07-22-2024 04:29 AM - edited 07-22-2024 05:47 AM
I noticed that users loose connectivity on the network, when I do a continuous ping to my gateway (router) it times out for a few seconds and this happens every few minutes. Initially I thought the switch connected to the router was the issue but when I plugged in my laptop directly to the lan interface on the router, I encountered the same issue. Pinging the vlan interface IP (172.20.20.1) while directly connected to the router on GigabitEthernet0/1/1, I experience intermittent timeouts every few minutes for a few seconds.
Below is the config on the Router. Router Model is Cisco C1111-8P
Any ides on resolving these issue will be greatly appreciated.
======================================================================
#show running-config
Building configuration...
Current configuration : 8262 bytes
!
! Last configuration change at 07:06:40 UTC Mon Jul 22 2024 by admin
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname OMN-AH-Router
!
boot-start-marker
boot-end-marker
!
!
logging console critical
enable secret
!
aaa new-model
!
!
!
!
!
!
!
!
aaa session-id common
call-home
contact-email-addr
no http secure server-identity-check
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
destination address email sch-smart-licensing@cisco.com
!
ip host tools.cisco.com 173.37.145.8
ip name-server 4.2.2.2 8.8.8.8
ip domain lookup recursive
ip domain lookup source-interface GigabitEthernet0/0/1
ip domain name cisco.com
ip dhcp excluded-address 172.20.20.2 172.20.20.70
!
ip dhcp pool New-Life-Pool
network 172.20.20.0 255.255.255.0
default-router 172.20.20.1
domain-name xxxxx.xxx.com
dns-server 8.8.8.8
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-2796154366
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2796154366
revocation-check none
rsakeypair TP-self-signed-2796154366
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check none
!
!
license udi pid C1111-8P sn FCZ243091KT
license accept end user agreement
license boot level securityk9
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
crypto isakmp keepalive 10 10
!
crypto ipsec security-association replay window-size 128
!
no crypto ipsec nat-transparency udp-encapsulation
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 172.27.27.254 255.255.255.0
shutdown
!
interface GigabitEthernet0/0/0
description CONNECTION-MDXI-LIFE
ip address 10.6.30.90 255.255.255.252
shutdown
negotiation auto
ip virtual-reassembly
!
interface GigabitEthernet0/0/1
description ***INTERNET***
mtu 1800
ip address 40.128.122.187 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet0/1/0
switchport access vlan 20
!
interface GigabitEthernet0/1/1
switchport access vlan 20
!
interface GigabitEthernet0/1/2
switchport access vlan 20
!
interface GigabitEthernet0/1/3
shutdown
!
interface GigabitEthernet0/1/4
shutdown
!
interface GigabitEthernet0/1/5
shutdown
!
interface GigabitEthernet0/1/6
shutdown
!
interface GigabitEthernet0/1/7
shutdown
!
interface Vlan1
no ip address
!
interface Vlan20
description CONNECTION-LAN
ip address 172.20.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan30
description CONNECTION TO DD
no ip address
shutdown
!
ip forward-protocol nd
ip http server
ip http secure-server
ip http client source-interface GigabitEthernet0/0/1
ip dns server
ip nat inside source list 10 interface GigabitEthernet0/0/1 overload
ip route 0.0.0.0 0.0.0.0 40.128.122.188
ip route 10.109.118.0 255.255.255.0 197.156.230.241
ip route 10.136.2.0 255.255.255.0 197.156.230.241
ip route 172.24.24.0 255.255.255.0 197.156.230.241
ip route 172.24.24.2 255.255.255.255 10.6.30.89
ip route 172.24.24.3 255.255.255.255 10.6.30.89
ip route 172.25.25.0 255.255.255.0 197.156.230.241
ip route 172.26.26.0 255.255.255.0 197.156.230.241
ip route 172.28.28.0 255.255.255.0 197.156.230.241
ip ssh version 2
!
!
logging trap debugging
access-list 10 permit 172.20.20.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
!
end
==================================================================================
#show ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 10.6.30.90 YES NVRAM administratively down down
GigabitEthernet0/0/1 40.128.122.187 YES NVRAM up up
GigabitEthernet0/1/0 unassigned YES unset down down
GigabitEthernet0/1/1 unassigned YES unset up up
GigabitEthernet0/1/2 unassigned YES unset down down
GigabitEthernet0/1/3 unassigned YES unset administratively down down
GigabitEthernet0/1/4 unassigned YES unset administratively down down
GigabitEthernet0/1/5 unassigned YES unset administratively down down
GigabitEthernet0/1/6 unassigned YES unset administratively down down
GigabitEthernet0/1/7 unassigned YES unset administratively down down
Loopback1 172.27.27.254 YES NVRAM administratively down down
Vlan1 unassigned YES unset up down
Vlan20 172.20.20.1 YES NVRAM up up
Vlan30 unassigned YES unset administratively down down
==================================================================================
#show ip interface vlan20
Vlan20 is up, line protocol is up
Internet address is 172.20.20.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing Common access list is not set
Outgoing access list is not set
Inbound Common access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
Associated unicast routing topologies:
Topology "base", operation state is UP
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Input features: Virtual Fragment Reassembly, MCI Check
Output features: NAT Inside
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled
07-22-2024 06:46 AM
Hello @ruffwise ,
hide your public IP address on gi0/0/1 this is a public forum ...
Hope to help
Giuseppe
07-22-2024 07:07 AM
Thanks @Giuseppe Larosa That is not my real public IP address... the public IP that is displayed is a random number....
07-22-2024 07:19 AM
I do not think it is related to your issue but I notice that your dhcp pool reserves a block of addresses but that the address of the vlan interface is not in the reserved block. You should change the reserved block to include the interface address.
When you notice one of these instances where there are timeouts, if you look at the logs are there any messages that might relate to the timeouts?
07-22-2024 07:34 AM
As I think about it some more I wonder if perhaps the interface address not being reserved might, in fact, be part of the issue. If the interface address is not reserved then some device in the subnet might try to use that address. And if there are 2 devices trying to use the same address then packets intended for the interface might be received by the other device.
The output of show arp might shed some light on this.
07-22-2024 09:55 AM
Below is the show arp information:
07-22-2024 07:46 AM
The router can have CoPP that drop some packets toward cpu and that normal
So to test do ping from laptop to laptop
MHM
07-22-2024 11:23 AM - edited 07-22-2024 11:31 AM
Once the time-out occurs on the router, Pinging any resource on the network always time-out... laptop to laptop result in time-out, pinging from a switch directly connected to the router results in a time-out as well
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide