Cisco ISR 2901

I replaced my old Cisco 2825 with a new Cisco 2901 router and I was able to do almost everything after I moved the configuration but cannot connect into the network via https from the outside.
I did a show log on the router and it is giving me the following error:

*Nov 19 04:18:41.843: %IP_VFR-3-COALESCE_ERROR: Unable to coalesce fragments arriving through GigabitEthernet0/1.xxx - datagram 3994 bytes is too big. UDP packet xx.xx.xx.xx:53 -> 5.254.103.113:80 has ident: 7326 flags:0x40000000 and 3 fragments

I see over a dozen of these errors on my show log on the router.

I have upgraded router from:


OLD IOS
c2900-universalk9-mz.SPA.151-2.T5.bin"

NEW IOS

c2900-universalk9-mz.SPA.153-3.M1.bin

What do I need to do to fix this problem.

I can go on the internet from this network but cannot connect into this network from the internet.

Thanks
daryldaviesAsked:
Who is Participating?
 
daryldaviesConnect With a Mentor Author Commented:
I restarted the next hop with is a cable modem and it resolved the problem. For some reason the next hop cached the old routers mac-address and that's the reason the new router was throwing errors.

Thanks to everyone for all your help with this.
0
 
koudryCommented:
My first thought is that you have MTU issue, i.e. you have packet larger than your port GigabitEthernet0/1 can accommodate. If you do "Show interface GigabitEthernet0/1", you will see that MTU is 1500. You should also see that you the giant counter will be incrementing.  You may want to try adjusting the MTU on port GigabitEthernet0/1.

Second thought, you may be hitting a bug - see also https://supportforums.cisco.com/thread/2110260

Alternatively, you can keep the new IOS but adjust buffer size - see also https://supportforums.cisco.com/thread/2215525
0
 
daryldaviesAuthor Commented:
I tried the following config on the router: ip virtual-reassembly in max-fragments 64 max-reassemblies 1024

I have seen no difference. The error still comes up and i cannot cannot access anything from the outside of the network.


I did a sh int gi 0/1 and got the following:


GigabitEthernet0/1 is up, line protocol is up
  Hardware is CN Gigabit Ethernet, address is c067.af7a.cec1 (bia c067.af7a.cec1)
  Description: -INSIDE-
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation 802.1Q Virtual LAN, Vlan ID  1., loopback not set
  Keepalive set (10 sec)
  Full Duplex, 1Gbps, media type is RJ45
  output flow-control is XON, input flow-control is XON
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 2802000 bits/sec, 425 packets/sec
  5 minute output rate 2789000 bits/sec, 402 packets/sec
     21041859 packets input, 4181740538 bytes, 0 no buffer
     Received 1352453 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 2876 multicast, 0 pause input
     19640306 packets output, 4086524617 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     2237 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     1 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

 
koudryCommented:
These are only suggestions:

(1) try changing MTU size using command "ip mtu" - check if maximum configurable MTU is enough to cover 3994 bytes, e.g. 4000 bytes - see also http://www.cisco.com/en/US/docs/ios/12_2/ipaddr/command/reference/1rfip2.html

(2) Check if the packets coming to the router, have DF (Do not Fragment) set. If DF is set, then the packets cannot be broken. I don't think that is the issue, but it is worth checking. You can use a packet analyser like WireShark for this. If the DF flag is set, try taking it off if possible.

(3) Try ping with different packet sizes

(4) Reload router

(5) Try another IOS, the very latest if possible - if you have CCO account, you should be able to download IOS.

(6) If everything fails, raise a TAC case with Cisco - this must be the last resort, as it could take some time to get to the bottom of the problem.
0
 
koudryCommented:
This experts-exchange post, mentions possible IOS bug.

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_28171813.html
0
 
daryldaviesAuthor Commented:
I restarted next hop and that fixed the issue
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.