New fiber connection slow after hooking up switches.

[Dug]

We have Cisco 3500 router, Firebox x750, Cisco catalyst 3560, 3com 4300, 3824, 2924x4

We just switched from t1 to a 20Mb fiber connection with 50Mb burst. Slow internet access from all clients, as in about 3Mb/s

What I've tested:

Using a laptop-
Laptop directly into router- 50Mb down/ 20Mb up
Laptop into firewall into router- 50Mb down/ 20Mb up
Laptop into catalyst 3560 into firewall into router- 20Mb down/ 3Mb up!
Laptop into any of the 3com switches into catalyst 3560- into firewall- into router. 3MB down/ 1Mb up!

I've also thrown in a Dell 5424 switch, and a cheap D-link switch which resulted in same speed as the 3com's.

No special configuration on the switches.

This may seem obvious that the switches are the problem, but I would appreciate some guidance so I'm not running down the wrong path. From everything I can find, it seems that ports may need to be changed from auto to something like 100Mb duplex, but that is only from reading forums.

I just find it strange that all switches (different models) are behaving the same.

Thanks in advance.

 

[spidey07]

If they are connected via copper cable then that could indeed be a duplex mismatch. This happens when one side of the link is set to 100/full and the other side is set to auto. Since the auto side never gets any autonegotiation information it defaults to 100/half. This duplex mismatch will cause incredibly bad performance.

Force both sides of the link or leave both sides auto, never one side auto/other forced.

 

[Dug]

Thank you. The router is set at 100 Full, the firebox was at auto (it can only do 100full), and the switches at auto (they can do 1Gb)
Because the Router is 100 Full, and the firebox will only do 100 Full, should I set the firebox to 100 full instead of auto? Same with the switches?

I know what you are thinking, (just try it and see).
I'm just trying to reduce down time.

 

[spidey07]

If the router is set 100/full, then force whatever port it is plugged into at 100/full.

 

[ViviTheMage]

Yes, set it to manual 100 FULL.

 

[Emulex]

gigabit is auto always auto.

Get a web switch like a procurve 1810g-24 - you can diagnose problems with web interface with counters etc.

but old cisco gear - 100/FULL and make sure the other side is not on auto(force 100/FULL).

What firewall is powering this mad fast new link?

 

[Dug]

Partial success.
Router at 100MB full on both sides, Firewall 100MB full on both sides. All switches set to Auto.
Getting 9.5Mb/s up and down. Much better than before.
Still need to troubleshoot some more to get full speed.

Still getting 50MB when laptop is plugged into router and firewall. Only when switch is in place does it slow down.

 

[Crusty]

You can not have a single link where one side thinks it's on auto and the other is set to something specifically. Either both sides need to be auto, or both sides need to be set to the same exact setting.

From your description it sounds you have the firewall set to 100 FULL and the switch set to auto, that is your problem.

 

[spidey07]

This is where process of elimination doesn't work, especially with networking. You need to understand what is actually going on.

You've got all these switches but I can't gleen how they are connected. You could have a physical layer problem which you're trying to address with the duplex stuff, or just bad cabling. Look at the error counters on each switch port and make sure you aren't creating a loop. There should be ZERO errors on a working 100/full duplex ethernet link. Then you could look at MTU problems, but that's doubtful the issue.

 

[Dug]

You can not have a single link where one side thinks it's on auto and the other is set to something specifically. Either both sides need to be auto, or both sides need to be set to the same exact setting.

From your description it sounds you have the firewall set to 100 FULL and the switch set to auto, that is your problem.

I will have to find a way to set the Cisco 3560 to full. Just received it last week so I'm not sure. I have the 3com software to set every port for those.
But if I do set the 3560 to 100 full, then doesn't that mean I have to keep doing that to every port on every switch? Or just the port from the Cisco to the Firewall.

 

[Dug]

This is where process of elimination doesn't work, especially with networking. You need to understand what is actually going on.

You've got all these switches but I can't gleen how they are connected. You could have a physical layer problem which you're trying to address with the duplex stuff, or just bad cabling. Look at the error counters on each switch port and make sure you aren't creating a loop. There should be ZERO errors on a working 100/full duplex ethernet link. Then you could look at MTU problems, but that's doubtful the issue.

I will look into the cabling and error counters. I have been thrown into this, so I'm trying to play catch up.

The connections are as follows.
Cisco 3500 router- Firebox x firewall- Cisco 3560 switch.
All other 3com switches connect to the 3560.
All clients connect to the 3com switches.
There is another connection from the Cisco 3500 to the 3000vpn and a wireless setup for guests (Outside the firewall and main network).

 

[jlazzaro]

I will have to find a way to set the Cisco 3560 to full. Just received it last week so I'm not sure. I have the 3com software to set every port for those.
But if I do set the 3560 to 100 full, then doesn't that mean I have to keep doing that to every port on every switch? Or just the port from the Cisco to the Firewall.

sw1#config t
sw1(config)#interface fa0/x
sw1(config-if)#speed 100
sw1(config-if)#duplex full

just the port between Cisco and firewall. if every switchport was set to 100full, every client PC would operate at 100half (assuming auto on their side).