cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2615
Views
0
Helpful
3
Replies

Virtual Access interface keeps dropping

lbogiani
Level 1
Level 1

I recently activated syslog logging on my 806 DSL router and have noticed my virtual access interface drops at least once daily, it'll do it for a minute or so then comes back up. I notice mostly because I'll be on the web and all of a sudden I'll lose connectivity, I'll check the syslog log and see the interface has dropped but it usually will come right back up and I'll have signal again. The only change I've done recently to the config was add an access list to block most icmp packets inbound, as well as disabling some services like http server, and a few other for security purposes.

It's done this before even before I did this changes, but seems like its more often now , it used to not drop daily, not its doing it every day. My question is, could anything in the config be causing this? or should I just blame it on the service provider or the DSL service/line itself?

Here's a copy of the log entries:

Feb 11 00:58:41 10.10.10.1 462: 2d23h: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down

Feb 11 00:58:42 10.10.10.1 463: 2d23h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down

Feb 11 01:00:35 10.10.10.1 464: 2d23h: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up

Feb 11 01:00:37 10.10.10.1 465: 2d23h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up

Thanx

Louis

3 Replies 3

raymong
Level 4
Level 4

One thing in your config to check is the way you have defined "interesting traffic". Depending on how you have set this up, this could cause your virtual interface to go down if it doesn't see traffic that matches the criteria you have set. If you still help, you can re-post with your configs.

dwallwork
Level 1
Level 1

A real wild guess here, but would your ISP be dropping a DHCP assigned address to you after a fixed period of inactivity? Your router drops the i/f to get a new DHCP address when it senses external activity? Based on your statement that it even happens while you're surfing, I would not have suspected this...

Yeah this happens while I'm surfing, I'll be browsing pages and all of a suddent I have no connection. I check the syslog and see that the virtual interface has dropped. I'll give it a few seconds and eventually comes back up (I keep trying to access oages or check email to see if it "wakes up" and brings it back up). here's my running config in case you guys can find anything there...

Thanx

Current configuration : 3739 bytes

!

! Last configuration change at 17:05:21 est Sat Feb 8 2003

! NVRAM config last updated at 01:21:10 est Sat Feb 8 2003

!

version 12.2

no parser cache

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Clandestine

!

enable secret

username Clandestine password

clock timezone est -5

clock summer-time edt recurring

ip subnet-zero

no ip source-route

ip name-server 205.152.144.235

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 10.10.10.2

!

ip dhcp pool CLIENT

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

!

no ip bootp server

ip cef

ip inspect name myfw cuseeme timeout 3600

ip inspect name myfw ftp timeout 3600

ip inspect name myfw http java-list 10 timeout 3600

ip inspect name myfw rcmd timeout 3600

ip inspect name myfw realaudio timeout 3600

ip inspect name myfw smtp timeout 3600

ip inspect name myfw tftp timeout 30

ip inspect name myfw udp timeout 15

ip inspect name myfw tcp timeout 3600

ip inspect name myfw h323 timeout 3600

ip audit notify log

ip audit po max-events 100

vpdn enable

!

vpdn-group 1

request-dialin

protocol pppoe

!

!

!

!

interface Ethernet0

ip address 10.10.10.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip tcp adjust-mss 1452

no cdp enable

hold-queue 32 in

hold-queue 100 out

!

interface Ethernet1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip tcp adjust-mss 1452

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

!

interface Dialer1

ip address negotiated

ip access-group 111 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1492

ip nat outside

ip inspect myfw out

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname

ppp chap password

ppp pap sent-username password

ppp ipcp dns request

ppp ipcp wins request

!

ip nat inside source list 102 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

!

!

access-list 10 permit 204.69.199.39

access-list 10 permit 209.191.132.40

access-list 10 deny any log

access-list 102 permit ip 10.10.10.0 0.0.0.255 any

access-list 111 deny ip 127.0.0.0 0.255.255.255 any log-input

access-list 111 deny ip 10.0.0.0 0.255.255.255 any log-input

access-list 111 deny ip 172.16.0.0 0.15.255.255 any log-input

access-list 111 deny ip 192.168.0.0 0.0.255.255 any log-input

access-list 111 deny ip 224.0.0.0 15.255.255.255 any log-input

access-list 111 deny ip 240.0.0.0 7.255.255.255 any log-input

access-list 111 permit icmp any any packet-too-big

access-list 111 permit icmp any any time-exceeded

access-list 111 permit icmp any any echo-reply

access-list 111 permit udp any eq domain any

access-list 111 permit udp any any eq isakmp

access-list 111 permit udp host 128.194.254.9 eq ntp any

access-list 111 permit esp any any

access-list 111 deny icmp any any

access-list 111 deny ip any any

dialer-list 1 protocol ip permit

banner motd ^C

AUTHORIZED USERS ONLY!

^C

privilege exec level 15 connect

privilege exec level 15 telnet

privilege exec level 15 show ip access-lists

privilege exec level 15 show access-lists

privilege exec level 15 show logging

privilege exec level 1 show ip

!

line con 0

exec-timeout 120 0

password

login

stopbits 1

line vty 0 4

exec-timeout 0 1 login local

no exec

length 0

transport input none

!

scheduler max-task-time 5000

ntp clock-period 17179841

ntp server 128.194.254.9

end

Review Cisco Networking for a $25 gift card