cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1842
Views
0
Helpful
6
Replies
Highlighted
Beginner

IP_VFR-3-COALESCE_ERROR on 867VAE

Hey!

We keep getting these log messages:

%IP_VFR-3-COALESCE_ERROR: Unable to coalesce fragments arriving through Vlan1 - datagram 1898 bytes is too big. UDP packet 192.168.200.100:53 -> 31.222.xxx.xx:53 has ident: 21511 flags:0x0 and 2 fragments

Packet size varies between 1800 - 3800. 192.168.200.100 is our internal DNS server.

I see that it can have something to do with an older bugged IOS, but I just upgraded it to c860vae-ipbasek9-mz.153-2.T and still getting the error.

I've also seen a workaround out there to increase huge buffer size but it only fills all the buffers up then, max 16.

Also, as an additional side question:

There is a c860vae-advsecurityk9-mz.153-2.T.bin out for the 867VAE, but it just tells me:

%Warning: File not a valid executable for this system

The file is downloaded from different computers, same result. Checked for available space on flash: and it's good enough.

I'm attaching my running-config + show version in the same file.

Thankful for a reply!

Kind regards

Daniel

6 REPLIES 6
Highlighted
Beginner

Just had to add. We have problems with our Internet going down (at least DNS resolve) as well, and it does seem to correlate with these messages.

Highlighted
Cisco Employee

HI Daniel,

Please give it a try with the below action plan.

Recommended Action Plan:

1. no ip virtual-reassembly
2.  Increase the max-reassembly and max-fragment size as per the values assigned below:
Router(config)# interface vlan 1
ip virtual-reassembly [max-reassemblies number] [max-fragments number]

Let me know if this helps.

Regards

Inayath

Highlighted

I'll give it a try over the day and report back, thanks

Highlighted

Ok, I set:

buffers huge size 30000 (just a high figure for the sake of it)

no ip virtual-reassembly

ip virtual-reassembly max-reassemblies 64

Still getting the same error message - unable to coalesce....

I know that it's big because it's probably DNSSEC, but why do I get an error from it.... ugh.

Highlighted
Hall of Fame Expert

Hi.

Looking at your config I see:

ip nat inside source list 1 interface ATM0.1 overload

The inside interface should be vlan 1

ip nat inside source list 1 interface vlan1 overload

HTH

Highlighted

Are you sure? If I use "ip nat inside source list 1 interface vlan1 overload" the Internet doesn't work. All guides I've read says that the ATM interface should have this command attached to it for NAT to work.

Content for Community-Ad