cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1160
Views
0
Helpful
14
Replies

internet router CRASHING - 2801

jvalin__s
Level 1
Level 1

hi guys,

we have a problem with the router 2801,

a normal configuration of the pppoe adsl,

ter term length 0

Router#sh run

Building configuration...

Current configuration : 1865 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

! card type command needed for slot/vwic-slot 0/3

!

no aaa new-model

dot11 syslog

!

!

ip cef

!

!

multilink bundle-name authenticated

!

!

voice-card 0

no dspfarm

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

username admin password 0 Admin456

archive

log config

hidekeys

!

!

!

!

!

!

interface GigabitEthernet0/0

description *****Connected to Internet *****

no ip address

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface GigabitEthernet0/1

ip address 192.168.10.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface Dialer1

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer idle-timeout 0

dialer persistent

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname xxxx

ppp chap password xxxx

ppp pap sent-username xxxx password xxxx

ppp ipcp dns request

ppp ipcp wins request

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 192.168.11.0 255.255.255.0 192.168.10.1

ip route 192.168.12.0 255.255.255.0 192.168.10.1

ip route 192.168.13.0 255.255.255.0 192.168.10.1

!

!

no ip http server

no ip http secure-server

ip nat inside source list 100 interface Dialer1 overload

!

access-list 100 permit ip 192.168.0.0 0.0.255.255 any

dialer-list 1 protocol ip permit

!

!

!

control-plane

!

!

!

voice-port 0/2/0

!

voice-port 0/2/1

!

voice-port 0/2/2

!

voice-port 0/2/3

!

!

!

!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

login local

line aux 0

line vty 0 4

login

!

scheduler allocate 20000 1000

!

end

Router#sh flash

-#- --length-- -----date/time------ path

1 44446708 Jun 22 2009 04:38:52 +00:00 c2800nm-spservicesk9-mz.124-15.T9.bin

2 2751 Jun 22 2009 04:48:28 +00:00 sdmconfig-28xx.cfg

3 931840 Jun 22 2009 04:48:42 +00:00 es.tar

4 1505280 Jun 22 2009 04:48:58 +00:00 common.tar

5 1038 Jun 22 2009 04:49:12 +00:00 home.shtml

6 112640 Jun 22 2009 04:49:26 +00:00 home.tar

7 1697952 Jun 22 2009 0

what is happening is whenever the internet is accessed from the 11,12,13 as well as 10.0 vlan the router is crashing..

Kindly please help

14 Replies 14

paolo bevilacqua
Hall of Fame
Hall of Fame

Which exact ios are you using ?

c2801-ipbasek9-mz.124-25b.bin

Try a different release eg 12.4(3h).

Otherwise you've to go to the TAC for the bug to be identified and fixed, can take 6-8 weeks.

yes I have opened a tac case

they have asked..

certain outputs..

what errors I am getting is

"IP NAT AGER" whenever the users access the internt at that time only we get error related to nat memory errors..

and the router gets reloaded.

there might be not enough to hold the nat translations. thats what i think.

As above, you can spend a lot of time doing "show me this and show me that" with the TAC, or switch to an image without the bug and have it working.

Too bad I cannot tell you neither the bug ID neither which version does not have it.

well,

the actual problem what we found was in the lan itself.

We found one PC which was generating lot of traffic to the internet and because of that the processor memory utilization was more.

Thanks for your help. We tested 3 different IOS on 3 different routers actually.

This should fix your problem c2801-ipbasek9-mz.124-25b.bin

Thank you for letting us know.

Routers are not supposed to crash just because a PC sends a lot of traffic, so I still think it is a bug.

but after switching off that pc.

the crashing stopped.

and it was happening on all routers.

2801,2811,2821.

What exactly type of traffic was generated by this host?

well there was nobody surfing from that machine.

What we can see on the router is IP NAT AGER and processor memory utilization errors.

so from this we can conclude that may be something from the host is going to internet. virus?? I am not sure.

A thorough scan is remaining.

For Your own knowledge I suggest to build a simple lab, connect this suspicious host and try to monitor the traffic with for example Wireshark. If this situation repeat You should see in Wireshark what the traffic was transfered during occurance of the router crash.

well even the tac case guys are saying that it could be a worm or virus issue because of which the processor utilization is goin high.

and immediately after removing that host the network became perfectly ok.

sschulak
Level 1
Level 1

Can you post

"show stacks"

"show mem stat his"

just post the last graph in show mem stat his.

Also enable ip route-cache flow on GigabitEthernet0/1

and post a "show ip cache flow | i Null" prior to crash.

also "show ip cache flow" during the cpu spike

Also post "show proc cpu | e 0.00 prior to crash.

thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco