cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2432
Views
0
Helpful
10
Replies

877 and 887 frequently drop LAN for 8 seconds?

jimwillsher
Level 1
Level 1

Hello all

I have a strange but really annoying problem with my C877. I have swapped it with another 877 and the problem persists, and I've also tried an 887VA with a comparable config and the same problem happens there too.

5 or 6 times each day the LAN drops. This means I lose VPN connections on any of the computers on the LAN, web pages time out, etc. it happens every day.

I have swapped routers, swapped switches, tried various 12.4 versions and various 15.x versions, on 877 and 887VA routers.

 

If I have a continuous ping (ping -t x.x.x.x) from a PC on the LAN to google's DNS servers (8.8.8.8) I see this:

Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 8.8.8.8: bytes=32 time=34ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=34ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=34ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47
Reply from 8.8.8.8: bytes=32 time=33ms TTL=47

 

I get this whichever PC I do the ping from. I've also changed network switches so I know it's not the switch (continuous pings to other devices on the LAN always work correctly with no interruption).

When the problem happens, pings to the router (192.168.1.1) also fail:

Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 192.168.1.1: bytes=32 time=2ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255

 

But strangely, the internet connection is NOT dropping. I can prove that in two ways. Firstly, a continuous ping from a remote site back to this router across the WAN never drops:

Reply from 11.22.33.444: bytes=32 time=44ms TTL=251
Reply from 11.22.33.444: bytes=32 time=43ms TTL=251
Reply from 11.22.33.444: bytes=32 time=44ms TTL=251
Reply from 11.22.33.444: bytes=32 time=62ms TTL=251
Reply from 11.22.33.444: bytes=32 time=43ms TTL=251
Reply from 11.22.33.444: bytes=32 time=45ms TTL=251
Reply from 11.22.33.444: bytes=32 time=157ms TTL=251
Reply from 11.22.33.444: bytes=32 time=76ms TTL=251
Reply from 11.22.33.444: bytes=32 time=60ms TTL=251
Reply from 11.22.33.444: bytes=32 time=43ms TTL=251
Reply from 11.22.33.444: bytes=32 time=42ms TTL=251
Reply from 11.22.33.444: bytes=32 time=46ms TTL=251
Reply from 11.22.33.444: bytes=32 time=44ms TTL=251
Reply from 11.22.33.444: bytes=32 time=48ms TTL=251
Reply from 11.22.33.444: bytes=32 time=43ms TTL=251
Reply from 11.22.33.444: bytes=32 time=43ms TTL=251
Reply from 11.22.33.444: bytes=32 time=43ms TTL=251

 

Also, sh caller shows that the WAN didn't drop:

 

Cisco877#sh caller
                                                  Active    Idle
  Line           User               Service       Time      Time
  vty 2          root               VTY           00:09:46  00:00:00
  Vi3            <unknown phone number> \
                                    PPPoATM       5d17h     00:00:08
Cisco877#

 

 

I'm at a complete loss. Can anyone help please? Either to sggest the cause or to suggest appropriate diagnostics steps.

 

 

Here's my config:


!
! Last configuration change at 12:34:24 GMT Tue Nov 25 2014 by root
! NVRAM config last updated at 21:11:24 GMT Sat Nov 22 2014 by root
!
version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service internal
!
hostname Cisco877
!
boot-start-marker
boot system flash:c870-advipservicesk9-mz.124-24.T4.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 16386
logging rate-limit 100 except warnings
no logging console
no logging monitor
enable secret
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
!
!
aaa session-id common
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
clock save interval 12
!
!
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip domain name xxx.local
ip inspect log drop-pkt
ip inspect name firewall tcp timeout 3600
ip inspect name firewall udp timeout 3600
login block-for 180 attempts 3 within 180
login on-failure log
login on-success log
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
!
!
!
object-group network og-L1-Allow-NTP
 description Allow NTP from these hosts
!
object-group network og-L1-Allow-SMTP
 description Allow outbound SMTP from these hosts
!
object-group network og-L1-BlockedIPs
 description Likely spam senders
!
object-group network og-L1-SwallowCottage
 description xx
!
object-group network og-L2-Allow-SSH
 description Allow SSH from these hosts
 192.168.1.0 255.255.255.0
!
object-group network og-LL-Allow-SNMP
 description Allow SNMP from these hosts
 192.168.1.0 255.255.255.0
!
username xxx password 7 xxx
!
!
!
archive
 log config
  hidekeys
!
!
ip ssh version 2
!
track 10 ip sla 10 reachability
 delay down 180 up 10
!
track 20 ip sla 20 reachability
 delay down 180 up 10
!
!
!
interface ATM0
 description ADSL Connection
 no ip address
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl noise-margin -3
 dsl bitswap both
 hold-queue 200 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1
 ip unnumbered Vlan1
 ip nat inside
 ip virtual-reassembly
 peer default ip address pool VPNPOOL
 no keepalive
 ppp encrypt mppe auto required
 ppp authentication ms-chap-v2
!
interface Vlan1
 description xxx LAN
 ip address 192.168.3.1 255.255.255.0 secondary
 ip address 192.168.1.1 255.255.255.0
 ip access-group acl-INT-IN in
 ip nat inside
 ip nat enable
 ip inspect firewall in
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 hold-queue 100 in
 hold-queue 100 out
!
interface Dialer0
 bandwidth inherit
 ip address negotiated
 ip access-group acl-EXT-IN in
 ip access-group acl-EXT-OUT out
 ip nbar protocol-discovery
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp header-compression iphc-format
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname xxxx
 ppp chap password 7 xxxx
 ppp ipcp dns request
 ppp ipcp wins request
 ip rtp header-compression iphc-format
!
interface Dialer1
 no ip address
 ip nbar protocol-discovery
!
ip local pool VPNPOOL 192.168.1.251 192.168.1.253
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
ip flow-cache timeout active 1
ip flow-export source Vlan1
ip flow-export version 9
ip flow-export destination 192.168.1.215 9996
!
ip dns server
no ip nat service sip udp port 5060
ip nat inside source static tcp 192.168.1.50 25 interface Dialer0 25
ip nat inside source static tcp 192.168.1.50 80 interface Dialer0 80
ip nat inside source static tcp 192.168.1.50 443 interface Dialer0 443
ip nat inside source static tcp 192.168.1.50 995 interface Dialer0 995
ip nat inside source static tcp 192.168.1.50 32025 interface Dialer0 32025
ip nat inside source static tcp 192.168.1.50 20 interface Dialer0 20
ip nat inside source static tcp 192.168.1.50 21 interface Dialer0 21
ip nat inside source list acl-NAT-Ranges interface Dialer0 overload
ip nat inside source static tcp 192.168.1.50 993 interface Dialer0 993
ip nat inside source static tcp 192.168.1.25 52984 interface Dialer0 52984
ip nat inside source static tcp 192.168.1.30 43000 interface Dialer0 43000
ip nat inside source static tcp 192.168.1.213 54321 interface Dialer0 54321
ip nat inside source static tcp 192.168.1.217 3395 interface Dialer0 3395
ip nat inside source static tcp 192.168.1.95 3391 interface Dialer0 3391
ip nat inside source static tcp 192.168.1.213 54322 interface Dialer0 54322
ip nat inside source static tcp 192.168.7.3 2222 interface Dialer0 26027
ip nat inside source static tcp 192.168.1.50 465 interface Dialer0 465
ip nat inside source static tcp 192.168.1.50 587 interface Dialer0 587
ip nat inside source static tcp 10.20.12.101 3396 interface Dialer0 3396
ip nat inside source static tcp 192.168.1.25 52985 interface Dialer0 52985
!
ip access-list standard acl-Allow-SNMP
 permit 192.168.1.0 0.0.0.255
 deny   any
ip access-list standard acl-NAT-Ranges
 remark Define NAT internal ranges
 permit 192.168.1.0 0.0.0.255
 permit 192.168.3.0 0.0.0.255
!
ip access-list extended acl-EXT-IN
 remark Inbound external interface
 remark The below set the rfc1918 private exclusions
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip any any fragments
 deny   tcp object-group og-L1-BlockedIPs any
 remark Allow established sessions back in
 permit tcp any any established
 permit tcp any any eq smtp log
 remark allow all HTTP traffic from everywhere
 permit tcp any any eq www
 permit udp object-group og-L1-Allow-NTP any eq ntp
 permit udp object-group og-LL-Allow-SNMP any eq snmp
 remark Allow selected SSH traffic and log all blocked SSH traffic
 permit tcp object-group og-L2-Allow-SSH any eq 22 log
 deny   tcp any any eq 22 log
 deny   udp object-group og-L1-BlockedIPs any
 permit tcp any any eq 26027
 remark Allow acces to AX4 VPC
 permit tcp any any eq 3391
 remark Allow acces to AX2012 RapidStart server
 permit tcp any any eq 3395
 permit tcp any any eq 3396
 permit tcp any any eq 443
 remark Allow IMAPs and POP3s
 permit tcp any any eq 993
 permit tcp any any eq 995
 remark Allow secondary SMTP connection
 permit tcp any any eq 32025
 permit tcp any any eq 465
 permit tcp any any eq 43000
 permit tcp any any eq 52985
 remark BNI development website
 permit tcp any any eq 54321
 permit tcp any any eq 54322
 remark FTP
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 remark Passive FTP ports matching vsftpd config
 permit tcp any any range 50000 50050
 remark Allow PPTP VPN connections
 permit tcp any any eq 1723
 permit gre any any
 remark General DNS stuff
 permit udp any eq domain any
 remark Standard acceptable icmp rules
 permit icmp any any echo
 permit icmp any any echo-reply
 permit icmp any any source-quench
 permit icmp any any packet-too-big
 permit icmp any any time-exceeded
 remark Block everything else
 deny   ip any any
ip access-list extended acl-EXT-OUT
 deny   ip any host 66.179.42.233
 permit ip any any
ip access-list extended acl-INT-IN
 permit tcp object-group og-L1-Allow-SMTP any eq smtp log
 deny   tcp any any eq smtp log
 deny   udp any host 239.255.255.250 eq 1900
 permit ip any any
ip access-list extended peak
 permit ip any any time-range peak
!
ip sla 10
 icmp-echo 8.8.8.8 source-interface Vlan1
 timeout 3000
 threshold 3000
 frequency 10
ip sla schedule 10 life forever start-time now
ip sla 20
 icmp-echo 208.67.222.222 source-interface Vlan1
 timeout 3000
 threshold 3000
 frequency 10
ip sla schedule 20 life forever start-time now
ip access-list logging interval 10
logging trap debugging
logging facility local6
logging 192.168.1.50
logging 192.168.1.215
dialer-list 1 protocol ip permit
!
!
!
!
snmp-server community xx RO
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 no modem enable
 transport output all
line aux 0
 transport output all
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 length 40
 width 160
 transport input ssh
 transport output all
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp master
ntp server 129.6.15.28
time-range off-peak
 periodic weekdays 0:00 to 8:59
 periodic weekdays 18:00 to 23:59
 periodic weekend 0:00 to 23:59
!
time-range peak
 periodic weekdays 9:00 to 17:59
!
event manager applet ema-ADSL-Down
 event tag PingDown1 track 10 state down
 event tag PingDown2 track 20 state down
 trigger
  correlate event PingDown1 and event PingDown2
 action 10 syslog msg "********** WARNING! ADSL Line Down! **********"
 action 20 reload
event manager applet ema-ADSL-Up
 event tag PingUp1 track 10 state up
 event tag PingUp2 track 20 state up
 trigger
  correlate event PingUp1 or event PingUp2
 action 10 syslog msg "********** ADSL Line UP **********"
!
end

 

 

 

Many thanks

 

 

 

Jim

 

 

 

 

 

10 Replies 10

NeilGouws
Level 1
Level 1

What does the eventlog say ?

 

Based on what you said, take one of your spare routers and just configure the lan interface, no other config.

Also run a continues ping to that interface from a LAN device, check if it also times out.

 

Could very well be something on the LAN that's causing the problem ... backups, huge filecopies ... ?

Thanks Neil. Could you clarify please, so that I run the right commands? My config has these commands:

 

logging buffered 16386
logging rate-limit 100 except warnings
no logging console
no logging monitor

 

if I issue a show log I only see commands related to packets dropped by the firewall:

 

Cisco877#sh log
Syslog logging: enabled (0 messages dropped, 5197 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

 

No Inactive Message Discriminator.


    Console logging: disabled
    Monitor logging: disabled
    Buffer logging:  level debugging, 83556 messages logged, xml disabled,
                     filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled
    Persistent logging: disabled

No active filter modules.

ESM: 0 messages dropped

    Trap logging: level debugging, 83560 message lines logged
        Logging to 192.168.1.50  (udp port 514,  audit disabled,
              authentication disabled, encryption disabled, link up),
              83560 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled
        Logging to 192.168.1.215  (udp port 514,  audit disabled,
              authentication disabled, encryption disabled, link up),
              83560 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled

Log Buffer (16386 bytes):
6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(39836) -> 82.71.3.59(25), 1 packet
Dec  4 16:53:00.673: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 11 packets
Dec  4 16:53:16.852: %FW-6-DROP_PKT: Dropping tcp session 88.97.49.242:52042 134.170.185.125:80  due to  RST inside current window with ip ident 28603 tcpflags 0x5014 seq.no 334908965 ack 2998717454
Dec  4 16:54:00.582: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(42918) -> 82.69.45.208(25), 1 packet
Dec  4 16:54:00.674: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 8 packets
Dec  4 16:54:13.409: %FW-6-DROP_PKT: Dropping tcp session 88.97.49.242:51990 216.58.208.32:443  due to  RST inside current window with ip ident 22062 tcpflags 0x5014 seq.no 888286696 ack 3966538452
Dec  4 16:55:03.072: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(50500) -> 82.69.47.116(25), 1 packet
Dec  4 16:55:26.285: %FW-6-DROP_PKT: Dropping tcp session 172.228.99.152:443 192.168.1.216:55816  due to  Stray Segment with ip ident 44301 tcpflags 0x5004 seq.no 3227290753 ack 0
Dec  4 16:55:56.947: %SEC-6-IPACCESSLOGP: list acl-EXT-IN denied tcp 103.41.124.60(9090) -> 88.97.49.242(22), 1 packet
Dec  4 16:56:00.672: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 35 packets
Dec  4 16:56:00.672: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(42904) -> 82.69.45.208(25), 4 packets
Dec  4 16:56:00.672: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(50479) -> 82.69.47.116(25), 4 packets
Dec  4 16:56:00.672: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(39826) -> 82.71.3.59(25), 4 packets
Dec  4 16:56:04.553: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(50506) -> 82.69.47.116(25), 1 packet
Dec  4 16:56:05.561: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(39853) -> 82.71.3.59(25), 1 packet
Dec  4 16:56:47.659: %FW-6-DROP_PKT: Dropping tcp session 23.63.99.218:80 192.168.1.205:52105  due to  SYN inside current window with ip ident 0 tcpflags 0x8012 seq.no 702035596 ack 4117363060
Dec  4 16:57:00.673: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(42909) -> 82.69.45.208(25), 5 packets
Dec  4 16:57:00.673: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(39831) -> 82.71.3.59(25), 4 packets
Dec  4 16:57:00.673: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(50484) -> 82.69.47.116(25), 2 packets
Dec  4 16:57:07.055: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(50512) -> 82.69.47.116(25), 1 packet
Dec  4 16:57:08.059: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(39859) -> 82.71.3.59(25), 1 packet
Dec  4 16:57:18.637: %FW-6-DROP_PKT: Dropping tcp session 173.194.67.95:443 192.168.1.205:52080  due to  Retransmitted Segment with Invalid Flags with ip ident 1251 tcpflags 0x5004 seq.no 1539574469 ack 0
Dec  4 16:57:40.310: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(48911) -> 50.63.202.104(25), 1 packet
Dec  4 16:57:49.176: %FW-6-DROP_PKT: Dropping tcp session 88.97.49.242:51778 82.69.10.202:3389  due to  RST inside current window with ip ident 6231 tcpflags 0x5014 seq.no 4097025617 ack 3869095260
Dec  4 16:58:00.671: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 3 packets
Dec  4 16:58:00.671: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(42914) -> 82.69.45.208(25), 4 packets
Dec  4 16:58:00.671: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(39836) -> 82.71.3.59(25), 4 packets
Dec  4 16:58:08.540: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(50522) -> 82.69.47.116(25), 1 packet

 

 

 

Jim

 

 

Add this to your config
(config)#logging buffered informational

 

then after the timeout check the log

Many thanks Neil, that's done and I'll report back.

 

Jim

Just a recommendation, presuming it's a managed switch aswell, it's a good practice

  • hardcode as access port
  • specify speed and duplex on the port
  • disable dtp

 

interface FastEthernet0
 switchport mode access

 speed 100

 duplex full

 switchport nonegotiate

 

 

It's really only used as an internet gateway, since Cisco cripple it with a 100Mb switch. So there's only one RJ45 connected, and that goes to a gigabit switch.

Very good suggestions though, thanks for that. What I'll do is capture the logging next time it happens, with no changes, and then set the interface settings that you've suggested and see what happens.

Thanks again

 

 

Jim

Here's the output after an occurrence that's just happened:

 

Cisco877#sh log
Syslog logging: enabled (0 messages dropped, 5197 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

 

No Inactive Message Discriminator.


    Console logging: disabled
    Monitor logging: disabled
    Buffer logging:  level informational, 662 messages logged, xml disabled,
                     filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled
    Persistent logging: disabled

No active filter modules.

ESM: 0 messages dropped

    Trap logging: level debugging, 84260 message lines logged
        Logging to 192.168.1.50  (udp port 514,  audit disabled,
              authentication disabled, encryption disabled, link up),
              84260 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled
        Logging to 192.168.1.215  (udp port 514,  audit disabled,
              authentication disabled, encryption disabled, link up),
              84260 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled

 

Log Buffer (4096 bytes):
4 20:19:44.162: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(51646) -> 82.69.47.116(25), 1 packet
Dec  4 20:19:48.187: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(40991) -> 82.71.3.59(25), 1 packet
Dec  4 20:19:52.272: %FW-6-DROP_PKT: Dropping tcp session 37.252.162.126:443 192.168.1.215:59448  due to  Stray Segment with ip ident 0 tcpflags 0x5004 seq.no 477919163 ack 0
Dec  4 20:20:00.598: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets
Dec  4 20:20:30.292: %FW-6-DROP_PKT: Dropping tcp session 217.163.21.35:443 192.168.1.215:59459  due to  Stray Segment with ip ident 0 tcpflags 0x5004 seq.no 707160579 ack 0
Dec  4 20:20:46.420: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(51651) -> 82.69.47.116(25), 1 packet
Dec  4 20:20:50.441: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(40996) -> 82.71.3.59(25), 1 packet
Dec  4 20:21:00.587: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets
Dec  4 20:21:02.291: %FW-6-DROP_PKT: Dropping tcp session 68.178.177.8:443 192.168.1.205:54274  due to  Retransmitted Segment with Invalid Flags with ip ident 0 tcpflags 0x5004 seq.no 1488467456 ack 2480886212
Dec  4 20:21:34.306: %FW-6-DROP_PKT: Dropping tcp session 23.195.50.110:443 192.168.1.215:59507  due to  SYN inside current window with ip ident 0 tcpflags 0x8012 seq.no 428093149 ack 2568338795
Dec  4 20:21:47.793: %SEC-6-IPACCESSLOGP: list acl-EXT-IN permitted tcp 138.128.146.20(47492) -> 88.97.49.242(25), 1 packet
Dec  4 20:21:52.698: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(44083) -> 82.69.45.208(25), 1 packet
Dec  4 20:22:00.580: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 15 packets
Dec  4 20:22:29.274: %FW-6-DROP_PKT: Dropping tcp session 23.195.50.110:443 192.168.1.215:59510  due to  SYN inside current window with ip ident 0 tcpflags 0x8012 seq.no 409166136 ack 2347211612
Dec  4 20:22:50.939: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(51663) -> 82.69.47.116(25), 1 packet
Dec  4 20:22:54.964: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(44088) -> 82.69.45.208(25), 1 packet
Dec  4 20:23:00.581: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 7 packets
Dec  4 20:23:10.823: %FW-6-DROP_PKT: Dropping tcp session 88.97.49.242:59351 216.58.208.34:443  due to  RST inside current window with ip ident 29949 tcpflags 0x5014 seq.no 1226830570 ack 3453581517
Dec  4 20:23:51.940: %FW-6-DROP_PKT: Dropping tcp session 23.195.63.139:80 192.168.1.215:59514  due to  Invalid Seq# with ip ident 59880 tcpflags 0x5011 seq.no 1084492278 ack 1444424189
Dec  4 20:24:00.582: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(40986) -> 82.71.3.59(25), 3 packets
Dec  4 20:24:00.582: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(44067) -> 82.69.45.208(25), 4 packets
Dec  4 20:24:00.582: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(51641) -> 82.69.47.116(25), 4 packets
Dec  4 20:24:22.023: %FW-6-DROP_PKT: Dropping tcp session 88.97.49.242:54347 179.60.192.49:443  due to  RST inside current window with ip ident 13779 tcpflags 0x5014 seq.no 1328697609 ack 1209108995
Dec  4 20:25:00.580: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(40991) -> 82.71.3.59(25), 3 packets
Dec  4 20:25:00.580: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(51646) -> 82.69.47.116(25), 4 packets
Dec  4 20:25:00.580: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(44072) -> 82.69.45.208(25), 3 packets
Dec  4 20:25:02.348: %FW-6-DROP_PKT: Dropping tcp session 88.97.49.242:59551 216.58.208.35:443  due to  RST inside current window with ip ident 2134 tcpflags 0x5014 seq.no 94686862 ack 3140316892
Dec  4 20:25:03.652: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(51673) -> 82.69.47.116(25), 1 packet
Dec  4 20:25:07.693: %SEC-6-IPACCESSLOGP: list acl-INT-IN permitted tcp 192.168.1.50(41018) -> 82.71.3.59(25), 1 packet

 

Nothing obvious that I can see :-(

 

Should I increase logging somehow?

 

 

Jim

Strange....I've had a second PC hooked up to the 877 directly, not going through our main switch, and it has had a ping -t running. When everything dropped earlier, pings from that PC did NOT drop.

 

I'm pretty confident it's not the switch; it's a TP-Link 24-port gigabit that replaced a Dell PowerConnect 16-port, and we had the same problem when that was in place.

I've swapped the connections on the 877 and will see what happens; it could be an issue specific to FE0.

 

Jim

Still no joy, and I've added speed settings to the ports:

 

interface FastEthernet0
 duplex full
 speed 100
!
interface FastEthernet1
 duplex full
 speed 100
!
interface FastEthernet2
 duplex full
 speed 100
!
interface FastEthernet3
 duplex full
 speed 100

 

I'm now connected to a different port on the Cisco and I've had a load of continuous pings running. When the problem occurs, pings to the router fail (and my PC-based connections drop) but pings to other devices on the LAN all succeed, as do pings from a remote site to the WAN IP. So it's definitely something on the LAN side of the router; not the PC, not the WAN side; not the switch.

Please help, I'm going nuts with this as it's causing a lot of embarrasment when Skype/Lync calls drop mid-call :-( I'm going to have to replace it with a Netgear at this rate.

Many thanks

 

Jim

I've done a confreg reload of everything and...so far....it seems to be working.....

Many thanks


Jim

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: