Re: Serial Interface Problem

usmany · ‎10-31-2004

Hi Guys,

I am having little problem with my router 3640 series.

The problem is, I monitor activity of the serial interface and what I am getting is like something is transmitting (traffic out) almost same as traffic in the network. say I have 64kpbs in and out of the network...

Please what could be responsible to this strange transmition out?

I replaced the serial interface with new but still having that problem.

I checked my systems and all don't have virus, even if there is no system on the network, still the serial interface transmit traffic out as traffice in...

Guys, your assistance is highly needed here.

folderman · ‎11-01-2004

hi smany,

due to the limited information, it is difficult to conclude what the problem is.

may you try to use "ip route-cache flow" in the serial interface and then "show ip cache flow" to see what the traffic actually is. :>

kennethl

usmany · ‎11-01-2004

System1#sh ip cache flow

IP packet size distribution (0 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 0 bytes

0 active, 0 inactive, 0 added

0 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

last clearing of statistics never

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

Above is results of ip cache flow got from my router... please try and help me troubleshoot if you can sir... if you need more infor, i will try and supply you with all you will need to help me solve the problem.

Thanks

smif101 · ‎11-01-2004

Can you provide the config of your router and what is the bandwidth of your serial link.

stephenshaw · ‎11-01-2004

Hi Usmany,

another item you can try is to apply ....

"ip accounting output-packets" to your serial interface. Then wait about a minute and do a "show ip accounting" command - this will tell you who's been talking to who within that minute.

Steve

blamerson · ‎11-01-2004

If this is strictly a line to the internet, I would apply an ACL to the serial interface:

Router(config)#ip access ex traffic-monitor-in

Router(config-ext-nacl)#permit tcp any any gt 0 log

Router(config-ext-nacl)#permit udp any any gt 0 log

Router(config-ext-nacl)#permit icmp any any log

Router(config-ext-nacl)#permit ip any any log

Router(config-ext-nacl)#interface serialx/x

Router(config-if)#ip access-group traffic-monitor-in in

This will monitor all inbound/outbound tcp/ip traffic. It's name is misleading because you have to assign it as either "inbound" or "outbound" traffic.. but all traffic is inbound when coming to an interface.. and outbound when leaving.. regardless of if it lands on the inside of your network or the outside. So, for monitoring purposes, "in" will work just fine. To view the information while on the router, do a Router#show log

Also, if you want to log this to a syslog server (for windows.. http://www.kiwisyslog.com works great), then you can use Router(config)#logging x.x.x.x and Router(config)#logging trap debugging.

Hope this helps!

Brian