dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2777
share rss forum feed

bhawkins4194

join:2007-11-07
Fenton, MO

[HELP] Strange interface issues with cisco 2611

I am having a strange issue with my Cisco 2611 series router. I bought this router along with some other Cisco equipment to get CCNA certification. I thought what better way off than learn what I am doing is to put into practice in my apartment so I can see things happen in real time. The router worked all well and good until I ordered a memory upgrade kit off ebay to max it out both in flash and ram. I also upgraded the IOS from 12.2 something to 12.3(17b) which came in my kit. Ever since then the routers Ethernet interfaces are experiencing strange issues like they are unresponsive but there is no crash log in the flash or when you do show ver. If I try to ping from the router depending on what interface is having issues I will usually get a 20% success rate on the ping. A reload will sometimes fix the problem but every once and a while I have to erase the nvram and copy my config back to the router to get the dhcp to pull from my cable modem. It does this every 12-20 hours, before the memory upgrade the router ran for a week without problems. I am hoping someone here has some insight on what could be going on. I can post any outputs that you like. I have about had it with the upgraded memory and flash and I am thinking about putting the old stuff back in, but I would prefer to be able to use the better feature sets when working with it.

Thank you in advance.
Brian

Here is the output from show ver:

HNGATEWAY>show ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.3(17b), RELEASE SOFTWARE (
fc2)
Technical Support: »www.cisco.com/techsupport
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Mon 06-Mar-06 22:03 by dchih
Image text-base: 0x80008098, data-base: 0x81A044E0

ROM: System Bootstrap, Version 12.2(6r), RELEASE SOFTWARE (fc1)
ROM: C2600 Software (C2600-IK9O3S3-M), Version 12.3(17b), RELEASE SOFTWARE (fc2)

HNGATEWAY uptime is 22 minutes
System returned to ROM by reload
System image file is "flash:C2600_IK9O3S3_MZ_123_17B.BIN"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
»www.cisco.com/wwl/export/crypto/···qrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco 2611 (MPC860) processor (revision 0x202) with 61440K/4096K bytes of memory
.
Processor board ID JAB031803Y5 (3007107769)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
2 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
4 Low-speed serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Current running config with passwords removed. I used cisco config maker to make the basic script then I changed and added a few other options.

HNGATEWAY#show run
Building configuration...

Current configuration : 3260 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname HNGATEWAY
!
boot-start-marker
boot-end-marker
!
enable secret 5
!
no aaa new-model
ip subnet-zero
ip cef
!
!
ip name-server 192.168.1.162
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.200 192.168.1.254
!
ip dhcp pool 1
network 192.168.1.0 255.255.255.0
domain-name HAWKNET.LOCAL
default-router 192.168.1.1
dns-server 192.168.1.162 208.67.220.220 208.67.222.222
netbios-name-server 192.168.1.162
!
ip dhcp pool xbox
host 192.168.1.100 255.255.255.0
hardware-address 02c7.f800.0422 ieee802
client-name xbox360
domain-name HAWKNET.LOCAL
default-router 192.168.1.1
dns-server 192.168.1.162 208.67.220.220 208.67.222.222
!
ip dhcp pool hndc02
host 192.168.1.162 255.255.255.0
hardware-address 00a0.cc7b.58f9 ieee802
client-name hndc02
domain-name HAWKNET.LOCAL
default-router 192.168.1.1
dns-server 192.168.1.162 208.67.220.220 208.67.222.222
!
ip dhcp pool hndc021
host 192.168.1.122 255.255.255.0
hardware-address 0010.b57f.eb1e ieee802
client-name hndc01
domain-name HAWKNET.LOCAL
default-router 192.168.1.1
dns-server 192.168.1.162 208.67.220.220 208.67.222.222
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
description connected to Internet
ip address dhcp
ip nat outside
half-duplex
!
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
description connected to HAWKNET.LOCAL Lan
ip address 192.168.1.1 255.255.255.0
ip nat inside
half-duplex
!
interface Serial1/0
no ip address
shutdown
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip nat inside source static tcp 192.168.1.162 80 interface Ethernet0/0 80
ip nat inside source static tcp 192.168.1.162 443 interface Ethernet0/0 443
ip nat inside source static tcp 192.168.1.162 25 interface Ethernet0/0 25
ip nat inside source static tcp 192.168.1.162 5060 interface Ethernet0/0 5060
ip nat inside source static tcp 192.168.1.50 88 interface Ethernet0/0 88
ip nat inside source static tcp 192.168.1.50 3074 interface Ethernet0/0 3074
ip nat inside source static udp 192.168.1.50 3074 interface Ethernet0/0 3074
ip nat inside source static tcp 192.168.1.122 1723 interface Ethernet0/0 1723
ip nat inside source static tcp 192.168.1.162 20481 interface Ethernet0/0 20481
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
snmp-server community RO
snmp-server community RW
snmp-server location Server Rack
snmp-server contact Brian Hawkins,brian@hawknet.local
snmp-server enable traps tty
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
exec-timeout 0 0
password 7
login
line aux 0
line vty 0 4
password 7
login
!
!
end


