Cisco 800 Router stops responding after internet goes down

Author	All Replies
powerpbx join:2012-01-14	Cisco 800 Router stops responding after internet goes down Hi, This has been a problem since day one. IOS version is 15.0 which came with the router. Ethernet4 interface is configured with a static IP and netmask to our Cable ISP provider. Everything works perfectly until the ISP goes down then comes back. Unfortunately the Cisco router stops working after that. The cable company says they can see the interface is plugged in but they get no response. No traffic in or out. Only thing that corrects it is a router reboot. The connection does not go down very often so it has not been a serious problem. I'd like to get to the bottom of it though and fix it. I configured the router using Cisco Configuration Pro since I don't deal with Cisco routers that often and can't be bothered to learn cisco command line configuration. Here is the running config for Ethernet4 with public static IP replaced with xx. interface FastEthernet4 description $ES_WAN$$ETH-WAN$$FW_OUTSIDE$ ip address xx.xx.xx.xx 255.255.252.0 ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip verify unicast reverse-path ip flow ingress ip nat outside ip inspect CCP_LOW out ip virtual-reassembly duplex auto speed auto !
	to forum · permalink · 2012-01-20 19:20:54 ·
OVERKILL join:2010-04-05 Peterborough, ON Reviews: ·Nexicom	A couple things: 1. Post the entire config please. 2. What kind of bandwidth do you have? I've found the limit in the 861 to be ~38Mbit through NAT with a naked config. Just from what I'm seeing, your config has a lot more going on... 3. Do you have SmartNET? They are DIRT CHEAP for an 800-series router, and would allow you to grab the latest IOS image from Cisco's site which will likely resolve your problem.
	to forum · permalink · 2012-01-20 19:34:48 ·
powerpbx join:2012-01-14	We had smartnet and that was the latest firmware up until the time our smartnet expired last year. I sort of doubt a firmware upgrade will fix this anyways. Here is the entire anonymized (crypt key removed also) config. version 15.0 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname router1 ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 warnings logging console critical enable secret 5 $1$oLZp$L3AFtDgVUQrvbreslvvMPNE0 ! no aaa new-model ! ! ! memory-size iomem 10 clock timezone PCTime -8 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 ! crypto pki trustpoint TP-self-signed-211092880 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-211092880 revocation-check none rsakeypair TP-self-signed-211092880 ! ! crypto pki certificate chain TP-self-signed-211092880 certificate self-signed 01 . . . . F4BE2A31 BB495172 9A6FDB3A 8A10 quit no ip source-route ! ! ip dhcp excluded-address 192.168.10.1 192.168.10.99 ip dhcp excluded-address 192.168.10.201 192.168.10.254 ! ip dhcp pool ccp-pool1 import all network 192.168.10.0 255.255.255.0 dns-server 192.168.10.20 208.67.222.222 default-router 192.168.10.1 netbios-name-server 192.168.10.20 192.168.10.30 lease 5 2 ! ! ip cef no ip bootp server ip domain name somedomain.com ip name-server 192.168.10.20 ip name-server 192.168.10.30 ip name-server 208.67.222.222 ip name-server 208.67.220.220 ip name-server xx.xx.xx.xx ip name-server xx.xx.xx.xx ip inspect name CCP_LOW cuseeme ip inspect name CCP_LOW dns ip inspect name CCP_LOW ftp ip inspect name CCP_LOW h323 ip inspect name CCP_LOW sip ip inspect name CCP_LOW https ip inspect name CCP_LOW icmp ip inspect name CCP_LOW imap ip inspect name CCP_LOW pop3 ip inspect name CCP_LOW netshow ip inspect name CCP_LOW rcmd ip inspect name CCP_LOW realaudio ip inspect name CCP_LOW rtsp ip inspect name CCP_LOW esmtp ip inspect name CCP_LOW sqlnet ip inspect name CCP_LOW streamworks ip inspect name CCP_LOW tftp ip inspect name CCP_LOW tcp ip inspect name CCP_LOW udp ip inspect name CCP_LOW vdolive login block-for 100 attempts 15 within 100 login delay 1 no ipv6 cef ! ! multilink bundle-name authenticated license udi pid CISCO881-SEC-K9 sn xxxxxxxx ! ! username xxxxx privilege 15 secret 5 $1$Ruro$Zd5PdprGKTr5pvTMNzdv6p. ! ! ip tcp synwait-time 10 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! ! ! ! ! ! interface FastEthernet0 ! ! interface FastEthernet1 ! ! interface FastEthernet2 ! ! interface FastEthernet3 ! ! interface FastEthernet4 description $ES_WAN$$ETH-WAN$$FW_OUTSIDE$ ip address 24.67.xx.xx 255.255.252.0 ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip verify unicast reverse-path ip flow ingress ip nat outside ip inspect CCP_LOW out ip virtual-reassembly duplex auto speed auto ! ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.10.1 255.255.255.0 ip access-group 100 in ip flow ingress ip flow egress ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip flow-top-talkers top 20 sort-by bytes ! ip nat inside source list 1 interface FastEthernet4 overload ip nat inside source static tcp 192.168.10.30 1723 interface FastEthernet4 1723 ip nat inside source static tcp 192.168.10.10 6000 interface FastEthernet4 6000 ip nat inside source static udp 192.168.10.10 6000 interface FastEthernet4 6000 ip nat inside source static udp 192.168.10.10 9000 interface FastEthernet4 9000 ip nat inside source static udp 192.168.10.10 9001 interface FastEthernet4 9001 ip nat inside source static tcp 192.168.10.10 30000 interface FastEthernet4 30000 ip nat inside source static tcp 192.168.10.10 30001 interface FastEthernet4 30001 ip nat inside source static tcp 192.168.10.10 5003 interface FastEthernet4 5003 ip nat inside source static udp 192.168.10.10 5003 interface FastEthernet4 5003 ip nat inside source static tcp 192.168.10.10 5090 interface FastEthernet4 5090 ip nat inside source static udp 192.168.10.10 5090 interface FastEthernet4 5090 ip nat inside source static tcp 192.168.10.10 443 interface FastEthernet4 4433 ip nat inside source static tcp 192.168.10.10 6001 interface FastEthernet4 6001 ip nat inside source static udp 192.168.10.10 6001 interface FastEthernet4 6001 ip nat inside source static tcp 192.168.10.10 21 interface FastEthernet4 221 ip nat inside source static tcp 192.168.10.20 443 interface FastEthernet4 443 ip route 0.0.0.0 0.0.0.0 24.67.xx.xx permanent ! ! access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark CCP_ACL Category=2 access-list 1 permit 192.168.10.0 0.0.0.255 access-list 100 remark auto generated by CCP firewall configuration access-list 100 remark CCP_ACL Category=1 access-list 100 deny ip 24.67.xx.xx 0.0.3.255 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by CCP firewall configuration access-list 101 remark CCP_ACL Category=1 access-list 101 permit tcp any host 24.67.xx.xx eq 4433 access-list 101 permit tcp any host 24.67.xx.xx eq 223 access-list 101 permit udp any host 24.67.xx.xx eq 5090 access-list 101 permit tcp any host 24.67.xx.xx eq 5090 access-list 101 permit udp any host 24.67.xx.xx eq 5003 access-list 101 permit tcp any host 24.67.xx.xx eq 5003 access-list 101 permit tcp any host 24.67.xx.xx eq 30001 access-list 101 permit tcp any host 24.67.xx.xx eq 30000 access-list 101 permit udp any host 24.67.xx.xx eq 9001 access-list 101 permit udp any host 24.67.xx.xx eq 9000 access-list 101 permit udp any host 24.67.xx.xx eq 6000 access-list 101 permit tcp any host 24.67.xx.xx eq 6000 access-list 101 permit gre any host 24.67.xx.xx access-list 101 permit tcp any host 24.67.xx.xx eq 1723 access-list 101 permit tcp any host 24.67.xx.xx eq 3389 access-list 101 permit udp host 64.59.xx.xx eq domain host 24.67.xx.xx access-list 101 permit udp host 64.59.xx.xx eq domain host 24.67.xx.xx access-list 101 permit udp host 208.67.220.220 eq domain host 24.67.xx.xx access-list 101 permit udp host 208.67.222.222 eq domain host 24.67.xx.xx access-list 101 deny ip 192.168.10.0 0.0.0.255 any access-list 101 permit icmp any host 24.67.xx.xx echo-reply access-list 101 permit icmp any host 24.67.xx.xx time-exceeded access-list 101 permit icmp any host 24.67.xx.xx unreachable access-list 101 permit tcp any host 24.67.xx.xx eq 443 access-list 101 permit tcp any host 24.67.xx.xx eq www access-list 101 permit tcp any host 24.67.xx.xx eq 22 access-list 101 permit tcp any host 24.67.xx.xx eq cmd access-list 101 permit tcp any host 24.67.xx.xx eq 4443 access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any log no cdp run ! ! ! ! ! control-plane ! ! banner exec ^CC % Password expiration warning. ----------------------------------------------------------------------- Cisco Configuration Professional (Cisco CP) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session. It is strongly suggested that you create a new username with a privilege level of 15 using the following command. username privilege 15 secret 0 Replace and with the username and password you want to use. ----------------------------------------------------------------------- ^C banner login ^CCAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local no modem enable transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end
	to forum · permalink · 2012-01-20 19:54:00 ·

OVERKILL join:2010-04-05 Peterborough, ON	reply to powerpbx You'd be surprised. I had an 867 that would randomly lose the DSL interface after a few weeks. An updated image fixed it. I don't see anything glaringly wrong with your config. Can you do an sh ver?
