Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Dropped packets with 2821 router with IOS 12.4(10c)

We discover, that one of our 2821 routers sometimes drops packets inside a running conversation. Another problem is, that SYN ACK sometimes leaves our 2821 with wrong TCP/IP sequence numbers

IOS Version is 12.4(10c) basic ip (c2800nm-ipbase-mz.124-10c.bin).

We use policy-based traffic shaping outbound, but the problem also exists inbound.

VRRP is enabled for fail over...

Screenshot 1 shows normal operation in an 3 hop analysis (left and middle is around our cisco).

Screenshot 2 shows wrong sequence numbers

Screenshot 3 shows dropped packets

Maybe only a IOS bug. 10c is very old ...

Here our configuration (without personal infomations like password and external ip adress):

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname ci2821

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 debugging

logging console critical

enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

enable password 7 xxxxxxxxxxxxxxxxxxxx

!

no aaa new-model

clock timezone PCTime 1

clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00

ip tcp synwait-time 10

!

!

no ip cef

!

!

no ip bootp server

ip domain name xxxxxxxxxxxxxxxxx

ip name-server 10.254.2.101

ip name-server xxxxxxxxxxxxxxxxx

!

!

!

class-map match-all nl_h-gk

match access-group 101

class-map match-all nl_dt

match access-group 102

class-map match-all nl_tptest

match access-group 103

class-map match-all nl_ha

match access-group 105

!

!

policy-map shape_h-gk

class nl_h-gk

  shape average 1000000

class nl_dt

  shape average 750000

class nl_ha

  shape average 750000

!

!

!

interface GigabitEthernet0/0

description DMZ NL2

ip address 192.168.3.20 255.255.255.0

duplex auto

speed auto

vrrp 10 ip 192.168.3.1

vrrp 10 priority 110

no mop enabled

!

interface GigabitEthernet0/1

description DMZ NL1$ES_LAN$

ip address 192.168.0.20 255.255.255.0

duplex auto

speed auto

vrrp 11 ip 192.168.0.10

vrrp 11 priority 110

no mop enabled

service-policy output shape_h-gk

!

ip default-gateway 192.168.3.10

ip route 0.0.0.0 0.0.0.0 192.168.3.10

ip route 10.252.0.0 255.255.0.0 192.168.0.60

ip route 10.253.0.0 255.255.0.0 192.168.0.60

ip route 10.253.82.0 255.255.255.0 192.168.0.1

ip route 10.253.100.0 255.255.252.0 192.168.0.12

ip route 10.253.100.8 255.255.255.255 192.168.0.1

ip route 10.253.104.0 255.255.255.0 192.168.0.1

ip route 10.253.109.0 255.255.255.0 192.168.0.1

ip route 10.253.112.0 255.255.255.0 192.168.0.1

ip route 10.253.113.0 255.255.255.0 192.168.0.1

ip route 10.253.115.0 255.255.255.0 192.168.0.1

ip route 10.253.200.0 255.255.255.0 192.168.0.1

ip route 10.253.201.0 255.255.255.0 192.168.0.40

ip route xxxxxxxxxxxxx 255.255.255.128 192.168.0.1

ip route 192.168.120.0 255.255.255.0 192.168.0.1

!

ip http server

!

logging trap debugging

access-list 101 permit tcp host 10.254.2.142 10.253.90.0 0.0.1.255 eq 9100

access-list 102 permit tcp host 10.254.2.142 10.253.122.0 0.0.0.255 eq 9100

access-list 103 permit tcp host 10.254.2.142 192.168.0.0 0.0.0.255 eq 9100

access-list 104 permit tcp host 10.254.2.149 192.168.0.0 0.0.0.255 eq 9100

access-list 105 permit tcp host 10.254.2.142 10.253.30.0 0.0.0.255 eq 9100

no cdp run

!

control-plane

!

alias exec ct conf term

alias exec sr show running-config

alias exec ss show startup-config

alias exec sp show policy-map interface fast 0/1

alias exec wm write memory

alias exec confsave copy running-config tftp://10.254.2.97

alias exec confload copy tftp://10.254.2.97 running-config

!

line con 0

line aux 0

line vty 0 4

password xxxxxxxxxxxxxxxxx

login

!

scheduler allocate 20000 1000

!

end

  • WAN Routing and Switching
Everyone's tags (6)
751
Views
0
Helpful
0
Replies
This widget could not be displayed.