LAN / WAN issues when moving GB's of data via gigabit

[TomT]

Hi.
I'm having an issue when I copy data from a PC to my NAS ay gigabit speeds.
My Router is an Asus RT-68U

ROUTER --> Port 3 --> Printer
    |
    |
    | ---> Port 1 --> NetGear GS108PE Switch
                              |
                    VLAN10    | --> Port 1 --> NAS Synology (1000)
                    VLAN10    | --> Port 2 
                    VLAN1     | --> Port 3 --> PC (1000)
                    VLAN20    | --> Port 4 --> IP Handset (10/100)
                    VLAN20    | --> Port 5 --> IP Server
                    VLAN10    | --> Port 6 --> NAS Zyxel (1000) 
                    VLAN10    | --> Port 7 --> Link to Netgear FS116 --|
                    VLAN1     |---> Port 8 Link to Router              |
                                                                       |--> Ports 1 - 16 10/100 devices

Devices in VLAN10 can talk to each other and the Internet, but not VLAN20
Devices in VLAN20 can talk to each other and the Internet, but not VLAN10
The PC in VLAN1 can talk to anything

The issue is when I copy GB's worth of data from the PC to the Synology NAS I get full gigabit speeds but all devices lose the internet.

I'm assuming this is due to the PC being in VLAN1 the same as the routes default VLAN and the large transfer is killing the router. I get a similar issue if my laptop via Wifi to the router attempts a large backup to the synology NAS.

Any way to over come this ?
I though the GS108PE switch would only route the data from port 3 to port 1, so I'm confused as to how it's affecting the router.

The GS108PE doesn't have any QoS, Rate Limit or Broadcast Filtering configured.

Is there any way to do this ? as I'd like to be able to do large data transfers whilst using the internet.

Thanks

 

[System Error Message]

This is to do with inter vlan routing. PC1 is talking to NAS over the port that links to the router.
Do the vlans terminate at the switch or router?
Is the PC port part of all 3 vlans?

I remember that the netgear prosafe can configure vlans such that a single port can be members of multiple vlans. Perhaps you may want to switch to port based vlan rather than 802.1q vlans but you may lose 802.1q QoS configurability on the switch too.

 

[TomT]

Hi
Thanks for the reply.

The PC port 3 is a member of all 3 VLANS.

VLAN-ID Port Members
1         1 2 3 4 5 6 7 8
10        1 2 3       7 8
20            3 4 5     8

I'm not to bothered about losing the QoS, if I switch to port based will it work ?

Regards

 

[abailey]

With a small network like yours I am wondering why you have multiple VLANs set up? Especially since it appears (maybe I am wrong) that all the VLANs are on the same subnet? Unless there is a compelling reason for multiple VLANs I think this is a case where multiple VLANs are going to cause more problems than they solve.

 

[TomT]

Hi

You are correct that it is a small LAN. The VLANS are used to stop devices on one VLAN sending multicast to the other etc.
And to stop colleagues who connect to one VLAN having access to the devices in the other.

It feels like its down to the router, causing the slow down.
Any ideas ?

Thanks

 

[abailey]

It appears you are not terminating your VLANs anywhere, rather, you are using them like a port based VLAN. If I were you I would save the config off and then set up the switch with port based VLANs and see if that fixes the problem. On the surface I don't see a problem with your setup but then again I have never used 802.1q VLANs without a router to route (or block) between VLANs. Also I have never used multiple 802.1q VLANs with a single subnet.

 

[System Error Message]

if you're trying to prevent broadcast and multicast flood using vlans dont bother. The netgear prosafe has a multicast/broadcast rate limiting. If the switch is flooded with those packets it will heat up instead of the ports being full and vlans wont stop it.

What seems to be happening is that inter vlan traffic seems to be going through 1 port only which so happens to relate to the router or that your switch isnt wirespeed. Remember your router has a switch on it too so perhaps it may be forwarding or routing vlans.

 

[TomT]

I plan to make some changes to the network tomorrow to see if they will help.

I'll post an update once I'm done.

 

[TomT]

OK, This is what I've tried.
Change the default VLAN on the Switch to be 5, not 1 incase that was causing an issue. It made no difference. As soon as I started copying data to the NAS my laptop connecting via WiFi to the router lost the internet.

Changed to port based VLANS:

VLAN-ID Port Members
1         1 2 3 4 5 6 7 8
2         1 2 3       7 8
3             3 4 5     8

Once this was setup I logged on to a device in VLAN 3 and could ping anything on the network. Same if I logged into a device on VLAN 2 I could ping anything including VLAN3.

Any way I can do this ?

Thanks

 

[TomT]

Anyone got any ideas about this?
I'd like to try and get it working.

Thanks

 

[abailey]

Port Based VLANs are a little different. For your case you only need two.
One VLAN should have ports: 3,8,4,5
The second VLAN should have 3,8,1,2,7
I am not sure where you want port 6, it looks like in your original post that it is in the same VLAN as 1,2 and 7. If so put it in the second VLAN also.
Port based VLANs do not have a PVID so when you set up a port based VLAN that included all the ports, then they can all communicate with each other.

 

[abailey]

After rereading your original post I see your problem with the 802.1q VLANs. If your switch allows a port to be an untagged member of multiple VLANs then we should be able to get everything working with 802.1q VLANs if you want.

 

[TomT]

Hi.
The switch does allow a port to be an untagged member of multiple VLANs.

I'll post some screenshots of the current setup. That may help.

Thanks

 

[TomT]

Hi.

This is how I currently have the VLANs configured.

This is whats connected to each port:

ROUTER --> Port 3 --> Printer
    |
    |
    | ---> Port 1 --> NetGear GS108PE Switch
                              |
                    VLAN10    | --> Port 1 --> NAS Synology (1000)
                    VLAN10    | --> Port 2
                    VLAN1     | --> Port 3 --> PC (1000)
                    VLAN20    | --> Port 4 --> IP Handset (10/100)
                    VLAN20    | --> Port 5 --> IP Server
                    VLAN10    | --> Port 6 --> NAS Zyxel (1000)
                    VLAN10    | --> Port 7 --> Link to Netgear FS116 --|
                    VLAN1     |---> Port 8 Link to Router              |
                                                                       |--> Ports 1 - 16 10/100 devices

I'm open to all suggestions

Thanks

 

[abailey]

Well I thought I could help you with your 802.1q settings as I thought you had your PVID settings incorrect. Now that you have posted your settings including the PVID they look correct to me. Thinking it through logically I believe what is happening is what System Error Message talks about. I believe any inter VLAN routing is having to go all the way to the router and back to the switch. Still not sure why that would completely cut out your internet but it does. If I were you I would try port based VLANs again, based on my earlier post (post #11). Since port based VLANs don't use PVID's I believe all the inter VLAN traffic will stay local to the switch.

 

[TomT]

Thanks for the reply. Glad the setup looks OK.

I've created the following port based VLAN's:

VLAN ID    Port Members
1        3 4 5     8
2    1 2 3       7 8
3              6   8

And it does seem to be working. Devices are restricted to the correct VLAN's.
I've just copied a 22GB Backup from my PC to the NAS @ 95 MB/s without issue to any other device..

I'll see how this goes, but so far so good

 

[TomT]

Still seems to be working well.

 

[sfx2000]

And it does seem to be working. Devices are restricted to the correct VLAN's.

Are you sure? Port 3 is shared...

You might have an implicit route sneaking up behind you - depends on the switch vendor... I only bring this up as this is a possible security issue if you're trying to keep the VLAN's separate - and while Cisco does not allow implied routes, other vendors do...

 

[TomT]

Are you sure? Port 3 is shared...

You might have an implicit route sneaking up behind you - depends on the switch vendor... I only bring this up as this is a possible security issue if you're trying to keep the VLAN's separate - and while Cisco does not allow implied routes, other vendors do...

Hi
From port 3 I can access devices in 4,5 & 1,2,7

But when connected the device on port 4 I can't access the device in port 2.

Anyway I call tell if there's any implicit routes ?

Thanks

 

[System Error Message]

Hi
From port 3 I can access devices in 4,5 & 1,2,7

But when connected the device on port 4 I can't access the device in port 2.

Anyway I call tell if there's any implicit routes ?

Thanks

port 3 is part of both vlans so it can communicate with all the ports. Port 4 is only part of 1 vlan so it can only communicate with ports in that vlan, port 2 is in another vlan. VLAN is not routing, it is saying that you have x amounts of LAN each with an ID. A device part of a LAN with x ID can only communicate with other devices on it. This is why the internet is not layer 2, the switching memory would need to be massive to support all the hardware addresses on which ports. By keeping layer 2 to LAN switches only need to know mac address on its own network.

If you want any sort of routing and such do that with the router. layer 3 segmentation just means you need routes for layer 3 communication but if you used the same segment with port based vlan (giving the router all vlans on the port) than the devices can communicate with each other via IP and not layer 2 protocols. If you wish to use layer3 segmentation the router and switch must use active vlans with each other and not passive so you can tell the router what vlan interface is part of what layer 3 network.

In your case you may need internal routing if you cant just ping the ip.