	to forum · permalink · 2012-01-20 19:58:48 ·
powerpbx join:2012-01-14	router1#sh ver Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.0(1)M4, R ELEASE SOFTWARE (fc1) Technical Support: »www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Fri 29-Oct-10 00:02 by prod_rel_team ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
	to forum · permalink · 2012-01-20 20:14:50 ·
OVERKILL join:2010-04-05 Peterborough, ON	reply to powerpbx Yeah, that's pretty old, I'd recommend trying: c880data-universalk9-mz.151-4.M3.bin If it doesn't fix it, you can open a TAC case with Cisco, since you'd have SmartNET.
	to forum · permalink · 2012-01-20 20:28:49 ·
powerpbx join:2012-01-14	Ok I guess that is what we will do. Thanks for the help.
	to forum · permalink · 2012-01-20 20:32:22 ·
jh2010 join:2009-09-03 Brooklyn, NY	reply to powerpbx 15.2(2)T works well on my 881.
	to forum · permalink · 2012-01-23 17:17:52 ·
Da Geek Kid join:2003-10-11 NexusOne kudos:1	reply to powerpbx ios 15.0 is heavily buggy... the least version for any IOS 15.x should be 15.1
	to forum · permalink · 2012-01-23 20:55:54 ·
OVERKILL join:2010-04-05 Peterborough, ON Reviews: ·Nexicom	said by Da Geek Kid: ios 15.0 is heavily buggy... the least version for any IOS 15.x should be 15.1 Agreed. I think it was nosx who stated that every release has a huge list of bugs. You just choose the one with the least applicable bugs to your application
	to forum · permalink · 2012-01-24 09:43:10 ·
Da Geek Kid join:2003-10-11 NexusOne kudos:1	more and more I begin to think that 15.x is a Windows OS... It's pretty much like a swiss cheese.
	to forum · permalink · 2012-01-24 10:24:48 ·
powerpbx join:2012-01-14	reply to powerpbx I put on c880data-universalk9-mz.151-4.M3.bin last night. I think that fixed my problem. I can unhook the WAN cable for several minutes and it will start working when I put the cable back in now. One question about firmware updates. Do I need to keep the: boot system flash boot system flash c880data-universalk9-mz.151-4.M3.bin Statement in my running config? Some documentation mentioned adding that and some didn't. Only way I could get the router to boot into the new firmware image was to delete the old image so the boot system flash statement didn't seem to make a difference.
	to forum · permalink · 2012-02-02 12:00:41 ·
HELLFIRE join:2009-11-25 kudos:4	Unless you're booting multiple images and/or are security conscious of people fiddling with what IOS boots, then no you don't need it. My humble 00000010bits anyways. Regards
	to forum · permalink · 2012-02-02 22:52:20 ·
ImpetusEra Premium join:2004-05-19 00000	reply to powerpbx We have an 871 that does that. Have to telnet in on the lan side and shut then no shut fa4. May be software or hardware but doesn't matter as they usually only last a year at the location due to heavy lightning. The one before it had no problems but was an older ios.
	to forum · permalink · 2012-02-05 11:29:42 ·

Equipment Support > Hardware By Brand > Cisco > Cisco 800 Router stops responding after internet goes down