mash_man2

join:2004-08-16
1602HC

could you post a show ip nat statistics and a show proc cpu | exc 0.00 if this happens ?


bhawkins4194

join:2007-11-07
Fenton, MO

Total active translations: 335 (0 static, 335 dynamic; 335 extended)
Outside interfaces:
Ethernet0/0
Inside interfaces:
Ethernet0/1
Hits: 2067257 Misses: 36405
Expired translations: 36094
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface Ethernet0/0 refcount 292
[Id: 2] access-list 102 interface Ethernet0/0 refcount 34

HNGATEWAY#show proc cpu | exc 0.00
CPU utilization for five seconds: 3%/1%; one minute: 3%; five minutes: 3%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
12 351239 298906 1175 1.43% 0.90% 0.90% 0 ARP Input
45 3149366 1464853 2149 0.47% 0.62% 0.61% 0 IP Input

HNGATEWAY#show ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.3(23), RELEASE SOFTWARE (fc5)
Technical Support: »www.cisco.com/techsupport
Copyright (c) 1986-2007 by cisco Systems, Inc.
Compiled Tue 24-Jul-07 15:44 by stshen
Image text-base: 0x80008098, data-base: 0x81A1C720

ROM: System Bootstrap, Version 12.2(6r), RELEASE SOFTWARE (fc1)

HNGATEWAY uptime is 9 hours, 21 minutes
System returned to ROM by reload
System image file is "flash:c2600-ik9o3s3-mz.123-23.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
»www.cisco.com/wwl/export/crypto/···qrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco 2611 (MPC860) processor (revision 0x202) with 61440K/4096K bytes of memory.
Processor board ID JAB031803Y5 (3007107769)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
2 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
4 Low-speed serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Here is the differences between the running config from above that I have done to get xbox live to work:

ip nat inside source list 1 interface Ethernet0/0 overload
ip nat inside source list 102 interface Ethernet0/0 overload
ip nat inside source static tcp 192.168.1.50 3074 interface Ethernet0/0 3074
ip nat inside source static tcp 192.168.1.162 80 interface Ethernet0/0 80
ip nat inside source static tcp 192.168.1.162 443 interface Ethernet0/0 443
ip nat inside source static tcp 192.168.1.162 25 interface Ethernet0/0 25
ip nat inside source static tcp 192.168.1.162 5060 interface Ethernet0/0 5060
ip nat inside source static tcp 192.168.1.122 1723 interface Ethernet0/0 1723
ip nat inside source static tcp 192.168.1.162 20481 interface Ethernet0/0 20481
ip nat inside source static udp 192.168.1.50 3074 interface Ethernet0/0 3074
ip nat inside source static udp 192.168.1.50 88 interface Ethernet0/0 88
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 102 permit icmp any any
access-list 102 permit ip 192.168.1.0 0.0.0.255 any

