the router hangs when creating subinterface with ip or remov

Dr.X · ‎07-10-2012

hi ,

i have a cisco router 7206 ,

when i create subinterface with ip , the router hangs , and all interfaces are down ,

i just remove interface gi0/1 and plug it again , the problem is solved !!!!!!!

what is the relaiton between subinterfaces and hanging routers ????????

the problem occured when i configured subinterface on GI0/2 !!!!!!!

what is the reason ?????????

regards

=================

here is my config

=============

=======

Gateway#sh startup-config

Using 6917 out of 2095096 bytes

!

upgrade fpd auto

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Gateway

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable secret XXXXXX

!

no aaa new-model

ip source-route

ip wccp 80 redirect-list E1

ip wccp 90 redirect-list E2

ip cef

!

ip accounting-threshold 4294967295

no ipv6 cef

!

multilink bundle-name authenticated

!

username TTTT password TTTTTTTT

archive

log config

hidekeys

!

class-map match-any WEB_SENSTIVE

match protocol http mime "text*"

match protocol http mime "image*"

match protocol http mime "application/x-javascript"

match protocol http mime "application/javascript"

match protocol http mime "application/xml"

class-map match-all ICMP

match protocol icmp

class-map match-all P2P

match protocol bittorrent

match protocol kazaa2

match protocol fasttrack

match protocol gnutella

match protocol edonkey

class-map match-all BAD_USER1

match access-group name BAD_USER1

class-map match-all BUS

match access-group name BUS

class-map match-all VIP

match access-group name VIP

class-map match-any VIDEO

match protocol http mime "video*"

class-map match-any MANAGMENT

match protocol snmp

match protocol telnet

match protocol ssh

match protocol ospf

match protocol bgp

match protocol dns

!

policy-map BAD_USER

class BAD_USER1

police cir 4000000 bc 125000 be 125000

conform-action transmit

exceed-action drop

violate-action drop

class WEB_SENSTIVE

bandwidth percent 40

class ICMP

priority 1000

class MANAGMENT

bandwidth percent 4

class P2P

shape average percent 1

class VIDEO

bandwidth percent 40

class VIP

priority 6000

class class-default

policy-map TEST

class class-default

shape average 33000000

policy-map TEST2

class class-default

!

interface GigabitEthernet0/1

description LAN to BRAS

bandwidth 230000

ip address 10.160.150.2 255.255.255.0

ip wccp 80 redirect in

ip policy route-map CACHE-REDIRECT

load-interval 30

duplex auto

speed auto

media-type rj45

negotiation auto

!

interface FastEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/2

description Cache

bandwidth 150000

ip address XXXXXXXXXX

ip wccp redirect exclude in

load-interval 30

duplex auto

speed 1000

media-type rj45

negotiation auto

!

interface GigabitEthernet0/3

description Internet from XXXXXXl

bandwidth 230000

ip address XXXXX

ip wccp 90 redirect in

load-interval 30

duplex full

speed auto

media-type rj45

negotiation auto

!

interface GigabitEthernet0/3.11

description InternetXXXXXXl

encapsulation dot1Q 11

ip address XXXXX

ip wccp 90 redirect in

!

router bgp XXXXX

no synchronization

bgp log-neighbor-changes

network XXXX mask 255.255.254.0

network XXXX mask 255.255.255.0

network 1XXXX mask 255.255.255.128

network XXXXX mask 255.255.254.0

network XXXXX mask 255.255.252.0

network XXXX mask 255.255.252.0

network 1XXXXXXX.0 mask 255.255.252.0

redistribute connected

neighbor XXXXX remote-as XXXXX

neighbor XXXXX route-map XXXXout

neighbor XXXX remote-as XXX

neighbor XXXX route-map XXX out

no auto-summary

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 XXXX

ip route XXXXXX 255.255.254.0 10.160.150.1

ip route XXXX 255.255.255.128 10.160.150.1

ip route XXXXX 255.255.254.0 10.160.150.1

ip route XXXX 255.255.252.0 10.160.150.1

ip route XXXXX 255.255.252.0 10.160.150.1

ip route XXXXX0 255.255.252.0 10.160.150.1

no ip http server

no ip http secure-server

!

ip access-list extended BAD_USER1

permit ip any XXXX 0.0.0.3

permit ip any XXXX 0.0.0.15

permit ip any XXXX 0.0.0.31

permit ip any XXXXX0.0.0.7

ip access-list extended YYYY

permit ip XXX 0.0.1.255 any

ip access-list extended BUS

permit ip any XXXXX

ip access-list extended CACHE80

deny tcp any host XXXXXeq www

deny tcp host XXXXX any eq www

deny tcp any host 9XXXX eq www

permit tcp X5 any eq www

permit tcp XXXX any eq www

permit tcp XXXX5 any eq www

permit tcp XXXXX.255 any eq www

ip access-list extended CACHE90

permit tcp any XXXX0 0.0.0.255

permit tcp any XXXX8.0 0.0.3.255

permit tcp any 1XXX0 0.0.3.255

permit tcp any 1XXXX6.0 0.0.3.255

ip access-list extended XXXXX

permit ip XXXX0.0.1.255 any

permit ip 1XXXX.3.255 any

permit ip XXXX5 any

permit ip XXXXXXXXDMZ

permit ip any XXX

ip access-list extended VIP

permit ip any XXXXXX

ip access-list extended wireless

permit ip any XXXXXX!

!

ip prefix-list Y seq 5 permit XXXXX

ip prefix-list Y seq 10 permit XXXX

!

ip prefix-list Y seq 5 permit XXXX

ip prefix-list Y seq 10 permit XX

ip prefix-list YL seq 15 permit XXX

ip prefix-list YL seq 20 permit 1XXX

!

ip prefix-list2222 seq 5 permit XXXX

!

ip prefix-list22222 seq 5 permit XXXX

access-list 10 permit XXXX

access-list 100 permit ip host XXXXXX any

access-list 111 permit ip any XXXXX

!

route-map xxx permit 10

match ip address prefix-list PrefPALTEL

!

route-map XXX permit 10

match ip address prefix-list XXX

set as-path prepend XX 5XX5 5XX5 5X

!

route-map xx permit 20

match ip address prefix-list XXXX

!

route-map XXXX permit 10

match ip address prefix-list XXX

!

route-map XXXXpermit 10

match ip address prefix-list XXXX

set as-path prepend XXXXXX

!

route-map XXXX permit 20

match ip address prefix-list XXXX

!

route-map CACHE-REDIRECT permit 5

match ip address TO_DMZ

!

route-map CACHE-REDIRECT permit 10

match ip address 100

set ip next-hop XXXX

!

route-map CACHE-REDIRECT permit 20

match ip address XXX

set ip next-hop XXXXX!

route-map CACHE-REDIRECT permit 30

match ip address XXXX

set ip next-hop XXXXX

!

route-map CACHE-REDIRECT permit 100

!

snmp-server community Gateway RO

!

control-plane

!

dial-peer cor custom

!

line con 0

password XXXXXXXX

login

stopbits 1

line aux 0

stopbits 1

line vty 0 4

password XXXXXXXXX

login

!

end

Alessio Andreoli · ‎07-10-2012

Hi Ahmed,

would you be more specific on the IOS version? did you enable a logging debug level for undesrtanding what is going on?

something similar can happen when you create a p2p interface or a p2mp int and then your remove the config. The real configuration is not totally removed and this can impact on the new implementations.

Let us know because it is very curious!!!

Alessio

Dr.X · ‎07-10-2012

hi ,

i said that the router is hanged , which mean that i cant do anything except restarting the router by plugging the power off ,

the staranger thing is if i removed the cable of interface GI0/1 and return it , the router get natural and every thing is ok !!!!!!!!!!

an way , hers is the ios of my router

Gateway#sh version

Cisco IOS Software, 7200 Software (C7200P-ADVENTERPRISEK9-M), Version 12.4(24)T4, RELEASE SOFTWARE (fc2)

Technical Support:

http://www.cisco.com/techsupport

Compiled Fri 03-Sep-10 12:11 by prod_rel_team

ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)

BOOTLDR: Cisco IOS Software, 7200 Software (C7200P-KBOOT-M), Version 12.4(4)XD5, RELEASE SOFTWARE (fc1)

NS-Gateway uptime is 2 weeks, 2 days, 10 hours, 17 minutes

System returned to ROM by reload at 01:04:17 UTC Wed Dec 1 1999

System image file is "disk2:c7200p-adventerprisek9-mz.124-24.T4.bin"

Last reload reason: Reload Command

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com

.

Cisco 7206VXR (NPE-G2) processor (revision A) with 1966080K/65536K bytes of memory.

Processor board ID xxxxxxx

MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2

6 slot VXR midplane, Version 2.0

Last reset from power-on

PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points.

Current configuration on bus mb1 has a total of 0 bandwidth points.

This configuration is within the PCI bus capacity and is supported.

PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points.

Current configuration on bus mb2 has a total of 0 bandwidth points.

This configuration is within the PCI bus capacity and is supported.

Please refer to the following document "Cisco 7200 Series Port Adaptor

Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>

for c7200 bandwidth points oversubscription and usage guidelines.

1 FastEthernet interface

3 Gigabit Ethernet interfaces

2045K bytes of NVRAM.

250880K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes).

65536K bytes of Flash internal SIMM (Sector size 512K).

Configuration register is 0x2102

Edison Ortiz · ‎07-10-2012

What interface are you using to access the router?

If you are entering the router via the interface that is being modified, an interruption of services may be expected.

Can you also post the script containing the changes you are about to implement?

I don't see any subinterface configuration in the current config.

Dr.X · ‎07-10-2012

hi ,

im accessing the router from telnet by the interface gi0/1

====================================

i typed interface gi0/2.22

ip add xxxx

the router hanged and seemed as down

then i removed the cable of Gi0/1 and returned it,====>

evey thing became ok

====================

now i typed

no interface gi0/2.22 ====> the router hanged again

i dont want this problem to occur again and i have no chanes to test because it is a production network !!!

i cant try another onces , because all users will be down and lose internet ,

regards

Edison Ortiz · ‎07-10-2012

Try entering the encapsulation dot1q before entering the IP address.

Also, try connecting to it via Console and provide the logs.

paolo bevilacqua · ‎07-10-2012

Remove QoS, update IOS, try again.

Dr.X · ‎07-10-2012

hi ,

Paolo Bevilacqua

i want to ask , how QOS affect the ahnging of the router ????

is it logical that QOS hang the router ???

regards

Dr.X · ‎07-10-2012

hi ,

is this page relates to my issue ?

http://bugs.mysolvr.com/CSCek50380

it seems similar to my problem , but my ios is newer that the ios which has the problem !

regards

Dr.X · ‎07-11-2012

hi ,

can i run this config with my ios on GNS3 ??? and test the problem ???\

is it possible ???

regards

Edison Ortiz · ‎07-11-2012

GNS3 is useful for control plane related tasks but useless when it comes to data plane testing.

Your case is definitely related to a data plane behavior issue or a configuration/user error.

With that said, you have nothing to lose with GNS3, go right ahead.

Dr.X · ‎07-11-2012

i will try , but im wondering if it possible to emulate my config with GNS3 , because im facing errors !!!!!

Giuseppe Larosa · ‎07-12-2012

Hello Ahmed,

as noted by Edison when you configure a new subinterface you should first provide the encapsulation dot1q and then you should be able to configure an IP address.

The correct IOS behaviour, when attempting to configure an IP address on a new subinterface before configuring encapsulation, should be a warning message telling you to configure encapsulation first and the command should be just ignored.

I have seen this every time I missed to enter the encapsulation command.

I would suggest to follow the correct procedure in your next attempt.

I don't think you can emulate tne NPE-G2 on GNS3, and even it is possible the results are not meaningful

The case that you have found is triggered by the encapsulation command on an interface with policy map applied so it is a different matter.

Hope to help

Giuseppe

Dr.X · ‎07-12-2012

hi ,

i tried creating subintrface on Gi0/2 which does has any policy , u can see it from the above config ,

wondering if i entered ip before encapsultion on an interface , the router will hang !!!!

i think cisco has a bug like that !

i think this will be a big trouble cause im not able to emulate it !!!

regards

awaisku · ‎10-17-2024

Exactly same issue I am facing and unable to resolve. I have the same router 7206VXR with IOS version 12.4(15)T9. I am sure that this is not an encapsulation issue (as mentioned by Giuseppe Larosa) because even when I provide the encapsulation dot1q command before entering the ip address, issue still the same.

Sometimes the router also hangs when I remove the ip address on a sub-interface by giving command "no ip address x.x.x.x x.x.x.x".

The crazy thing is that not every time router hangs. Most of the time, router accepts and removes the ip address perfectly fine.

I am 90% sure that this is a software bug but still finding solution for it.

the router hangs when creating subinterface with ip or removing subinterface !!!