03-08-2024 06:25 AM
Hi
Ive noticed this pattern every morning I wake up and the wifi (main station plugged into sg350xg) and the 2 extenders in the house are red. I can talk to things locally but not Internet. I unplug power (only) from wifi and plug back in, still red. I unplug WAN link (from ISR to dsl modem) and plug back in, wifi turns green, but still no internet.
Finally I power cycle the ISR and everything works.
I am assuming it is dropping connection WAN side?
Not sure how to troubleshoot. When I am home and on the net all day, it is good, it only drops when unused.
Is this a STP thing or any suggestions? It’s just hard to test due to the time limits in the morning
Solved! Go to Solution.
03-08-2024 01:44 PM
Hello @TheGoob ,
looking at your config, I would do the following changes:
1. cleanup the two L3 interfaces, Gi0/0/0 and Gi0/0/1, spanning tree commands not applicable
interface GigabitEthernet0/0/0
no spanning-tree portfast
interface GigabitEthernet0/0/1
no spanning-tree portfast
2. interface Gi0/1/7 which I believe connects to the SG350 switch should run STP
interface GigabitEthernet0/1/7
no spanning-tree portfast
3. delete the ppp mtu adaptive on the Dialer1 interface
interface Dialer1
no ppp mtu adaptive
This is only some housekeeping - it's better to have your config clean and simple.
When you say "wifi (main station plugged into sg350xg) and the 2 extenders in the house are red" this probably means that the wifi devices are probing for Internet connectivity and don't have it - correct?
Also when in this situation, can you associate to the WiFi network, get an IP and access host on the local LAN - I recall from a different thread being the 192.168.5.0/24 subnet - correct?
There are a number of workarounds to prevent your network or more specifically your ISR getting in this state where for some reason your devices cannot access the Internet - like @Georg Pauwen suggested to start a ping -t from an always on host on your network or you can configure a IP SLA probe on the ISR basically do the same thing. I would keep this workaround on hold for the moment in order to be able to collect some info that could help us to determine the cause of the problem.
Next time you wake up in the morning and your WiFi is red, please configure your terminal to log to a file and issue the following commands:
terminal length 0
show ip interface brief
show interface Dialer1
show ip route
show ip nat translations
show ip nat statistics
show ip nat pool 182
sho ip nat limits all-host
show logging
You can paste all commands in your terminal and attach the log file to your reply to review it.
03-08-2024 11:42 PM
Hello,
try and set the maximum value to something like:
ip nat translation max-entries 200000
and check if the errors disappear.
03-09-2024 12:48 AM
In addition to @Georg Pauwen suggestion, I would change the translation timers as well:
ip nat translation tcp-timeout 600
ip nat translation udp-timeout 300
ip nat translation icmp-timeout 30
ip nat translation dns-timeout 10
ip nat translation syn-timeout 5
03-08-2024 06:48 AM
Hello,
post the full running config of your ISR, maybe we can spot something. For testing purposes, start a permanent ping (ping -t) from one of your connected devices to 8.8.8.8, and check if the connection stays up. v
03-08-2024 06:49 AM
Morning
Current configuration : 10113 bytes
!
! Last configuration change at 14:16:49 UTC Fri Mar 8 2024
!
version 17.9
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 50000
!
hostname HoM
!
boot-start-marker
boot system flash:c1100-universalk9.17.09.04a.SPA.bin
boot-end-marker
!
!
no aaa new-model
!
!
!
!
!
!
!
ip name-server 205.171.3.65 205.171.2.65
no ip domain lookup
!
!
!
