Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Cisco 1751 PRoblem

Hi,

i have got Cisco 1751 router, its an internet router router, below are the configuration of hte router.

memory-size iomem 25

ip subnet-zero

!

!

!

!

interface Serial0

description connected to Internet

ip address 1.1.1.1 255.255.255.252

no ip directed-broadcast

ip nat outside

!

interface FastEthernet0

description connected to EthernetLAN

ip address 192.168.254.1 255.255.255.0 secondary

ip address 1.2.1.1 255.255.255.192

no ip directed-broadcast

ip nat inside

full-duplex

!

ip nat pool RASROUTER 1.2.1.2 1.2.1.2 netmask 255.255.255.192

ip nat inside source list 1 pool RASROUTER overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0

ip route 192.168.100.192 255.255.255.192 FastEthernet0

no ip http server

!

access-list 1 permit 192.168.254.10

access-list 1 permit 192.168.100.192 0.0.0.63

!

line con 0

transport input none

line aux 0

line vty 0 4

password xxxx

login

!

no scheduler allocate

end

Other Dial-up router 2610 is connected to the switch for dial-up users & authentication.

now this configuration is working fine for the past 4 yerars, now sunddenly, for the past 1 week my internet has become very slow, during the day time the CPU process utilization is reaching 99% & i get a message CPUHUG & the memory allocation failure,after restarting the router i get this err. message once in every 20 mins. i havn't done any changes on the network as well as the router config. almost 300 users are connected to internet via 4 gateway Linux machines.(with diff subnet) in the evening hours the internet usage has come low so the accessing internet is normal. but once in every 30minz or 1hr i get err. message memory allocation failure, tried changing 3 routers (1751) still same problem. when ever i get this err, message i can't telnet the router, if i go to console, there i get a message "low memory" so i need to restart the router. so how do i over come with this problem?

IOS "c1700-y-mz.120-7.T"

any ideas?

4 REPLIES
Bronze

Re: Cisco 1751 PRoblem

Hello,

since the configuration has been working fine over the last 4 years, most likely you are either suffering from activity from within your network, or possibly an attack from the outside. Can you identify which process is causing the high CPU utilization (with the ´show proc cpu´ exec command) ?

One thing you could try is turning on CEF (´ip cef´ globally).

Regards,

Nethelper

Re: Cisco 1751 PRoblem

i seems to see some private IP address on the WAN side, when i spoke to the service provider he says problem would be from my end, but i disconnected the fastethernet cable, traceroute shows towards WAN side. so i thought i will put access-list, but still i get the same, so how do i prevent this? lan users can't able to ping the private IP address residing on WAN, but from router i could able ping the private address which is residng on WAN even after entering the access-list.

Re: Cisco 1751 PRoblem

hi

I feel the IP belong to the NAT pool as well as the internal inside lan block configured under the same interface may have triggered this issue.

I would suggest to seperate both these networks instead of mixing them up under a same interface.

Also i feel you have posted one more query based on the access to the 192.168.100.0 network from your local lan.

You need to block the packets getting natted while your local lan network access 192.168.100.0.

Use the ACL and replace the ACL1 which you have already created and applied.

regds

Re: Cisco 1751 PRoblem

Personally I believe someone on your network has a virus. You may have more than one.

I would look at the switch and see which lights are on solid.

or

You can also go under the Ethernet interface and configure it, enter ip accounting.

This will show where everyone is going. It gets the source and destination for traffic.

At the exec prompt type show IP accounting to get this information. If you have a lot of activity from one user that is the one you start with by pulling their cable.

Then do a clear IP accounting then do a show ip acc again to track down all your culprits.

Repeat until all your offenders have been identified.

Your offenders usually are the ones that fill up the accounting cache with nothing but their IP address.

You want to see lots of different IP's going out.

You do not want to see an IP going out to a series of IP addresses in rotational order either.

conf t

interface FastEthernet0

ip accounting

end

wr mem

sh ip accounting

clear ip accou

Keep, using your process utilization commad too it will drop.

If your NAT translations are high this is also a good sign of a virus.

Rate if this helps.

Mike

168
Views
0
Helpful
4
Replies
CreatePlease to create content