internet connection goes down for couple of seconds and coming up

amralrazzaz · ‎09-23-2021

internet keep going down and up many times

my connection ( isp--asa--router--sw-sw--users)
im facing an issue happen randomly maybe periodically that internet connection goes down for
couple of seconds and coming up again , and this effecting our calls and meeting virtually

i have checked with ISP and no issue from there side
so i need help to get an ideas why internet connection packet losses for seconds and coming back?
is it power of network devices or cables between trunk ports or what ...
any idea of the internfaces that i can check the drop packets

i have received from ISP that i have to configure ip tcp adjust-mss 1300 under interface
and this configured on int which facing the switched
is this maybe the reason ? and shall i configure this also on ASA inside int which connected o this
router ? or shall i configure this command also to the int of router facing the asa ?)

also for the AP ( wap300n dlink ) can i check the dropped packet on this interface which connected
to switch? maybe issue from this ?
dont know
on router :
----------
interface GigabitEthernet0/0
description connected to local NW-INTERVLAN
no ip address
ip flow ingress
ip flow egress
ip tcp adjust-mss 1300
duplex auto
speed auto
no mop enabled

!
interface GigabitEthernet0/1
description connected to ASA
ip address -----------------
ip access-group BLOCK_SSH in
ip flow ingress
ip flow egress
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
--------------
AP INTERFACE :

C2960X-EGCAI01-SW2#show interfaces gigabitEthernet 1/0/14
GigabitEthernet1/0/14 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 5Z7c.6ZZ5.ZZZ (5Z7c.6ZZ5.ZZZ)
Description: connected_AP_Campina_Office
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 6/255, rxload 4/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1312
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1898000 bits/sec, 408 packets/sec
5 minute output rate 2374000 bits/sec, 463 packets/sec
57359046 packets input, 33349832377 bytes, 0 no buffer
Received 2285994 broadcasts (2007312 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 2007312 multicast, 0 pause input
0 input packets with dribble condition detected
89029935 packets output, 71188877663 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

amr alrazzaz

balaji.bandi · ‎09-23-2021

May be worth Run some EEM Script to run on ASA to confirm your Internet Link working as expected, before you get in to your network issue.

step 1.

ASA to Internet working, when you see the issue in the Lan network ?

Step2 : (this should not cause the issue, but worth checking)

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1312

Step3 : what users effecting all users, only Wifi ? ( connect device directly to ASA and see if that works when you have issue ?)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

amralrazzaz · ‎09-23-2021

Dear how to run EEM Script on ASA for testing the internet stability ?

shall i connect one device directly to asa with public ip address and check the connectivity ? and how to test this ? is it on the asa interface where connected to this device

also regarding this command line : ip tcp adjust-mss 1300 its recommended from ISP "? where shall i put exactly on which interfaces ? and maybe this can cause the issue ? i dnt know ?

regarding drop packet on interface which connected to AP ? who can i check ? what can cause this ? specially there are no load of users in office ? ( im using channel width 40 MHZ Only with wireless band 5 ghz)

amr alrazzaz

balaji.bandi · ‎09-23-2021

Dear how to run EEM Script on ASA for testing the internet stability ?

here is the example :

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117883-config-eem-00.html

shall i connect one device directly to asa with public ip address and check the connectivity ? and how to test this ? is it on the asa interface where connected to this device

-- Sure to identify the problem connect some dedicated node to ASA, runing some ping plotter to collect the information.

also regarding this command line : ip tcp adjust-mss 1300 its recommended from ISP "? where shall i put exactly on which interfaces ? and maybe this can cause the issue ? i dnt know ?

-if the FW connected directly to provider then you need to run that in ASA example :

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/interface-mtu.html

regarding drop packet on interface which connected to AP ? who can i check ? what can cause this ? specially there are no load of

users in office ? ( im using channel width 40 MHZ Only with wireless band 5 ghz)

- ignore for now, lets test above steps and see if that improves ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

amralrazzaz · ‎09-23-2021

question please :

for this command ip tcp adjust-mss 1300 ( its already configured on the interface of isp router which facing and connecting to my outside ASA FDM interface and outside asa fdm int is not configured !!) so shall i have to configure same on my asa fdm outside int ? and on inside as well?

i do configured this command only on my local office router interface which facing internal switched which have router on stick sub interfaces for vlans?

how to configure this on ASA FDM ? ( ip tcp adjust-mss 1300)

amr alrazzaz

balaji.bandi · ‎09-25-2021

tcp adjust-mss 1300 ( its already configured on the interface of isp router which facing and connecting to my outside ASA FDM interface and outside asa fdm int is not configured !!)

You confirming that Interface already configured towards ISP side ? - but other question confusing us asking how to configure as below :

how to configure this on ASA FDM ? ( ip tcp adjust-mss 1300)

also confirm is this ASA Code running or Firepower Code running

if ASA you using ASDM, if the Firepower you use FDM

if ASDM use below :

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/asdm77/general/asdm-77-general-config/interface-mtu.html#ID-2076-00000095

FDM

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/fdm/fptd-fdm-config-guide-630/fptd-fdm-interfaces.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

amralrazzaz · ‎09-26-2021

I'm using ASA FDM and I'm asking where exactly shall i configured this ( ip tcp adjust-mss 1300) command? on which interfaces ? maybe this could cause the internet connection issue down for couple of seconds and coming back gain?

Network Diagram : ISP ROUTER ----ASA FDM ----2911 ROUTER ISR ---- SWITCH L2----SWITCH L2 ---- DEVICES&USERS

BTW this command currently configured on below interfaces only

ISP--------outside int ASAFDM inside int---------(ip tcp adjust-mss 1300) ISR ROUTER (ip tcp adjust-mss 1300)----- SW1----SW2

also shall i configure this command on each sub interface ? router on stick ? or no need /?

amr alrazzaz

Georg Pauwen · ‎09-23-2021

Hello,

post the full running configs of the ASA, the router, and the two switches...

amralrazzaz · ‎09-25-2021

i have shared the full config already and waiting your kindly reply and recommendations for any modifications so ill follow and apply

Thanks in advance

amr alrazzaz

Georg Pauwen · ‎09-25-2021

Hello,

I might have missed that...where exactly is the output of 'show running-config' of all devices involved ?

Giuseppe Larosa · ‎09-26-2021

Hello @amralrazzaz ,

I would like to suggest you a simpler test to verify if the issue is limited to the WIFI or it impacts also the wired part of your network.

Use two PCs:

PC1 is connected with cable to the internal LAN of your network

PC2 is connected via WIFI

on both PCs you open a Windows OS shell (cmd) and use

ping 8.8.8.8 -t

on linux just use ping 8.8.8.8

Examine the results if losses happen only on the WIFI connected PC you may have issues with WIFI re-autentication re-associaiton.

Hope to help

Giuseppe

amralrazzaz · ‎09-26-2021

can you check my wifi setup on ap attached if its fine ?

and for the testing how much time i keep the ping to 8.8.8.8 for both devices ?

regarding the model of this AP it has been using now for almost 6 years maybe 7 years , so if this model is good for business or its recommended to change with advanced one ? and what kind then shall i buy with good price and better performance ? maybe AP performance effecting the signal ???!!

amr alrazzaz

Giuseppe Larosa · ‎09-26-2021

Helllo @amralrazzaz ,

>> and for the testing how much time i keep the ping to 8.8.8.8 for both devices ?

Ideally the two PCs should be near each other and you give a look at them disable display power off and have the laptop with power connected and disable standby when powered.

Please note that some losses on the WIFI are to be expected so it would be important to have someone looking at the monitors of both PCs to see if there are losses on both at the same time.

If you stop the tests after hours 4-5 and compare the results you can understand if the issue is WFI only or it impacts also the wired part of your network,

About your AP configuration I don't see any issue in the configuration.

EDit:

But the picture says it is a Linksys device not D-Link or am I wrong ?

About QoS on WIFI environments you may like to read the following article:

https://mrncciew.com/2021/09/14/rfc-8325-wifi-qos-mappings/

Hope to help

Giuseppe

amralrazzaz · ‎09-28-2021

Hi Larosa,

i have just trying to ping 8.8.8.8 -t from laptop device wired connection only for now about 4-5 hours as u had asked me and the result as below:

Ping statistics for 8.8.8.8:
Packets: Sent = 13685, Received = 13647, Lost = 38 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 85ms, Average = 39ms

and this is output for wifi (around 5 hrs 30 mins ) :

Ping statistics for 8.8.8.8:
Packets: Sent = 15447, Received = 15388, Lost = 59 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 114ms, Average = 40ms

so it that sounds good ? or ?

amr alrazzaz

David Johnson · ‎09-23-2021

Did you check the cable?