no ip igmp snooping
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
vtp domain ''
vtp mode transparent
vtp version 1
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-4284067838
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4284067838
revocation-check none
rsakeypair TP-self-signed-4284067838
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-4284067838
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323834 30363738 3338301E 170D3234 30323037 30303033
34305A17 0D333430 32303630 30303334 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32383430
36373833 38308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100CF63 E76384AF 6078E295 B087349B E465A89A B84A8E90 D13E52C5
CB28BEF5 39387B19 1036EE98 89053B3D D42D6EB3 C5F305ED 9B2FD78A C699EA02
3FE0C2F1 23F4A538 6278551D 3717D703 13024BB1 3D9BD85F 18310A3C 83F38191
EA11D0D6 E35C16E7 F21E507D 2A94276A 8310E595 C88EB804 05166E4A 251A654B
82A77BF3 D6AE009A 57B0783A 90D525D3 F6DA5080 7A05528B 1C4455C3 EFFFFBBD
55859475 D26FCD7C 04F305EB 19733ED2 3FABFF22 5549BD82 2FFF0C8E BD81F2F8
13615860 BB6EB874 FBBBD392 C0F3EAB8 8CF66214 34354F70 69A52D4F 922DE35E
8964E54D C946A7E6 142E9C41 0458E6C3 FD6A8FCA A0EBE66B 87FFD40F 06DA3EC0
CC4B739F BC410203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14D5EFD5 A40B0A02 5F830483 14D21A7C A9759BDD
04301D06 03551D0E 04160414 D5EFD5A4 0B0A025F 83048314 D21A7CA9 759BDD04
300D0609 2A864886 F70D0101 05050003 82010100 036BBEA4 BDEDE57A 0FD35041
B30A2394 B79A8A01 2C87EBD4 D9A80DB7 E571FDD7 4275FDA1 55278B72 EF3236AC
2FC6CDB5 22E67299 6079B347 E8E8F454 48AC7032 312AAC4E 02D415DC DB4D5D91
C5490AE2 F653B0C4 A32E6369 734DBF79 98263F72 5B5F534E 06AB0049 FAC1D563
763CB160 74093ACF 549423BB 0F5B5A6B 2B3C0802 E7C83861 ACE6E040 24A3D259
55BCA7EC F446157C 6A6B270C EB91874B 41A4A2E9 F5C9A5AF 39E34112 EEBFB1C7
BE0A215B 4586E7ED 20496190 A93FE5E1 63EFA300 B74DED30 E159573C B429A790
9A2E9F1C E1A2A852 C9DC74C6 935D878A 7785C339 EEA6D219 172B13EE DB79986E
C98E60B6 7899E8BA 3191ABE3 ED52432E 264B0F12
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
!
no license feature hseck9
license udi pid C1111-8PLTEEAWB sn FGL223493AJ
license smart url https://smartreceiver.cisco.com/licservice/license
license smart url smart https://smartreceiver.cisco.com/licservice/license
license smart transport smart
license smart usage interval 365
memory free low-watermark processor 71826
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
!
!
controller Cellular 0/2/0
!
!
vlan internal allocation policy ascending
!
vlan 8-9
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description WAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1460
ip tcp adjust-mss 1412
negotiation auto
no cdp enable
pppoe enable group global
pppoe-client dial-pool-number 1
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
description Management
ip address 192.168.8.1 255.255.255.0
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/1/0
switchport mode access
shutdown
spanning-tree portfast
!
interface GigabitEthernet0/1/1
shutdown
!
interface GigabitEthernet0/1/2
shutdown
!
interface GigabitEthernet0/1/3
switchport mode access
shutdown
!
interface GigabitEthernet0/1/4
switchport mode access
shutdown
!
interface GigabitEthernet0/1/5
description Link_to_FPR-WAN
switchport access vlan 8
switchport mode access
!
interface GigabitEthernet0/1/6
shutdown
!
interface GigabitEthernet0/1/7
description management
switchport access vlan 9
switchport mode access
spanning-tree portfast
!
interface Wlan-GigabitEthernet0/1/8
!
interface Cellular0/2/0
no ip address
shutdown
!
interface Cellular0/2/1
no ip address
shutdown
!
interface Vlan1
description ISR default LAN
ip address 192.168.10.2 255.255.255.0
ip nat inside
no ip virtual-reassembly
!
interface Vlan8
description Link _To_FPR
ip address 172.16.1.1 255.255.255.0
ip nat inside
!
interface Vlan9
description management
ip address 10.0.0.1 255.255.255.0
!
interface Dialer1
mtu 1492
ip address negotiated
no ip redirects
ip mtu 1460
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1412
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp mtu adaptive
ppp authentication chap pap callin
ppp chap hostname malleomatthew
ppp chap password 0 JimRulz
ppp pap sent-username malleomatthew password 0 JimRulz
ppp ipcp dns request
ppp ipcp route default
!
