1. Home
  2. Cisco Systems
  3. catalyst3560 and citrix sessions problem

catalyst3560 and citrix sessions problem

One of my customers claims that incorrect config and/or sw hw fault is causing problems in his LAN.

there are 4 vlans:

1 management, untagged (subnet 10.10.10.0/24) 2 net1 (subnet 10.1.2.0/24) 3 net2 (subnet 10.1.3.0/24) 4 net3 ( subnet 10.20.30.0/26 !! )

each of the vlans 2-4 have its own router/gateway (x.x.x.1). Those routers are not managed by my customer neither me. I cannot see their config. They are connected to switch' ports: vlan2 - port Gi0/2, vlan3 - Gi0/3, vlan4 - Gi0/4

On vlan4 there are PC users running citrix client and connecting to remote server (vlan4 gateway act also as vpn tunnel)

The problem is that clients in vlan4 have randomly disconnected their citrix sessions for 1-30 minutes and then have link back again. During that periods vlan4 gateway is reachable from remote side, man tries to ping any of clients or switch (10.20.30.2) but those are unreachable. On same time ping from the switch does not reach vlan4 router.

In Log of the switch there are no layer2 broken-link errors concerning Gi0/4 port.

Do You can verify below config - can be a source of problems?

Please help

version 12.2 no service pad service timestamps debug uptime service timestamps log datetime service password-encryption service sequence-numbers ! hostname SW3560 ! logging buffered 128000 debugging ! username xxx privilege 15 password 0 xxx no aaa new-model clock timezone UTC 1 clock summer-time UTC recurring last Sun Mar 2:00 last Sun Oct 3:00 system mtu routing 1500 ip subnet-zero ip routing ! ! mls qos map cos-dscp 0 8 16 26 32 46 48 56 mls qos srr-queue input bandwidth 90 10 mls qos srr-queue input threshold 1 8 16 mls qos srr-queue input threshold 2 34 66 mls qos srr-queue input buffers 67 33 mls qos srr-queue input cos-map queue 1 threshold 2 1 mls qos srr-queue input cos-map queue 1 threshold 3 0 mls qos srr-queue input cos-map queue 2 threshold 1 2 mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7 mls qos srr-queue input cos-map queue 2 threshold 3 3 5 mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15 mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7 mls qos srr-queue input dscp-map queue 1 threshold 3 32 mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22

