!
Interface Gigabit 1/0/1
switch port encapsulation Dot1q
switch port mode trunk
storm-control broadcast level 20.5
storm-control action shutdown
!
Interface Gigabit 1/0/2
switch port encapsulation Dot1q
switch port mode trunk
storm-control broadcast level 20.5
storm-control action shutdown
!
Interface Gigabit 1/0/3
switch port encapsulation Dot1q
switch port mode trunk
storm-control broadcast level 20.5
storm-control action shutdown

!
Interface Gigabit 1/0/4
switch port encapsulation Dot1q
switch port mode trunk
storm-control broadcast level 20.5
storm-control action shutdown
!
Interface Gigabit 1/0/5
switch port encapsulation Dot1q
switch port mode trunk
storm-control broadcast level 20.5
storm-control action shutdown
!
Interface Gigabit 1/0/6
switch port encapsulation Dot1q
switch port mode trunk
storm-control broadcast level 20.5
storm-control action shutdown
!
Interface Gigabit 1/0/7
switch port encapsulation Dot1q
switch port mode trunk
storm-control broadcast level 20.5
storm-control action shutdown
!
VTP Mode:server
VTP domain:xx
VTP password:xx
!

We have approx. 100 users on LAN Ping to 4.2.2.2 and ping to google.com both works without drop Existing Topology ISP Modem (Bridge Mode) on GI 0/1 Cisco 3825 Router on GI 0/0WS-C3750G-24T-SDLINK Unmanaged switches (7 Numbers)LAN users connected through these unmanaged switches Troubleshooting done When I saw too many broadcast/multicast in LAN interface of Cisco router I created Router on stick and created VLAN (shown in attach config)and I removed all unmanaged DLINK switches with Cisco 3750G switches (for access also) and made them as VTP clientI was able to access internal resource as well as internet. However, after running for few hours, problem started again and LAN users were able to access local resources smoothly and was also able to ping internet, but could not browse any internet website. I also did tracert –d google.com (during the network outage) and tracert was complete I can see that packet is moving out of my router (10.0.0.1) but next IP is not same as my actual next hope IP (Example- My next hope IP address is 65.235.1.1 but tracert is showing IP as 67.238.51.3) Tracing route to google.com [XX.XX.XX.XX] over a maximum of 30 hops: 1 3 ms 2 ms 3 ms 10.0.0.1 2 41 ms 18 ms 39 ms 200.XX.XX.03 3 * * * Request timed out. 4 44 ms 21 ms 40 ms XX.XX.XX.XX 5 62 ms 38 ms 42 ms XX.XX.XX.XX Hope above information is sufficient to advise the root cause of issue

Hello,

 

the configs look ok as far as I can tell. You might want to remove 'ip virtual-reassembly' from the subinterfaces of the router and check if that makes a difference.

 

Also, post the output of:

 

show interfaces GigabitEthernet0/1

Well, what model of your ISP modem? As i understand your have bridge between your Cisco3825 and ISP device.

suggestion:
Apply this command in your cisco3825

no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache
Here you will find more information about this commands: https://learningnetwork.cisco.com/thread/33608

enable also "ip cef"
More information about cef: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipswitch_cef/configuration/15-s/isw-cef-15-s-book/isw-cef-enable-disable.html

Hello

Despite implementing all the commands suggested by you still no improvement.

 

attached is the output of some of the "SHOW" command taken during the network issue before restart of router

 

Any help would be greatly appreciated

 

Thanks

Manish Sharma 

Hello,

 

post your current running configuration with the changes you have implemented...

No other change expect for command suggested by you have been implemented
on inside (Gi0/0) and outside interface Gi(0/1) of router
Sh run int Gi0/0 and sh run int Gi0/1 has already been shown in the "SHOW"
command output file.

Please check, it include various other outputs like
Sh spanning-tree summary
Sh processes CPU sorted
Etc

Hello,

 

check if the problem persists if you remove the crypto map from the interface:

 

interface GigabitEthernet0/1
ip address XX.XX.XX.XX 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
--> no crypto map XX

 

Otherwise, since you say the problem occurs a while after rebooting the router, try and issue the commands below when it happens again:

 

clear ip nat translation *

clear crypto session

clear crypto sa map XX

Hello 

If I remove crypto from outside interface then my site to site and remote to site VPN will stop working. 

 

As asked by some one earlier ISP modem is Huawei HG630 which is a very low cost modem and run fine if I remove Cisco router and connect my switch directly to Modem and convert bridge mode to normal internet mode.  

 

Thanks

Manish 

secondly,  my problem get resolved temporarily if I restart my Cisco router. 

Example - everyone start their system on LAN at around 9:30 am and after I work they start complaining that they are unable to browse internet pages,  so after restart of router,  they are able to work as normal till next few hours and again we have to repeat the router restart process.  Everyday we are restarting router 6-8 times in 9 hour shift.  

 

Hope I have clearly mentioned by problem 

Hello,

 

sounds like some sort of memory leak...which IOS version are you running (show ver) ?

I have already replaced router with other router, earlier Cisco 2811/K9
was installed and I replaced that with Cisco3525/k9
So I suspect this should not be the issue