ip http server
ip http authentication local
ip http secure-server
ip http secure-trustpoint TP-self-signed-4284067838
ip forward-protocol nd
ip nat pool 177 207.108.121.177 207.108.121.177 prefix-length 30
ip nat pool 178 207.108.121.178 207.108.121.178 prefix-length 30
ip nat pool 179 207.108.121.179 207.108.121.179 prefix-length 30
ip nat pool 182 207.108.121.182 207.108.121.182 prefix-length 30
ip nat pool 181 207.108.121.181 207.108.121.181 prefix-length 30
ip nat pool 180 207.108.121.180 207.108.121.180 prefix-length 30
ip nat inside source static tcp 192.168.1.180 25 207.108.121.180 25 extendable
ip nat inside source static tcp 192.168.1.180 993 207.108.121.180 993 extendable
ip nat inside source static tcp 192.168.2.181 80 207.108.121.181 80 extendable
ip nat inside source static tcp 192.168.2.181 443 207.108.121.181 443 extendable
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source list 4 pool 179 overload
ip nat inside source list 5 pool 178 overload
ip nat inside source list 6 pool 182 overload
ip nat inside source list 7 pool 177 overload
ip nat inside source list 8 pool 181 overload
ip nat inside source list 9 pool 180 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.0.0.0 255.255.255.0 172.16.1.2
ip route 192.168.1.0 255.255.255.0 172.16.1.2
ip route 192.168.2.0 255.255.255.0 172.16.1.2
ip route 192.168.3.0 255.255.255.0 172.16.1.2
ip route 192.168.4.0 255.255.255.0 172.16.1.2
ip route 192.168.5.0 255.255.255.0 172.16.1.2
ip route 192.168.6.0 255.255.255.0 172.16.1.2
!
!
!
ip access-list standard 1
10 permit 192.168.8.0 0.0.0.255
ip access-list standard 4
10 permit 192.168.3.0 0.0.0.255
ip access-list standard 5
10 permit 192.168.4.0 0.0.0.255
ip access-list standard 6
10 permit 192.168.5.0 0.0.0.255
ip access-list standard 7
10 permit 192.168.6.0 0.0.0.255
ip access-list standard 8
10 permit 192.168.2.0 0.0.0.255
ip access-list standard 9
10 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
snmp-server community public RO
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
password jarjarbinks98
login
length 0
transport input ssh
line vty 5 30
login
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
!
!
!
netconf-yang
end
03-08-2024 01:44 PM
Hello @TheGoob ,
looking at your config, I would do the following changes:
1. cleanup the two L3 interfaces, Gi0/0/0 and Gi0/0/1, spanning tree commands not applicable
interface GigabitEthernet0/0/0
no spanning-tree portfast
interface GigabitEthernet0/0/1
no spanning-tree portfast
2. interface Gi0/1/7 which I believe connects to the SG350 switch should run STP
interface GigabitEthernet0/1/7
no spanning-tree portfast
3. delete the ppp mtu adaptive on the Dialer1 interface
interface Dialer1
no ppp mtu adaptive
This is only some housekeeping - it's better to have your config clean and simple.
When you say "wifi (main station plugged into sg350xg) and the 2 extenders in the house are red" this probably means that the wifi devices are probing for Internet connectivity and don't have it - correct?
Also when in this situation, can you associate to the WiFi network, get an IP and access host on the local LAN - I recall from a different thread being the 192.168.5.0/24 subnet - correct?
There are a number of workarounds to prevent your network or more specifically your ISR getting in this state where for some reason your devices cannot access the Internet - like @Georg Pauwen suggested to start a ping -t from an always on host on your network or you can configure a IP SLA probe on the ISR basically do the same thing. I would keep this workaround on hold for the moment in order to be able to collect some info that could help us to determine the cause of the problem.
Next time you wake up in the morning and your WiFi is red, please configure your terminal to log to a file and issue the following commands:
terminal length 0
show ip interface brief
show interface Dialer1
show ip route
show ip nat translations
show ip nat statistics
show ip nat pool 182
sho ip nat limits all-host
show logging
You can paste all commands in your terminal and attach the log file to your reply to review it.
03-08-2024 02:01 PM - edited 03-08-2024 02:04 PM
Hey there when I get home I’ll look into all that as well as housecleaning. Correct. The main with plugs into the SG and is programmed as an access-point, not router, and the 2 extensions are for the mesh system. All residing on the 192.168.5.0. Yeah, the red is when it does from internet. But I still have LAN access.
I will check the other stuff and report.
Also, 1/7 connects to FPR 1/1 and the FPR 1/8 connects to SG.
