dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1578
share rss forum feed

Massimo

join:2011-07-06
italy

[HELP] Cisco 877: connection drops when launching Emule

Hello, I have been using a cisco 877 router at home for more than a year and I've always been quite happy with it, but I've stumbled upon a very strange issue after an IOS update.

I was using IOS 15.0(1)M until last week, when I decided to configure the router as a VPN server (both for PPTP and L2TP/IPSEC) in order to be able to connect to my home network from outside; then I realized that IOS has a nasty bug on PPTP VPNs (it just ignores the ppp encrypt mppe auto instruction), so I updated it to the latest 15.1 release I could find, 15.1(3)T1. Everything worked.

Until I launched Emule with some heavy download, and the connection dropped. And didn't come up again, even after a clear interface ATM 0: only rebooting the router solved the problem. Which, upon launching Emule again, again happened.

The problem seems to be related to opening lots of connections at the same time; "simple" heavy load (like downloading a big file at full speed) doesn't do any harm to the line, and configuring Emule to use a smaller number of connections and opening it more slowly seems to mitigate the problem, which anyway keeps happening after a while.

The strangest thing is, this is definitely related to the IOS version. It didn't happen before the upgrade, and I confirmed it stops happening if I reload the previous IOS on the router. Out of curiosity, I also tested some other IOS releases: 15.1(1)T, 15.0(1)M5 and even 12.4(24)T5. It always happens, only 15.0(1)M seems to prevent it... but it also seems to hate VPN encryption. And let's not even start talking about 15.1(4)M: I tried it and I wasn't ever able to succesfully authenticate a VPN connection.

Of course, when tried different IOS releases, the router's configuration always stayed the same. Here is it (stripped of personal details):

no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname Cisco877
!
boot-start-marker
boot system flash c870-advipservicesk9-mz.151-3.T1.bin
boot-end-marker
!
logging buffered 1048576
!
aaa new-model
aaa authentication login default local-case
aaa authentication ppp default local
aaa authorization console
aaa authorization exec default local 
aaa session-id common
!
clock timezone WEST 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 2:00
clock save interval 8
!
dot11 syslog
!
ip source-route
ip cef
ip domain name <ISP DOMAIN NAME>
ip name-server <ISP DNS SERVER>
ip name-server <ISP DNS SERVER>
ip name-server <ISP DNS SERVER>
login on-failure log
login on-success log
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group VPN_CLIENTS
 ! Default L2TP VPDN group
 ! Default PPTP VPDN group
 accept-dialin
  protocol any
  virtual-template 1
 no l2tp tunnel authentication
 l2tp tunnel timeout no-session 15
!
password encryption aes
!
username <USERNAME> privilege 15 password 7 <PASSWORD>
!
ip ssh version 2
!
crypto pki token default removal timeout 0
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key 6 <KEY> address 0.0.0.0 0.0.0.0
crypto ipsec transform-set VPN_TS esp-3des esp-sha-hmac 
 mode transport
crypto dynamic-map VPN_DYN_MAP 1
 set nat demux
 set transform-set VPN_TS 
crypto map VPN_MAP 1 ipsec-isakmp dynamic VPN_DYN_MAP 
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 pvc 8/75 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
 spanning-tree portfast
!
interface FastEthernet1
 spanning-tree portfast
!
interface FastEthernet2
 spanning-tree portfast
!
interface FastEthernet3
 spanning-tree portfast
!
interface Virtual-Template1
 ip unnumbered Vlan1
 ip nat inside
 ip virtual-reassembly in
 peer default ip address pool VPN_POOL
 ppp encrypt mppe auto
 ppp authentication ms-chap-v2 ms-chap chap
!
interface Vlan1
 ip address 192.168.42.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Dialer0
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username <ISP USERNAME> password 7 <ISP PASSWORD>
 crypto map VPN_MAP
!
ip local pool VPN_POOL 192.168.42.240 192.168.42.249
ip forward-protocol nd
ip http server
ip http access-class 2
ip http authentication aaa
no ip http secure-server
!
ip dns server
!
ip nat inside source list 1 interface Dialer0 overload
! These two static NATs are for Emule
ip nat inside source static tcp 192.168.42.42 24242 213.203.153.23 24242 extendable
ip nat inside source static udp 192.168.42.42 24242 213.203.153.23 24242 extendable
ip route 0.0.0.0 0.0.0.0 Dialer0
!
logging esm config
logging trap debugging
access-list 1 permit 192.168.42.0 0.0.0.255
access-list 2 permit 192.168.42.0 0.0.0.255
dialer-list 1 protocol ip permit
!
control-plane
!
line con 0
 exec-timeout 0 0
 no modem enable
line aux 0
line vty 0 4
 access-class 2 in
 exec-timeout 0 0
 transport input ssh
!
scheduler max-task-time 5000
ntp logging
ntp server <PUBLIC NTP SERVER>
 

How can I fix this without reloading the buggy IOS I was using before?

If you need any debug information, feel free to ask and I'll provide it.

