Wan Issues - High CRC, aborts, etc

Unanswered Question
May 28th, 2007
User Badges:

Hello everyone,

We have a monitoring tool here which indicated that one of our routers was experiencing high ping responses.

This router is connected to a router at a seperate office via a T1.

What is the best method of troubelshooting this issue? The ISP has been contacted, the line was brough down and tested and the results we're positive with no issues.

Router 1 = the router which was giving ping issues

Router 2 - router on the other end.

Router 1:

last clearing of counters: 0:28:01

27 input errors

19 crc

1 abort

router 2

last clearing of show interface: 00:29:11

4 input errors

1 crc

3 frame

router 2 had the following issues before the counter was reset:

last clearing of show interface counters 7w2d

14235 input errors

6428 crc

547 aborts

277 interface resets

Does anyone see any issues here? How can you determine what is causing the errors?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
paolo bevilacqua Mon, 05/28/2007 - 06:55
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member


Ask the carrier to execute a BERT test for at least 2hr, and be try to be present to observe the results with your own eyes. That might have not be done and they just executed a "continuity" test.

Then with a succession of loopbacks hopefully they can get to trace the faulty portion. It may even be the local cabling.

danny9797 Mon, 05/28/2007 - 11:10
User Badges:

Thanks, I can try that.

When you refer to the cabling, are you referring to the csu.dsu cabling? Do you think the prelude csu/dsu box can be at fault as well and possibly need a replacement? I don't see any errors on the box itself.

Is there anything which I can do locally to try and test and diagnose...


paolo bevilacqua Mon, 05/28/2007 - 13:53
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member


yes also dsu/csu cabling should be checked and redone as necessary. What you can do to test are various types of loopback, what router interface do you have ?

danny9797 Wed, 05/30/2007 - 05:10
User Badges:


How do I perform the loopback tests?

What do you mean by the type of router interface? Are you referring to the model? It's a cisco 2500.


You have basically two choice to make BER test.

1. Put a hardware loopback on the DTU port.

2. Ask telco to put a software loopback on the DTU

The only question is in which direction do you want to make the testing.

In respect to the interface type it is most probably X.21, V.35 RS-232

You can easily identify it by inspőecting your cable.

If you want to do the loopback test you have to have BER tester to be connected to the DTU. This device is sending bit stream on the transmit and hears on the receive and if the sent and received bits are the same then there are no error. If you haven't this kind of box let's ask the telco to ride to your site and make the test from your end (in this case the loopback should be set on the other end of the circuit).

Hope it clears,


danny9797 Thu, 05/31/2007 - 05:09
User Badges:

Thanks a lot for the response. We're running a V.35 cable here. I may have to contact them back then b/c we don't have the hardware to do the BER testing.

We had the same issue last night. It's usually at a specific time in the morning when no traffic is traversing (or shouldn't be)

I may have to setup a syslog server to determine the packet flow at that time.

Does anyone know if a syslog server can be setup on a windows machine, or does it have to be setup on a linux/unix box? Anyone have any links or instructions on the setup of a syslog server?

Thank again

anandramapathy Thu, 05/31/2007 - 05:18
User Badges:
  • Bronze, 100 points or more

You can setup a syslog on windows. Try this kiwi's sylog daemon. it is free up to 5 clients

I agree with others about the hard loop. Often times, the carrier will loop to the NIU, and depending on your scenario, will leave an extended demarc untested.

Based on what I've read, and since this looks like a p2p, I would suggest looking at the clocking on the controller. You would need to check with the SP, but from my experience clocking isn't provided on a p2p. You'll need one controller set as line/network, and one as internal.

I've seen quite a few crc/frame error problems resolved with clocking.

paolo bevilacqua Thu, 05/31/2007 - 16:55
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

[edited - pls ignore]

danny9797 Fri, 06/01/2007 - 05:32
User Badges:

Thanks a lot everyone, I will look in to the loopbacks.

I setup the syslog server (kiwi). It doesn't log anything though. All it logs are the changes that I did on the router (informational changes). Doesen't log traffic, etc. I witnessed syslogs from a pix firewall to a linux box and it displayed much more. Is it just the application or am I doing something wrong? I setup the kiwi syslog daemon and issued logging The logs went over to the server but only 2 from the changes I did.

Any ideas?


anandramapathy Fri, 06/01/2007 - 05:37
User Badges:
  • Bronze, 100 points or more

have you tried the debug command for the relevent info you need ?

anandramapathy Fri, 06/01/2007 - 06:07
User Badges:
  • Bronze, 100 points or more

If you want to do do logging based on IP connections try NTOP on windows. It will give you lot of packet wise Graphs & reports.

Its free

danny9797 Fri, 06/01/2007 - 09:14
User Badges:

Thanks a lot everyone

I got a bit confused b/c I witnessed Syslog enalbed on a Pix Firewall and it obtained all of the traffic. Maybe it's different for routers...

I can look in to the snmp and NTOP. For snmp, is there any application or programs you recommend to sniff the traffic?

Basically my goal is to monitor what is traversing on the line, what type of traffic is passing through this specific router, etc

Have you already figured out the crc/frame errors?

As others have said, netflow with NTOP works well. Once netflow is enabled, you can also look at the flows in ios. I also like to use the top-talkers to have something quick in ios to look at.

Netflow actually exports each flow to the destination desired. This gets all traffic for all interfaces on which netflow is enabled. Syslog will not give you a view of your traffic like netflow will.


danny9797 Fri, 06/01/2007 - 12:53
User Badges:

Thank you very much, I will look in to that.

I don't believe the full version of NTOP is free though unfortunately, I believe they have a free version with limited features...

We still did not figure out the crc/frame errors. This is why I wanted to setup some logging to see what type of traffic is occuring on the line.

danny9797 Mon, 06/11/2007 - 06:02
User Badges:


I attempted the netflow command "ip route-cache flow" but it's invalid. It also will not take the ip cef command if I try to configure netflow with the other method.

I have three options if I do an ip route-cache ?




This was done on a 2500 series router.

I tried the command on a 2600 router and im having the same issue.

The only difference is that im getting different switches available to me with the ip-route cache ? command



The 2600 is running version 11.3 and the 2500 is running 10.3, if this matters.

Any help would be appreciated

paolo bevilacqua Mon, 06/11/2007 - 07:20
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member


as suggested previously, netflow is not going to help with the errors at layer 1. beside, your router are running tool old software to use it. What you need, is to have telco overhaul the circuit once again, end-to-end.

danny9797 Mon, 06/11/2007 - 08:31
User Badges:

yes yes I understand.

I want to enable netflow for monitoring purposes though. I should have created a new topic..my apologies.


This Discussion