Loop problem in Cisco network

Dear Experts, I saw this error in logging of Cisco Router C3925. Could you please suggest and explain?



The Src address is the Public IP address of this Router (and it was hidden), a Dest address is the Access point's private IP address. This is a diagram:

ISP --------- Router C3925 ------------ Core switch 3750 -------------- Access switch 2960 ------------- Access point Meraki

Many thanks as always!
LVL 6
DP230Network AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JustInCaseCommented:
There is no enough information provided in problem description for any conclusion.
DP230Network AdministratorAuthor Commented:
Hi Pregrag, which information do you need. I can provide
JustInCaseCommented:
As a bare minimum - topology with marked interfaces and routing tables of involved devices.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

DP230Network AdministratorAuthor Commented:
Hi, here we are. The white space is public ip address which I deleted

diagram.png
Router's routing table:

R_routingTable.JPG
CoreSW's:

CoreSW_routingTable.JPG
atlas_shudderedSr. Network EngineerCommented:
Can you post the following from the 3750 and the 2960:

1.  Running config
2.  output from show cdp ne
3.  output from show spanning-tree
4.  output from show port-channel summary or show etherchannel-summary (as appropriate)
5. show vlan
6. show ip int br
DP230Network AdministratorAuthor Commented:
Hi, should it be a problem?

ip access-list extended ftth
 ......
 permit ip 192.168.77.0 0.0.0.255 any
 permit ip 192.168.50.0 0.0.0.255 any
 ......
!

access-list 130 permit ip 192.168.77.0 0.0.0.255 any
access-list 130 permit ip 192.168.50.0 0.0.0.255 any

ip nat pool TEST Public_IP1 Pulic_IP2 netmask 255.255.255.0
ip nat inside source list 130 pool TEST overload
ip nat inside source list ftth interface GigabitEthernet0/0 overload

Open in new window


I also saw these lines when issued "show logging"


*Mar 24 04:02:44.762: SSH2 2:  Invalid modulus length
*Mar 24 04:03:42.890: SSH2 0:  Invalid modulus length
*Mar 24 04:04:12.816: %IP_VFR-4-FRAG_TABLE_OVERFLOW: GigabitEthernet0/2: the fragment table has reached its maximum threshold 128
*Mar 24 04:06:52.422: %IP_VFR-4-FRAG_TABLE_OVERFLOW: GigabitEthernet0/2: the fragment table has reached its maximum threshold 128


Can you please help and explain?
JustInCaseCommented:
Packets are fragmented and routers is reaching current maximum limit (128).
Increasing  max-reassemblies number should make warning message go away (accepted values are 1-1024). Typical cause for this is that MTU size maybe is not set properly on interface. So increasing virtual reassemble value to 512, most likely, will resolve warning message:

interface gi0/2
 ip virtual-reassemble in max-reassemblies 512
 ip virtual-reassemble out max-reassemblies 512

IN some IOS versions there is no in or out - it is just:
ip virtual-reassemble max-reassemblies

More details about Virtual Fragmentation Reassembly
When the maximum number of datagrams that can be reassembled at any given time is reached, all subsequent fragments are dropped, and an alert message such as the following is logged to the syslog server: “VFR-4_FRAG_TABLE_OVERFLOW.”

But, this should have nothing with looping packet issue.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DP230Network AdministratorAuthor Commented:
Hi, after removed these lines "permit ip 192.168.77.0 0.0.0.255 any and  permit ip 192.168.50.0 0.0.0.255 any" in ftth ACL, the loop issue was resolved  but now I got this bug

Mar 24 06:06:46.682: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level -Traceback= 0x24720ACz 0x2477394z 0x4B62D86z 0x1B36D35z 0x2C98CBz 0x2C9D50z 0x1635D34z 0x163CC36z 0x163C620z 0x2736FFz 0x2766FDz 0x2774EBz 0x277573z 0x1F046Az 0x1EEE4Ez 0x8A7A21z
*Mar 24 06:06:53.834: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level -Traceback= 0x24720ACz 0x2477394z 0x4B62D86z 0x1B36D35z 0x2C98CBz 0x2C9D50z 0x1635D34z 0x163CC36z 0x163C620z 0x2736FFz 0x2766FDz 0x2774EBz 0x277573z 0x1F046Az 0x1EEE4Ez 0x8A89B6z

Open in new window


Could you please suggest?
JustInCaseCommented:
That sounds like memory issue or Cisco bug (there are multiple Cisco bugs for different IOS versions).
Search in google "SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level" for more such bugs.
DP230Network AdministratorAuthor Commented:
Hi, after remove the network statement in FTTH ACL, the loop problem was resolved. Thank you for your suggestions.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.