HNGATEWAY#show interface ethernet0/0
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 00d0.5860.d4c0 (bia 00d0.5860.d4c0)
Description: connected to Internet
Internet address is Removed
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 254/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 1/75/411/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 5000 bits/sec, 10 packets/sec
5 minute output rate 1000 bits/sec, 2 packets/sec
1473246 packets input, 168180479 bytes, 0 no buffer
Received 411813 broadcasts, 0 runts, 0 giants, 0 throttles
1936 input errors, 0 CRC, 0 frame, 0 overrun, 1936 ignored
0 input packets with dribble condition detected
1116180 packets output, 113394323 bytes, 0 underruns
0 output errors, 2303 collisions, 2 interface resets
0 babbles, 0 late collision, 5397 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

HNGATEWAY#show interface ethernet0/1
Ethernet0/1 is up, line protocol is up
Hardware is AmdP2, address is 00d0.5860.d4c1 (bia 00d0.5860.d4c1)
Description: connected to HAWKNET.LOCAL Lan
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 42000 bits/sec, 73 packets/sec
5 minute output rate 2000 bits/sec, 2 packets/sec
2074009 packets input, 183419148 bytes, 0 no buffer
Received 15051 broadcasts, 0 runts, 0 giants, 0 throttles
45 input errors, 0 CRC, 0 frame, 0 overrun, 45 ignored
0 input packets with dribble condition detected
1026763 packets output, 140231178 bytes, 0 underruns
0 output errors, 205 collisions, 2 interface resets
0 babbles, 0 late collision, 5201 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

Here are the ping results like I was talking about 192.168.1.162 is my domain controllers primary interface card. The second one is 192.168.1.122 but has RRAS on it since it currently does the VPN.

HNGATEWAY#ping 192.168.1.162

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.162, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
HNGATEWAY#ping 192.168.1.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
HNGATEWAY#ping 208.67.222.222

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 208.67.222.222, timeout is 2 seconds:
!.!.!
Success rate is 60 percent (3/5), round-trip min/avg/max = 48/49/52 ms
HNGATEWAY#exit

I did notice that the activity light was flashing really fast as if there was a lot of data transfer. Is it at all possible that I got a bad batch of memory? I still have the old memory that worked so should my next step be to downgrade the ios to a less memory required os and reinstall the old memory, and start up the process of returning it to my ebay seller since I have a 14 day DOA. Unless I have a problem in my config script or in a way that I am doing my NAT.
I did do a IOS update to see if it would fix it as shown in the show ver above but it did not help I also had to do it since I could not get NAT to open up for the xbox, all I was getting was strict nat until the upgrade.
Is there a command to do a memory test on the router the test mem command seems to just test nvram but it also erases it.

Thanks
Brian


bhawkins4194

join:2007-11-07
Fenton, MO
reply to bhawkins4194

One other question is it at all possible that this could be related to one of my roommates seeding/downloading a lot of bit torrent traffic. I just downgraded the flash and ram back to the old stuff and the router started to crash within a few minutes. When I looked at the SNMP logs that my bandwidth monitor checks the upload and download were both showing an excessive upload rate. My next test I guess is to unplug his computer and see if it crashes with the new memory and ios back on. Is there any tweaks either QOS or NAT things I can do to prevent something like this from happening again?



cow116
Cisco Kid
Premium
join:2003-03-10
Indianapolis, IN

You just answered your own question. Bit Torrent is infamous for killing SOHO routers.



BillDMU

@dmu.edu
reply to bhawkins4194

There are tons of tweaks to help solve this issue.

The basic problem with bittorrent and routers (and I don't really consider the 2611 to be a SOHO)is the quantity of connections that it opens in a short period of time and the duration that the router tries to remember those nat port mappings.

You will want to tinker with your nat translation time-out settings, especially for UDP. I think last time I ran into this I set UDP to time out in a minute or two. It will cause more 'misses' which will use CPU, but save your memory.

QoS is also a really good idea to setup, and if you are planning on going on to your CCNP would be a good thing to play with. You may need 12.4 before you can use nbar and packet match filters to reliably catch torrents; however if you limit it to one port number it would be easy to do.



BillDMU

@dmu.edu
reply to bhawkins4194

oh and for e0/0:
2303 collisions
1936 input errors

Do you have a duplexing / cable problem?


bhawkins4194

join:2007-11-07
Fenton, MO

I am running both ports at half duplex according to the running config and the modem says its running at 10 baseT. I have replaced the cable between my modem and router before I believe that the one there is a straight cable, would a crossover be a better choice or should I be looking at a shielded cable?

