daryldavies
asked on
Cisco ISR 2901
I replaced my old Cisco 2825 with a new Cisco 2901 router and I was able to do almost everything after I moved the configuration but cannot connect into the network via https from the outside.
I did a show log on the router and it is giving me the following error:
*Nov 19 04:18:41.843: %IP_VFR-3-COALESCE_ERROR: Unable to coalesce fragments arriving through GigabitEthernet0/1.xxx - datagram 3994 bytes is too big. UDP packet xx.xx.xx.xx:53 -> 5.254.103.113:80 has ident: 7326 flags:0x40000000 and 3 fragments
I see over a dozen of these errors on my show log on the router.
I have upgraded router from:
OLD IOS
c2900-universalk9-mz.SPA.1
NEW IOS
c2900-universalk9-mz.SPA.1
What do I need to do to fix this problem.
I can go on the internet from this network but cannot connect into this network from the internet.
Thanks
I did a show log on the router and it is giving me the following error:
*Nov 19 04:18:41.843: %IP_VFR-3-COALESCE_ERROR: Unable to coalesce fragments arriving through GigabitEthernet0/1.xxx - datagram 3994 bytes is too big. UDP packet xx.xx.xx.xx:53 -> 5.254.103.113:80 has ident: 7326 flags:0x40000000 and 3 fragments
I see over a dozen of these errors on my show log on the router.
I have upgraded router from:
OLD IOS
c2900-universalk9-mz.SPA.1
NEW IOS
c2900-universalk9-mz.SPA.1
What do I need to do to fix this problem.
I can go on the internet from this network but cannot connect into this network from the internet.
Thanks
ASKER
I tried the following config on the router: ip virtual-reassembly in max-fragments 64 max-reassemblies 1024
I have seen no difference. The error still comes up and i cannot cannot access anything from the outside of the network.
I did a sh int gi 0/1 and got the following:
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is c067.af7a.cec1 (bia c067.af7a.cec1)
Description: -INSIDE-
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2802000 bits/sec, 425 packets/sec
5 minute output rate 2789000 bits/sec, 402 packets/sec
21041859 packets input, 4181740538 bytes, 0 no buffer
Received 1352453 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 2876 multicast, 0 pause input
19640306 packets output, 4086524617 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
2237 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
1 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
I have seen no difference. The error still comes up and i cannot cannot access anything from the outside of the network.
I did a sh int gi 0/1 and got the following:
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is c067.af7a.cec1 (bia c067.af7a.cec1)
Description: -INSIDE-
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2802000 bits/sec, 425 packets/sec
5 minute output rate 2789000 bits/sec, 402 packets/sec
21041859 packets input, 4181740538 bytes, 0 no buffer
Received 1352453 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 2876 multicast, 0 pause input
19640306 packets output, 4086524617 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
2237 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
1 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
These are only suggestions:
(1) try changing MTU size using command "ip mtu" - check if maximum configurable MTU is enough to cover 3994 bytes, e.g. 4000 bytes - see also http://www.cisco.com/en/US
(2) Check if the packets coming to the router, have DF (Do not Fragment) set. If DF is set, then the packets cannot be broken. I don't think that is the issue, but it is worth checking. You can use a packet analyser like WireShark for this. If the DF flag is set, try taking it off if possible.
(3) Try ping with different packet sizes
(4) Reload router
(5) Try another IOS, the very latest if possible - if you have CCO account, you should be able to download IOS.
(6) If everything fails, raise a TAC case with Cisco - this must be the last resort, as it could take some time to get to the bottom of the problem.
(1) try changing MTU size using command "ip mtu" - check if maximum configurable MTU is enough to cover 3994 bytes, e.g. 4000 bytes - see also http://www.cisco.com/en/US
(2) Check if the packets coming to the router, have DF (Do not Fragment) set. If DF is set, then the packets cannot be broken. I don't think that is the issue, but it is worth checking. You can use a packet analyser like WireShark for this. If the DF flag is set, try taking it off if possible.
(3) Try ping with different packet sizes
(4) Reload router
(5) Try another IOS, the very latest if possible - if you have CCO account, you should be able to download IOS.
(6) If everything fails, raise a TAC case with Cisco - this must be the last resort, as it could take some time to get to the bottom of the problem.
This experts-exchange post, mentions possible IOS bug.
http://www.experts-exchang
http://www.experts-exchang
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I restarted next hop and that fixed the issue
Second thought, you may be hitting a bug - see also https://supportforums.cisc
Alternatively, you can keep the new IOS but adjust buffer size - see also https://supportforums.cisc