23 mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48 mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56 mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63 mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31 mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47 mls qos srr-queue output cos-map queue 1 threshold 3 5 mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7 mls qos srr-queue output cos-map queue 3 threshold 3 2 4 mls qos srr-queue output cos-map queue 4 threshold 2 1 mls qos srr-queue output cos-map queue 4 threshold 3 0 mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47 mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31 mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55 mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63 mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23 mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39 mls qos srr-queue output dscp-map queue 4 threshold 1 8 mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15 mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7 mls qos queue-set output 1 threshold 1 138 138 92 138 mls qos queue-set output 1 threshold 2 138 138 92 400 mls qos queue-set output 1 threshold 3 36 77 100 318 mls qos queue-set output 1 threshold 4 20 50 67 400 mls qos queue-set output 2 threshold 1 149 149 100 149 mls qos queue-set output 2 threshold 2 118 118 100 235 mls qos queue-set output 2 threshold 3 41 68 100 272 mls qos queue-set output 2 threshold 4 42 72 100 242 mls qos queue-set output 1 buffers 10 10 26 54 mls qos queue-set output 2 buffers 16 6 17 61 mls qos ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface GigabitEthernet0/1 switchport mode access macro description cisco-desktop ! interface GigabitEthernet0/2 switchport access vlan 2 switchport mode access macro description cisco-desktop ! interface GigabitEthernet0/3 switchport access vlan 3 switchport mode access macro description cisco-desktop ! interface GigabitEthernet0/4 switchport access vlan 4 switchport mode access macro description cisco-desktop ! interface GigabitEthernet0/5 switchport access vlan 2 switchport mode access macro description cisco-desktop . . . . ! interface GigabitEthernet0/23 switchport trunk encapsulation dot1q switchport mode trunk srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10 0 0 0 queue-set 2 mls qos trust cos macro description cisco-switch auto qos voip trust spanning-tree link-type point-to-point ! interface GigabitEthernet0/24 switchport trunk encapsulation dot1q switchport mode trunk srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10 0 0 0 queue-set 2 mls qos trust cos macro description cisco-switch auto qos voip trust spanning-tree link-type point-to-point ! interface GigabitEthernet0/25 switchport trunk encapsulation dot1q switchport mode trunk srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10 0 0 0 queue-set 2 mls qos trust cos macro description cisco-switch auto qos voip trust spanning-tree link-type point-to-point ! interface GigabitEthernet0/26 switchport trunk encapsulation dot1q switchport mode trunk srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10 0 0 0 queue-set 2 mls qos trust cos macro description cisco-switch auto qos voip trust spanning-tree link-type point-to-point ! interface GigabitEthernet0/27 switchport trunk encapsulation dot1q switchport mode trunk srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10 0 0 0 queue-set 2 mls qos trust cos macro description cisco-switch auto qos voip trust spanning-tree link-type point-to-point ! interface GigabitEthernet0/28 switchport trunk encapsulation dot1q switchport mode trunk srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10 0 0 0 queue-set 2 mls qos trust cos macro description cisco-switch auto qos voip trust spanning-tree link-type point-to-point ! interface Vlan1 ip address 10.10.10.1 255.255.255.0 ! interface Vlan2 ip address 10.1.2.3 255.255.255.0 ip access-group MY-ACL in ! interface Vlan3 no ip address ! interface Vlan4 ip address 10.20.30.2 255.255.255.192 ! ip classless ip route 0.0.0.0 0.0.0.0 10.1.2.1 ip route 10.20.30.0 255.255.255.0 10.20.30.1 ip http server ip http authentication local ! ip access-list extended MY-ACL permit ip host 10.1.2.1 10.10.10.0 0.0.0.255 permit ip host 10.1.2.16 10.10.10.0 0.0.0.255 permit ip host 10.1.2.17 10.10.10.0 0.0.0.255 deny ip any any log ! logging facility daemon logging 10.1.2.14 ! control-plane ! ! line con 0 login local length 0 line vty 0 4 login local length 0 line vty 5 15 login local length 0 ! end
Reply to
PrzemekD
Loading thread data ...

It is certainly possible that the QoS configuration is dropping traffic. I can not understand the QoS behaviour without doing a lot of reading so can not offer any detailed suggestions.

You could always take out the QoS and see what happened?

It will probably be possible to see if the QoS is dropping traffic.

sh int

and have a look at any drops.

There may be other commands too.

Reply to
Bod43

There are quite a few bugs in auto-qos on the 3560/3750 platform. Cisco had some very serious issues with dropped traffic due to QoS on the 3750 platform but most of the issues have been resolved in 12.2(25)SEA code and higher. The problem you are having does not sound like QoS problems because you have a complete loss of traffic. If QoS was a problem you would have problems with applications running slow not a complete loss of connectivity.

When having the problem does switch have the MAC address of the default gateway in the CAM table? Does it appear in the are ARP table? If you don't see it in both places, you have a layer 2 problem that needs to be addressed. You should not have "spanning-tree link-type point-to-point" on your switch port connections! This command is recommended if your switch AND the switch other end is running rapid-PVST+. This could be the source of your problem (you are running PVST+ not rapid-PVST+) and you are having spanning-tree issues. Do you see spanning-tree messages in the log with date-time stamps just before or during this problem?

It is certainly possible that the QoS configuration is dropping traffic. I can not understand the QoS behaviour without doing a lot of reading so can not offer any detailed suggestions.

You could always take out the QoS and see what happened?

It will probably be possible to see if the QoS is dropping traffic.

sh int

and have a look at any drops.

There may be other commands too.

Reply to
Thrill5

U¿ytkownik "Thrill5" napisa³ w wiadomo¶ci news:N72dnVQYooQ167vVnZ2dnUVZ snipped-for-privacy@comcast.com...

I removed all QoS related config, but problem occured few times again :( I enabled udld aggresive on all switches and I will be observing effects...

thanks for suggestions

I did not noticed any of spanning tree messages /or packets (I starded shiffing using port SPAN and WireShark).

:( Any other idea?

Przemek

Reply to
PrzemekD

Is the router for VLAN 4 directly connected to port gi 0/4 ?

Check if the router for Vlan 4 is sending CDP on interface Gi 0/4

sh cdp nei

If it is being received then check if you continue to receive CDP during an outage event

If CDP is not enabled, discuss we admin for router for vlan 4 if CDP can be enabled for troubleshooting purpose.

You need to know if the router and the switch have a link during the outage event.

Please post output of show interface Gi 0/4 and show interface gi 0/4 status

Reply to
Merv

Uzytkownik "Merv" napisal w wiadomosci news: snipped-for-privacy@p25g2000hsf.googlegroups.com...

cdp is turned off, moreover there is a Netscreen 5G (or something like that) on the other side. :(

No line/protocol down/up messages occurs in syslog.

I can not give now any other than show interface GigabitEthernet0/4 controller ouput grabbed shortly after last "break", but here is nothing strange:

SW3560#sh int gi0/4 controller GigabitEthernet0/4 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is 001f.279c.2684 (bia

001f.279c.2684) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 3000 bits/sec, 3 packets/sec 5 minute output rate 3000 bits/sec, 3 packets/sec 15985653 packets input, 1402420887 bytes, 0 no buffer Received 8159 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 42 multicast, 0 pause input 0 input packets with dribble condition detected 22318368 packets output, 1568791617 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out

Transmit GigabitEthernet0/4 Receive 11710456 Bytes 9946272 Bytes 158978 Unicast frames 119594 Unicast frames 6979 Multicast frames 0 Multicast frames 1292 Broadcast frames 76 Broadcast frames 0 Too old frames 9941408 Unicast bytes 0 Deferred frames 0 Multicast bytes 0 MTU exceeded frames 4864 Broadcast bytes 0 1 collision frames 0 Alignment errors 0 2 collision frames 0 FCS errors 0 3 collision frames 0 Oversize frames 0 4 collision frames 0 Undersize frames 0 5 collision frames 0 Collision fragments 0 6 collision frames 0 7 collision frames 74958 Minimum size frames 0 8 collision frames 38074 65 to 127 byte frames 0 9 collision frames 4206 128 to 255 byte frames 0 10 collision frames 1390 256 to 511 byte frames 0 11 collision frames 518 512 to 1023 byte frames 0 12 collision frames 524 1024 to 1518 byte frames 0 13 collision frames 0 Overrun frames 0 14 collision frames 0 Pause frames 0 15 collision frames 0 Excessive collisions 0 Symbol error frames 0 Late collisions 0 Invalid frames, too large 0 VLAN discard frames 0 Valid frames, too large 0 Excess defer frames 0 Invalid frames, too small 27168 64 byte frames 0 Valid frames, too small 139581 127 byte frames 109 255 byte frames 0 Too old frames 278 511 byte frames 0 Valid oversize frames 21 1023 byte frames 0 System FCS error frames 92 1518 byte frames 0 RxPortFifoFull drop frame 0 Too large frames 0 Good (1 coll) frames 0 Good (>1 coll) frames

Reply to
PrzemekD

wiadomoscinews: snipped-for-privacy@p25g2000hsf.googlegroups.com...

You need to find out ALL of the devices between your switch and the default gateway router and create a network topology diagram with all of the information.

Also there needs to be an agreed upon troubleshooting process between all parties that support these devices

For example the problem in question might be caused by the firewall ...

Reply to
Merv

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.