Here are the statistics from the cable modem:
Status Code: Operational
Software Version: ST52.05.13
Software Model: a806
Bootloader: 2.1.6d

Forward Path:
Signal Acquired at 561.000 MHz
SNR: 38.4 dB
Received Signal Strength: 0.2 dBmV
Bit Error Rate: 0.000 %
Modulation: 256 QAM

Return Path:
Connection: Acquired
Frequency: 37.0 MHz
Power Level: 44.0 dBmV
Channel ID: 4
Modulation: 16 QAM

Thanks again for all of your help, if need be I will contact mediacom about the input errors.

Brian



BillDMU

@dmu.edu

Ok, half duplex makes sense. Shielded cable will not make a difference (your collisions are coming from two devices trying to Tx at the same time). As long as we know why they are there, dont worry about it.

As for your signal, This has been a good reference for me:

-Noise Margin (also signal-to-noise ratio)
When DSL service is provisioned in a DSLAM, the minimum acceptable noise margin is usually specified. CAP DSL service is typically provisioned with a downstream margin of 3 dB and an upstream margin of 6 dB. Research has shown that the optimum margins for DMT service are 6 dB downstream and 6 dB
upstream.

Avoiding configuring a DSL service with more noise margin than appropriate is important because the system will train to an unnecessarily low DSL rate to provide the specified margin. It is also important to avoid specifying an exceptionally low margin, such as 1 dB downstream and 1 dB upstream because a small increase in noise level on the transmission line would probably
result in excessive errors and a subsequent retraining to a lower DSL rate.

Increasing the transmit power levels will also improve the noise margin but at the cost of interfering with other services in the same cable.

Most DSLAMs and CPE report both the provisioned and actual noise margins for each DSL line. If the actual margin is higher than the provisioned margin, the line should provide an acceptable error rate at the present DSL line rate. As the actual margin drops below the provisioned margin, there is a
high probability of an excessive error rate and subsequent retrain to a lower DSL rate.

-Attenuation
Attenuation generally refers to any reduction in the strength of any type of signal, whether digital or analog. More precisely in the case of DSL, attenuation is the normal loss of signal strength over distance. Attenuation specifically is a logarithmic function of the power setting. As power increases, attenuation increases logarithmically. Also called simply loss, attenuation is a natural consequence of signal transmission over long
distances. The extent of attenuation is usually expressed in units called decibels (dB).

-Capacity Used
Percentage of the capacity that is being used.

Now something actually useful. Shocked
Here are ranges for these values that I received from an AT&T provisioning engineer.

For Noise Margin: (the higher this value, the better)
8-13 Average
14-22 Very Good
23-28 Excellent

For Attenuation: (the lower this value, the better)
20-30 Excellent
30-40 Very Good
40-60 Average



BillDMU

@dmu.edu

Ok I realized I posted info for a DSL DSLAM and not a cabel modem CPE connection ... i'll look around



BillDMU

@dmu.edu

On your cable modem manufacturer's page you might find terms such as: downstream SNR (signal to noise ratio), downstream power level, upstream SNR and upstream power level. Here's what all those mean, and a general guideline of what constitutes a problem:

Downstream SNR shows the strength of the signal to your cable modem as compared to the noise on the line (signal/noise). If the noise level increases the SNR value decreases. So, then high levels are good for the SNR. This number should be at 30 or more. If the SNR goes below 30 than you will probably start to experience some problems, such as intermittent connection, packet loss, etc.

Downstream Power shows the power of the signal your cable modem is getting. The level of the downstream power should be -15 to 15 dB according to most manufacturers' specs... However, it is best for that level to be in the -8 to 8 range.

Upstream SNR shows how much signal the head end is getting from your cable modem, compared to the noise level. "Head End" refers to the point of reference that is the central point of the local network of your service provider. Anything above 29 is good. Just like the download SNR if the noise level increases the upstream SNR decreases.

Upstream Power shows the level of the signal from the cable modem to the provider. This number should be lower than 55dB. The lower the number, the better your connection.

All those numbers can aid in determining many potential problems with your cable modem connection...