CISCO 1841 Config issues: dropping connection to router

[siteseer]

Hello all bare with me I am new to cisco routers. I am a canadian working in the Philippines and the tech support down here is a zoo to say the least. So here is the situation.

This is a new setup

1 fiber line 2mb - Optix Metro 500
1 cisco 1841
1 DLINK Switch (no a smart switch)
20 computers (only 6-10 in use at one time)


Symptoms

- Start with one computer then cascades to the others cannot ping router inside interface. 192.168.0.1
- IP Conflicts on workstations after hours of use
- Cisco 1841 syslog reports the below several times every minute.
- Late collision on int fastethernet0/1 (interface to isp)
- Error: interface changed state to up (also on interface to isp)
- Cisco 1841 monitor reports several thousand output errors on the fastethernet0/1 interface
- CPU usage on router stays low 7-10%
- Everything runs perfectly even with reported error for approximately 10 hours

Configurations:

- The wiring was done before I got here and I just noticed that they used both A and B standards in the wiring.

- The a standard cat 5 cable is used to connect the 1841 to the optic device. is this correct?

- isp indicates the it is ok to set to the interface to their equipment to Auto Negotiate.

Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(15)T9, RELEASE
SOFTWARE (fc5)
Technical Support:

http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Tue 28-Apr-09 11:11 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

AltaOnline uptime is 1 minute
System returned to ROM by power-on
System image file is "flash:c1841-ipbase-mz.124-15.T9.bin"

Cisco 1841 (revision 7.0) with 115712K/15360K bytes of memory.
Processor board ID FHK1332762S
2 FastEthernet interfaces
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

AltaOnline#show stacks
Minimum process stacks:
Free/Size Name
5376/6000 SPAN Subsystem
2424/3000 config_verify
4368/6000 Auto Upgrade S
4928/6000 DIB error message
5344/6000 CDP Protocol
5420/6000 SASL MAIN
2140/12000 Init
5216/6000 RADIUS INITCONFIG
5360/6000 MOP Protocols
2236/3000 Rom Random Update Process

Interrupt level stacks:
Level Called Unused/Size Name
1 61 6204/9000 Network interfaces
2 15 8572/9000 DMA/Timer Interrupt
3 0 9000/9000 PA Management Int Handler
4 465 8548/9000 Console MPSC
5 0 9000/9000 External Interrupt
7 34451 8564/9000 NMI Interrupt Handler

AltaOnline#show config
Using 3684 out of 196600 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname AltaOnline
!
boot-start-marke
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$69vJ$eP09mJYo9T64iNeDbnqfz0
!
no aaa new-model
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
!
no ip bootp server
multilink bundle-name authenticated
!

!
ip tcp synwait-time 10
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
ip access-group sdm_fastethernet0/0_in in
ip access-group sdm_fastethernet0/0_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$
ip address 119.92.130.174 255.255.255.252
ip access-group sdm_fastethernet0/1_in in
ip access-group sdm_fastethernet0/1_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Fast
!
ip access-list extended sdm_fastethernet0/0_in
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_fastethernet0/0_out
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_fastethernet0/1_in
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_fastethernet0/1_out
remark SDM_ACL Category=1
permit ip any any
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0
no cdp run
!
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end

I know this isnt the most secure setup I will worry about that later.

Any help would be greatly appreciated.

 

[burtsbees]

Late collisions are the result of a duplex mismatch, so

"isp indicates the it is ok to set to the interface to their equipment to Auto Negotiate.
"

Wrong! Both sides need to be set---what is the ISP link? Is it 100MB or 10MB? Post a sh int fa0/1

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[VinceWhirlwind]

Extra to what Burts says, the next syslog line
"Error: interface changed state to up "
shows the link is flapping. The network I'm currently working on right now shows lots of collisions for brief periods when an interface comes up - the interface then seems to negotiate fine and work OK afterwards. (It does this with every combination of speed/duplex setting). In other words I think the link flap should be sorted out first.

The first problem mentioned -
"Start with one computer then cascades to the others cannot ping router inside interface. 192.168.0.1"
sounds very similar to something I've seen before on Nortel switches which was corrected by a firmware upgrade: the switch appeared to be "losing" ARP entries (or corrupting them) and individual machines were losing network connectivity even though the rest of the local devices were OK.
So the DLink sounds dodgy. Borrow another switch and see if this problem disappears. If it does you can tell them to buy a new switch.

 

[siteseer]

Thank you for the responses:

I dont know how helpful this would be I reset the power to connect to it and change the port to 100 full duplex as the ISP says their port is set to. which I question because the port on the 1841 drops to half duplex once everything comes up.

I will check the switch tomorrow night it is brand new. I do have another onsite I can test with.

FastEthernet0/1 is up, line protocol is up
Hardware is Gt96k FE, address is 0023.eb8f.bd15 (bia 0023.eb8f.bd15)
Description: $ES_WAN$$FW_OUTSIDE$
Internet address is 119.92.130.174/30
MTU 1500 bytes, BW 100000 Kbit/sec, D
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:43, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 1 packets/sec
5 minute output rate 0 bits/sec, 1 packets/sec
207 packets input, 15418 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
230 packets output, 16572 bytes, 0 underruns
0 output errors, 0 collisions, 5 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

 

[burtsbees]

You have a full duplex 100MBps interface! It would not be good to set the other side for 1/2 (which it is!)!

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[VinceWhirlwind]

The 1841 would drop to half duplex because the interface on the other side of the link is set to not negotiate.

Most non-cisco hardware is auto-negotiate AND auto-detect, but Cisco do not auto-detect, they simply fall back on half duplex if negotiation fails.

 

[siteseer]

Thank you for the replies. Any suggestions on how to resolve this the ISP is not good at all. I do not have access the the Metro device for config nor can I find documentation on it. We are starting to get busy and this is a real problem. If there is something I can do on the cisco side that would be great but I think the Metro needs adjustments.

Please advise.

 

[burtsbees]

Hardcode your side to 100/half (workaround). Then for these

Start with one computer then cascades to the others cannot ping router inside interface. 192.168.0.1
- IP Conflicts on workstations after hours of use

That may be a result of spanning-tree not being able to forward until 50 seconds, and you not being able to shut it off. You may want to consider static addressing.

See if these help.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[siteseer]

Thank you for the reply Burtsbees, I will give this a try. Since I am only working with 21 workstations I am not against static. I wish I had more time to learn about this stuff. It is difficult when you are managing an online school and restructuring a resort in a second world country.

Will keep you posted.

Thanks again.