Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

General Advice on 1721 performance

Status
Not open for further replies.
Saugilsr

Saugilsr

IS-IT--Management
Jan 18, 2005
108
IT
Im running a network for a school of close to 300 machines.
I have a 1721 router using nat to share the internet.

This has been running fine until this morning its been a little sluggish and my pings to the internal port of the router give > 1000ms response times which hasn't happened since we installed it a couple weeks ago.

My question is: Where do I start looking for the reason? Can the 1721 show which NAT translation is hogging the router? Are there some other stats I should be looking at on the router?

This happened once before on the old cheap linksys router but I traced that back to someone who snuck Bearshare on a computer.

Basically im just looking for my next troubleshooting step.
Any suggestions?
 
Sort by date Sort by votes
One of the machines could have obtained a virus and is flooding your NAT table with continuous entries.

Do a....

"show ip nat stat" and "show ip nat trans"

to see how many entries you have in your table and from where they are coming from.



When there are over 10,000 entries, your router's CPU starts taking a hit. When it gets to like 20,000 entries, your CPU will be at like 100%. Eventually your router will crash.

There are a number of solutions...

- Issue the "clear ip nat trans *" command to clear out the dynamic entries.
- Power cycle your router, which pretty much does the same as the previous option.
- Upgrade the router's software to the latest version.
- Implement an access list that will block specific NAT entries (unessessary ones) from occurring.
- Trace the machine that is bogging down your NAT table and troubleshoot the problem from there.


Hope that helps....
 
Upvote 0 Downvote
Look at the output of the "show process cpu" command, if it is high then you need to look at which process is causing the problem. Could it be you have a machine infected with malware and it is generating a lot of NAT translations? This could cause the CPU to go high and therefore slow your network. If you issue a "show ip nat translations" command you will see all of the translations on the router, from there you can single point the IP address that could be causing the problem. You can also decrease the NAT time outs so the translation slots are released faster. Use the commands:

ip nat translation tcp-timeout
ip nat translation udp-timeout

in order to decrease the timeouts for tcp and udp connections. You can also modify the timeouts on a per port basis.
 
Upvote 0 Downvote
Thanks for the advice.

As soon as I did a show translations I found one IP had pages and pages, and pages, and pages of translations. Cleared the cache and my pings went straight to < 1ms. Great.

Now to hut and kill that one machine.

Thanks again!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
351
CPM86
CPM86
testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
305
testman1
testman1
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
490
iggsterman
iggsterman
bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
276
bfordz
bfordz
serge9
  • Locked
  • Question
Cisco GUI on cme stop working
Replies
2
Views
355
serge9
serge9

Part and Inventory Search

Sponsor

Back
Top