Cisco WAN :: Errors And Timeouts On 2901 Running IPSLA Operations
Aug 29, 2012
We have recently put in a new 2901 router to be our IPSLA router and after adding 430 operations to it (215 ICMP and 215 UDP jitter) to cover off our state wide sites, it's reporting over half of them as timing out. Over the day, the timed out operations change so that our monitoring system shows the operations as down most of the time and up or warning state the rest of the time.
Some of the remote routers are reporting "SLA_FORMAT_FAIL" errors but I cannot find any references to this error.A ping from the router to the remote site router returns a ping time of 50ms or less and the network links are not conjested so QoS shouldn't be getting in the way. Our QoS policies would mark and prioritise the UDP jitter test traffic and the ICMP would be in the default class.
The 2901 is running 15.2(4)M1 and has 512MB RAM and 256MB flash. It's single homed into our core network switch. I've heard stories of 2900 series routers hosting 1000's of operations so I don't think we're taxing the router. CPU is sitting around 5% and memory is around 20%.
Below bits are for one set of operations.
*******************************************************************************************
End node we're targetting (2951 running 15.2(3)T):
DC204RT04#ping 172.16.37.192
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.37.192, timeout is 2 seconds:
I am having this issue with only one rack in the lab. The three routers (2911 , 1941, 2901) connect together through Smart Serial cables going to WIC-2T cards. In the configuration both serial connections going to the 1941 have the DCE.
When going to configure serial 0/0/1 I am allowed to apply a clockrate to it, however, I am kicked back an error saying that a clock rate can only be configured on DCE interface. They are both without a doubt the DCE end connecting to the WIC-2T interfaces. What could possibly cause this problem. Would SCTE or something with the auto clock-rates on the router create this problem.
I'm trying to run the ISM-VPN-29 in a 2901 router. Cisco says that the SECK9 and HSECK9 licenses are needed to operate this ISM. However, they also say that the HSECK9 license is not available on the 2901. I'm running the SECK9 license but it's still not working.
This link, table 5 states that the HSECK9 feature license is for 2921 and 2951 only:[URL]This link states that it is a requirement to run the card, and also that the card works on the 2901:[URL]
I have installed WCS 7.0 now i have installed Navigator on WCS server.Installation is completed.but when I check the status of WCS, it says "healthmonitor running with errors"any one knows what could be the problem and how much will that effect on WCS performance?
we use the latest LMS version (4.2.2). Under Monitor->Performance Settings->IPSLA->Devices i see all devices. When creating a IPSLA collector not all devices are listed in the source section but in the target section. Why is this happening?
I have a AIR-AP1121G-A-K9 running c1100-k9w7-tar.123-7.JA2 (Autonomous)We have monitoring setup with Orion NPM and we consistently see output errors, Transmit discards and big buffer errors The users at the site have not reporting any issues but was wondering how to prevent these or are these normal?What causes the output errors on Wireless Radio ? How to troubleshoot further ?
Radio0-802.11G Total Output Errors 0 47749 Small Buffer Misses 4 misses 139 misses
Is it possible to track a IPSLA operation and if it goes down track a static route which will be removed from EIGRP process. I have read through documentation and have come stuck. I have the below configured and have shown the features installed. How would I go about getting the below static route injected into EIGRP only if the IPSLA operation in ok?
I'm trying to connect to an SMTP server using telnet via putty. Not just well known domains such as bigstring, aol, gmail, hotmail etc but also endless amount of not known or not popular ones.The problem is that although nmap says that port 25 is open, I can not establish any connection to ANY SMTP server (it just timeouts).I have tried disabling my firewall and using a proxy, but it still doesn't connect and now I've ran out of ideas. I also tried to disable my avast as well as legally used ip switcher program to make sure the problem is totally independent from my ISP.
I am tyring to remotely diagnose a troublesome ASA5505
It is connecting via PPPOE and the original suscpicion was that the PPPOE was going down during heavy loads during the day, i.e 9am and lunchtime. I suspected MTU and have verified the MTU outside is set to 1492
However further troubleshooting doing a remote ping to the PPPOE address indicates that this does not drop at all.
