Re: Slow ping when using C921-K9

hansfry.ko · ‎09-03-2022

Hi all,

I work with Cisco 867VAE, C881-K9 and currently C921.

we use third party company from Japan to create the config for Cisco, then I do EZVPN zero touch to the cisco.

This Cisco only use two port , 1 LAN and 1 WAN.

Lan is connected to user Computer and WAN connected to internet.

my cisco communicate with the server in Japan, using site to site VPN.

now the problem is, using 867 and C881 , I can ping server smoothly, but using C921 I found that it have intermittent ping, sometime it can stop replying for 20 seconds or more and then reply again and stop again.

This problem in C921 is not always happen. around 40 C921 I plant on various sites , maybe around 20 C921 that have this problem.

My feeling says that, this C921 cisco have lower tolerance with internet speed or stability. but I could be wrong.

since I dont have enable password for the cisco, I cannot see much settings on it.

any Idea , on what should I ask to this Japan company I am work with, as they say there is no problem with the config.

they tested in their office, and always say the ping is good. but again their internet office speed is fast and stable. and my country is developing country that have slower internet.

any input is appreciated , thank you

balaji.bandi · ‎09-03-2022

I can ping server smoothly, but using C921 I found that it have intermittent ping, sometime it can stop replying for 20 seconds or more and then reply again and stop again.

This required more clarity, you able to ping Server smoothly, where is that server, from what source you able to ping as expected,

what ping not working, and what is the source and destination which lots the ping?

another side, we need to see the config to understand what is configured, if not we can only play guess games here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎09-04-2022

Hello,

as far as I recall, the C921 has default control plane policing (CoPP) for the purpose of protecting the control plane against e.g. DoS and reconnaisance attacks. Ping (ICMP) traffic could be policed there. You could ask your co-workers in the other office(s) if they can see anything with the command:

show policy-map control-plane

hansfry.ko · ‎09-04-2022

Hi Balaji,

what ping not working, and what is the source and destination which lots the ping?

Ping from computer (that connected to LAN port of Cisco) to server public IP.

we need to see the config to understand what is configured, I will try to ask them several part of the config

Hi Georg,

Thank you for the input,

when they do show policy-map control-plane, nothing shows.

this is the ping result,

64 bytes from : icmp_seq=3 ttl=253 time=169 ms
64 bytes from : icmp_seq=4 ttl=253 time=169 ms
64 bytes from : icmp_seq=5 ttl=253 time=168 ms
64 bytes from : icmp_seq=6 ttl=253 time=169 ms
64 bytes from : icmp_seq=7 ttl=253 time=169 ms
64 bytes from : icmp_seq=8 ttl=253 time=169 ms
64 bytes from : icmp_seq=9 ttl=253 time=168 ms
64 bytes from : icmp_seq=10 ttl=253 time=169 ms
64 bytes from : icmp_seq=11 ttl=253 time=169 ms
64 bytes from : icmp_seq=12 ttl=253 time=169 ms
64 bytes from : icmp_seq=13 ttl=253 time=168 ms
64 bytes from : icmp_seq=24 ttl=253 time=170 ms
64 bytes from : icmp_seq=25 ttl=253 time=170 ms
64 bytes from : icmp_seq=26 ttl=253 time=170 ms
64 bytes from : icmp_seq=27 ttl=253 time=169 ms
64 bytes from : icmp_seq=28 ttl=253 time=170 ms
64 bytes from : icmp_seq=29 ttl=253 time=170 ms
64 bytes from : icmp_seq=30 ttl=253 time=169 ms
64 bytes from : icmp_seq=31 ttl=253 time=170 ms
64 bytes from : icmp_seq=32 ttl=253 time=169 ms

it stopped on 13th seconds, and start replying again in 24th second

thanks

hansfry.ko · ‎09-04-2022

one more detail,

IEz#ping x.x.x.x source vlanx repeat 500
Type escape sequence to abort.
Sending 500, 100-byte ICMP Echos to x.x.x.x, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.254
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!

Ping from Cisco to server is good , 100% without lost
Success rate is 100 percent (500/500), round-trip min/avg/max = 168/171/228 ms

Georg Pauwen · ‎09-04-2022

Hello,

that is an interesting detail. What OS (e.g. Windows 11) and what NIC (brand/type/model) is the end computer using ?

hansfry.ko · ‎09-05-2022

Hi Georg,

the computer that connected to LAn port of Cisco is using Linux, redhat or Suse. But I tried too using my laptop (windows 10) connected directly to Cisco LAN, the ping still the same, intermittent.

Georg Pauwen · ‎09-05-2022

Hello,

as suggested, post the full running configuration of the C921. Maybe we can spot something...