4

Resume: I'm have a really basic network cenario with some new switches that I just bought. After configuring a LAG (without LACP) between them, I started to have ping losses and high latency. I also experienced connectivity lost from the switches.

In details:

  • I have 4 Cisco Small Business: 1 SG500 24p and other 3 SG300 24p.
  • Their interfaces are all Gigabit.
  • The SG500 is L3 enabled, being the gateway of my network.
  • I have a DHCP/DNS server hosted on a Windows Server, that provides this services.
  • All the switches are with their most recent firmware.
  • All cables are CAT6, in a dedicated network rack.
  • The SG500 gateway is a Draytek firewall/router, with one internet link.
  • SG500 is the root bridge on the STP.
  • No VLANs, just the defaults.
  • No VOIP.
  • At the moment of the configuration, only the servers were up, the company was empty. No large traffic.
  • All SG300 are plugged in the SG500, in a star topology.
  • My Notebook, where I made the ping probes, was cabled to a SG300.

I configured the switches with just one cable on their uplink to the (SG500) and they worked like a charm. After doing this, I decided to join another interface on the uplink, aggregating both of them to have a little more throughput. So, I access the switches, one by one, by console, and made the command on the selected interfaces:

channel-group 1 mode on

Just this!

After doing this, I made new tests on the network. I started to have some ping losses. The pings that survived, had >20ms latency. I started to ping the SG500 and had the same results: losses and high latency. My SSH sessions with the switches started do drop.

Below is my running-config. The SG300 have no configs. Basically the same. I've double-checked the ports and configs on them too.

SW-CORE#show run
config-file-header
SW-CORE
v1.4.1.3 / R800_NIK_1_4_194_194
CLI v1.0
set system queues-mode 4

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
spanning-tree priority 8192
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname SW-CORE
no passwords complexity enable
username cisco password encrypted 7af78c911d5b48bea1dc2449d9d89513abeb4be5 privilege 15
ip ssh server
ip telnet server
!
interface vlan 1
ip address 192.168.42.1 255.255.254.0
no ip address dhcp
!
interface gigabitethernet1/1/7
channel-group 1 mode on
!
interface gigabitethernet1/1/8
channel-group 1 mode on
!
interface gigabitethernet1/1/9
channel-group 2 mode on
!
interface gigabitethernet1/1/10
channel-group 2 mode on
!
interface gigabitethernet1/1/11
channel-group 3 mode on
!
interface gigabitethernet1/1/12
channel-group 3 mode on
!
interface Port-channel1
description UPLINK_SG300-C
!
interface Port-channel2
description UPLINK_SG300-B
!
interface Port-channel3
description UPLINK_SG300-A
!
exit
ip default-gateway 192.168.42.10

And my CDP info:

SW-CORE#show cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - VoIP Phone
                  M - Remotely-Managed Device, C - CAST Phone Port,
                  W - Two-Port MAC Relay

    Device ID       Local      Adv  Time To Capability   Platform     Port ID
                    Interface  Ver. Live
------------------ ----------- ---- ------- ---------- ------------ -----------
   34628878d043      gi1/1/7    2     139      S I     Cisco           gi26
                                                       SG300-28
                                                       (PID:SRW2024
                                                       -K9)-VSD
   34628878d043      gi1/1/8    2     139      S I     Cisco           gi25
                                                       SG300-28
                                                       (PID:SRW2024
                                                       -K9)-VSD
   34628878c838      gi1/1/9    2     125      S I     Cisco           gi26
                                                       SG300-28
                                                       (PID:SRW2024
                                                       -K9)-VSD
   34628878c838     gi1/1/10    2     125      S I     Cisco           gi25
                                                       SG300-28
                                                       (PID:SRW2024
                                                       -K9)-VSD
   34628878c2ab     gi1/1/11    2     148      S I     Cisco           gi25
                                                       SG300-28
                                                       (PID:SRW2024
                                                       -K9)-VSD
   34628878c2ab     gi1/1/12    2     148      S I     Cisco           gi26
                                                       SG300-28
                                                       (PID:SRW2024
                                                       -K9)-VSD



SW-CORE#show cdp nei det
---------------------------------------------
Device-ID: 34628878d043
Advertisement version: 2
Platform: Cisco SG300-28 (PID:SRW2024-K9)-VSD
Capabilities: Switch IGMP
Interface: gi1/1/7, Port ID (outgoing port): gi26
Holdtime: 136
Version: 1.4.1.3
Duplex: full
Native VLAN: 1
SysName: SG300-C
SysObjectID: 0.0
Addresses:
          IP 192.168.42.13
          IPv6 fe80::3662:88ff:fe78:d043 (link-local)
---------------------------------------------
Device-ID: 34628878d043
Advertisement version: 2
Platform: Cisco SG300-28 (PID:SRW2024-K9)-VSD
Capabilities: Switch IGMP
Interface: gi1/1/8, Port ID (outgoing port): gi25
Holdtime: 135
Version: 1.4.1.3
Duplex: full
Native VLAN: 1
SysName: SG300-C
SysObjectID: 0.0
Addresses:
          IP 192.168.42.13
          IPv6 fe80::3662:88ff:fe78:d043 (link-local)
---------------------------------------------
Device-ID: 34628878c838
Advertisement version: 2
Platform: Cisco SG300-28 (PID:SRW2024-K9)-VSD
Capabilities: Switch IGMP
Interface: gi1/1/9, Port ID (outgoing port): gi26
Holdtime: 121
Version: 1.4.1.3
Duplex: full
Native VLAN: 1
SysName: SG300-B
SysObjectID: 0.0
Addresses:
          IP 192.168.42.12
---------------------------------------------
Device-ID: 34628878c838
Advertisement version: 2
Platform: Cisco SG300-28 (PID:SRW2024-K9)-VSD
Capabilities: Switch IGMP
Interface: gi1/1/10, Port ID (outgoing port): gi25
Holdtime: 180
Version: 1.4.1.3
Duplex: full
Native VLAN: 1
SysName: SG300-B
SysObjectID: 0.0
Addresses:
          IP 192.168.42.12
---------------------------------------------
Device-ID: 34628878c2ab
Advertisement version: 2
Platform: Cisco SG300-28 (PID:SRW2024-K9)-VSD
Capabilities: Switch IGMP
Interface: gi1/1/11, Port ID (outgoing port): gi25
Holdtime: 144
Version: 1.4.1.3
Duplex: full
Native VLAN: 1
SysName: SG300-A
SysObjectID: 0.0
Addresses:
          IP 192.168.42.11
---------------------------------------------
Device-ID: 34628878c2ab
Advertisement version: 2
Platform: Cisco SG300-28 (PID:SRW2024-K9)-VSD
Capabilities: Switch IGMP
Interface: gi1/1/12, Port ID (outgoing port): gi26
Holdtime: 143
Version: 1.4.1.3
Duplex: full
Native VLAN: 1
SysName: SG300-A
SysObjectID: 0.0
Addresses:
          IP 192.168.42.11
---------------------------------------------

So, my questions:

  • Is this a problem with link aggr.?
  • Is there any config on the switch that may perform to help in this case? Something on the ports.. ?
  • Is this a problem with Small Business Switches? Anyone here have good experiences with this switches?
Improve this question
6
  • 2
    I'm not sure if 7af78c911d5b48bea1dc2449d9d89513abeb4be5 has been doctored or not, but password hashes are notorious for being weak. If that is a real production hash, I'd suggest changing it since it's now out in the wild.
    – Ryan Foley
    Commented Dec 29, 2015 at 23:07
  • 1
    Not in production yet, so password is the default.
    – Felipe Oliveira
    Commented Dec 30, 2015 at 10:23
  • Can you please add the output of: 'show interfaces status' 'show etherchannel summary' and 'show spanning-tree'. Thanks!
    – Martin
    Commented Feb 1, 2016 at 15:44
  • 1
    I am curious if you were able to figure out whether this was a LAG issue or not ? I designed a virtual switch stack using a pair of SG500s, stacking cables, and a number of virtualized servers with redundant NIC connections spread equally across the two physical switches using numerous trunked LACP ether channels. And I have had nothing but dynamic intra VLAN packet loss issues across these ether channels
    – radiowhiz
    Commented Mar 22, 2016 at 4:09
  • I didn't find anything. We had to dismantle the LAG because of the urgency of the network project.
    – Felipe Oliveira
    Commented Mar 23, 2016 at 16:05

1 Answer 1

Reset to default
1

You said

The SG300 have no configs

For a port channel to work. you need to have the same port channel configured in the downstream SG300 switches. Also check that you have set at least one side of the channel to active mode, the other can be either passive or active.

http://www.cisco.com/c/en/us/td/docs/optical/cpt/r9_3/command/reference/cpt93_cr/cpt93_cr_chapter_01000.html#wp2979412301

Improve this answer
3
  • 1
    What I mean by 'no configs' is that they are very simple in configuration. Just unboxed them and made the 'channel group 1 mode on'
    – Felipe Oliveira
    Commented Feb 17, 2016 at 14:24
  • 1
    Ok, and is there a specific reason why you're using mode "on"? Between Cisco devices, channel group mode should be set to desirable on both ends, which has the devices negotiate the link properly, mode on just forces them to activate the link, and for it to work you need mode on to be configured at both ends.
    – Stuggi
    Commented Feb 19, 2016 at 15:45
  • 1
    Well the major problem is not in the negotiation time. But after it's stabilished. But no major reason for doing it 'mode on'. Probably because I have access to both, so I won't forget to put the same channel config on the other side (in which case, with mode on, i could have some problems till the link got fully configured both ends)
    – Felipe Oliveira
    Commented Feb 22, 2016 at 23:36

Not the answer you're looking for? Browse other questions tagged or ask your own question.