Solved

Router1720/Pix 515

Posted on 2006-10-26
7
240 Views
Last Modified: 2010-04-17
I have a perimeter router(1720) connecting to a Pix 515. I check the traffic on the devices everyday to see if there are any errors and I get some every now and then but this week it is everyday so I just clear the errors to see if they come back well it has been 3 days in a roll. On the Pix they are usually crc errors but on the router they are always different. Here is what I have today. There are no errors on any other interfaces on the router or the pix. Could this be the cable or the duplex. I have them both set to 100full. Thanks in advance.

(PIX 515)
interface ethernet0 "outside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 0050.54ff.26ab
  IP address 216.146.80.163, subnet mask 255.255.255.224
  MTU 1500 bytes, BW 100000 Kbit full duplex
        5829333 packets input, 2684174120 bytes, 0 no buffer
        Received 10167 broadcasts, 0 runts, 0 giants
        6 input errors, 6 CRC, 0 frame, 0 overrun, 6 ignored, 0 abort
        6623057 packets output, 4081561718 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (0/13)
        output queue (curr/max blocks): hardware (0/43) software (0/1)


(1720)
FastEthernet0 is up, line protocol is up
  Hardware is PQUICC_FEC, address is 00b0.c288.2ec4 (bia 00b0.c288.2ec4)
  Internet address is 216.146.80.161/27
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 5w2d
  Queueing strategy: fifo
  Output queue 0/40, 63 drops; input queue 2/75, 21358 drops
  5 minute input rate 251000 bits/sec, 69 packets/sec
  5 minute output rate 220000 bits/sec, 65 packets/sec
     194687979 packets input, 2112878383 bytes
     Received 996 broadcasts, 0 runts, 0 giants, 0 throttles
     16 input errors, 0 CRC, 0 frame, 16 overrun, 0 ignored
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     172156458 packets output, 1061945493 bytes, 143 underruns
     143 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
0
Comment
Question by:wilsj
  • 3
  • 2
  • 2
7 Comments
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 150 total points
Comment Utility
I don't think there's anything to worry about.

You error rate on the PIX CR errors is .000001%
On the router side you're looking at .00000008% for the overruns and .00000083 on the underruns. Plus these have been accumulating over 5 weeks.

Neither of these would be classified as excessive. The CRC errors can be caused by noise, bad cables or bad connectors. The overrun/underruns are usually the result of excedding the capability of the equipment.

For more information:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/tr1904.htm

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 150 total points
Comment Utility
How are you connecting them together? Crossover cable, or a switch in between? I'd suggest using a small switch and not a crossover.
Is either the PIX or the router set for auto negotiate? From what you've posted they appear nailed up, but I wanted to ask anyway.
If there is a switch in between, is there anything else on this switch?  I've seen servers connected with dual NIC's to one switch with the inside of the PIX on the same switch. The dual nics were a teamed pair, but the PIX actually saw the hello packets between the 2 NIC's and didn't know what they were, so classified as errors. Thousands of errors in the counter, but zero affect on performance.
Agree with Don that this number of errors compared with total packets in miscule and hardly affecting performance. Like you, I'm also more of a perfectionist and want to see 0's all around..
0
 
LVL 5

Author Comment

by:wilsj
Comment Utility
Thanks for the posts guys.

The router is connected to the pix via a cross over cable and they are both set to 100 full. Would it be more efficient to have a switch in between the pix and router?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
In my opinion - yes.
Full-duplex implies one host on a switched segment.
Using a crossover cable between 2 hosts breaks this assumption. Now you have 2 hosts on one segment.
0
 
LVL 5

Author Comment

by:wilsj
Comment Utility
Sounds good thanks guys.
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
I'm going to have to jump in here on a closed question... :-0

Host to switchport vs. Host to host is no different. The rules of ethernet are between interfaces, not end stations or switchports (assuming we are leaving hubs or any other layer 1 devices out of the discussion). When an ethernet interface transmits, it doesn't matter if it's from a end station or a switchport TO an end station or a switchport.

The only thing adding a switch between the router and the PIX will do is add some latency (not much, depending on the switch).
0
 
LVL 5

Author Comment

by:wilsj
Comment Utility
Thanks don.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now