1. Home
  2. Cisco Systems
  3. Cisco 2950 Issue

Cisco 2950 Issue

I have a customer who has set up an 2 x ISA servers with load balancing. The outside ports connect to 2 x D Link switches (un- managed). The inside connects to a single Cisco 2950 we manage.

DLink1 Dlink2 | |

--------------- | | ISA1 ISA2 | |

-------------- | Cisco 2950

The customer has configured an outside and inside virtual Ip address. Traffic from an outside source can send to the virtual IP ok. When configuring the virtual Ip address on the inside the ISA's cannot receive traffic.

The reason I think this is an issue to do with the 2950 is as follows:

A host has to arp for the virtual MAC address for the ISA's virtual IP address. As the virtual MAC is not known on any port the switch has to flood traffic out all ports. This can happen a lot apparently so I am wondering if the cisco switch is throttling the traffic by default due to lots of unknown unicasts. (see

formatting link
I can't understand why this would work on the D Links but not the

2950. The 2950 config is very basic, no special features have been configured.

Anyone know how I can go about proving / ruling out an issue on the

2950 ?

Regards

Darren

Reply to
Darren Green
Loading thread data ...

(see

formatting link

Please paste the configs from the 2950s. The 2950 would not 'throttle' traffic due to unicasts, this is standard operation for any ethernet segment. I would also like to see the router config for this vlan. I presume the default gateway for the ISA's is external, so how does the ISA know how to get back to your other vlans, static route? Is it setup properly? Can you ping the ISA from the router in the same vlan?

Reply to
Trendkill

Thanks for the follow up.

I will capture a copy of the config an post later tonight. There are no additional VLANs set up on the inside LAN (I need this changing) but for now it's all 1 x flat VLAN. I will call the client and ask them to test ping connectivity.

AFAIK the customer said that they can ping to internal user addresses from the ISA NIC IP's. When the customer enters the virtual IP on the ISA's (like we would say for HSRP) the connections drop.

I suspected it was something to do with the flooding unknown unicasts following reading the link I attached.

Regards

Darren

Reply to
Darren Green

(see

formatting link

In my opinion we have something wrong with configuration. The article you provided is obviously accurate, but requires nothing on the switch side to fix. Provided the ISA server is behaving in the way the article states, there should be no problem. If its not, you may need to consider the hub option, but I doubt you are hitting issues with flooding when you only have one vlan worth of nodes behind the ISA servers. Now if you had a 10,000 hosts accessing the internet through these things, then it would be a different story on a 2950 switch. Therefore I go back to thinking we have a config problem on the ISA servers. I'm no expert on those things, but hopefully we can ask some questions that lead you to identifying the issue.

Reply to
Trendkill

(see

formatting link

How frustrating.

I logged onto this switch earlier only to find that there were a massive number of CRC's under the ISA internal ports. Spoke to the client who had set the spped /duplex to auto / auto when we had 100 / full.

When I set to auto / auto it all worked.

So simple, how dumb am I for not spotting that 1st time around. There again I was multi-tasking trying to resolve 101 other issues at the same time :-)

Thanks for your help Trendkill.

Regards

Darren

Reply to
Darren Green

(see

formatting link

Hey, just glad you got it fixed. Sometimes the result isn't as 'fun' to troubleshoot, but if you got that much stuff to chase down, its probably a welcome solution! Take care.

Reply to
Trendkill

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.