When remoteley connected to the ASA my session dies and any outbound internet fails, then in a few minutes it comes back.
all the time the PPPOE line stays up?
One thought is that although the line does not go down it is being crippled with traffic and just getting so unresponsive it appears it has died.
Keep getting DHCP timeouts 169.254.x.x addressing. I think that the client laptop is not giving a response to the REQ from the DHCP server. Am I correct in my interpretation of the debug?
00:21:d7:93:f9:40 from Disassociated to Idle *apfReceiveTask: Jan 18 13:48:24.162: 58:94:6b:d0:41:08 0.0.0.0 DHCP_REQD (7) Deleted mobile LWAPP rule on AP [00:21:d7:93:f9:40] *apfReceiveTask: Jan 18 13:48:24.162: 58:94:6b:d0:41:08 Username entry deleted for mobile *apfReceiveTask: Jan 18 13:48:24.162: 58:94:6b:d0:41:08 apfMs1xStateDec *apfReceiveTask: Jan 18 13:48:24.162: 58:94:6b:d0:41:08 Deleting mobile on AP 00:21:d7:93:f9:40(0) *DHCP Proxy DTL Recv Task: Jan 18 13:48:37.073: 58:94:6b:d0:41:08 DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 29, encap 0xec03) *DHCP Proxy DTL Recv Task: Jan 18 13:48:37.073: 58:94:6b:d0:41:08 DHCP processing DHCP DISCOVER (1)
We recently got a 10 meg dedicated internet fiber connection installed. I connected it to a PIX 501 firewall and everything worked fine (I tested it for a couple of weeks). A couple of days ago I got a new ASA 5505 and replaced the PIX with this device. It works, but every so often there seems to be a timeout when surfing the web whereby I click on a link and there is up to a 45 second wait and then the page loads quickly. I was not getting this before on the PIX so I'm assuming it's not a latency issue with the connection. I am the only one using this connection on the network so it's not to say that it's being bogged down. I want to roll this out to the other users on the network but not when this is happening. The configuration is below:
I got a Problem on a customer which is using a Failover ASA 5510 pair with SSM-CSC-10-K9 modules.The clients have to connect to a webserver where they are doing some calculations.If they prepare everything and want to calculate everything what takes a couple of time the session is after about 3 minutes timedout.My first idea was to set session specific timeouts which are a bit longer then the normal but this setting did not work. I created a policy which did not work for me. How to set connection specific timeout's? [code]
I have a web cache server, and I redirect all the HTTP request to it using WCCP.
Everything works without a problem, however I have a monitoring system that every minute tests the access to some customer sites that are hosted inside our infra-strutcture.
As soon as I configured the WCCP the monitoring system complains of timeouts accessing those sites, about 20% of the requests start to fail (timeout).
I don't think it is the fault of the cache because in the WCCP ACL I exclude all traffic that comes from my monitoring system. However as soon as I turn of WCCP the monitoring system never ever gives timeouts accessing those sites.
Is there anything I should do in WCCP to tweak it? I have WCCP configured in my core gateway that is a CISCO 3750.
I have been having trouble with my DSL-2730B router. I am running a home network with a wired desktop connected via ethernet, two laptops, one desktop and three ipods connected wirelessly to the router.The problem is that at seemingly random times during the day the ability to connect to the internet is lost on all devices (wired or no). I also often lose the ability to connect to the router's homepage (settings) and upon inspection have found that when I ping the router I get time-outs (or sometimes destination host unreachable). This occurs on both wired and wireless at the same time and usually lasts anywhere from 10seconds to 10minutes at a time. I have reset the router numerous times including a reset via the web browser, unplugging the router and reconnecting and also have done a factory reset to attempt to solve the problem - all to no avail. As I am writing this I am using a different older router that so far (as of an hour) has not had the same issues.I should also mention that this happens regardless of which devices are currently on the network. I have had this problem with the wired-connection by itself and with my wireless laptop by itself.
Im running 8.3 on a 5505. We've got a few ssh tunnels originating from inside to some place on the internet. It seems these tunnels are closed every n minutes. I've seen two recommendations for altering the timeout values, and what I am interested in is infinite timeout (0) for these SSH tunnels.
Suggestion 1, alter timeout "conn". Default is 30 minutes, but I suspect this might have a negative impact because no inactive connections would be closed, ever. If it however is recommended to alter, how to set it to "0" (off/unlimited)? timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Suggestion 2, enable a ssh class map which explicitely set the timeout for the ssh connection. Is this recommended? How would I achieve unlimited time? And what about random-sequence-number disabled as seen below, is that really recommended?
class CLASS_MAP_SSH set connection random-sequence-number disable set connection timeout idle 48:00:00 reset set connection decrement-ttl
I have set up a new wireless network for a customer and they want to use the guest portal for som users.The problem that I am expering is that on a particular site with many small buildings user complains that they have to reauthenticate using the webportal when moving between the buildnings. I have tired extending the idle user timeout on that particular wlan in the cisco 5508, but I still having this problem.
I would actually like if the user login via the guestportal at the beginning of the work day and after say 4-5 hours they have to reautencitcate.And if they loose network connectivity (moving between buildings, iphone/andriod shutting down wifi adapter, etc) they shuld be fine connecting again because they have aldready authecnticated once during the last 4-5 hours.
Is this possible via the ISE?My second question deals with 2.4 and 5 Ghz band.I use AP groups on each of my distribution areas. All groups have the same SSID but diffrenet egress interfaces (interfaces groups). And in some of these I want to save the 5 GHz band for voice over wlan and in others i would like to use both bands.
Do I have to create diffrent wlan profiles with diffrent radio policys and same SSID or could I do this in the AP group settings using RF-profiles?
I have 30 switched in my corporate network it’s all up and running all switches running by default configuration and connected to WS-C4506 core switch our dhcp server pooling 192.168.100.1/27 network. Now we need to configure new Vlan for finance department this department has more than 200 users. If my server distributes 192.168.200.0 range ip can vlan2 automatically assign ip 200.0 addresses to finance department.All switches running default config no ip address assigned.
I need to replace an existing ASA 5540 with a new ASA 5525X. I would like to pre-stage and configure the new box with the existing config, migrate license and export certificate files before swapping it with the old one during a change window. The new firewall will run 9.1 on deployment. Now the same 7.2(4) cannot just be copied over to 5525X running the minimum 8.6 version. There is a Web based tool available at [URL] according to Cisco documentation but the page does not load for me (Cisco intranet only tool ?). Is there another tool for automatic conversion ?
I am constantly getting dropped and timeouts accross all of my devices this has been hapening for several months now I think ever since I upgraded to 1.0.04
It says no internet access when the wired computers have it fine. Android phones, windows 7 pc, and chromebook.
So I recently purchased an E4200 to replace my aging and slightly ailing DLink DIR-655 which as served me well for going on 5 years. The part of the DLink that was giving me the issues was the wireless, the routing and switching worked fine however.
I do quite a lot of streaming of media from my home machine outside my network through the internet. Most recently I've been using Kalemsoft Media Streamer on my HP Touchpad, however I've used Zumocast, Windows Live, Splashtop, and a few others. I havent yet tried my PPTP VPN through the router for an extended period of time to see if it reflects this issue as well though.
Since replacing my 655 with the E4200 I've started experiencing a timeout issue. It seems to be semi-consistant and only happens after time of unuse or extended use (I havent timed it yet to see if it always happens after the same amount of time though).
Basically what occurs is this:
I'll be watching some video or listening to audio streaming from my machine and after a period of time (usually a long period of time) it'll suddenly lose connection, requiring me to re-connect through the software, like the NAT translation is timing out or something.
How it USED to work is this: It'd basically work until I stopped streaming.
