duplex mismatch

I put in a new AVPN circuit last Saturday between Illinois and Mexico.  I am using the same routers that I was using with my frame relay between Illinois and Mexico.  The circuit is very slow.  I am getting the error below from my router
.1.3.6.1.4.1.9.9.41.1.2.3.1.2.17106: CDP, .1.3.6.1.4.1.9.9.41.1.2.3.1.3.17106: 5, .1.3.6.1.4.1.9.9.41.1.2.3.1.4.17106: DUPLEX_MISMATCH, .1.3.6.1.4.1.9.9.41.1.2.3.1.5.17106: duplex mismatch discovered

I made sure the switch and the router are both hardcoded to 100 full duplex on both sides.  But I am still getting the error.  Can this be part of the speed problem?

If it is, what can I do?
jtennysonAsked:
Who is Participating?
 
jtennysonConnect With a Mentor Author Commented:
Everything is running without errors now.  It is still slower than the frame relay but the VOIP does not break up and I am not getting complaints from users in Mexico
0
 
Patrick49erCommented:
One side may not support full deplex.  Try reducing to half duplex 10M.  Then bump up to full duplex 10M.  If that works, try 100 Full again.  If that doesn't work, then it is not supporting the 100 Full.
0
 
Patrick49erCommented:
Hmmm...actually, after submitting that, I thought about the statement that one side may not support full duplex.  Since you were able to set it, the device probably does, but like you may surmise, your connection speed may not support full duplex and 100M.  The solution I suggested still stands, though. :)
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
jtennysonAuthor Commented:
I did what you told me and now I am getting this message from the router in Illinois and the speed is still very slow

1.3.6.1.4.1.9.2.9.3.1.1.6.1: 5, tcpConnState: synReceived, .1.3.6.1.4.1.9.2.6.1.1.5.192.168.1.150.23.192.168.3.47.6211: 72032, .1.3.6.1.4.1.9.2.6.1.1.1.192.168.1.150.23.192.168.3.47.6211: 111, .1.3.
0
 
Patrick49erCommented:
So you have a switch connected to your router (Chicago) to a rounter (Mexico) to a switch?  If this is the case, is your ping between the two routers good?  Is the ping between your switch and router on the Chicago side good?  Where exactly are you seeing the "slow" network connection?
0
 
jtennysonAuthor Commented:
When I am inside the router, the ping between to the wan interface of the router in Mexico is good.  Whe I ping a device on the Mexico LAN the ping is extremely slow.  When I took the switch out of autonegotiation yesterday and made both sides half duplex, the circuit wen down.
0
 
jtennysonAuthor Commented:
Here are my results

RGRay_BG#ping WAN

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to WAN, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 128/133/137 ms
RGRay_BG#ping LAN

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to LAN, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 296/391/453 ms
0
 
jtennysonAuthor Commented:
Another thing I have discovered.  When I am in the CLI of the Illinois router I can do a ping and a traceroute to the devices on the Mexican LAN.  When I am in the Mexican router I can do a traceroute and a ping to the interfaces on the Illinois router.  But I can not reach any devices on the Illinois LAN.  I went in to the router from Illinois and I did a rdp to a pc on the Mexican side to telnet in.  I can ping and traceroute through DOS
0
 
Patrick49erCommented:
Hey jtennyson,

I haven't forgotten about you.  I have your system drawn out and figuring out what is working and not working for you to try and get an idea.  I think one thing this isn't occurring is DNS resolution from your Mexico LAN to your Chicago LAN, which is most likely due to an ip route issue for your name server on your Mexico router.
0
 
jtennysonAuthor Commented:
I can not ping an address from the Mexico Router.  Also, after our contractor reconfigured the routers I seem to have two serial interfaces in Mexico and only one in Illinois.  See attached.  I never had that before.  
jrzint.TXT
BGint.TXT
0
 
Patrick49erCommented:
What is your config for both routers?  I'm wondering if there is a timeslots issue.  Is this a T1 connection?
0
 
Patrick49erCommented:
Also, your Tunnel0 may not be configured properly since it is only reporting 9kbit bandwidth.  I am assuming that should be going through your serial connections, which has 1984kbit bandwidth.
0
 
Patrick49erCommented:
What happens if you go in and increase your bandwidth setting for your interface Tunnel0?  I haven't messed with those settings, so not familiar with configuring that side of a router.  Do you have someone at the Mexico site who can reset the router if the setting gets flubbed up?  I do know going into my 2811 I can set up bandwidth setting for the Tunnel0 interface (should I want one).
0
 
Patrick49erCommented:
Hmmm...nevermind on that bandwidth setting.  I did a look up on the setting and discovered:

The bandwidth is occasionally misinterpreted as a command to modify the bandwidth rate of an interface. You cannot adjust the actual bandwidth of an interface with this command.
0
 
Patrick49erCommented:
Looks like your encapsulations are different; I'm not verse enough on that side to know whether that is an issue or not, but you can look.  Also, your Mexico router shows the serial0/0:0.101 as being up but your Chicago one as deleted.
0
 
Patrick49erCommented:
Here is a copy of my config file minus user ID and password:

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Boone-Fleck
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
!
no aaa new-model
!
resource policy
!
clock timezone Pacific -8
clock summer-time Pacific date Apr 6 2003 2:00 Oct 26 2003 2:00
no network-clock-participate wic 0
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
!
!
ip cef
!
!
no ip bootp server
ip name-server 172.17.0.40
!
!
controller T1 0/0/0
 framing esf
 clock source internal
 linecode b8zs
 cablelength short 133
 channel-group 0 timeslots 1-24
bridge irb
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$$ES_LAN$$FW_INSIDE$
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex full
 speed 100
 no mop enabled
 bridge-group 1
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface Serial0/0/0:0
 description T1 to Fleck
 no ip address
 bridge-group 1
!
interface BVI1
 ip address 172.17.96.10 255.255.240.0
 ip helper-address 172.17.0.52
!
ip default-gateway 172.17.96.1
ip classless
ip route 0.0.0.0 0.0.0.0 172.17.96.1
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login Authorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!
!
!
scheduler allocate 20000 1000
ntp clock-period 17180038
ntp update-calendar
ntp server 172.17.0.41
!
end
0
 
jtennysonAuthor Commented:
I'm still looking for a solution to this problem.
0
 
Patrick49erCommented:
jtennyson:

I submitted a request for attention on this.  Hopefully we can get some folks like Donjohnston or that1guy15, whom I've "worked" with before on router issues, to come over and take a look at this.
0
 
Don JohnstonInstructorCommented:
Hi guys.

Just to make sure I understand the situation:

You have a switch in Illinois (Switch-IL) which is connected to a router (Router-IL) with a fastethernet link. Router-IL is connected to another router in Mexico (Router-MX) with a T1 line. Router-MX is connected to a switch in Mexico (Switch-MX) with a fastethernet link.

Switch-IL--------------Router-IL-------------------------Router-MX------------Switch-MX
                   ^                                ^                                 ^
            fastethernet                      T-1                         fastethernet

And you're bridging the Illinois LAN to the Mexico LAN.

When you refer to pinging the LAN and WAN interfaces, from where are you performing the pings and what is the destination of the pings?

0
 
Patrick49erCommented:
Hey!  Thanks for coming over, Donjohnston.  I didn't want jtennyson to go too much longer without a resolution.
0
 
jtennysonAuthor Commented:
When I am inside the Illinois router CLI, I can ping the router interfaces and anything on the LAN in Mexico.  When I am inside the Mexico router I can ping the Illinois router interfaces but nothing on the Illinois LAN.  When I do a RDP into a computer in Mexico and ping from DOS  I can reach devices on the Illinois LAN but it is very slow.
0
 
Don JohnstonInstructorCommented:
> "I can ping the router interfaces"

The router has only one interface, right? (the BVI interface)

From the Mexico router, you can't ping a host on the Illinois LAN.

But from a Mexico host, you can ping a host on the Illinois LAN???
0
 
Patrick49erCommented:
jtennyson:

This still sounds like a routing table issue back to your Illinois side.  Because your workstations are able to ping back to Illinois, this shows DNS is being resolved.  Can you nbtstat -a a workstation back in Illinois from a Mexico workstation?  Can you post your configurations for both routers?  Any public IP addresses should be changed to protect yourself, but any non-routable internal addresses should be posted to help see if there is something missing to point back.
0
 
Don JohnstonInstructorCommented:
I don't see how it's routing problem. From what I can see the traffic is bridged.

Gotta see the configs to know for sure.
0
 
Patrick49erCommented:
The reason I say that is because ping from the workstations works, which uses DNS to resolve.  I wonder if the reason it doesn't work on the router is because there is not name server set for it.
0
 
CoreyMacCommented:
I see there are a few things to note.  One is that the two ends of the WAN links are not symmetric.  The US side is a T-1 (1.5Mbps) and the Mexico side is an E-1 (2Mbps).  The max for this path will be limited by the U.S. side to 1.5Mbps and it has dropped about 1% of the total output traffic.  The link was at ~87% utilization whent he show commands were run on the U.S. side.
Several answers would help here.
 
Why bridge?  It appears the subnets are all unique and of a /24 mask so routing would seem to be more efficient. (Multicast?)  How large are the local bridged networks and what kinds of traffic are you wanting to route?
Why are there 60K CRC errors on the BGint router Fast Ethernet port?  (duplex/physical problems are most likely)  Clearing the counters and watching for the numbers to change will help.
What does the actual network diagram look like?  Routers, ports, switches, hubs, etc... on both ends.
Is the ~90% traffic load normal?
Are you using any traffic shaping or using FECN/BECN flags to adjust the traffic rates?
In your comment on the 10th at 9:47 you said you RDP'ed from the router????  What did that actually mean?
0
 
jtennysonAuthor Commented:
I talked to a consultant.  We are going to upgrade the software on the 1700s and use BGP for the connection.  Hopefully that will work
0
 
Patrick49erCommented:
jtennyson:

Would you mind popping back in and letting us all know what they do?  I'm curious and always up for learning.  That is one of the reasons I visit this site. :)
0
 
jtennysonAuthor Commented:
I definately will.  I'm not sure how to keep this open because we won't be doing it for a couple of weeks.  
0
 
CoreyMacCommented:
It could be if we keep commenting, it will stay open.  I am not sure how they mange threads here.
 
Unless there is some kind of a bug in the router code on the 1700s causing this, you will still need to identify the cause of the CRC errors.  These are likely not going to be eliminated by software protocol changes. (duplex mismatches are still the most likely, but physical or cable/switch port problems are a possbility as well.
0
 
Patrick49erCommented:
I agree CoreyMac.  I think she got the duplex set, but the speed is off still I believe.
0
 
jtennysonAuthor Commented:
The consultant is saying that with the tunnel, the 1700 routers can not handle the traffic.  He thinks it will do better with BGP.  We were using RIP before.  However AT&T will not use that.
0
 
jtennysonAuthor Commented:
I don't know if we can keep this open.  It will be another 3 weeks before they put the new software on the routers.
0
 
CoreyMacCommented:
Hopefully there is a way they can allow it.  Maybe if you tag it for a moderator to take a look, they can offer advice.
0
 
jtennysonAuthor Commented:
How do I tag this for the moderator to take a look?
0
 
jtennysonAuthor Commented:
I would like to keep this open until we install the upgrade on the routers so I can let everyone know if it works.
0
 
jtennysonAuthor Commented:
I am still waiting for a resolution from AT&t.  It should come in the next couple of weeks.
0
 
jtennysonAuthor Commented:
At&T has still not changed to the BGP protocol.
0
 
jtennysonAuthor Commented:
I'm sorry this is taking so long.  I just got the service from AT&T.  Now I am waiting for my consultant.
0
 
jtennysonAuthor Commented:
We removed the tunnel and put BGP on both routers week.  There iseems to be less latency and the applications are running better over the WAN.
0
 
CoreyMacCommented:
Are the WAN ports and Ethernet interfaces running without errors now?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.