Optimising traffic between vlans

A bit of a Cisco crossover question here, but principally I'm interested in
any advice on optimising Microsoft network traffic in a VLANned/subnetted
environment.

We have a number of VLANs with the interVLAN routing being performed by a
Cisco 3550. Our servers are all Windows 2003 and workstations are XP SP2. I
have my suspicions that all is not well, with many users complaining of slow
logins and other network delays. My monitoring suggests this is not a
bandwidth issue.

There are no ACLs implemented between most of the network segments, but I am
wondering if perhaps certain necessary UDP traffic might not be forwarded
properly (or at all) -- Kerberos, perhaps. I am very interested to hear if
anyone has any tips on optimising the routing of traffic in such an
environment. Should I be adding a swathe of protocols to an "ip
forward-protocol" command on the Cisco switch? For example, for Kerberos
(also, does Kerberos broadcast on udp 88 or is it directed?):

ip forward-protocol udp 88

Coupled with an ip helper-address command to point to the PDC?

Hello Andrew,

Slow logins very often happens when there is a bad DNS configuration. Alos
if the site has a slow link connection this can happen. Because you state
that bandwith isn't a problem i would check the above mentioned settings.
Also with cisco switches and routers make sure that the port speed is equal
on both sites. We have had an issue where a Fibre optic transceiver runs
on 100mbit/full duplex and the switch port was set to autonegotiation, setting
it to full duplex fixed our problems.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> A bit of a Cisco crossover question here, but principally I'm
> interested in any advice on optimising Microsoft network traffic in a
> VLANned/subnetted environment.
>
> We have a number of VLANs with the interVLAN routing being performed
> by a Cisco 3550. Our servers are all Windows 2003 and workstations are
> XP SP2. I have my suspicions that all is not well, with many users
> complaining of slow logins and other network delays. My monitoring
> suggests this is not a bandwidth issue.
>
> There are no ACLs implemented between most of the network segments,
> but I am wondering if perhaps certain necessary UDP traffic might not
> be forwarded properly (or at all) -- Kerberos, perhaps. I am very
> interested to hear if anyone has any tips on optimising the routing of
> traffic in such an environment. Should I be adding a swathe of
> protocols to an "ip forward-protocol" command on the Cisco switch? For
> example, for Kerberos (also, does Kerberos broadcast on udp 88 or is
> it directed?):
>
> ip forward-protocol udp 88
>
> Coupled with an ip helper-address command to point to the PDC?
>

Thanks for that. I have had a look at our DNS and identified a possible
cause, in that our DNS was originally set up as a root DNS. I'm not sure how
it has actually managed to work in the past (or even how it manages to
function now - I assume IE must be handling internet DNS requests). I wonder
now whether during boot up on some PCs, an application may be trying to reach
the internet but cannot resolve the name, and thus is hanging.

I will remove the .(root) section from the Forward Lookup Zones. Hopefully
the effect will be spectacularly positive rather than the other way round!

"Meinolf Weber" wrote:

> Hello Andrew,
>
> Slow logins very often happens when there is a bad DNS configuration.

Hello Andrew,

The root zone is not needed, except you have a root server. For the settings
please post an unedited ipconfig /all from the server and one client.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Thanks for that. I have had a look at our DNS and identified a
> possible cause, in that our DNS was originally set up as a root DNS.
> I'm not sure how it has actually managed to work in the past (or even
> how it manages to function now - I assume IE must be handling internet
> DNS requests). I wonder now whether during boot up on some PCs, an
> application may be trying to reach the internet but cannot resolve the
> name, and thus is hanging.
>
> I will remove the .(root) section from the Forward Lookup Zones.
> Hopefully the effect will be spectacularly positive rather than the
> other way round!
>
> "Meinolf Weber" wrote:
>
>> Hello Andrew,
>>
>> Slow logins very often happens when there is a bad DNS configuration.
>>