Re: Cisco 2950 Issue
- From: Trendkill <jpmason@xxxxxxxxx>
- Date: Wed, 21 May 2008 04:08:39 -0700 (PDT)
On May 21, 4:41 am, Darren Green <darrenfgr...@xxxxxxxxxxxxx> wrote:
On 20 May, 17:33, Trendkill <jpma...@xxxxxxxxx> wrote:
On May 20, 11:49 am, Darren Green <darrenfgr...@xxxxxxxxxxxxx> wrote:
I have a customer who has set up an 2 x ISA servers with load
balancing. The outside ports connect to 2 x D Link switches (un-
managed). The inside connects to a single Cisco 2950 we manage.
DLink1 Dlink2
| |
---------------
| |
ISA1 ISA2
| |
--------------
|
Cisco 2950
The customer has configured an outside and inside virtual Ip address.
Traffic from an outside source can send to the virtual IP ok. When
configuring the virtual Ip address on the inside the ISA's cannot
receive traffic.
The reason I think this is an issue to do with the 2950 is as follows:
A host has to arp for the virtual MAC address for the ISA's virtual IP
address. As the virtual MAC is not known on any port the switch has to
flood traffic out all ports. This can happen a lot apparently so I am
wondering if the cisco switch is throttling the traffic by default due
to lots of unknown unicasts. (seehttp://www.isaserver.org/articles/basicnlbpart2.html)
I can't understand why this would work on the D Links but not the
2950. The 2950 config is very basic, no special features have been
configured.
Anyone know how I can go about proving / ruling out an issue on the
2950 ?
Regards
Darren
Please paste the configs from the 2950s. The 2950 would not
'throttle' traffic due to unicasts, this is standard operation for any
ethernet segment. I would also like to see the router config for this
vlan. I presume the default gateway for the ISA's is external, so how
does the ISA know how to get back to your other vlans, static route?
Is it setup properly? Can you ping the ISA from the router in the
same vlan?- Hide quoted text -
- Show quoted text -
Thanks for the follow up.
I will capture a copy of the config an post later tonight. There are
no additional VLANs set up on the inside LAN (I need this changing)
but for now it's all 1 x flat VLAN. I will call the client and ask
them to test ping connectivity.
AFAIK the customer said that they can ping to internal user addresses
from the ISA NIC IP's. When the customer enters the virtual IP on the
ISA's (like we would say for HSRP) the connections drop.
I suspected it was something to do with the flooding unknown unicasts
following reading the link I attached.
Regards
Darren
In my opinion we have something wrong with configuration. The article
you provided is obviously accurate, but requires nothing on the switch
side to fix. Provided the ISA server is behaving in the way the
article states, there should be no problem. If its not, you may need
to consider the hub option, but I doubt you are hitting issues with
flooding when you only have one vlan worth of nodes behind the ISA
servers. Now if you had a 10,000 hosts accessing the internet through
these things, then it would be a different story on a 2950 switch.
Therefore I go back to thinking we have a config problem on the ISA
servers. I'm no expert on those things, but hopefully we can ask some
questions that lead you to identifying the issue.
.
- Follow-Ups:
- Re: Cisco 2950 Issue
- From: Darren Green
- Re: Cisco 2950 Issue
- References:
- Cisco 2950 Issue
- From: Darren Green
- Re: Cisco 2950 Issue
- From: Trendkill
- Re: Cisco 2950 Issue
- From: Darren Green
- Cisco 2950 Issue
- Prev by Date: Re: IOS downloads
- Next by Date: Re: Logging traffic activity of Cisco router
- Previous by thread: Re: Cisco 2950 Issue
- Next by thread: Re: Cisco 2950 Issue
- Index(es):
Relevant Pages
|