This is the current show version:

Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 15.1(3)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Sun 27-Mar-11 12:37 by prod_rel_team
 
ROM: System Bootstrap, Version 12.3(8r)YI6, RELEASE SOFTWARE
 
Cisco877 uptime is 34 minutes
System returned to ROM by reload at 19:55:24 CEST Wed Jul 6 2011
System restarted at 19:56:23 CEST Wed Jul 6 2011
System image file is "flash:c870-advipservicesk9-mz.151-3.T1.bin"
Last reload reason: Reload Command
 
<snip>
 
Cisco 877 (MPC8272) processor (revision 2.0) with 236544K/25600K bytes of memory.
Processor board ID FCZ1124217M
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
128K bytes of non-volatile configuration memory.
53248K bytes of processor board System flash (Intel Strataflash)
 

And this is the current output of show dsl interface ATM 0:

ATM0
Alcatel 20190 chipset information
                ATU-R (DS)                      ATU-C (US)
Modem Status:    Showtime (DMTDSL_SHOWTIME)
DSL Mode:        ITU G.992.1 (G.DMT) Annex A
ITU STD NUM:     0x01                            0x1
Vendor ID:       'STMI'                          'GSPN'
Vendor Specific: 0x0000                          0x0008
Vendor Country:  0x0F                            0xFF
Chip ID:         C196 (0)
DFE BOM:         DFE3.0 Annex A (1)
Capacity Used:   77%                             80%
Noise Margin:    14.5 dB                         14.0 dB
Output Power:    18.5 dBm                        12.0 dBm
Attenuation:     30.5 dB                         16.5 dB
FEC ES Errors:    0                               0
ES Errors:        1                               1
SES Errors:       0                               0
LOSES Errors:     0                               0
UES Errors:       0                               0
Defect Status:   None                            None
Last Fail Code:  None
Watchdog Counter: 0x78
Watchdog Resets: 0
Selftest Result: 0x00
Subfunction:     0x00
Interrupts:      4123 (0 spurious)
PHY Access Err:  0
Activations:     1
LED Status:      ON
LED On Time:     100
LED Off Time:    100
Init FW:         init_AMR-4.0.015_no_bist.bin
Operation FW:    AMR-4.0.015.bin
FW Source:       embedded
FW Version:      4.0.15
 
                 Interleave             Fast    Interleave              Fast
Speed (kbps):          8608                0           640                 0
DS User cells:        24118                0
US User & Idle cells:                               3245456                0
Reed-Solomon EC:         20                0             0                 0
CRC Errors:               1                0             3                 0
Header Errors:            1                0             0                 0
Total BER:                5969E-13               0E-0
Leakage Average BER:      5969E-13               0E-0
                        ATU-R (DS)      ATU-C (US)
Bitswap:               enabled            enabled
 
LOM Monitoring : Disabled
 
DMT Bits Per Bin
000: 0 0 0 0 0 0 2 3 6 7 8 9 9 9 9 A
010: A A A A A A A 9 9 8 8 8 8 0 0 0
020: 0 7 9 9 9 B B C C C C C D D D D
030: D D D D D D C D D D D D D D D D
040: 0 D D D C D C C C C C C C C C C
050: C C C C C C C C C C C C C C C 2
060: C C C C C B C C C C C C B C C C
070: C B B B B B B B B B B B B B B B
080: B B B B B B B B B B B B B B B B
090: B B B B B B B B B B B B B B B B
0A0: B B B B B B B B B A A A A A A A
0B0: A A A A A A A A A A A A A A A A
0C0: A A A A A A A A A A A A A A A A
0D0: A A A A A 9 9 9 9 9 9 9 9 9 9 9
0E0: 9 9 9 9 9 9 9 8 9 9 9 9 9 9 9 9
0F0: 8 8 9 9 8 8 8 9 9 9 8 8 8 8 7 6
 
DSL: Training log buffer capability is not enabled
 

Also, any suggestion at fine-tuning the router would be greatly appreciated; I can currently reach 7M/512K top speed, on a very stable line.

Thanks for any help :)

Bink
Villains... knock off all that evil

join:2006-05-14
Castle Rock, CO
kudos:4
Welcome to IOS—or most software in general. You simply have to use the version of IOS that has the fewest amount of bugs for what you need it for.

Massimo

join:2011-07-06
italy
said by Bink:

Welcome to IOS—or most software in general. You simply have to use the version of IOS that has the fewest amount of bugs for what you need it for.

Guessed it, sadly.

I posted here hoping this is a configuration issue that can be fixed with some tweaking... or at least that someone could suggest me which IOS release to use.

Massimo

join:2011-07-06
italy
I loaded IOS 15.0(1)M4, and the problem went away (and VPNs kept working). Let's hope I got lucky this time.

BTW, I noticed that in recent IOS releases Cisco changed the syntax of the ip virtual reassembly command, which became ip virtual reassembly in (or out); this change, whose meaning I completely ignore, has been backported to all recent IOS releases: 15.0(1)M5, 15.1(3)T1, 15.1(4)M and even 12.4(24)T5. "What's the point?", you may ask. Well, maybe there is a point: it ISN'T present in 15.0(1)M and 15.0(1)M4, WHERE INSTEAD THE PROBLEM DOESN'T HAPPEN.

Does anyone know what recently changed in VRF?