10-19-2012 05:09 AM - edited 03-11-2019 05:11 PM
Hello,
I have a problem with an internet connection with a customer.
They have a Zyxel 660 in bridge mode and the public ip is delivered to the eth0/0 outside interface of a 5505 ASA.
They lose internet connectivity a couple of times per hour. What solves the problem immediately is disconnecting the ethernet cable from the eth0/0 and then directly plugging it back. Then it runs for 20-30 minutes or so.
The isp doesnt't notice any errors on the dsl connection, only that they cannot ping the outside interface from time to time (duhhh)
However, yesterday, when problem appeared for first time , I noticed that this Zyxel was very hot since it was placed on top of the ASA. Now it is set apart.
In the meantime I already replaced all cables, but I think it's the Zyxel so I urged that the ISP send a new Zyxel.
Though it sounds strange. But maybe anyone has seen this before?
Details:
Asa5505 (has been replaced also) with software version 8.4.3
the interface (eth0/0 and vlan2) don't give strange counters
ASA# sh inter det
Interface Ethernet0/0 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 2894.0ff8.c548, MTU not set
IP address unassigned
235089 packets input, 221884537 bytes, 0 no buffer
Received 402 broadcasts, 0 runts, 0 giants
2 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
7 switch ingress policy drops
163925 packets output, 31513917 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Topology Information:
This interface, a , is connected
with Internal-Data0/0, a .
Control Point Interface States:
Interface number is 3
Interface config status is active
Interface state is active
--------------------
Interface Vlan2 "outside", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
MAC address 2894.0ff8.c550, MTU 1500
IP address xx.xx.21.237, subnet mask 255.255.255.192
Traffic Statistics for "outside":
239894 packets input, 223410645 bytes
166949 packets output, 28496263 bytes
545 packets dropped
1 minute input rate 82 pkts/sec, 94048 bytes/sec
1 minute output rate 54 pkts/sec, 8022 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 24 pkts/sec, 22481 bytes/sec
5 minute output rate 18 pkts/sec, 3536 bytes/sec
5 minute drop rate, 0 pkts/sec
Control Point Interface States:
Interface number is 15
Interface config status is active
Interface state is active
10-19-2012 05:36 AM
Hi,
If there has been no changes to the connection, ISP equipment or the ASA itself it would seem the problem is probably with the Zyxel.
I personally run to strange problems with customer modems (pretty much always in bridged mode and a Cisco device behind them). Sometimes its simply the modem and sometimes it might be a problem with the DSLAM on the provider side.
Best situation would ofcourse be if you could do tests during the problem.
Few months ago I had a situation where a customers connection would continuosly stop working. What always corrected the problem was clearing the ARP from the gateway device (Even though the IP/MAC address pair was always the same). The gateway device had to do ARP again to enable connections to the office. This seemed to always correct the problem. Later on we found the problem to be in the ISP DSLAM settings related to ARP. What also was strange about the situation was that the setting that was changed was supposedly already configured the way it was supposed to. And considering I know it had been working for ages it was really strange that the settings had to be changed suddenly. Then again I don't know if the DSLAM had undergone any updates that might explain the strange behaviour.
But anyway, I would start by replacing the local modem. If it has more than a single Ethernet port you could plug the ASA into another port also to see if that has any effect. Ofcourse then you would have to make sure that new port is also bridged.
- Jouni
10-23-2012 02:43 AM
Hello,
I did a show arp and the gateway mac is showed every time. The line provider isn't familiar with this kind of problems, they verified their end but couldnt find anything special. They suggested to replace the dsl splitter (the only thing I didn't change yet) and secondary if that doesn't work, to put the Zyxel in routed mode (what I personally do not prefer)
My colleague will be onsite there today and do these steps. Will let you know the outcome.
With kind regards,
Ralph
10-23-2012 03:05 AM
Hi there,
May be of use. My home ISP is the Post Office and they ship zyxel routers. I had similar symptoms and had to keep rebooting the router. Eventually they sent me a new router which fixed the issue straight away.
Tim
10-23-2012 04:08 AM
Hello I'm sorry to forget to mention, but the customer was sent a new Zyxel dsl router, what didn't solve this problem, grrrr
Ralph
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide