What does the eventlog say ?

jimwillsher · ‎12-04-2014

Hello all

I have a strange but really annoying problem with my C877. I have swapped it with another 877 and the problem persists, and I've also tried an 887VA with a comparable config and the same problem happens there too.

5 or 6 times each day the LAN drops. This means I lose VPN connections on any of the computers on the LAN, web pages time out, etc. it happens every day.

I have swapped routers, swapped switches, tried various 12.4 versions and various 15.x versions, on 877 and 887VA routers.

If I have a continuous ping (ping -t x.x.x.x) from a PC on the LAN to google's DNS servers (8.8.8.8) I see this:

Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 8.8.8.8: bytes=32 time=34ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=34ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=34ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47

I get this whichever PC I do the ping from. I've also changed network switches so I know it's not the switch (continuous pings to other devices on the LAN always work correctly with no interruption).

When the problem happens, pings to the router (192.168.1.1) also fail:

Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 192.168.1.1: bytes=32 time=2ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255

But strangely, the internet connection is NOT dropping. I can prove that in two ways. Firstly, a continuous ping from a remote site back to this router across the WAN never drops:

Reply from 11.22.33.444: bytes=32 time=44ms TTL=251
Reply from 11.22.33.444: bytes=32 time=43ms TTL=251
Reply from 11.22.33.444: bytes=32 time=44ms TTL=251
Reply from 11.22.33.444: bytes=32 time=62ms TTL=251
Reply from 11.22.33.444: bytes=32 time=43ms TTL=251
Reply from 11.22.33.444: bytes=32 time=45ms TTL=251
Reply from 11.22.33.444: bytes=32 time=157ms TTL=251
Reply from 11.22.33.444: bytes=32 time=76ms TTL=251
Reply from 11.22.33.444: bytes=32 time=60ms TTL=251
Reply from 11.22.33.444: bytes=32 time=43ms TTL=251
Reply from 11.22.33.444: bytes=32 time=42ms TTL=251
Reply from 11.22.33.444: bytes=32 time=46ms TTL=251
Reply from 11.22.33.444: bytes=32 time=44ms TTL=251
Reply from 11.22.33.444: bytes=32 time=48ms TTL=251
Reply from 11.22.33.444: bytes=32 time=43ms TTL=251
Reply from 11.22.33.444: bytes=32 time=43ms TTL=251
Reply from 11.22.33.444: bytes=32 time=43ms TTL=251

Also, sh caller shows that the WAN didn't drop:

Cisco877#sh caller
                                                  Active    Idle
Line           User               Service       Time      Time
vty 2          root               VTY           00:09:46 00:00:00
Vi3            <unknown phone number> \
                                    PPPoATM       5d17h     00:00:08
Cisco877#

I'm at a complete loss. Can anyone help please? Either to sggest the cause or to suggest appropriate diagnostics steps.

Here's my config:

!
! Last configuration change at 12:34:24 GMT Tue Nov 25 2014 by root
! NVRAM config last updated at 21:11:24 GMT Sat Nov 22 2014 by root
!
version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service internal
!
hostname Cisco877
!
boot-start-marker
boot system flash:c870-advipservicesk9-mz.124-24.T4.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 16386
logging rate-limit 100 except warnings
no logging console
no logging monitor
enable secret
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
!
!
aaa session-id common
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
clock save interval 12
!
!
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip domain name xxx.local
ip inspect log drop-pkt
ip inspect name firewall tcp timeout 3600
ip inspect name firewall udp timeout 3600
login block-for 180 attempts 3 within 180
login on-failure log
login on-success log
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
object-group network og-L1-Allow-NTP
description Allow NTP from these hosts
!
object-group network og-L1-Allow-SMTP
description Allow outbound SMTP from these hosts
!
object-group network og-L1-BlockedIPs
description Likely spam senders
!
object-group network og-L1-SwallowCottage
description xx
!
object-group network og-L2-Allow-SSH
description Allow SSH from these hosts
192.168.1.0 255.255.255.0
!
object-group network og-LL-Allow-SNMP
description Allow SNMP from these hosts
192.168.1.0 255.255.255.0
!
username xxx password 7 xxx
!
!
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
track 10 ip sla 10 reachability
delay down 180 up 10
!
track 20 ip sla 20 reachability
delay down 180 up 10
!
!
!
interface ATM0
description ADSL Connection
no ip address
ip nbar protocol-discovery
ip flow ingress
ip flow egress
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl noise-margin -3
dsl bitswap both
hold-queue 200 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1
ip unnumbered Vlan1
ip nat inside
ip virtual-reassembly
peer default ip address pool VPNPOOL
no keepalive
ppp encrypt mppe auto required
ppp authentication ms-chap-v2
!
interface Vlan1
description xxx LAN
ip address 192.168.3.1 255.255.255.0 secondary
ip address 192.168.1.1 255.255.255.0
ip access-group acl-INT-IN in
ip nat inside
ip nat enable
ip inspect firewall in
ip virtual-reassembly
ip tcp adjust-mss 1452
hold-queue 100 in
hold-queue 100 out
!
interface Dialer0
bandwidth inherit
ip address negotiated
ip access-group acl-EXT-IN in
ip access-group acl-EXT-OUT out
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp header-compression iphc-format
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap chap callin
ppp chap hostname xxxx
ppp chap password 7 xxxx
ppp ipcp dns request
ppp ipcp wins request
ip rtp header-compression iphc-format
!
interface Dialer1
no ip address
ip nbar protocol-discovery
!
ip local pool VPNPOOL 192.168.1.251 192.168.1.253
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
ip flow-cache timeout active 1
ip flow-export source Vlan1
ip flow-export version 9
ip flow-export destination 192.168.1.215 9996
!
ip dns server
no ip nat service sip udp port 5060
ip nat inside source static tcp 192.168.1.50 25 interface Dialer0 25
ip nat inside source static tcp 192.168.1.50 80 interface Dialer0 80
ip nat inside source static tcp 192.168.1.50 443 interface Dialer0 443
ip nat inside source static tcp 192.168.1.50 995 interface Dialer0 995
ip nat inside source static tcp 192.168.1.50 32025 interface Dialer0 32025
ip nat inside source static tcp 192.168.1.50 20 interface Dialer0 20
ip nat inside source static tcp 192.168.1.50 21 interface Dialer0 21
ip nat inside source list acl-NAT-Ranges interface Dialer0 overload
ip nat inside source static tcp 192.168.1.50 993 interface Dialer0 993
ip nat inside source static tcp 192.168.1.25 52984 interface Dialer0 52984
ip nat inside source static tcp 192.168.1.30 43000 interface Dialer0 43000
ip nat inside source static tcp 192.168.1.213 54321 interface Dialer0 54321
ip nat inside source static tcp 192.168.1.217 3395 interface Dialer0 3395
ip nat inside source static tcp 192.168.1.95 3391 interface Dialer0 3391
ip nat inside source static tcp 192.168.1.213 54322 interface Dialer0 54322
