[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 742
  • Last Modified:

Cisco routers stop working until reboot

We have about 300 cisco routers connecting our stores to a private network. These routers are a mixture of 1721's and 827's. I am not a cisco router expert, so I need some expert advice. Every once in a while these routers will stop working. You can still connect to the terminal on the external port. If we physically shut down the router and power it back up it works fine. Is there a way to reboot the router from the terminal. Is there another solution. This may be a very common problem.

These routers perform nat and on the dsl stores that use the internet there is 3des encryption.
2 Solutions
This is not a common problem. If it happens routinely, there is a problem that needs to be investigated.
Common causes are CPU or Memory overload. Latest batch of virus/worms - specifically Welchia and MSBlast - cause these denial of service symptoms due to the extreme amount of icmp traffic looking for other hosts to infect. I would almost bet money that your network is infected.
If you can still connect to vty term (telnet), you can reboot with "reload" command.
Proceed with reload? [confirm] <enter>

Now just pray that you get connection back in a couple of minutes..

Another common cause is CPU overload caused by too much traffic for the CPU to handle (3DES encryption on a heavy-use VPN tunnel). If it is more common on the 827's than on the 1721's, they have a smaller CPU and less memory to work with.
Sometimes a Cisco engineer will turn on a debug and forget to disable it.
Before you reload, take a look and see if any debugs are turned on:
No debugs running:
Router#sho deb

Router#sho deb
Generic IP:
  IP NAT debugging is on
  UDP packet debugging is on

Turn off all debugging:
Router#u all  <short for "undebug all">
Make sure you are at the global router# prompt, and not in config mode:
Router(config)#u all
Now I've just created a username "all" with no password, and the debugs are still running..

i guess u should try this command on your other router as well ...

router#sh ver

this will display you the very basic information of your router inclding the reason of last reboot ...

like ...
new-tdma uptime is 10 weeks, 2 days, 5 hours, 6 minutes
System returned to ROM by power-on
System image file is "flash:c2500-dos-l.122-16a.bin"  

you can get some error report instead of power on ...

Try this access-list on your core interfaces first and then monitor the traffic? are u satisfied with the current traffic load? ... it can certainly block blaster, nache, welchia ...

access-list 120 deny   tcp any any eq 445
access-list 120 deny   udp any any eq 445
access-list 120 deny   tcp any any eq 4444
access-list 120 deny   tcp any any range 135 139
access-list 120 deny   udp any any range 135 netbios-ss
access-list 120 deny   icmp any any
access-list 120 permit ip any any    

sheeraz ahmed

its definetly not a commn prob  you should have alook at the buffers and cpu load on the routers which  stop processing
you could chek the ios versions and have the latest once ios upgraded,  have the buffers size fine tuned and have ur cahce timeout speicified.


Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now