[c-nsp] Cisco interaction with Netscreen 25
Ryan O'Connell
ryan at complicity.co.uk
Mon Oct 3 07:26:15 EDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/10/2005 12:19, Peter Hicks wrote:
| I have a Netscreen 25 which is behaving strangely. Between the
| internal and DMZ ports, throughout is dreadfully slow. Between the
| external and DMZ ports, throughput is wire-speed (100Mb).
|
| Contention is nonexistant, it's not a duplex issue, it's not
| cabling (swapped), not the hardware (swapped with a known-working
| firewall), not the switch (tried another on a different part of the
| network), not the switch port configs (took it back to a basic
| speed/duplex/vlan/spanning-tree portfast config).
|
| I've narrowed the problem down to traffic on a particular VLAN here
| - when the internal port is connected via a switch to my laptop, no
| other kit, throughput is fine.
|
| I suspect the NS25 is interacting badly with broadcast/multicast
| traffic in the network - the DMZ and external ports are in VLANs
| devoid of HSRP/EIGRP etc.
|
| Has anyone seen similar issues with Netscreen and Cisco kit?
What version of ScreenOS are you running? We've seen similar problems
with version 5.2 - version 5.0 is fine however. (We didn't get very
far troubleshooting however, as Juniper/Netscreen support were
spectacularly unhelpful in trying to resolve the issue)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDQRVWoaLhvISWLh0RAjcNAJ9dahS14V0nsj3vAoAFDr52nUQP/gCeOw4h
s08IZxWr+91hZmEj9miTATY=
=vvDL
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list