i am wanting to log dropped and oop packets on a c3825 isr with ios12.3(11)T3. on other routers(like a 2951 running 151-4.M2)i can state ip inspect log drop-pkt and it will log to buffer or syslog all dropped and oop packets. can i do this on this 3825 another way
View 1 RepliesI have a problem with the 6500 not exporting netflow data. They are not exported due to no fib.I have read somewhere that this has something to do with VRF. VRF are running on the router.ip flow ingress has been applied to desired ip int.Is there anything I could do to make it export netflow data?
VSS-core-XXX-rs1#sh ip flow export
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) xxx.xxx.83.253 (Unknown)
[code]....
On one of our N7K, we have some packets dropped by the COPP policy in the class-default class-map. Partial results of "show policy-map interface control-plane" not so long after clearing the counters : [code]
what traffic is dropped by the policy ? Is there any logging possible ?
I have 2 ASA 5510 firewalls at 2 different sites. Both running on version 8.0.4. Users are using an Instant Messaging type of application provided by a local telco here which is able to send and receive SMS using SIP (from the packet capture that I've done).
When users use the IM in site A, they are able to send and receive text messages via the IM from behind the firewall. However, when the users are in site B, users are able to send out text messages but not able to receive them.
I noticed that when I remove "inspect sip" from site-B's global policy map, users from site-B can successfully receive text messages. I have confirmed that it is the firewall that drops the packets as I have captured the inside and outside interfaces of site-B's ASA and I can see the incoming sip "request: MESSAGE" packet on the outside interface but I do not see the packet exiting the inside interface.
I have cross check both firewall configurations, and I do not see anything suspicious commands relating to sip that might cause this issue. Is there any command to troubleshoot why the sip inspection is dropping the sip packets on site-B?
I have a need to use a 3560 switch to terminate a provider's internet connection, but want to secure it so that it and the vlans connected to it are not wide open. At the same time, I'd like to use stateful packet inspection.
I have IOS 12.2(44)SE2, but IPBASE running on my 3560s. Is there an IOS (perhaps the ADVIPSERVICES of that version?) that allows a 3560 to use the 'ip inspect' command?
I am using WAP4410N access point to connect 5 computer to the network. Recently the wireless network is very bad; pakets are often being droped, very high reply times. I have upgraded to the latest firmware tried to change configuration with no use i even tried the default configuration. I assumed that there's interference. I tried another AP ( linksys one) and things seems to be okay. what would be the problem with AP?
View 4 Replies View RelatedI am truly struggling with the changes after 8.21. I am trying to get a VPN up between two sites. This is the B end, I am sure there are a bunch of problems in the other end too. Eg. the tunnel NAT does not have the right priority 1.when I establish the tunnel I get this:
3 Sep 01 2008 11:23:37 Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 1.
# packet-tracer input inside tcp 10.2.32.11 80 10.1.1.10 80
Phase: 1
Type: ACCESS-LIST
Subtype:
[code]....
I happen to noticed the FWSM was dropping packets at about 387 packets every 5 minutes. My outside FWSM is WAN facing and has a 1gig link (35% utilized) my inside facing has about 100 downstream switches to the closets. I do not see my 6509's back plane is being over utilized and my understanding of the FWSM show be go for 5 gig so it isn't oversubscribe. Why i am seeing packets dropped?
[Code] ......
I notice that I have TX Packets Dropped only under the wireless section.This occurs when the wireless network is not in use also.I have tried many different channels, almost all of them.Im using wpa2-tkip+aes, mixed g and n network, auto 20/40, wps disabled.I understand about wireless interference also.wireless devices dont seem to have any issues though, not dropping from network.I usually get 4000 wireless TX drops a day. LAN and WAN show No TX drops
View 11 Replies View RelatedOur Cisco ASA 5510 running 8.4(4)1 just started dropping packets and our AnyConnect clients are seeing horrible performance. The system is extremely slow compared to just a couple days ago.Nothing has changed on the system. I can post the configs if needed.
firewall# sho int
Interface Ethernet0/0 "outside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
Input flow control is unsupported, output flow control is off
Description: == WAN Interface ==
[code]....
I have done a "sho vpn-sessiondb detail svc" and I can see the dropped packets of the individual users, but cannot see why the packets are still dropping.how I can correct this and restore speeds?
I have a couple of Switches Blade 3120, working as active-standby model (HSRP) on a new site deployment. There are other 20 sites more or less, working on the same model, without issues. But in this one, we are seeing a high cpu usage. The traffic going through the platform is 600Mbps (on peaks), and in this case we have 40% of CPU usage. Traffic should be close to 3 Gbps. When we tried to send the whole traffic through the platform, active switch began to drop packets on the majority of interfaces.
When we analyze the CPU usage, there is a special process called "HL3U bkgrd proce" always have the most CPU use, but we do not know what concerns. We do not know if it is caused because there are PBRs configured. It should not matter. How I mentioned, there are other sites working fine and have had always the same PBR number.
What is causing the high usage?. Is there a special debug we could to perform to diagnose the issue?. Also, we have seen a high interrupt CPU usage (9% in this case).
bog-sib-INT-rtr-1#show processes cpu sorted 5sec
CPU utilization for five seconds: 30%/9%; one minute: 25%; five minutes: 23%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
[Code].....
I have a strange error on my home network that I cannot find a solution to.I have an Huawei SmartAX MT882 from TalkTalk acting as a modem connected to a D-Link DSL-G624T acting as a router/switch. Connected to the D-Link I have a Windows 7 Pro machine (64-bit, SP1) and an XP (home i think) machine (sp 2 i think).The SmartAX modem is set up to perform DHCP and DNS relaying and the D-Link has DHCP turned off and DNS relay turned off.The Win7 machine can access the network, get an IP address and access the internet without problems, regardless as to the status of the XP machine.The XP machine can access the network, get an IP address and access the internet with no problems ONLY of the win7 is powered up. When the win7 machine is off, the XP machine seems to drop about 25% of the ping packets between it and the D-Link router and has no internet access (because of this i assume). [code]
View 8 Replies View RelatedI have cisco WS-C2960S-48FPS-L stacked. Weekly twice, my PoE connections are dropped and when the device is restarted, everything starts working normal. This issue happens weekly once or twice. [code] I can see that there is a bug id : CSCtg86211 and no work around for it. Any updates received from Cisco TAC ?
View 7 Replies View RelatedI am configuring a Cat 2960 port for connecting a VOIP phone, authenticated by MAB. On connecting the phone, I get the port authenticated and assigned to the correct VLAN, with LLDP-MED advertising the correct voice vlan. However, I then see no traffic from the phone on the switch. I can see the MAC address of the phone is learned in the right VLANs, but the mac address is showing as "Drop", which normally means the address is statically configured to be blocked. There is no static mac address table blocking configured on the switch.
Switch Version
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 50 WS-C2960-48TC-L 15.0(1)SE3 C2960-LANBASEK9-M
Port configuration
interface FastEthernet0/1
description "Standard user port"
[code].....
I believe i've enable jumbo frames on our Nexus 7010, one in each data-centre.
system jumbomtu 9216. Also on the interfaces mtu 9216. And can see MTU 9216 bytes, BW 20000000 Kbit, DLY 10 usec on the port-channel between them. Though when i ping between vlans at each site with large packets i get 30% drops and if i set the DF bit in IP header to yes - 100% loss.
8798 bytes from 10.200.12.2: icmp_seq=19 ttl=254 time=8.024 ms --- 10.200.12.2 ping statistics ---20 packets transmitted, 14 packets received, 30.00% packet loss
We are having some issues between our (2) Windows 2003 Storage servers and Windows 7 client machines. The issue that is occuring is that the users indicate they temporarily loose network connection to their mapped drives on these servers. This may happen several times a day. The regional manager wants to say it's a network issue but I believe it's something b/t the server and workstation.I like to know if there are some additional parameters, debugging or configuration that might be recommended to perform on our (4) Cisco 3750G-48port POE switches (stacked) that would determine that it's not a network issue. I do not see any errors or collisions on the ports that the servers are connected nor am I seeing much of anything wrong with the user ports. There are only 3 vlans at this office, vlan 30=users, vlan 20=servers, vlan 40=mgmt.
View 7 Replies View Relatedi have issues logging into one of our core switches.its a 6509 switch but i cannot log in remotely.when i try to console in on the console port, i cannot log in instead i get the above error message.I haven't rebooted yet but would it solve the problem as this switch is a production switch.
View 6 Replies View RelatedAs above, I got a problem with C3750e, ios c3750e-universalk9-mz.122-58.SE1.bin, when send AF41 traffic passing through it. My topolygy is as following
WAN link <----------> G0/0/2.100 - ASR1002 - G0/0/5 <---------> G1/0/1 - C3750e - G1/0/3 <--------> G0/0/1 - ASR1004
On this C3750e, I turned on mls qos, trust dscp on both G1/0/1 and G1/0/3 and no else is configured. ASR1002 G0/0/2.100, i applied the CB shaping fror AF41 traffic.
C3750e#sh mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled
C3750e#sh mls qos int g1/0/3
GigabitEthernet1/0/3
trust state: trust dscp
[code]....
Then, from ASR1004, i send ICMP traffic with TOS set to AF41 (136) and i found out that
1. The traffic is dropped on c3750e
sh mls qos int g1/0/3 statistics
GigabitEthernet1/0/3 (All statistics are in packets)
30 - 34 : 63 63 48 86 1534
2. The traffic never get hit into AF41 class in ASR1002 ? Why C3750e dropped this AF41 traffic? and what can I do to fix it?
We have a customer who uses about 20 x c2960's switches for access layer and 2 x c3560e for distribution layer. C2960's uses C2960-LANLITEK9-M , Version 12.2(58)SE1. Everything was working fine. Now we got information, that sometimes there are problems with connectivity. Customer tries to reach internet.
SW11#sh int fa0/18
FastEthernet0/18 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is e8ba.806a.4412 (bia e8ba.806a.4412)
[Code].....
I am seeing packets being ignored on GigabitEthernet0/0, but can't find any reason what the reason can be for that. So far calculated that about 3% of the traffic is being ignored. If it was caused by shortage of input buffers, I would expect to see increasing counters somewhere at no_buffer, but that is not the case. The average txload and rxload on the router is low all times.
#sh int g0/0GigabitEthernet0/0 is up, line protocol is up Hardware is i82543 (Livengood), address is 0012.7f8a.8008 (bia 0012.7f8a.8008) Description: ;Link to NORISMP998 G5/2 Internet address is 151.175.19.102/30 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 2/255, rxload 2/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX output flow-control is XON, input flow-control is XON ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 8w2d Input queue: 0/75/522186/1117 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 11667000 bits/sec, 2319 packets/sec 5 minute output rate 9377000
[code]....
We have a 3750x 24s acting as a root switch for about 10 other 3750x's. Everything else seems fine, but the device stopped forwarding packets to the applied static route. [code]
View 3 Replies View Relatedrouter 7200 (12.2(33)SRE1)
two interfaces with traffic going through, placed in a Data-VRF
Another physical interface and loopback interface in the global routing-table.
ip flow ingress on all physical interfaces configured
It was running for at least a year: I was getting netflow packets on my analyzer from the box. Since a couple of weeks I get no netflow-packets anymore.debug ip flow export tells me "IPFLOW: Sending export pak to ... port 2055"
But the packet is not leaving the box. By setting up an ip sla monitor udp-echo I simulated some traffic (udp/2055) which is leaving the box.
[code]...
I have a stack of 2 C3750-switches (WS-C3750G-24TS-1U) with IPBASE-firmware (12.2(52)SE).
When I ping to a machine (in this case a virtual one), the replies are always received on the port where the machine is connected, but on the port-channel connecting to the stack of the 'pinging device' the reply comes only for certain initiators, and not for all.
Setting:
Gi1/0/6: Device/Server I want to connect too ; defined as access port
Gi1/0/25 + Gi2/0/25, as Port-Channel 1: The location of the devices I connect (read as: the uplink to the stack of the PC's), defined for Dot1Q-trunking
Monitoring setup: Source ports: Both: Gi 1/0/6, Po1 (or Po1 replaced by both interfaces)
For the machines which can ping the server I see 2 echo (ping) requests, followed by 2 echo (ping) replies ... So once seen on the Po1, and once seen on the interface Gi1/0/6.
However for other machines, the 2nd reply is missing ; which must be caused by the dropping of these packets in the switch. At least, I my opinion this must be the reason... But I can't see any (change of) output drops at int Po1, nor at Gi1/0/6. The CPU doesn't seem to have high usage, and even then, I don't think the error would be constant, as it's always failing for some PC's, and never for others... (at least for a certain time, a few hours it can be constant, the problem dissapears from time to time).
From everything I read it seems like DFC is for forwarding packets. When I hear packets I think of layer3. If my 6500s are just being used as a big layer2 only switch do I need a DFC? I am being told the 6500 looks at the layer 2 frame and the layer 3 patch header information before forwarding the frame. How true is this?
View 1 Replies View RelatedMy C6500 is having relatively high CPU (no spikes, but constantly)
I'm under the impression that cef is causing this problem because alot of packets are being processed or send to/from the CPU. [code]
I did a netdr and I can see that the majority of packets going to the CPU are packets for which I have an entry in the CEF table.What can be a reason why those packets don't get hardware switches?I'm running Version 12.2(33)SXH5 - Sup720-10G.
I am having trouble with my Cisco SG300 switch big time. I have two servers with IP addresses 10.17.0.11 and 10.17.0.29 sitting on the same switch which is a Cisco SG300. I initiate a file transfer from 10.17.0.11 to 10.17.0.29. I could see lots of Dup Acks and retransmissions which means something is wrong in the connection. Further, I could see the session initiation a bit bizarre. I could see two SYN packets sent from 10.17.0.11 to 10.17.0.29 and also two SYN ACK packets returned by 10.17.0.29. The switch forms part of a network but since both the servers are sitting on the same switch I suppose the rest of the network doesn't come into play when one server talks to the other.
See also the number of Dup Acks and retransmissions. The two switch ports connecting the servers have speed and duplex set to auto negotiate, flow control is enabled. What could cause this sort of problem?Could it be any setting on the switch or the servers' NICs?Or could it be a bad switch that causes this?
i have several cisco 6500 switches, and user switched connected to them.in my example i have a global service vlan, where some access ports are directly connected on the 6500, and this vlan is also allowed on the trunks to the access switch.
now i am connected with ma laptop on a access switch, where my port is in the same vlan. when i do a show mac address-table on my access port, i can see my own mac-address, nothing else.when i start wireshark to see the traffic, all i should see is traffic from or to my MAC, or broadcasts/multicasts.
But i can see other unicast traffic with different source/destination mac than mine.It seem slike these packets get broadcasted over the whole VLAN, but its no broadcast MAC nor IP.
on some of our ports on Nexu 5000 and on the connected FEX we can see a lot of Jumbo Packets though there is not enableed any JumboFrame on the Switch, all Interface and system MTU is set to 1500.
DBE-LINZ-XX41# sh int Eth113/1/27
Ethernet113/1/27 is up
Hardware: 100/1000 Ethernet, address: d0d0.fd1b.b69c (bia d0d0.fd1b.b69c)
[Code]....
I have a C3825, and have been using standard ACLs and a PBR to route certain HTTP traffic via an alternative default gateway:
route-map RTRMAP-OfficeLAN permit 10
match ip address RTRMAP-OfficeLAN-toADSL
set ip next-hop x.x.x.x
This is working absolutely fine, and as expected, all traffic matching the ACL is being sent to x.x.x.x However, we have recently expanded our network, and I am now receiving various networks via BGP from various sources. All BGP incoming via iBGP is tagged in communities:
Community (expanded) access list 100
permit 37xxx:100
Community (expanded) access list 200
permit 37xxx:200
Community (expanded) access list 300
permit 37xxx:300
[code].....
All communities are also matching prefixes when executing either 'sh ip bgp community 37xxx:100' or 'sh ip bgp community-list 100' What I am trying to achieve, is create an EXCEPTION for the policy route. Traffic matching the community lists, must be forwarded based on the routers routing table, whilst traffic maching the ACL, must be sent via the policy route...
route-map RTRMAP-OfficeLAN permit 5
match community 100 200 300 400 500
!
route-map RTRMAP-OfficeLAN permit 10
match ip address RTRMAP-OfficeLAN-toADSL
set ip next-hop x.x.x.x
My logic dictates to me that the above should work, but looking at the route-map, I get matches on seq 5 and pacets are exiting the route-map as expected (first matched). However no traffic that does NOT match community 100,200,300,400 or 500 and that DOES match the RTRMAP-OfficeLAN-toADSL never matches.
The counters on the route-map for seq 5 is increasing, but no counters are increasing at seq 10.. It's almost as if seq 5 is matching all traffic.
I have a requirement to monitor downstream data feed from a remote site and feed it to multiple destination devices for recording. The source data will be fed into a port on a Cisco 2960G switch then, using the monitor function, be forwarded to multiple interfaces. This works fine for normal Etherent II traffic. We tried a test using a device that generates IEEE 802.3 Raw packets ('type' field is used as a 'length' field) but found that while the traffic appeared to be accepted by the input port with no errors it was not forwarded to the destination ports, even when using the monitor function. I did try the 'encapsulation replicate' feature with no luck. It does not forward these packets even if I set all the ports into a common VLAN and let the switch just perform a normal switch function (non monitor).
if it is possible to get the IEEE 802.3 raw packets to pass through the switch and if it is, how to or what I need to do to make it work?
I have a switch that I have configured for jumbo packets, but they don't seem to be functioning. I have set system mtu jumbo 9000. The hosts are connected via 2x EtherChannel links. The hosts are jumbo frame enabled, and can ping their own local address using jumbo packets & do-not-fragment flags on the pings. They cannot, however, ping each other or the switch that way - it always says that the packet requires fragmentation. I know the attached machines (they're all VMs) and virtual switches support jumbos because I can ping within the virtual interfaces of the VMs. It's just traffic that goes over the switch that fragments.The switch is a WS-2960G-48TC. Here are the various outputs, with a section of config at the end.
hrnacancwtdevs3#show system mtu
System MTU size is 1500 bytes
System Jumbo MTU size is 9000 bytes
System Alternate MTU size is 1500 bytes
Routing MTU size is 1500 bytes
[code]....
SG-300 52 native VLAN blocking network packets
View 3 Replies View Related why the QoS deployment causes ports on 2960 switches to drop packets although there is no bandwidth contension? (output bit/second of the interface)packet drops at threshold 1, queue 2 ( queue 3 in config)
We are using Catalyst 2960 switches and are experiencing issues with QoS. After the QoS, we experience a lot of packet drops and it make the network slow. It appears that the slow performance relates to the egress queuing of each port.
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE5
WS-C2960-48TT-L
switch_06#show inter fa0/1 | in drops|queue|output
input flow-control is off, output flow-control is unsupported
Last input never, output 00:00:01, output hang never
[Code].....