0/5 both
monitor session 1 source interface gigabit-switchport 0/6 both
monitor session 1 source interface gigabit-switchport 0/7 both
monitor session 1 source interface gigabit-switchport 0/8 both
monitor session 1 source interface gigabit-switchport 0/9 both
monitor session 1 source interface gigabit-switchport 0/10 both
monitor session 1 source interface gigabit-switchport 0/13 both
monitor session 1 source interface gigabit-switchport 0/14 both
monitor session 1 source interface gigabit-switchport 0/16 both
monitor session 1 source interface gigabit-switchport 0/17 both
monitor session 1 source interface gigabit-switchport 0/18 both
monitor session 1 source interface gigabit-switchport 0/19 both
monitor session 1 source interface gigabit-switchport 0/21 both
monitor session 1 source interface gigabit-switchport 0/22 both
!
!
end
coriumintl wrote:
I'll include a redacted config file below. Port 18 is set to access default vlan, instead of Trunk. My DHCP server is responsible for 6 scopes.
I just noticed now that i have an ip-helper defined for the default vlan which explains why my phones weren't working when plugged into that vlan.
OK, so that's fixed? Is there a separate DHCP server on the voice VLAN and that server is on an access port just for that VLAN?
Is there any explaination why if i have l3 express caching enabled that i'll have intermittent drops?
No, but there are a couple of odd things, hard to tell due to redactions.
(And, you might want to do service password-encryption in the future and delete user admin)
You have: ip default-gateway 192.168.3.253 which is the address of VLAN 3 itself. This won't be of much use, I'd delete it. ip default-gateway is used when IP routing is disabled for management and isn't really appropriate here. In addition, pointing the next-hop to your own interface isn't going to be of much value.
What is connected to port 18? Is that the DHCP server?
interface gigabit-switchport 0/18
description GRITSVR15
More specifically, what's the IP of the DHCP server, to what VLAN is it connected, and what does its interface configuration look like?
the DHCP server (192.168.2.1) is on port 18 which is flagged as the Default Vlan (1), it does DHCP for all VLANs except for 30. all of the ip helper-address xxx.xxx.xxx.xxx should be ip helper-address 192.168.2.1.
all the x'd out addresses in the IP-routess are our firewalls.
OK, on port 18 try the following:
!
interface gigabit-switchport 0/18
description GRITSVR15
spanning-tree edgeport
no shutdown
no switchport voice vlan 10
switchport mode access
switchport access vlan 1
qos trust cos
!
I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Levi
My question isn't answered, though we are employing an Adtran Certified consultant to get us sorted.
Due to this being the core switch, we are unable to cut back and forth for testing. Therefore we elected to bring in a professional. I'm planning to share back adjustments made to get this live and working.
Turns out the 1534's ARP cache isn't big enough, have a 1544 on order.