internet router CRASHING - 2801

Unanswered Question
Sep 29th, 2009
User Badges:

hi guys,


we have a problem with the router 2801,

a normal configuration of the pppoe adsl,


ter term length 0

Router#sh run

Building configuration...



Current configuration : 1865 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

! card type command needed for slot/vwic-slot 0/3

!

no aaa new-model

dot11 syslog

!

!

ip cef

!

!

multilink bundle-name authenticated

!

!

voice-card 0

no dspfarm

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

username admin password 0 Admin456

archive

log config

hidekeys

!

!

!

!

!

!

interface GigabitEthernet0/0

description *****Connected to Internet *****

no ip address

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface GigabitEthernet0/1

ip address 192.168.10.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface Dialer1

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer idle-timeout 0

dialer persistent

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname xxxx

ppp chap password xxxx

ppp pap sent-username xxxx password xxxx

ppp ipcp dns request

ppp ipcp wins request

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 192.168.11.0 255.255.255.0 192.168.10.1

ip route 192.168.12.0 255.255.255.0 192.168.10.1

ip route 192.168.13.0 255.255.255.0 192.168.10.1

!

!

no ip http server

no ip http secure-server

ip nat inside source list 100 interface Dialer1 overload

!

access-list 100 permit ip 192.168.0.0 0.0.255.255 any

dialer-list 1 protocol ip permit

!

!

!

control-plane

!

!

!

voice-port 0/2/0

!

voice-port 0/2/1

!

voice-port 0/2/2

!

voice-port 0/2/3

!

!

!

!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

login local

line aux 0

line vty 0 4

login

!

scheduler allocate 20000 1000

!

end


Router#sh flash

-#- --length-- -----date/time------ path

1 44446708 Jun 22 2009 04:38:52 +00:00 c2800nm-spservicesk9-mz.124-15.T9.bin

2 2751 Jun 22 2009 04:48:28 +00:00 sdmconfig-28xx.cfg

3 931840 Jun 22 2009 04:48:42 +00:00 es.tar

4 1505280 Jun 22 2009 04:48:58 +00:00 common.tar

5 1038 Jun 22 2009 04:49:12 +00:00 home.shtml

6 112640 Jun 22 2009 04:49:26 +00:00 home.tar

7 1697952 Jun 22 2009 0



what is happening is whenever the internet is accessed from the 11,12,13 as well as 10.0 vlan the router is crashing..


Kindly please help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
paolo bevilacqua Tue, 09/29/2009 - 01:44
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member


Which exact ios are you using ?

paolo bevilacqua Tue, 09/29/2009 - 03:13
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Try a different release eg 12.4(3h).


Otherwise you've to go to the TAC for the bug to be identified and fixed, can take 6-8 weeks.

jvalin__s Tue, 09/29/2009 - 03:51
User Badges:

yes I have opened a tac case

they have asked..

certain outputs..


what errors I am getting is


"IP NAT AGER" whenever the users access the internt at that time only we get error related to nat memory errors..

and the router gets reloaded.


there might be not enough to hold the nat translations. thats what i think.




paolo bevilacqua Tue, 09/29/2009 - 10:35
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

As above, you can spend a lot of time doing "show me this and show me that" with the TAC, or switch to an image without the bug and have it working.


Too bad I cannot tell you neither the bug ID neither which version does not have it.

jvalin__s Tue, 09/29/2009 - 20:39
User Badges:

well,


the actual problem what we found was in the lan itself.

We found one PC which was generating lot of traffic to the internet and because of that the processor memory utilization was more.


Thanks for your help. We tested 3 different IOS on 3 different routers actually.

mathewodongo Tue, 09/29/2009 - 23:03
User Badges:

This should fix your problem c2801-ipbasek9-mz.124-25b.bin

paolo bevilacqua Wed, 09/30/2009 - 03:08
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Thank you for letting us know.


Routers are not supposed to crash just because a PC sends a lot of traffic, so I still think it is a bug.

ismartnets Wed, 09/30/2009 - 22:10
User Badges:

but after switching off that pc.

the crashing stopped.


and it was happening on all routers.

2801,2811,2821.



mastedarq Wed, 09/30/2009 - 23:54
User Badges:

What exactly type of traffic was generated by this host?

jvalin__s Thu, 10/01/2009 - 00:02
User Badges:

well there was nobody surfing from that machine.


What we can see on the router is IP NAT AGER and processor memory utilization errors.


so from this we can conclude that may be something from the host is going to internet. virus?? I am not sure.


A thorough scan is remaining.

mastedarq Thu, 10/01/2009 - 00:20
User Badges:

For Your own knowledge I suggest to build a simple lab, connect this suspicious host and try to monitor the traffic with for example Wireshark. If this situation repeat You should see in Wireshark what the traffic was transfered during occurance of the router crash.

jvalin__s Thu, 10/01/2009 - 01:44
User Badges:

well even the tac case guys are saying that it could be a worm or virus issue because of which the processor utilization is goin high.


and immediately after removing that host the network became perfectly ok.


Can you post

"show stacks"

"show mem stat his"

just post the last graph in show mem stat his.


Also enable ip route-cache flow on GigabitEthernet0/1

and post a "show ip cache flow | i Null" prior to crash.


also "show ip cache flow" during the cpu spike

Also post "show proc cpu | e 0.00 prior to crash.


thanks

Actions

This Discussion