My setup:
AT&T Uverse set to DMZPlus aiming towards my E4200 WAN port (sitting directly in place of the 655 I used to have)
All machines on the network are gigabit. I have ports 7000 and 7001 open for Kalemsoft Media Streamer on the E4200 per the specifications of the software.
The software understands UPnP so I have nothing specific forwarded on my machine, but I didnt previously either.
Just recently we replaced our HQ Cisco-Pix with Cisco-ASA 5510. where we have many branches connecting to our HQ through site-to-site vpn.
Since putting this new ASA5510 at HQ , while we are getting a Remote-Desktop session into our branches clients, and at the time when even a single TIMEOUT occurs on the vpn-link so the remote-desktop session gets completly lost. then we have to re-connect the session.
This issue happens as i said above when a single timeout occurs on the vpn link. What is the issue with the ASA5510. because with pix we didnt have this issue, remote-desktops were never geting lost / reset with single timeout
From past few months, we keep getting Connection Timeout and Connection Failure error messages in our vendor application which connects to SQL Server 2005. Also Terminal Server 2003 keep disconnecting for every few hours.After several days of troubleshooting, we come to know that this Cisco ASA 5500 is not working properly. When I access the ASDM, it shows several warning messages.I know there is a setting option to configure TimeOut, but is there anyway to test and track the ASA 5500 regarding this Timeout issues?
I've got an aol engineer visiting Thurs.to examine connection loss (since last Weds). But I'm convinced the problem is with the router. But from the tone of the aol tech questions I suspect he's already briefed his engineer to do his best to represent the problem as being either with my computer or positioning of router/filters/condition of wall-sockets - usual getouts.The talktalk router is neww, issued Feb 12, after my original router, speedtouch, started suffering idle timeouts every day.
I have a 1-Port 3rd Gen Multiflex Trunk Voice/WAN Int. Card - T1/E1 in a 2901 that I want to configure for data only (T1 connection to the Internet)I don't see any options in the IOS for using this thing as a serial interface (data), only options for configuring PRI/ISDN.
I am trying to come up with a config for implementing QoS over a 512 kbps WAN link that will traverse voice and data traffic for now. I am using a Cisco 2901 router with 15.1(3)T IOS on it. my config is below
class-map match-any DATA-PRIORITY match protocol citrix match protocol sshclass-map match-any VOICE-CONTROL match protocol skinny match protocol mgcp match protocol h323class-map match-any VOICE match protocol rtp audio class-map match-any ANY match any [ code]...
THE ISSUE IS : when i add in the service-policy output WAN- QOS- POLICY command , i get the error " insufficient bandwidth 256kbps for bandwidth guarantee (180)". if i take out the " bandwidth 512 " command out then i get no issues adding the above command on interface g0/1
I have a Cisco ASA and a 2901 Cisco Router connected via site-to-site VPN. The ASA can ping over the VPN to computers behind the router, but the router can not always ping to computers in the ASA network. When i ping from a computer in the IOS router's 10.100.36.0 network the requests times out most the time; although every few minutes, i will get about 10 pings back, then stops working again.
I uploaded their two configurations.
The ASAs public IP is 20.20.20.5 and local (inside) network of 10.101.36.0/24 The IOS routers public IP is 20.20.20.10
There are many internal networks, but 10.100.36.0/24 is the one with issues.
I've got router as vpn-concentrator which receives vpn site-to-site connections from 10 branches with cisco 881 and cisco 1941.I started cacti monitoring and found out that there are too many errors on interfaces.URL.
I try to make a gre tunnel with 2 cisco routers 2901, ping responds between tunnel ip's ends, but I don't have pings from the pc's inside the networks. [code]
How do I disable fragmentation on a 2901 router? I want it to simply drop packets oversized packets.In my lab, I am trying to test various MTU issues. I'm trying to use a 2901 router to simulate the WAN equipment that my WAN provider would deploy in production. In production i'm expecting the WAN to only support an MTU of 1320 with no fragmentation at all.
