10-12-2005 08:41 AM - edited 02-21-2020 12:27 AM
I'm having alot of problem with FTP......
This is how my network was setup. I have a firewall, Cisco Pix 506E which is connected to a Cisco 2950 switch.
I used NAT where it translate my Private IP to Public IP. I've open up Port 21 on my Firewall for FTP but it seem to give me problem......
Sometime I can connect and upload large files without any timeout, sometime, I can't upload files at all or it will timeout after 10% or 20% or whatever size.....
I've post in other forum and the expert told me it is due to the speed mismatch.
They ask me to ensure that my outside interface is set to 100BaseT FD.
I've done that. But I have this problem. I set my outside and inside interface to 1ooBaseT FD for the Firewall. Then I set the ports on my switch to 100Base T FD. When I do that, my server network card - eth0 show that it can only run on 100BaseT HD as is set a no autonegotiation. There is no way I can force the eth0 to run on 100BaseT FD.
But when I change the switch ports to 100 for speed but leave the Duplex as auto, my eth0 run on 100BaseT FD.
Basically I have confirmed that my firewall is connected to the router at 100BaseT FD (and my router is in 100Base).
I've set my firewall inside to connect at auto.
On my switch, I've set all the ports to run on 100 but leave Duplex setting to Auto.
My server eth0 is running on autonegotiation 100BaseT FD
But I still getting problem with my FTP. Sometime I can upload without problem, sometime I can't, it gets time out. I've tried using multiple FTP clients, I've tried connecting on ADSL and Cable on different venue. I've ask few of my friends to try and they too get the same problem.
I've very lost here. What is wrong here?
10-12-2005 08:44 AM
10-12-2005 08:53 AM
I did a show interface command and get the following:-
interface ethernet0 "outside" is up, line protocol is up
Hardware is i82559 ethernet, address is 0014.a807.610c
IP address x.x.x.36, subnet mask 255.255.255.224
MTU 1500 bytes, BW 100000 Kbit full duplex
4264126 packets input, 2654097766 bytes, 0 no buffer
Received 125257 broadcasts, 35 runts, 0 giants
45 input errors, 10 CRC, 0 frame, 0 overrun, 10 ignored, 0 abort
3568019 packets output, 1386361349 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
1 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/42)
output queue (curr/max blocks): hardware (0/20) software (0/1)
interface ethernet1 "inside" is up, line protocol is up
Hardware is i82559 ethernet, address is 0014.a807.610d
IP address 192.168.0.254, subnet mask 255.255.255.0
MTU 1500 bytes, BW 100000 Kbit full duplex
3597617 packets input, 1381816950 bytes, 0 no buffer
Received 22224 broadcasts, 10 runts, 0 giants
41 input errors, 31 CRC, 0 frame, 0 overrun, 31 ignored, 0 abort
4018904 packets output, 2671865187 bytes, 0 underruns
0 output errors, 27 collisions, 0 interface resets
0 babbles, 5 late collisions, 59 deferred
25 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/31)
output queue (curr/max blocks): hardware (0/59) software (0/1)
10-12-2005 05:52 PM
the result of "sh int" indicates that 25 lost carrier, just wondering if the issue is related to the internet link. e.g. the office internet link went down when you were trying to upload a file.
to verify, you may do one of the followings when the issue occur:
ssh to the pix
establish a remote vpn tunnel to the pix
ping the x.x.x.34 or x.x.x.35
further, you may also want to verify whether the ftp server is functioning perfectly. to verify, simply play with the ftp server with a local pc.
10-15-2005 02:27 AM
Hi jackko,
I've check and that is not the problem. Can you tell me what do they mean by this:
45 input errors, 10 CRC, 0 frame, 0 overrun, 10 ignored, 0 abort
I seem to get alot of this under the outside but 0 on the inside.
I asked someone what does that mean and if I should be concern and I was informed that I should be very concern, they said that for outsider CRC error, it means there is something wrong with the cables connected from the IDC router to my firewall and I was advised to ask the IDC to change the cable that connect my firewall to their router.
What is your knowledge on CRC error?
10-15-2005 05:40 AM
crc basically is a mean for a device verifying the received data if there is any error during transmission.
according to cisco:
The number of Cyclical Redundancy Check errors. When a station sends a frame, it appends a CRC to the end of the frame. This CRC is generated from an algorithm based on the data in the frame. If the frame is altered between the source and destination, the security appliance notes that the CRC does not match. A high number of CRCs is usually the result of collisions or a station transmitting bad data.
i guess the issue is related to duplex mismatch between the pix and the outside interface connected device. also, verify the cable whether it's faulty or not.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide