Re: NAT Malloc issues with IOS 12.2 on Cisco 828

manaccomal · ‎01-07-2007

I have an 828 router working nicely on a SHDSL 1.5/1.5 connection and providing NAT for browsing etc for a small LAN, and for that it seems to work fine. The problem arrises when I try publishing services with port forwarding.

Once I have enabled a port forward from the external dialer interface to an internal, the RAM seems to fill up with translation data and fragment to h3ll, and then everything malloc errors on me.

It's a basic (no extra RAM or Flash) 828, but I would have thought I'd be able to get some basic PAT rules working.

I've pasted a (slightly sanitized) config below. Can anyone spot any mayor errors? And is there anything I can add in to drop the memory errors. Mem errors look like;

-Process= "IP Input", ipl= 0, pid= 36

-Traceback= 80138AC4 8013AA64 8013419C 806AC9CC 806A2A84 806A35C0 8029CD94 8029D044 8029D1AC 8015DA38

03:12:34: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes failed from 0x80134198, alignment 0

Pool: Processor Free: 108776 Cause: Memory fragmentation

Alternate Pool: None Free: 0 Cause: No Alternate pool

Current configuration : 1836 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname FNNCLIENTCODE

!

logging queue-limit 100

enable secret xxx

enable password xxx

!

clock timezone pst 10

ip subnet-zero

no ip domain lookup

!

no ip bootp server

!

interface Ethernet0

description LAN

ip address 192.168.5.2 255.255.255.0

ip nat inside

no keepalive

no cdp enable

!

interface ATM0

no ip address

loopback

no atm ilmi-keepalive

dsl equipment-type CPE

dsl operating-mode GSHDSL symmetric annex B

dsl linerate AUTO

dsl snr threshold 15

!

interface ATM0.1 point-to-point

description Internet Network

pvc 1/34

ubr 1536

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

interface Dialer1

description Internet Network

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname xxx

ppp chap password xxx

!

ip nat inside source list 11 interface Dialer1 overload

ip nat inside source static tcp 192.168.5.200 38654 interface Dialer1 38654

ip nat inside source static tcp 192.168.5.200 38653 interface Dialer1 38653

ip nat inside source static tcp 192.168.5.200 38652 interface Dialer1 38652

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 192.168.2.0 255.255.255.0 192.168.5.60 #second internal LAN

no ip http server

!

access-list 11 permit 192.168.5.0 0.0.0.255

dialer-list 1 protocol ip permit

no cdp run

!

line con 0

exec-timeout 0 0

stopbits 1

line vty 0 4

exec-timeout 0 0

password xxx

login

!

scheduler max-task-time 5000

!

end

spremkumar · ‎01-07-2007

Hi

Can you post the output of show version so that the filename can be verified for possible bugs ?

regds

manaccomal · ‎01-07-2007

NP.

I should mention I got some similar messages with 12.3 before I'd put configuration details in. But this may have been due to a broken config that was pre-existing.

Cisco Internetwork Operating System Software

IOS (tm) C828 Software (C828-Y6-M), Version 12.2(13)ZH8, RELEASE SOFTWARE (fc1)

Synched to technology version 12.2(14.5)T

Technical Support: http://www.cisco.com/techsupport

Compiled Tue 13-Dec-05 23:35 by ealyon

Image text-base: 0x800131C0, data-base: 0x8070F284

ROM: System Bootstrap, Version 12.2(1r)XE2, RELEASE SOFTWARE (fc1)

ROM: C828 Software (C828-Y6-M), Version 12.2(13)ZH8, RELEASE SOFTWARE (fc1)

FNN1610265268 uptime is 2 days, 22 hours, 54 minutes

System returned to ROM by reload

System image file is "flash:c828-y6-mz.122-13.ZH8.bin"

CISCO C828 (MPC855T) processor (revision 0x201) with 15360K/1024K bytes of memor

y.

Processor board ID JAD0530031S (2956830557), with hardware revision 0000

CPU rev number 5

Bridging software.

1 Ethernet/IEEE 802.3 interface(s)

1 ATM network interface(s)

128K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash (Read/Write)

2048K bytes of processor board Web flash (Read/Write)

Configuration register is 0x2

spremkumar · ‎01-07-2007

Hi

I dont see any bugs related to your particular ios code but still would suggest to look for upgrading to a recent general deployment code in 12.3 Mainline.....

regds

manaccomal · ‎01-08-2007

Well, there seems to be some authentication issues with the website.

I can stay logged in on the forums, but when I go to the software downloads section, I log in and it seems I get logged out again.

Example:

Click the Login link in the top right.

Type in user/password.

Get the Successful login page.

10 Second redirect to a page that then promptly asks for my password and won't accept the password it just accepted, and then gives a 401 error.

Kinda frustrating.

This is after doing a password reset, and using both of the standard mainstream browsers.

manaccomal · ‎01-08-2007

Ah, it seems it's because I don't have access to the IOS Updates as a standard user.

How do I go about getting access to the IOS software?