ip nat inside source static tcp 192.168.7.3 2222 interface Dialer0 26027
ip nat inside source static tcp 192.168.1.50 465 interface Dialer0 465
ip nat inside source static tcp 192.168.1.50 587 interface Dialer0 587
ip nat inside source static tcp 10.20.12.101 3396 interface Dialer0 3396
ip nat inside source static tcp 192.168.1.25 52985 interface Dialer0 52985
!
ip access-list standard acl-Allow-SNMP
permit 192.168.1.0 0.0.0.255
deny   any
ip access-list standard acl-NAT-Ranges
remark Define NAT internal ranges
permit 192.168.1.0 0.0.0.255
permit 192.168.3.0 0.0.0.255
!
ip access-list extended acl-EXT-IN
remark Inbound external interface
remark The below set the rfc1918 private exclusions
deny   ip 192.168.0.0 0.0.255.255 any
deny   ip 172.16.0.0 0.15.255.255 any
deny   ip 10.0.0.0 0.255.255.255 any
deny   ip any any fragments
deny   tcp object-group og-L1-BlockedIPs any
remark Allow established sessions back in
permit tcp any any established
permit tcp any any eq smtp log
remark allow all HTTP traffic from everywhere
permit tcp any any eq www
permit udp object-group og-L1-Allow-NTP any eq ntp
permit udp object-group og-LL-Allow-SNMP any eq snmp
remark Allow selected SSH traffic and log all blocked SSH traffic
permit tcp object-group og-L2-Allow-SSH any eq 22 log
deny   tcp any any eq 22 log
deny   udp object-group og-L1-BlockedIPs any
permit tcp any any eq 26027
remark Allow acces to AX4 VPC
permit tcp any any eq 3391
remark Allow acces to AX2012 RapidStart server
permit tcp any any eq 3395
permit tcp any any eq 3396
permit tcp any any eq 443
remark Allow IMAPs and POP3s
permit tcp any any eq 993
permit tcp any any eq 995
remark Allow secondary SMTP connection
permit tcp any any eq 32025
permit tcp any any eq 465
permit tcp any any eq 43000
permit tcp any any eq 52985
remark BNI development website
permit tcp any any eq 54321
permit tcp any any eq 54322
remark FTP
permit tcp any any eq ftp
permit tcp any any eq ftp-data
remark Passive FTP ports matching vsftpd config
permit tcp any any range 50000 50050
remark Allow PPTP VPN connections
permit tcp any any eq 1723
permit gre any any
remark General DNS stuff
permit udp any eq domain any
remark Standard acceptable icmp rules
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any source-quench
permit icmp any any packet-too-big
permit icmp any any time-exceeded
remark Block everything else
deny   ip any any
ip access-list extended acl-EXT-OUT
deny   ip any host 66.179.42.233
permit ip any any
ip access-list extended acl-INT-IN
permit tcp object-group og-L1-Allow-SMTP any eq smtp log
deny   tcp any any eq smtp log
deny   udp any host 239.255.255.250 eq 1900
permit ip any any
ip access-list extended peak
permit ip any any time-range peak
!
ip sla 10
icmp-echo 8.8.8.8 source-interface Vlan1
timeout 3000
threshold 3000
frequency 10
ip sla schedule 10 life forever start-time now
ip sla 20
icmp-echo 208.67.222.222 source-interface Vlan1
timeout 3000
threshold 3000
frequency 10
ip sla schedule 20 life forever start-time now
ip access-list logging interval 10
logging trap debugging
logging facility local6
logging 192.168.1.50
logging 192.168.1.215
dialer-list 1 protocol ip permit
!
!
!
!
snmp-server community xx RO
!
control-plane
!
!
line con 0
exec-timeout 0 0
no modem enable
transport output all
line aux 0
transport output all
line vty 0 4
exec-timeout 0 0
privilege level 15
length 40
width 160
transport input ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp master
ntp server 129.6.15.28
time-range off-peak
periodic weekdays 0:00 to 8:59
periodic weekdays 18:00 to 23:59
periodic weekend 0:00 to 23:59
!
time-range peak
periodic weekdays 9:00 to 17:59
!
event manager applet ema-ADSL-Down
event tag PingDown1 track 10 state down
event tag PingDown2 track 20 state down
trigger
correlate event PingDown1 and event PingDown2
action 10 syslog msg "********** WARNING! ADSL Line Down! **********"
action 20 reload
event manager applet ema-ADSL-Up
event tag PingUp1 track 10 state up
event tag PingUp2 track 20 state up
trigger
correlate event PingUp1 or event PingUp2
action 10 syslog msg "********** ADSL Line UP **********"
!
end

Many thanks

Jim

NeilGouws · ‎12-04-2014

What does the eventlog say ?

Based on what you said, take one of your spare routers and just configure the lan interface, no other config.

Also run a continues ping to that interface from a LAN device, check if it also times out.

Could very well be something on the LAN that's causing the problem ... backups, huge filecopies ... ?

jimwillsher · ‎12-04-2014

Thanks Neil. Could you clarify please, so that I run the right commands? My config has these commands:

logging buffered 16386
logging rate-limit 100 except warnings
no logging console
no logging monitor

if I issue a show log I only see commands related to packets dropped by the firewall:

Cisco877#sh log
Syslog logging: enabled (0 messages dropped, 5197 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: level debugging, 83556 messages logged, xml disabled,
                     filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled
    Persistent logging: disabled

No active filter modules.

ESM: 0 messages dropped

    Trap logging: level debugging, 83560 message lines logged
        Logging to 192.168.1.50 (udp port 514, audit disabled,
              authentication disabled, encryption disabled, link up),
              83560 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled
        Logging to 192.168.1.215 (udp port 514, audit disabled,
              authentication disabled, encryption disabled, link up),
              83560 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled

Log Buffer (16386 bytes):
6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(39836) -> 82.71.3.59(25), 1 packet
Dec 4 16:53:00.673: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 11 packets
Dec 4 16:53:16.852: %FW-6-DROP_PKT: Dropping tcp session 88.97.49.242:52042 134.170.185.125:80 due to RST inside current window with ip ident 28603 tcpflags 0x5014 seq.no 334908965 ack 2998717454
Dec 4 16:54:00.582: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(42918) -> 82.69.45.208(25), 1 packet
Dec 4 16:54:00.674: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 8 packets
Dec 4 16:54:13.409: %FW-6-DROP_PKT: Dropping tcp session 88.97.49.242:51990 216.58.208.32:443 due to RST inside current window with ip ident 22062 tcpflags 0x5014 seq.no 888286696 ack 3966538452
Dec 4 16:55:03.072: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(50500) -> 82.69.47.116(25), 1 packet
Dec 4 16:55:26.285: %FW-6-DROP_PKT: Dropping tcp session 172.228.99.152:443 192.168.1.216:55816 due to Stray Segment with ip ident 44301 tcpflags 0x5004 seq.no 3227290753 ack 0
Dec 4 16:55:56.947: %SEC-6-IPACCESSLOGP: list acl-EXT-IN denied tcp 103.41.124.60(9090) -> 88.97.49.242(22), 1 packet
Dec 4 16:56:00.672: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 35 packets
Dec 4 16:56:00.672: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(42904) -> 82.69.45.208(25), 4 packets
Dec 4 16:56:00.672: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(50479) -> 82.69.47.116(25), 4 packets
Dec 4 16:56:00.672: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(39826) -> 82.71.3.59(25), 4 packets
Dec 4 16:56:04.553: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(50506) -> 82.69.47.116(25), 1 packet
Dec 4 16:56:05.561: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(39853) -> 82.71.3.59(25), 1 packet
Dec 4 16:56:47.659: %FW-6-DROP_PKT: Dropping tcp session 23.63.99.218:80 192.168.1.205:52105 due to SYN inside current window with ip ident 0 tcpflags 0x8012 seq.no 702035596 ack 4117363060
Dec 4 16:57:00.673: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(42909) -> 82.69.45.208(25), 5 packets
Dec 4 16:57:00.673: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(39831) -> 82.71.3.59(25), 4 packets
Dec 4 16:57:00.673: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(50484) -> 82.69.47.116(25), 2 packets
Dec 4 16:57:07.055: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(50512) -> 82.69.47.116(25), 1 packet
Dec 4 16:57:08.059: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(39859) -> 82.71.3.59(25), 1 packet
Dec 4 16:57:18.637: %FW-6-DROP_PKT: Dropping tcp session 173.194.67.95:443 192.168.1.205:52080 due to Retransmitted Segment with Invalid Flags with ip ident 1251 tcpflags 0x5004 seq.no 1539574469 ack 0
Dec 4 16:57:40.310: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(48911) -> 50.63.202.104(25), 1 packet
Dec 4 16:57:49.176: %FW-6-DROP_PKT: Dropping tcp session 88.97.49.242:51778 82.69.10.202:3389 due to RST inside current window with ip ident 6231 tcpflags 0x5014 seq.no 4097025617 ack 3869095260
Dec 4 16:58:00.671: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 3 packets
Dec 4 16:58:00.671: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(42914) -> 82.69.45.208(25), 4 packets
Dec 4 16:58:00.671: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(39836) -> 82.71.3.59(25), 4 packets
Dec 4 16:58:08.540: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(50522) -> 82.69.47.116(25), 1 packet

Jim

NeilGouws · ‎12-04-2014

Add this to your config
(config)#logging buffered informational

then after the timeout check the log

jimwillsher · ‎12-04-2014

Many thanks Neil, that's done and I'll report back.

Jim

NeilGouws · ‎12-04-2014

Just a recommendation, presuming it's a managed switch aswell, it's a good practice

hardcode as access port
specify speed and duplex on the port
disable dtp

interface FastEthernet0
switchport mode access

speed 100

duplex full

switchport nonegotiate

jimwillsher · ‎12-04-2014

It's really only used as an internet gateway, since Cisco cripple it with a 100Mb switch. So there's only one RJ45 connected, and that goes to a gigabit switch.

Very good suggestions though, thanks for that. What I'll do is capture the logging next time it happens, with no changes, and then set the interface settings that you've suggested and see what happens.

Thanks again

Jim

jimwillsher · ‎12-04-2014

Here's the output after an occurrence that's just happened:

Cisco877#sh log
Syslog logging: enabled (0 messages dropped, 5197 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: level informational, 662 messages logged, xml disabled,
                     filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled
    Persistent logging: disabled

No active filter modules.

ESM: 0 messages dropped

    Trap logging: level debugging, 84260 message lines logged
        Logging to 192.168.1.50 (udp port 514, audit disabled,
              authentication disabled, encryption disabled, link up),
              84260 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled
        Logging to 192.168.1.215 (udp port 514, audit disabled,
              authentication disabled, encryption disabled, link up),
              84260 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled

Log Buffer (4096 bytes):
4 20:19:44.162: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(51646) -> 82.69.47.116(25), 1 packet
Dec 4 20:19:48.187: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(40991) -> 82.71.3.59(25), 1 packet
Dec 4 20:19:52.272: %FW-6-DROP_PKT: Dropping tcp session 37.252.162.126:443 192.168.1.215:59448 due to Stray Segment with ip ident 0 tcpflags 0x5004 seq.no 477919163 ack 0
Dec 4 20:20:00.598: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets
Dec 4 20:20:30.292: %FW-6-DROP_PKT: Dropping tcp session 217.163.21.35:443 192.168.1.215:59459 due to Stray Segment with ip ident 0 tcpflags 0x5004 seq.no 707160579 ack 0
Dec 4 20:20:46.420: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(51651) -> 82.69.47.116(25), 1 packet
Dec 4 20:20:50.441: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(40996) -> 82.71.3.59(25), 1 packet
Dec 4 20:21:00.587: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets
Dec 4 20:21:02.291: %FW-6-DROP_PKT: Dropping tcp session 68.178.177.8:443 192.168.1.205:54274 due to Retransmitted Segment with Invalid Flags with ip ident 0 tcpflags 0x5004 seq.no 1488467456 ack 2480886212
Dec 4 20:21:34.306: %FW-6-DROP_PKT: Dropping tcp session 23.195.50.110:443 192.168.1.215:59507 due to SYN inside current window with ip ident 0 tcpflags 0x8012 seq.no 428093149 ack 2568338795
Dec 4 20:21:47.793: %SEC-6-IPACCESSLOGP: list acl-EXT-IN permitted tcp 138.128.146.20(47492) -> 88.97.49.242(25), 1 packet
Dec 4 20:21:52.698: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(44083) -> 82.69.45.208(25), 1 packet
Dec 4 20:22:00.580: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 15 packets
Dec 4 20:22:29.274: %FW-6-DROP_PKT: Dropping tcp session 23.195.50.110:443 192.168.1.215:59510 due to SYN inside current window with ip ident 0 tcpflags 0x8012 seq.no 409166136 ack 2347211612
Dec 4 20:22:50.939: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(51663) -> 82.69.47.116(25), 1 packet
Dec 4 20:22:54.964: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(44088) -> 82.69.45.208(25), 1 packet
Dec 4 20:23:00.581: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 7 packets
Dec 4 20:23:10.823: %FW-6-DROP_PKT: Dropping tcp session 88.97.49.242:59351 216.58.208.34:443 due to RST inside current window with ip ident 29949 tcpflags 0x5014 seq.no 1226830570 ack 3453581517
Dec 4 20:23:51.940: %FW-6-DROP_PKT: Dropping tcp session 23.195.63.139:80 192.168.1.215:59514 due to Invalid Seq# with ip ident 59880 tcpflags 0x5011 seq.no 1084492278 ack 1444424189
Dec 4 20:24:00.582: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(40986) -> 82.71.3.59(25), 3 packets
Dec 4 20:24:00.582: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(44067) -> 82.69.45.208(25), 4 packets
Dec 4 20:24:00.582: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(51641) -> 82.69.47.116(25), 4 packets
Dec 4 20:24:22.023: %FW-6-DROP_PKT: Dropping tcp session 88.97.49.242:54347 179.60.192.49:443 due to RST inside current window with ip ident 13779 tcpflags 0x5014 seq.no 1328697609 ack 1209108995
Dec 4 20:25:00.580: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(40991) -> 82.71.3.59(25), 3 packets
Dec 4 20:25:00.580: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(51646) -> 82.69.47.116(25), 4 packets
Dec 4 20:25:00.580: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(44072) -> 82.69.45.208(25), 3 packets
Dec 4 20:25:02.348: %FW-6-DROP_PKT: Dropping tcp session 88.97.49.242:59551 216.58.208.35:443 due to RST inside current window with ip ident 2134 tcpflags 0x5014 seq.no 94686862 ack 3140316892
Dec 4 20:25:03.652: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(51673) -> 82.69.47.116(25), 1 packet
Dec 4 20:25:07.693: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(41018) -> 82.71.3.59(25), 1 packet

Nothing obvious that I can see :-(

Should I increase logging somehow?

Jim

jimwillsher · ‎12-05-2014

Strange....I've had a second PC hooked up to the 877 directly, not going through our main switch, and it has had a ping -t running. When everything dropped earlier, pings from that PC did NOT drop.

I'm pretty confident it's not the switch; it's a TP-Link 24-port gigabit that replaced a Dell PowerConnect 16-port, and we had the same problem when that was in place.

I've swapped the connections on the 877 and will see what happens; it could be an issue specific to FE0.

Jim

jimwillsher · ‎12-05-2014

Still no joy, and I've added speed settings to the ports:

interface FastEthernet0
duplex full
speed 100
!
interface FastEthernet1
duplex full
speed 100
!
interface FastEthernet2
duplex full
speed 100
!
interface FastEthernet3
duplex full
speed 100

I'm now connected to a different port on the Cisco and I've had a load of continuous pings running. When the problem occurs, pings to the router fail (and my PC-based connections drop) but pings to other devices on the LAN all succeed, as do pings from a remote site to the WAN IP. So it's definitely something on the LAN side of the router; not the PC, not the WAN side; not the switch.

Please help, I'm going nuts with this as it's causing a lot of embarrasment when Skype/Lync calls drop mid-call :-( I'm going to have to replace it with a Netgear at this rate.

Many thanks

Jim

jimwillsher · ‎12-07-2014

I've done a confreg reload of everything and...so far....it seems to be working.....

Many thanks

Jim

877 and 887 frequently drop LAN for 8 seconds?