cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2038
Views
0
Helpful
9
Replies

RV 042G usage problems

equipment66
Level 1
Level 1

Hello

About 2 months ago the problem appeared with our router Cisco RV 042G. It seems, that the router is loosing WAN connection for 1 - 10 minutes: any external connection (like web page loading, POP3, etc) becomes unavailable, ping to router increases to 4000 ms, ping to any externals site - timed out. Some time later connection restores, and ping comes to normal values (~1 ms to router, ~50 ms to external site)

We have checked all our equipment for viruses, configuration mistakes etc. It seems, that problem is our router. Could you please to help us solve the problem with our connection?

Router: Cisco RV 042G

Firmware: v4.2.1.02 (Jan 18 2012 14:10:55)

Working mode: gateway

IPv4 only

WAN access: wi-max

LAN equipment:

2 wi-fi access points

2 print servers

2 digital video recorders

2 ip cameras

up to 10 - 15 computers, mostly windows, 1 - MAC

Number of equipment, connected to the LAN side of router, does not affect how often the problem appears. But it seems, that connection is recovering some faster if less equipment is connected

Thanks in advance for ay support.

9 Replies 9

lariasqu
Level 1
Level 1

Hi Vilius, thank you for using our forum, my name is Luis I am part of the Small business Support community. I have a couple of questions for you.

1.  Did you change something in the past months?

2. Do you have some ACL, VPN, or IPS configured in your device?

I advise you to change you MTU size from 1450 to 1500 (default), you could try different sizes in order to find the better for your configuration.

I hope you find this answer useful

Greetings,

Luis Arias.

Cisco Network Support Engineer.

Hello Luis ant thank you for your reply.

Follow you questions:

1) The last change in the router configuration was made aprox. 1 year ago. There was no problems after changes.

2) I have configured 6 port forwardings for IP cameras and digital video recorders. I have disconnected mentioned equipment for diagnostic purposes and restored router to default settings. No effect.

3) Setting MTU size from "Auto" to 1450 makes router completely inaccessible until restoring to system default settings.

Any ideas?

Hi Vilius, I apologize about that, I will share to you a document in order to know which MTU size is better for your connection, you could follow that instructions, and you will send few pings and the better response that is the size that you need.

http://kb.linksys.com/Linksys/ukp.aspx?pid=80&vw=1&articleid=386

Also there is other thing, I was wondering, did you perform a factory reset? If you did, I advise you to configure just the necessary, in order to test if the device can connect with the full capacity.

Please, let me know if this work for you

Greetings,

Luis Arias.

Cisco Network Support Engineer.

Hello Luis,

And thank you again for your support.

1) Yes, I was forced to reset router to factory settings and this does not help. I'm wondering about it too.

2) We have checked the MTU size; 1500 is ok.

Here is some additional information for you:

Today I have noted, that router's clock is delayed aprox. 3 hours. I have set the correct time manually. After aprox. 20 - 30 minutes the 1st "freezing" appear; after this I have noted immediately, that the clock is delaying about 10 minutes.  but "freezing" takes about 2-3 minutes, not 10. Now, after ~ 2 hours, I can see that clock is delaying about 1 hour. Probably, this means multiple "freezes" during last time...

The question: could any external influence (like ddos attack or electrical interference from antenna) cause this?

Because of diagnostic, the router is connected to antenna not directly but thorough additional switch.

BR

Vilius

equipment66
Level 1
Level 1

Hello,

Yesterday I have connected to the WAN side of router to listen of network activity. I have found abnormal activity in the network of my ISP, probably the virus: one IP generated about 99% of traffic; I have not detected direct connection or flooding to my router, but loosing of my Internet connection perfectly match flooding of another IP on the NET of my ISP (probably, one of the server).

So, 90% chance, that problemm is detected.

The last questions to Cisco support team: could mentioned problem cause delays in the internal clock of RV-042G or not? Could it be bug in the firmware or this is hardware problem? Does I need send my router to service?

Luis, personally thanks for your support

I have seen my rv016 act extremely funny when the firewall is as active as you describe.  What you need to do is see what the ISP is sending you.  I actually had to use another router to finally block my ISP's packets and allow my rv016 to have cleaner traffic...    

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Hi Vilius, this specific traffic comes from the server, Am I right? If I am, please just to check, what happen if you disconnect the server? Could you please, share to us some logs?

Thank you,

Luis Arias.

Cisco Network Support Engineer.

Hello Luis,

Sorry for long delay, I was on vacations

My IP providers informed me, that I have detected a kind of spambot on their network. After blocking mentioned IP I have no more problems with Internet connection.

Follow your questions:

1) I don't know, comes this specific trafic from the server or from the customer's computer - my IP providers does not like to support me with such info. But, this IP is on the same range like my IP, so I guess, that this was infected end-customer's computer. Any case, this IP flooded the servers.

2) No problems detected when WAN cable is unplugged. I guess, that problem appear when my router sends any inquiry to server during servers's flooding time. So, It could be incorrect answer from server. Or something else

3) I have not saved any logs from the router, because there was nothing interesting in the logs. I have checked all the connections follow the log. It was my own pings, connection to TeamViewer servers, Internet radio, Microsoft update servers etc. No flooding or unknown connections, even such connections is not registered in the log.

But I can share you WireShark Log with my comments via Google drive (about 110 Mb). Please send me your gmail for sharing, or please inform me how can I send you such large file.

Hi Vilius, welcome back!

I advise you to run an anti-virus to your equipments in order to find any threat in your devices. That will be in case there is someone infected, and also in case you want to share your WireShark Log, could you please reach out to our Small Business Support Center and open a Service Request to address this issue? One of our Engineers may be able to work with you and diagnose the root cause. You can find the appropriate contact information for SBSC in the below link.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Thank you for using our forum, I hope you find this answer useful.

Greetings,

Luis Arias.

Cisco Network Support Engineer.