Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Shaun E on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Router goes down at 9am

Status
Not open for further replies.
suedaisy

suedaisy

Technical User
May 30, 2002
88
US
I have an extremely strange issue that I have no idea where to even begin with.
We have a Cisco 2621 Router with a SonicWall firewall. Everyday at 9am, the Fast Ethernet 0/0 turns either administratively down or just becomes down, and of course we don't have any Internet, but the network still functions. The other Fast Ethernet is left untouched and stays on with no problems.
If I reboot the router (whilst unplugging the firewall and then replug) then it'll come back up for about 5 minutes and then it's down again. This will happen til 10:30am... and then the system stays up.
There's no access rules for any times on the firewall, and I haven't read about this capability in Cisco.
This doesnt happen during the weekend either, just Mon-Fri, and it began on Fri morning. The only change that was made was Wed when our router guy came out here and reconfigured like it was brand new out of the box, in order to put the firewall on.
I'm just really looking for a direction to begin with on how to fix this issue. The router guys said its a router problem and we need it replaced, but if this is the case, why is it so timely in going down and then coming back?
Any help is greatly appreciated.
 
Sort by date Sort by votes
Same time every day, only Monday to Friday? Call me a cynic, but I would get your ass in early, connect to the router and monitor remote connections from 9.00 onwards.



Andy Leates MCSE CCNA MCP+I
 
Upvote 0 Downvote
I'm here at 8am.. and I monitor everything via laptop connected to the router.. but how should i monitor remote connections? I thought I would do that through the firewall?
and yea it is Mon-Fri only.. same time everyday.
There's no error messages on the server either.. and all access rules are set to "always"
 
Upvote 0 Downvote
I think "Show Users" on the router will do you, just to see if anyone is making a remote connection. I would not be surprised if it was someone inside your network playing games, in which case your firewall logs will not help.

Andy Leates MCSE CCNA MCP+I
 
Upvote 0 Downvote
Definitely set up logging, at least "info" and higher and preferably to a remote syslog server.
 
Upvote 0 Downvote
Ironically enough it didn't happen today. Yesterday afternoon I cleaned all user computers with Ad-aware and Norton (although it scans automatically, I did it all manually), and I cleaned out all servers as well.
This morning my laptop was ready to go and connected to the router.. 9am came and went and we're still connected.
I'm also going to setup logging seeing how right now its not enabled.
Thanks everyone for your help!
 
Upvote 0 Downvote
I spoke too soon.. now it's 11am to 12:30pm. ARGH.
 
Upvote 0 Downvote
It could also be a power supply issue. If the router is on a UPS or powerstrip then I would move it to another one. And when the router restarts, are you still consoled in? if you are then you should see if it is givving any warnings on startup. I had a router that started doing that and opened a case with TAC. They sent me a new power supply, we replaced it and it hasn't been down since, that was over 5 months ago.

Just a thought of what the issue could be.

Burke
 
Upvote 0 Downvote
After much hair pulling we have finally resolved the issue. Apparently the firewall was set up incorrectly. The Cisco proved to be too powerful for the sonicwall and there was a packet buildup that just so happened to occur at the same time everyday (except for today). The sonicwall would just build up on one interface until it released all packets and then it would work again. So there you have it folks. Thank you all so much for the information.. I'm sure this thread will help out anyone else if they have this issue!
 
Upvote 0 Downvote
Years ago, I once had similar problems with a remote customer. After a couple days, the problem didn't happen on Saturdays and Sundays, or holidays. This was at a Credit Union.

I got a list of employees who did not work weekends. The next time it happened, i immediately demanded the wherabouts of those employees. We found Maggie (dear sweet old woman) using her hairdryer in the ladies room. She was unplugging an extension cord she didn't know what was doing to plug in her hair dryer. After she was done she plugged it back in.

Turns out the extension cord powered the Telco smartjack and was "temporary" until they could have more outlets installed.

The moral of the story is........things that happen at or near the same time are USUALLY caused by habits of people not machines.

Commsguy

commsguy

 
Upvote 0 Downvote
I'd buy it.

Update: Noone seems to be able to fix the issue we're having of the overloaded interface on sonicwall. So we're getting rid of the sonicwall all together, and putting the PIX firewall back on and leave it like that.
Sonicwall support was little help. They said "it could be this new virus MyDoom, it could be spyware, hell, it could be anything really".
 
Upvote 0 Downvote
That story about the plug is what we call "Temporary Permanent". :)
 
Upvote 0 Downvote
Is there something happening on this box at the exact time the interface goes down? I am working on an issue with 2 7206s right now in which one of my POS interfaces goes down preceisely when SNMP is requesting a backup from the box. Haven't gone to Cisco yet but something is very fishy...



Router Boy!
 
Upvote 0 Downvote
What our guy says is that when this happens.. it just means everyone is on internet explorer, emailing, etc.. and he said it's just overloaded with connections. The connections on the firewall will go from 25 to 200 and then the interface will go haywire and start blinking furiously.
I was told it was a coincidence that this happened at the same time, but it makes sense.. pretty much by 9am, everyone has their cup of coffee, settles down, and start checking Outlook and personal email, and clicking on joke sites from email that received from their friends.. etc..
Your issue sounds a lot different from mine though.. ours was part people/part hardware.
 
Upvote 0 Downvote
on the sonicwall.
my boss just got off the phone with some guy at sonicwall and he told us that we do not need that firewall because cisco comes with one and what we have is overkill. he said the PIX firewall is enough, granted the firewall has a gooey interface, but cisco is a lot stronger and the added sonicwall type that we have is just way too much, and for us to return it.
and that came from sonicwall directly. i love honesty :)
we only have 15 users.. and 2 of them are terminal.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Blackybear
  • Question
Cisco RV042G router
Replies
0
Views
190
Blackybear
Blackybear
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
556
iggsterman
iggsterman
darthvader167
  • Locked
  • Question
Download Cisco Hold Music
Replies
0
Views
576
darthvader167
darthvader167
Tariq Habaybeh
  • Locked
  • Question
Cisco 881WD-E-K9 router configuration
Replies
1
Views
318
burtsbees
burtsbees
telemarksman
  • Locked
  • Question
ATA Cisco SPA122 not triggering single line courtesy phone ringer
Replies
0
Views
265
telemarksman
telemarksman

Part and Inventory Search

Sponsor

Back
Top