03-08-2024 06:51 AM
Geeze already the PING responses are nasty
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=69.0 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=116 time=93.9 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=116 time=118 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=116 time=141 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=116 time=62.2 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=116 time=187 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=116 time=723 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=116 time=747 ms
64 bytes from 8.8.8.8: icmp_seq=10 ttl=116 time=1171 ms
64 bytes from 8.8.8.8: icmp_seq=11 ttl=116 time=151 ms
64 bytes from 8.8.8.8: icmp_seq=12 ttl=116 time=590 ms
64 bytes from 8.8.8.8: icmp_seq=13 ttl=116 time=95.1 ms
64 bytes from 8.8.8.8: icmp_seq=15 ttl=116 time=1036 ms
64 bytes from 8.8.8.8: icmp_seq=16 ttl=116 time=48.2 ms
64 bytes from 8.8.8.8: icmp_seq=17 ttl=116 time=756 ms
64 bytes from 8.8.8.8: icmp_seq=18 ttl=116 time=1498 ms
64 bytes from 8.8.8.8: icmp_seq=19 ttl=116 time=492 ms
64 bytes from 8.8.8.8: icmp_seq=20 ttl=116 time=1129 ms
64 bytes from 8.8.8.8: icmp_seq=21 ttl=116 time=1549 ms
64 bytes from 8.8.8.8: icmp_seq=22 ttl=116 time=548 ms
64 bytes from 8.8.8.8: icmp_seq=23 ttl=116 time=1187 ms
64 bytes from 8.8.8.8: icmp_seq=24 ttl=116 time=182 ms
64 bytes from 8.8.8.8: icmp_seq=25 ttl=116 time=925 ms
64 bytes from 8.8.8.8: icmp_seq=26 ttl=116 time=114 ms
64 bytes from 8.8.8.8: icmp_seq=27 ttl=116 time=764 ms
64 bytes from 8.8.8.8: icmp_seq=28 ttl=116 time=1608 ms
64 bytes from 8.8.8.8: icmp_seq=29 ttl=116 time=588 ms
64 bytes from 8.8.8.8: icmp_seq=30 ttl=116 time=1233 ms
64 bytes from 8.8.8.8: icmp_seq=31 ttl=116 time=218 ms
64 bytes from 8.8.8.8: icmp_seq=32 ttl=116 time=851 ms
64 bytes from 8.8.8.8: icmp_seq=33 ttl=116 time=1662 ms
64 bytes from 8.8.8.8: icmp_seq=35 ttl=116 time=1328 ms
64 bytes from 8.8.8.8: icmp_seq=36 ttl=116 time=313 ms
64 bytes from 8.8.8.8: icmp_seq=37 ttl=116 time=1364 ms
64 bytes from 8.8.8.8: icmp_seq=38 ttl=116 time=350 ms
64 bytes from 8.8.8.8: icmp_seq=39 ttl=116 time=64.2 ms
64 bytes from 8.8.8.8: icmp_seq=44 ttl=116 time=1118 ms
64 bytes from 8.8.8.8: icmp_seq=45 ttl=116 time=97.9 ms
64 bytes from 8.8.8.8: icmp_seq=46 ttl=116 time=1113 ms
64 bytes from 8.8.8.8: icmp_seq=47 ttl=116 time=99.0 ms
64 bytes from 8.8.8.8: icmp_seq=48 ttl=116 time=60.9 ms
64 bytes from 8.8.8.8: icmp_seq=49 ttl=116 time=84.4 ms
64 bytes from 8.8.8.8: icmp_seq=51 ttl=116 time=2051 ms
64 bytes from 8.8.8.8: icmp_seq=52 ttl=116 time=1027 ms
64 bytes from 8.8.8.8: icmp_seq=53 ttl=116 time=106 ms
64 bytes from 8.8.8.8: icmp_seq=54 ttl=116 time=743 ms
64 bytes from 8.8.8.8: icmp_seq=55 ttl=116 time=154 ms
64 bytes from 8.8.8.8: icmp_seq=56 ttl=116 time=72.2 ms
64 bytes from 8.8.8.8: icmp_seq=57 ttl=116 time=48.5 ms
64 bytes from 8.8.8.8: icmp_seq=59 ttl=116 time=1981 ms
64 bytes from 8.8.8.8: icmp_seq=60 ttl=116 time=957 ms
64 bytes from 8.8.8.8: icmp_seq=61 ttl=116 time=57.0 ms
64 bytes from 8.8.8.8: icmp_seq=62 ttl=116 time=798 ms
64 bytes from 8.8.8.8: icmp_seq=63 ttl=116 time=105 ms
64 bytes from 8.8.8.8: icmp_seq=64 ttl=116 time=129 ms
64 bytes from 8.8.8.8: icmp_seq=65 ttl=116 time=152 ms
64 bytes from 8.8.8.8: icmp_seq=66 ttl=116 time=73.0 ms
64 bytes from 8.8.8.8: icmp_seq=67 ttl=116 time=96.4 ms
64 bytes from 8.8.8.8: icmp_seq=68 ttl=116 time=120 ms
64 bytes from 8.8.8.8: icmp_seq=69 ttl=116 time=1476 ms
64 bytes from 8.8.8.8: icmp_seq=70 ttl=116 time=1489 ms
64 bytes from 8.8.8.8: icmp_seq=71 ttl=116 time=489 ms
64 bytes from 8.8.8.8: icmp_seq=72 ttl=116 time=205 ms
64 bytes from 8.8.8.8: icmp_seq=73 ttl=116 time=1959 ms
64 bytes from 8.8.8.8: icmp_seq=74 ttl=116 time=1968 ms
64 bytes from 8.8.8.8: icmp_seq=75 ttl=116 time=968 ms
64 bytes from 8.8.8.8: icmp_seq=76 ttl=116 time=71.8 ms
64 bytes from 8.8.8.8: icmp_seq=78 ttl=116 time=1320 ms
64 bytes from 8.8.8.8: icmp_seq=79 ttl=116 time=2027 ms
64 bytes from 8.8.8.8: icmp_seq=80 ttl=116 time=1027 ms
64 bytes from 8.8.8.8: icmp_seq=81 ttl=116 time=123 ms
64 bytes from 8.8.8.8: icmp_seq=83 ttl=116 time=1076 ms
64 bytes from 8.8.8.8: icmp_seq=84 ttl=116 time=52.3 ms
64 bytes from 8.8.8.8: icmp_seq=85 ttl=116 time=1935 ms
64 bytes from 8.8.8.8: icmp_seq=87 ttl=116 time=1750 ms
64 bytes from 8.8.8.8: icmp_seq=88 ttl=116 time=1145 ms
64 bytes from 8.8.8.8: icmp_seq=89 ttl=116 time=145 ms
64 bytes from 8.8.8.8: icmp_seq=90 ttl=116 time=64.5 m
03-08-2024 06:27 PM
Weird, came home to mess around and my ISR CLI had this apparently for hours...
