+ Post New Thread
Results 1 to 11 of 11
Wireless Networks Thread, ACLs slowing traffic. in Technical; I have some simple ACLs that are applied to each Vlan (except default) that allow a Vlan to communicate to ...
  1. #1

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,875
    Thank Post
    127
    Thanked 278 Times in 203 Posts
    Rep Power
    164

    ACLs slowing traffic.

    I have some simple ACLs that are applied to each Vlan (except default) that allow a Vlan to communicate to the other local Vlans. This blocks all other traffic so the only routes from each vlan have to go through the proxy.

    The default gateway of each vlan is the IP (X.X.X.1) which is also allocated to a subnet.

    With the ACLs on, on non-default vlan I get random ping rates when pinging the default gateway on each vlan (DG=IP of vlan manually set on core switch): 1ms,1ms,756ms,1222ms,1ms,380ms

    ACLs off and its fine: 1ms,1ms,1ms etc .... however this, in theory, gets round the proxy.

    Our switch is a 5308xl w/11.09 FW.
    CPU util is under 5%

    Any ideas??

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    What about memory usage?

  3. #3

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,875
    Thank Post
    127
    Thanked 278 Times in 203 Posts
    Rep Power
    164
    Cheers Geoff,

    The Memory is at:

    Total: 17,218,544
    Free: 7,362,704


    Packet Buffers:

    Total: 1152
    Free: 630

  4. #4

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    What network speed is the proxy working at? 100Mbps or 1000Mbps?

  5. #5

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,875
    Thank Post
    127
    Thanked 278 Times in 203 Posts
    Rep Power
    164
    Quote Originally Posted by Michael View Post
    What network speed is the proxy working at? 100Mbps or 1000Mbps?
    Cheers Michael. Its on an auto-1000 port. However I dont have access to the LEA proxy for its connection info at the other end.

    I'm only trying to ping from a Vlaned Ip addres (X.X.16.7) to its DG (X.X.16.1) and this isnt going via the proxy.

  6. #6

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    If it's LA managed, then maybe you should contact them for more information? Something definitely isn't right as ACLs shouldn't create the problems you're describing.

  7. #7

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,875
    Thank Post
    127
    Thanked 278 Times in 203 Posts
    Rep Power
    164
    Quote Originally Posted by Michael View Post
    If it's LA managed, then maybe you should contact them for more information? Something definitely isn't right as ACLs shouldn't create the problems you're describing.
    I just dont see how the internet is relevent. If I disconnect the network cable to the proxy, pinging the Vlan DG from a vlan'd IP is still slow... remove acl and its fine. I'm not going via the net.... it just so happens that the acls are for stopping net access without a proxy address.

  8. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    Are you using the latest firmware for the switch?

  9. #9

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,875
    Thank Post
    127
    Thanked 278 Times in 203 Posts
    Rep Power
    164
    Quote Originally Posted by Geoff View Post
    Are you using the latest firmware for the switch?
    Yeah 11.09

  10. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    The current firmware release is E 11.10. Additionally, there's never been a public release of E 11.09

    Software Summary - HP ProCurve Networking

  11. #11

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,875
    Thank Post
    127
    Thanked 278 Times in 203 Posts
    Rep Power
    164
    Cheers Geoff, I'll update at lunch if poss and let you know.

    Networking install people* gave us 11.09 last week.


    * 10g link to a new server room



    EDIT: 3 updated to 11.10, no change
    Last edited by Theblacksheep; 26th February 2009 at 12:50 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Slowing down....
    By jcollings in forum Wireless Networks
    Replies: 9
    Last Post: 20th August 2008, 02:53 PM
  2. [CLOSED] Bug/Error: Adverts slowing down loading?
    By localzuk in forum EduGeek.net Site Problems
    Replies: 13
    Last Post: 6th April 2008, 10:40 PM
  3. samba, acls, xcopy
    By CyberNerd in forum *nix
    Replies: 1
    Last Post: 30th May 2007, 02:50 PM
  4. Logging IM traffic
    By ITWombat in forum School ICT Policies
    Replies: 1
    Last Post: 17th February 2007, 05:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •