Re: internet router CRASHING - 2801

jvalin__s · ‎09-29-2009

hi guys,

we have a problem with the router 2801,

a normal configuration of the pppoe adsl,

ter term length 0

Router#sh run

Building configuration...

Current configuration : 1865 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

! card type command needed for slot/vwic-slot 0/3

!

no aaa new-model

dot11 syslog

!

ip cef

!

multilink bundle-name authenticated

!

voice-card 0

no dspfarm

!

username admin password 0 Admin456

archive

log config

hidekeys

!

interface GigabitEthernet0/0

description *****Connected to Internet *****

no ip address

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface GigabitEthernet0/1

ip address 192.168.10.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface Dialer1

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer idle-timeout 0

dialer persistent

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname xxxx

ppp chap password xxxx

ppp pap sent-username xxxx password xxxx

ppp ipcp dns request

ppp ipcp wins request

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 192.168.11.0 255.255.255.0 192.168.10.1

ip route 192.168.12.0 255.255.255.0 192.168.10.1

ip route 192.168.13.0 255.255.255.0 192.168.10.1

!

no ip http server

no ip http secure-server

ip nat inside source list 100 interface Dialer1 overload

!

access-list 100 permit ip 192.168.0.0 0.0.255.255 any

dialer-list 1 protocol ip permit

!

control-plane

!

voice-port 0/2/0

!

voice-port 0/2/1

!

voice-port 0/2/2

!

voice-port 0/2/3

!

line con 0

exec-timeout 0 0

logging synchronous

login local

line aux 0

line vty 0 4

login

!

scheduler allocate 20000 1000

!

end

Router#sh flash

-#- --length-- -----date/time------ path

1 44446708 Jun 22 2009 04:38:52 +00:00 c2800nm-spservicesk9-mz.124-15.T9.bin

2 2751 Jun 22 2009 04:48:28 +00:00 sdmconfig-28xx.cfg

3 931840 Jun 22 2009 04:48:42 +00:00 es.tar

4 1505280 Jun 22 2009 04:48:58 +00:00 common.tar

5 1038 Jun 22 2009 04:49:12 +00:00 home.shtml

6 112640 Jun 22 2009 04:49:26 +00:00 home.tar

7 1697952 Jun 22 2009 0

what is happening is whenever the internet is accessed from the 11,12,13 as well as 10.0 vlan the router is crashing..

Kindly please help

paolo bevilacqua · ‎09-29-2009

Which exact ios are you using ?

jvalin__s · ‎09-29-2009

c2801-ipbasek9-mz.124-25b.bin

paolo bevilacqua · ‎09-29-2009

Try a different release eg 12.4(3h).

Otherwise you've to go to the TAC for the bug to be identified and fixed, can take 6-8 weeks.

jvalin__s · ‎09-29-2009

yes I have opened a tac case

they have asked..

certain outputs..

what errors I am getting is

"IP NAT AGER" whenever the users access the internt at that time only we get error related to nat memory errors..

and the router gets reloaded.

there might be not enough to hold the nat translations. thats what i think.

paolo bevilacqua · ‎09-29-2009

As above, you can spend a lot of time doing "show me this and show me that" with the TAC, or switch to an image without the bug and have it working.

Too bad I cannot tell you neither the bug ID neither which version does not have it.

jvalin__s · ‎09-29-2009

well,

the actual problem what we found was in the lan itself.

We found one PC which was generating lot of traffic to the internet and because of that the processor memory utilization was more.

Thanks for your help. We tested 3 different IOS on 3 different routers actually.

mathewodongo · ‎09-29-2009

This should fix your problem c2801-ipbasek9-mz.124-25b.bin

paolo bevilacqua · ‎09-30-2009

Thank you for letting us know.

Routers are not supposed to crash just because a PC sends a lot of traffic, so I still think it is a bug.

ismartnets · ‎09-30-2009

but after switching off that pc.

the crashing stopped.

and it was happening on all routers.

2801,2811,2821.

mastedarq · ‎09-30-2009

What exactly type of traffic was generated by this host?

jvalin__s · ‎10-01-2009

well there was nobody surfing from that machine.

What we can see on the router is IP NAT AGER and processor memory utilization errors.

so from this we can conclude that may be something from the host is going to internet. virus?? I am not sure.

A thorough scan is remaining.

mastedarq · ‎10-01-2009

For Your own knowledge I suggest to build a simple lab, connect this suspicious host and try to monitor the traffic with for example Wireshark. If this situation repeat You should see in Wireshark what the traffic was transfered during occurance of the router crash.

jvalin__s · ‎10-01-2009

well even the tac case guys are saying that it could be a worm or virus issue because of which the processor utilization is goin high.

and immediately after removing that host the network became perfectly ok.

sschulak · ‎10-02-2009

Can you post

"show stacks"

"show mem stat his"

just post the last graph in show mem stat his.

Also enable ip route-cache flow on GigabitEthernet0/1

and post a "show ip cache flow | i Null" prior to crash.

also "show ip cache flow" during the cpu spike

Also post "show proc cpu | e 0.00 prior to crash.

thanks