Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 401
  • Last Modified:

Communication issues between a Cisco 2620 router and 2950 switch.

I have a 2620 router with an NM-4E card attached. I am using the built in FastEthernet port to connect to the internet, one of the expanded ports for a telnet line to the datacenter, and one of the expanded ports to set up a VPN on a private IP block that is flowing through a Cisco 2950.

The problem is, if I connect the 2620 to the 2950 and try to ping one of the boxes on that network, I get a LOT of seemingly random packet loss. each ping results in anywhere from 20% to 100% loss. I can ping any of the boxes with no losses from the 2950 switch console. Pinging FROM the 2950 back to the 2920 also gives random losses.

The boxes on the 2950 are all running at 100/Full duplex. The autosensing feature on the 2950 failed (duplex mismatch errors) when just plugging the 2620 straight in, so I forced both interfaces to half duplex.

Please help!!! I am sure it is something small.

SWITCH
------------

.....
Switch#show run
Building configuration...

Current configuration : 1303 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Switch
!
enable secret 5 $1$BljL$wP9Jg1tMBUmOB6aXN1z8H1
enable password 7 111D0B041114
!
ip subnet-zero
no ip source-route
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11  ---- connects to a LinkSys switch. 2950=no problems 2620=problems.
 duplex half
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20 ---- (this is where the 2620 is connected)
 duplex half
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface Vlan1
 ip address 192.168.254.2 255.255.255.0
 no ip redirects
 no ip route-cache
!
no ip http server
!
line con 0
line vty 0 4
 password 7 09585C291F03
 login
line vty 5 15
 password 7 09585C291F03
 login
!
!
end


ROUTER
------------------

(clipped)

!
interface Ethernet1/1
 description Private LAN
 ip address 192.168.254.254 255.255.255.0
 no ip redirects
 half-duplex
!
ip route 192.168.254.0 255.255.255.0 Ethernet1/1
no ip http server
!
0
shambright
Asked:
shambright
  • 9
  • 8
  • 2
1 Solution
 
Gen2003Commented:
see if you have fast switching enabled on your router and disable it:

no ip route-cache

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800ca6c8.html
0
 
lrmooreCommented:
take out the half-duplex command from both the switch and the router and let them autonegotiate
If you look at the interface errors from "show interface" what type errors are you getting? CRC? Have you tried a different cable?
Another issue is that you have a static route for a connected route. Highly suggest removing this line
   no ip route 192.168.254.0 255.255.255.0 Ethernet1/1
0
 
shambrightAuthor Commented:

Ok....

Fast switching is not enabled on the router.

Taking out the half-duplex command from both the swithch and the router and letting them autonegotiate creates the type-mismatch error described in my original post... I forced them both to full-duplex, and this did not solve the problem.

I have tried connecting the two with as many as five different cables. I even tried with a crossover cable (no connection at all).

Removing the static route line did not fix the packet dropping issue.

Changing the IP from 192.168.254.254 to 192.168.254.1 (or some other number than 254) did not fix the issue.

SAMPLE
---------
ColoSwitch#ping 192.168.254.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.254.2, timeout is 2 seconds:
!!!.!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
ColoSwitch#ping 192.168.254.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.254.2, timeout is 2 seconds:
.!.!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/2/4 ms
ColoSwitch#ping 192.168.254.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.254.2, timeout is 2 seconds:
!!!..
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/3/4 ms
ColoSwitch#


ROUTER CONFIG NOW LOOKS LIKE:
---------------------

Building configuration...

Current configuration : 11215 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname X
!
logging buffered 32768 debugging
aaa new-model
aaa authentication login default enable
aaa authentication login X local
aaa authorization network X local
enable password 7 X
!
username X password 7 X
ip subnet-zero
no ip source-route
ip cef
!
!
ip name-server X
ip name-server X
!
ip audit notify log
ip audit po max-events 100
!
crypto isakmp policy 3
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 20
 authentication pre-share
 group 2
crypto isakmp keepalive 3600
!
!
crypto ipsec transform-set VPNset esp-3des esp-sha-hmac
crypto ipsec transform-set VPNset2 esp-des esp-sha-hmac
!
crypto dynamic-map dynamicVPN 10
 set transform-set VPNset
crypto dynamic-map dynamicVPN 20
 set transform-set VPNset2
!
!
crypto map client_crypto_map client authentication list X
crypto map client_crypto_map isakmp authorization list X
crypto map client_crypto_map client configuration address respond
crypto map client_crypto_map 10 ipsec-isakmp dynamic dynamicVPN
!
call rsvp-sync
!
!
interface FastEthernet0/0
 description connected to COLO-LAN
 ip address XXX.XXX.XXX.XXX 255.255.255.224
 ip access-group 103 in
 ip access-group 103 out
 no ip redirects
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 no ip mroute-cache
 shutdown
!
interface Ethernet1/0
 ip address XXX.XXX.XXX.XXX 255.255.255.252
 ip access-group 101 in
 ip access-group 103 out
 no ip redirects
 full-duplex
 no cdp enable
 crypto map client_crypto_map
!
interface Ethernet1/1
 description Private LAN
 ip address 192.168.254.1 255.255.255.0
 no ip redirects
 full-duplex
!
interface Ethernet1/2
 no ip address
 shutdown
 full-duplex
!
interface Ethernet1/3
 no ip address
 shutdown
 full-duplex
!
ip local pool vpnpool 10.10.10.1 10.10.10.253
ip classless
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX
no ip http server
!
logging trap errors
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
shambrightAuthor Commented:
"ColoSwitch" - in the above SAMPLE is actually the 2620 router - in case that confuses anyone.
0
 
lrmooreCommented:
interface FastEthernet0/0
 description connected to COLO-LAN
 ip address XXX.XXX.XXX.XXX 255.255.255.224 <== is this the default gateway for everything on that COLO-LAN?
 ip access-group 103 in
 ip access-group 103 out <== it is unusual to have the same acl applied in both directions. Are you sure about that?

Remove the acls while troubleshooting

Can you post result of "show interface fast 0/0"

 
0
 
shambrightAuthor Commented:
Router>show int fa 0/0
FastEthernet0/0 is up, line protocol is up
  Hardware is AmdFE, address is 0006.d794.d660 (bia 0006.d794.d660)
  Description: connected to COLO-LAN
  Internet address is XXX.XXX.XXX.XXX/27
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 1/75/238/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 326000 bits/sec, 107 packets/sec
  5 minute output rate 87000 bits/sec, 93 packets/sec
     195320655 packets input, 2105897964 bytes
     Received 8982 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     168378866 packets output, 2756359716 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
     
     
     
     
Router>show int et1/1
Ethernet1/1 is up, line protocol is up
  Hardware is AmdP2, address is 0006.d794.d671 (bia 0006.d794.d671)
  Description: Private LAN
  Internet address is 192.168.254.1/24
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:13, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     12213 packets input, 1903534 bytes, 0 no buffer
     Received 11652 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     191290 packets output, 12498963 bytes, 0 underruns
     165980 output errors, 0 collisions, 7 interface resets
     0 babbles, 0 late collision, 0 deferred
     165980 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
0
 
lrmooreCommented:
Looks like all the rrors are on the private LAN side

>   191290 packets output, 12498963 bytes, 0 underruns
===> 165980 output errors, 0 collisions, 7 interface resets
     0 babbles, 0 late collision, 0 deferred
===> 165980 lost carrier, 0 no carrier

I notice that interface is set to full-duplex
Is the switch that it is connected to also set for full-duplex, or auto? You MUST manually set both if either one is set to anything other than auto.
What kind of switch does this interface connect to?
The "lost carrier" errors point to physical cable problems, or switchport trying to autonegotiate speed/duples and the router interface is hard set and ignoring the autonegotiate packets.


0
 
lrmooreCommented:
0
 
shambrightAuthor Commented:
The path is:

Cisco 2600 Eth 1/1 ---> Cisco 2950
They are both manually set.

I will look at the link you sent.
0
 
lrmooreCommented:
>They are both manually set.
Try setting them both at auto...
0
 
shambrightAuthor Commented:
From reading the link you sent, it looks like a hardware compatibility issue between the ports on the NM-4E expansion card on the 2620 and the 2950 switch.

Setting them both at auto causes them both to complain (duplex mismatch).
When on auto, the 2950 switch thinks it is supposed to be half-duplex.
When on auto, the 2620 router thinks it is supposed to be full-duplex.

What is the command to clear the stats counter? I think I need to start fresh.

Should I try manually setting both the duplex AND speed?
0
 
lrmooreCommented:
Yes, set both duplex and speed on both.
To clear stats:
router#clear counter interface eth1/1
0
 
shambrightAuthor Commented:
Okay... At least I think I understand the problem.
From clearing the counters I can see clearly that I am getting CRC errors on the Switch when trying to ping to/from the router.
From my reading on Google, I have tried disabling keepalives (see output below) - but no fix yet.


ROUTER#show int eth1/1
Ethernet1/1 is up, line protocol is up
  Hardware is AmdP2, address is 0006.d794.d671 (bia 0006.d794.d671)
  Description: Private LAN
  Internet address is 192.168.254.1/24
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:16, output 00:00:33, output hang never
  Last clearing of "show interface" counters 01:24:16
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     543 packets input, 78441 bytes, 0 no buffer
     Received 366 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     587 packets output, 74775 bytes, 0 underruns
     4 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     4 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

ROUTER 'show run':
interface Ethernet1/1
 description Private LAN
 ip address 192.168.254.1 255.255.255.0
 no ip redirects
 no keepalive
 half-duplex
!

--------------------------

Switch#show int fa 0/23
FastEthernet0/23 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 000f.24a8.5a17 (bia 000f.24a8.5a17)
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Half-duplex, 10Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:02:15, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     30 packets input, 6236 bytes, 0 no buffer
     Received 1 broadcasts (0 multicast)
     0 runts, 0 giants, 0 throttles
     16 input errors, 16 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 1 multicast, 0 pause input
     0 input packets with dribble condition detected
     291 packets output, 23468 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

SWITCH 'show run':
interface FastEthernet0/23
 no keepalive
 speed 10
 duplex half
!

0
 
shambrightAuthor Commented:
To further clarify:

The NM-4E card on the router is made up of four 10Base-T ports. I am using a stock (commercial) Cat5 straight-through cable to connect this 10Base-T port to one of the 10/100 ports on the switch. A crossover cable generated no signal between the sources.
0
 
lrmooreCommented:
Disabling keepalive is not a fix, as you have noticed.
Crossover cable will not work, as you have noticed.
CRC errors almost always point to a physical layer problem with cables, connectors, or other "noise"
I've seen brand-new commercial CAT5 patch cables (the yellow ones that come with Cisco products especially) be just bad enough to create these type problems.
Is there anything else - patch panel, etc - between the router and the switch?

0
 
shambrightAuthor Commented:
No -  the cable directly connects the two units. I tried a five different straight-through cables, all of which gave the same result.

I use a Mac powerbook as my "terminal" and can plug a cable from it directly into that port on the router with no loss or CRC errors.
In my mind, the problem seems to be that the 2950 switch not being able to figure out what is coming from the router.
0
 
shambrightAuthor Commented:
Looking at the Switch interface in the post above, it still says that the media type is 100BaseTX
Since the router interface is 10BaseT, could this be the problem?

0
 
Gen2003Commented:
Try set both speed 10, duplex half. and on router

no ip cef

Regards.
0
 
lrmooreCommented:
If you have SmartNet, I would open a TAC case with Cisco..
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 9
  • 8
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now