02-05-2006 07:48 AM - edited 03-03-2019 01:42 AM
Hi,
i have got Cisco 1751 router, its an internet router router, below are the configuration of hte router.
memory-size iomem 25
ip subnet-zero
!
!
!
!
interface Serial0
description connected to Internet
ip address 1.1.1.1 255.255.255.252
no ip directed-broadcast
ip nat outside
!
interface FastEthernet0
description connected to EthernetLAN
ip address 192.168.254.1 255.255.255.0 secondary
ip address 1.2.1.1 255.255.255.192
no ip directed-broadcast
ip nat inside
full-duplex
!
ip nat pool RASROUTER 1.2.1.2 1.2.1.2 netmask 255.255.255.192
ip nat inside source list 1 pool RASROUTER overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 192.168.100.192 255.255.255.192 FastEthernet0
no ip http server
!
access-list 1 permit 192.168.254.10
access-list 1 permit 192.168.100.192 0.0.0.63
!
line con 0
transport input none
line aux 0
line vty 0 4
password xxxx
login
!
no scheduler allocate
end
Other Dial-up router 2610 is connected to the switch for dial-up users & authentication.
now this configuration is working fine for the past 4 yerars, now sunddenly, for the past 1 week my internet has become very slow, during the day time the CPU process utilization is reaching 99% & i get a message CPUHUG & the memory allocation failure,after restarting the router i get this err. message once in every 20 mins. i havn't done any changes on the network as well as the router config. almost 300 users are connected to internet via 4 gateway Linux machines.(with diff subnet) in the evening hours the internet usage has come low so the accessing internet is normal. but once in every 30minz or 1hr i get err. message memory allocation failure, tried changing 3 routers (1751) still same problem. when ever i get this err, message i can't telnet the router, if i go to console, there i get a message "low memory" so i need to restart the router. so how do i over come with this problem?
IOS "c1700-y-mz.120-7.T"
any ideas?
02-05-2006 08:56 AM
Hello,
since the configuration has been working fine over the last 4 years, most likely you are either suffering from activity from within your network, or possibly an attack from the outside. Can you identify which process is causing the high CPU utilization (with the ´show proc cpu´ exec command) ?
One thing you could try is turning on CEF (´ip cef´ globally).
Regards,
Nethelper
02-05-2006 09:20 AM
i seems to see some private IP address on the WAN side, when i spoke to the service provider he says problem would be from my end, but i disconnected the fastethernet cable, traceroute shows towards WAN side. so i thought i will put access-list, but still i get the same, so how do i prevent this? lan users can't able to ping the private IP address residing on WAN, but from router i could able ping the private address which is residng on WAN even after entering the access-list.
02-06-2006 12:30 AM
hi
I feel the IP belong to the NAT pool as well as the internal inside lan block configured under the same interface may have triggered this issue.
I would suggest to seperate both these networks instead of mixing them up under a same interface.
Also i feel you have posted one more query based on the access to the 192.168.100.0 network from your local lan.
You need to block the packets getting natted while your local lan network access 192.168.100.0.
Use the ACL and replace the ACL1 which you have already created and applied.
regds
02-06-2006 03:05 PM
Personally I believe someone on your network has a virus. You may have more than one.
I would look at the switch and see which lights are on solid.
or
You can also go under the Ethernet interface and configure it, enter ip accounting.
This will show where everyone is going. It gets the source and destination for traffic.
At the exec prompt type show IP accounting to get this information. If you have a lot of activity from one user that is the one you start with by pulling their cable.
Then do a clear IP accounting then do a show ip acc again to track down all your culprits.
Repeat until all your offenders have been identified.
Your offenders usually are the ones that fill up the accounting cache with nothing but their IP address.
You want to see lots of different IP's going out.
You do not want to see an IP going out to a series of IP addresses in rotational order either.
conf t
interface FastEthernet0
ip accounting
end
wr mem
sh ip accounting
clear ip accou
Keep, using your process utilization commad too it will drop.
If your NAT translations are high this is also a good sign of a virus.
Rate if this helps.
Mike
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: