Cisco 2500 issues

[accomp]

Hello everybody, I have a question.
I have a cisco router 2500, for 3 hours every day (10:00 am- 1:00 pm ) the router start to have problems with the transmision; If a run the ping command to the cisco between those hours the response time of the router is not good for example the time of response is <250 ms, <280 ms, >310 ms after those hours the time is <10 ms that is good.
I couldn't detected what is the problem or if some equipment is sending to much packets to the server and it has overflow memory problem.
If somebody have some ideas o suggestions about how can I make a tracking of all packets that is going in to the router and from where I will appreciate the help or if somebody have a suggestion about where can I find a log file that let me know why it happen.

Thank You Very much

 

[TravisM]

The show proc command may help you here. There may be a process that taking up a lot of memory, and that may help you locate it. Another quick and dirty step is to take a look at the switch and see if there is just a lot of network activity. Are some ports constantly lit? Maybe someone is making a lot of traffic.

Does this router do nat? Nat is a huge cpu hog, and a lot of natting will slow you to a crawl. What's this routers job? It it a router to the inet, or is it between two networks?

If you have physical access to the router you can try the debug command to see what's going on, but with those sort of ping times you won't want to try that over the network. Be very carefull with debugging, especially if it's doing nat... You can overload the processor.

 

[tschouten]

If you have a syslog you could try runnning an access-list with logging. I would suggest a permit all access-list. Or if you have a CEF enabled look at the network flow using the show commands. Like I said though, both methods put out a lot of information.

This would let you see the traffic that the router is processing. Not just the traffic on the network. Though I do suggest using a network analyzer as well. This way you may notice a trend in your network allowing you to narrow down what is happening.

 

[accomp]

Thank You for your help. The router is between 2 my internal lan and the internet connection. Is not working with NAT. I will review the show proc command.
Thank You again.

 

[Nettekkie1010]

The best way to see IP traffic from specific hosts is to place the command IP ACCOUNTING on the ethernet interface. Exit back to priv exec mode, wait a few, and from the command line enter, SH IP ACCOUNT. This will display active connections and bytes transferred. If a station is consuming resources during this period it will evidence itself in this list. Below is a sample of the output you can expect to see.

C1DC>sho ip account
Source Destination Packets Bytes
172.18.140.174 172.18.253.223 13 1821
10.15.1.49 172.18.206.69 30 3250
172.18.229.225 172.18.5.1 10 400

This has helped countless times in determining exactly who is the big talker, and you don't need a sniffer.

Haveaggodun!

 

[accomp]

Thank You very much for your great help everybody, I fixed the problem.
Greetings