CRC count from a c7200 VPN box to a 2912-xl switch

Unanswered Question
Apr 16th, 2008
User Badges:

So let's see.


I have two VPN routers that are connected to two seperate Switches for failover.


I'm getting CRC erros on the switchport that the router is plugged into (no matter what port I plug it into) I've verified duplex and speed, I've also changed the cable out. Doesn't matter what port I plug the router into the crc's start to count up. No crc's on the routers interface.


Anyone?





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Wed, 04/16/2008 - 10:20
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You've performed all the correct steps and it seems you have a bad switch, it happens ! :)


That switch is quite old as well.


Have you tried connecting another device to this switch and see if you can duplicate the CRC errors ?


Have you tried upgrading the firmware ?



__


Edison.

Brent Rockburn Wed, 04/16/2008 - 10:27
User Badges:

Just updated the switch last night. There are other devices using the switch without any problems at all. Even when the router is in standby mode there are no CRC's on the switchport it's plugged into. It seems that only the VPN traffic causes it. Doesn't make any sense to me, but I thought that maybe because all the switchports are in a vlan it might have something to do with how the Gig interface on the router is configured. Do I need to encasuplate dot1q on that interface going to the switch? Also this happens on both my outside switches, I don't see how both switches can be bad.

Edison Ortiz Wed, 04/16/2008 - 10:39
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You don't need dot1q unless you are planning to carry more than one Vlan on the link.


Make sure to configure the switch as access-vlan and the router as a normal routed port.


Please post the portion or the entire config from both devices, maybe there is something in the configuration that needs correcting.


Thanks


Brent Rockburn Wed, 04/16/2008 - 10:54
User Badges:

This is the config for the gig interface


interface GigabitEthernet0/1

description Outside

ip address XX.XX.XXX.XX XXX.XXX.XXX.XXX

ip virtual-reassembly

ip tcp adjust-mss 1300

duplex full

speed 100

media-type rj45

no negotiation auto

no cdp enable

standby delay minimum 30 reload 60

standby 2 ip XX.XX.XXX.XX

standby 2 timers 1 10

standby 2 preempt

standby 2 name ha-out

standby 2 track GigabitEthernet0/2

crypto map clientmap redundancy ha-out stateful



This is the interface on the switch


interface FastEthernet0/9

description VPN Router .XX

mtu 1500

duplex full

speed 100

switchport access vlan 110

no cdp enable





This is the "show int fast 0/9" on the switch




NMM-2912-1-Outside#sh int fastEthernet 0/9

FastEthernet0/9 is up, line protocol is up

Hardware is Fast Ethernet, address is 0004.4dd0.4889 (bia 0004.4dd0.4889)

Description: VPN Router .13

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive not set

Full-duplex, 100Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 02:45:25, output hang never

Last clearing of "show interface" counters 03:27:21

Queueing strategy: fifo

Output queue 0/40, 0 drops; input queue 0/75, 0 drops

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

4251524 packets input, 2530110338 bytes

Received 2494 broadcasts, 0 runts, 0 giants, 0 throttles

25 input errors, 25 CRC, 0 frame, 27 overrun, 27 ignored

0 watchdog, 2494 multicast

0 input packets with dribble condition detected

4377529 packets output, 1375471044 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out









Edison Ortiz Wed, 04/16/2008 - 11:06
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Change speed/duplex to auto/auto

Clear counters

Let's see if the CRC increases again.



Weird, let me do some digging...



Edison Ortiz Wed, 04/16/2008 - 11:13
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Can you eliminate the MTU statement on the 2900 side? I don't see the purpose of it as the default MTU size is 1500.

Brent Rockburn Wed, 04/16/2008 - 12:14
User Badges:

By the way something I forgot to mention.


We RMA'd the first 2912xl that was doing this. This is the second one CISCO has sent. Same problem.

Edison Ortiz Wed, 04/16/2008 - 12:54
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Then, it seems a compatibility issue between the 29xx and the Giga interface in the 7200


or


the configuration at one of the ports.


Can we eliminate the speed/duplex and mtu as I suggested ?



Actions

This Discussion