*Mar 9 01:52:44.777: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041808004034440 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:52:51.153: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041814380202240 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:52:57.610: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041820837155640 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:53:03.965: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041827192270800 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:53:10.087: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041833314186600 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:53:16.679: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041839906151960 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:53:21.895: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041845122082960 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:53:28.043: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041851270723520 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:53:35.368: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041858595663600 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:53:40.864: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041864091007920 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:53:47.597: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041870824155680 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:53:54.788: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041878015311360 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:54:01.163: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041884390721160 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:54:07.515: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041890742596360 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:54:13.868: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041897095715680 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:54:20.219: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041903446228240 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:54:26.590: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041909817785920 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:54:31.987: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041915214654040 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:54:39.294: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041922521648760 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:54:47.268: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041930495065320 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:54:52.793: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041936019901320 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:54:58.474: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041941701184640 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:55:04.828: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041948055661720 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:55:10.898: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041954125718360 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:55:17.532: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041960759157880 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:55:23.897: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041967124708560 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
*Mar 9 01:55:30.257: %IOSXE-4-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00000041973484714120 %NAT-4-DEFAULT_MAX_ENTRIES: default maximum entries value 16384 exceeded; frame dropped
03-08-2024 11:42 PM
Hello,
try and set the maximum value to something like:
ip nat translation max-entries 200000
and check if the errors disappear.
03-09-2024 12:48 AM
In addition to @Georg Pauwen suggestion, I would change the translation timers as well:
ip nat translation tcp-timeout 600
ip nat translation udp-timeout 300
ip nat translation icmp-timeout 30
ip nat translation dns-timeout 10
ip nat translation syn-timeout 5
03-09-2024 06:21 AM
Morning friends.
Woke up and Internet was down. Running late for work so not much time to troubleshoot but I reloaded the ISR and it all works. Also I inputted the code (6 of them) that you both recommended.
iI noticed yesterday it disconnected around 4 pm as well. Let’s see if these new lines fix anything if not I’ll continue testing with your suggested way.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide