Lots of output drops - 3750 Stack

rakemrakem Member Posts: 800
Got a bit of an isssue that i thought i would share....

We have a stack of 4 x 3750G-48PS-S which we use as an access layer switch in our network.

These are new switches, currently only about 10 ports are active as we have not migrated everyone accross yet.

I have noticed that on all active interfaces there are alot of out drops being reccorded. All interfaces have a VoIP phone connected to the PC. QoS is enabled globally but there is no specifc QoS config on each interface.

The switchports are all configured the same, as shown below:



interface GigabitEthernet1/0/1
switchport access vlan 401
switchport mode access
switchport voice vlan 301
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 2
switchport port-security aging type inactivity
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root


These are the only errors showing up, there are no colisions, input or output errors, all interfaces are at 100Mb full duplex.

Also, when i disable QoS globally (no mls qos) the output drops totally stop. Running IOS 122-53.SE1.

Thoughs?
CCIE# 38186
showroute.net

Comments

  • TurgonTurgon Banned Posts: 6,308 ■■■■■■■■■□
    rakem wrote: »
    Got a bit of an isssue that i thought i would share....

    We have a stack of 4 x 3750G-48PS-S which we use as an access layer switch in our network.

    These are new switches, currently only about 10 ports are active as we have not migrated everyone accross yet.

    I have noticed that on all active interfaces there are alot of out drops being reccorded. All interfaces have a VoIP phone connected to the PC. QoS is enabled globally but there is no specifc QoS config on each interface.

    The switchports are all configured the same, as shown below:



    interface GigabitEthernet1/0/1
    switchport access vlan 401
    switchport mode access
    switchport voice vlan 301
    switchport port-security maximum 2
    switchport port-security
    switchport port-security aging time 2
    switchport port-security aging type inactivity
    spanning-tree portfast
    spanning-tree bpduguard enable
    spanning-tree guard root


    These are the only errors showing up, there are no colisions, input or output errors, all interfaces are at 100Mb full duplex.

    Also, when i disable QoS globally (no mls qos) the output drops totally stop. Running IOS 122-53.SE1.

    Thoughs?

    Post some output of the drops. With QoS enabled globally you may want to look at tuning configurations of the QoS hardware queues and the 3750 interfaces with policies.
  • APAAPA Member Posts: 959
    verify the queuing on the interface....

    If I remember correctly 'mls qos' pushes the default DSCP-COS mutation maps to each interfaces and also applies a default queuing\mapping configuration...

    Just out of curiosity why do you have 'spanning-tree guard root' configured on a port connected to a client?

    The client port is already denied the ability to receive BPDU's from attached hosts via 'spanning-tree bpduguard enable'

    'guard root' is typically used to protect your root-bridge from sub-optimal switches in the domain from becoming root bridge, therefore it is only typically configured between switches...(when protecting an upstream switch from a downstream switch... following natural switch hierarchy)

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • APAAPA Member Posts: 959
    you should be able to verify queuing on an interface via 'show queuing interface x/x' or 'show interface x/x queuing'

    Also the 'show qos' and 'show mls qos' commands should have extensions for a per interface view....

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
Sign In or Register to comment.