Cisco 2600XM config issue - Drops Connection

Discussion in 'Cisco' started by Randy Henson, Nov 5, 2004.

  1. Randy Henson

    Randy Henson Guest

    I've just installed a new 2600XM to replace a 2514. It's in front of
    the firewall, so the config is very generic. However, I'm having an
    issue with it losing connection after about an hour. We can't get
    out, so I restart the router and we're good for about another hour. I
    left the console on, and am receiving the following error before it
    drops. I can put us back on the old router and this never happens.

    AMDP2_FE-3-UNDERFLO: FastEthernet0/0 Transmit Error

    When I run a show int f0/0, it shows an underrun.

    I appreciate any help on this, it really has me thrown!!!

    Here is the config:

    !
    version 12.3
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    service udp-small-servers
    service tcp-small-servers
    !
    hostname router
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret xxxxxxxxxxxxxxxxxxxxxxx
    enable password xxxxx
    !
    no network-clock-participate slot 1
    no network-clock-participate wic 0
    no aaa new-model
    ip subnet-zero
    ip cef
    !
    no ftp-server write-enable
    !
    interface FastEthernet0/0
    ip address 192.168.xxx.xxx 255.255.255.0 secondary
    ip address 207.xxx.xxx.xxx 255.255.255.240
    ip access-group 101 out
    ip helper-address 207.254.213.255
    no ip mroute-cache
    speed auto
    full-duplex
    no mop enabled
    !
    interface Serial0/0
    bandwidth 1544
    ip unnumbered FastEthernet0/0
    no ip mroute-cache
    !
    router eigrp 1
    redistribute connected
    network xxx.xxx.xxx.0
    auto-summary
    !
    ip nat pool pool1 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask
    255.255.255.240
    ip nat inside source list 51 pool pool1 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 Serial0/0
    ip http server
    !
    access-list 51 permit xxx.xxx.xxx.0 0.0.0.255
    access-list 101 permit tcp any any eq domain
    access-list 101 permit udp any any eq domain
    access-list 101 permit tcp any any eq smtp
    access-list 101 permit tcp any any eq www
    access-list 101 permit udp any any eq 27910
    access-list 101 permit ip any any
    snmp-server community public RO
    snmp-server enable traps tty
    !
    line con 0
    exec-timeout 0 0
    line aux 0
    transport input all
    line vty 0 4
    exec-timeout 0 0
    password xxxxx
    login
    !
    !
    !
    end
     
    Randy Henson, Nov 5, 2004
    #1
    1. Advertising

  2. (Randy Henson) writes:

    > interface FastEthernet0/0
    > speed auto
    > full-duplex


    Verify that whatever you're connecting to has matching settings. Try
    hardwiring the config on both sides to a given set rather than using
    autonegotiation, also.

    -jav
     
    Javier Henderson, Nov 5, 2004
    #2
    1. Advertising

  3. (Randy Henson) wrote in message news:<>...
    > I've just installed a new 2600XM to replace a 2514. It's in front of
    > the firewall, so the config is very generic. However, I'm having an
    > issue with it losing connection after about an hour. We can't get
    > out, so I restart the router and we're good for about another hour. I
    > left the console on, and am receiving the following error before it
    > drops. I can put us back on the old router and this never happens.
    >
    > AMDP2_FE-3-UNDERFLO: FastEthernet0/0 Transmit Error
    >
    > When I run a show int f0/0, it shows an underrun.
    >
    > I appreciate any help on this, it really has me thrown!!!
    >
    > Here is the config:
    >
    > !
    > version 12.3
    > service timestamps debug uptime
    > service timestamps log uptime
    > no service password-encryption
    > service udp-small-servers
    > service tcp-small-servers
    > !
    > hostname router
    > !
    > boot-start-marker
    > boot-end-marker
    > !
    > enable secret xxxxxxxxxxxxxxxxxxxxxxx
    > enable password xxxxx
    > !
    > no network-clock-participate slot 1
    > no network-clock-participate wic 0
    > no aaa new-model
    > ip subnet-zero
    > ip cef
    > !
    > no ftp-server write-enable
    > !
    > interface FastEthernet0/0
    > ip address 192.168.xxx.xxx 255.255.255.0 secondary
    > ip address 207.xxx.xxx.xxx 255.255.255.240
    > ip access-group 101 out
    > ip helper-address 207.254.213.255
    > no ip mroute-cache
    > speed auto
    > full-duplex
    > no mop enabled
    > !
    > interface Serial0/0
    > bandwidth 1544
    > ip unnumbered FastEthernet0/0
    > no ip mroute-cache
    > !
    > router eigrp 1
    > redistribute connected
    > network xxx.xxx.xxx.0
    > auto-summary
    > !
    > ip nat pool pool1 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask
    > 255.255.255.240
    > ip nat inside source list 51 pool pool1 overload
    > ip classless
    > ip route 0.0.0.0 0.0.0.0 Serial0/0
    > ip http server
    > !
    > access-list 51 permit xxx.xxx.xxx.0 0.0.0.255
    > access-list 101 permit tcp any any eq domain
    > access-list 101 permit udp any any eq domain
    > access-list 101 permit tcp any any eq smtp
    > access-list 101 permit tcp any any eq www
    > access-list 101 permit udp any any eq 27910
    > access-list 101 permit ip any any
    > snmp-server community public RO
    > snmp-server enable traps tty
    > !
    > line con 0
    > exec-timeout 0 0
    > line aux 0
    > transport input all
    > line vty 0 4
    > exec-timeout 0 0
    > password xxxxx
    > login
    > !
    > !
    > !
    > end


    Randy,
    I am guessing that FastEthernet0/0 is connected to the PIX. I see
    on Fa0/0 you have duplex set to full and speed set to auto. I am not
    sure the PIX can be hardcoded for duplex but left auto for speed, you
    might have a speed and/or duplex mismatch which might be causing the
    issues. You mentioned you had a 2514 before, which if I remember
    correctly is Ethernet (10/half) only and not FastEthernet, so if you
    have not changed the config on the PIX then a speed and/or duplex
    mismatch is more certain.

    However, there could be a software bug of some kind as well. If
    you eliminate the speed and/or duplex mismatch as the problem, then
    open a ticket with Cisco TAC and then can scour the bug lists and see
    if maybe you are encountering a bug issue.

    Good luck
    -Robert
     
    Robert B. Phillips II, Nov 8, 2004
    #3
  4. Randy Henson

    Randy Henson Guest

    (Robert B. Phillips II) wrote in message news:<>...
    > (Randy Henson) wrote in message news:<>...
    > > I've just installed a new 2600XM to replace a 2514. It's in front of
    > > the firewall, so the config is very generic. However, I'm having an
    > > issue with it losing connection after about an hour. We can't get
    > > out, so I restart the router and we're good for about another hour. I
    > > left the console on, and am receiving the following error before it
    > > drops. I can put us back on the old router and this never happens.
    > >
    > > AMDP2_FE-3-UNDERFLO: FastEthernet0/0 Transmit Error
    > >
    > > When I run a show int f0/0, it shows an underrun.
    > >
    > > I appreciate any help on this, it really has me thrown!!!
    > >
    > > Here is the config:
    > >
    > > !
    > > version 12.3
    > > service timestamps debug uptime
    > > service timestamps log uptime
    > > no service password-encryption
    > > service udp-small-servers
    > > service tcp-small-servers
    > > !
    > > hostname router
    > > !
    > > boot-start-marker
    > > boot-end-marker
    > > !
    > > enable secret xxxxxxxxxxxxxxxxxxxxxxx
    > > enable password xxxxx
    > > !
    > > no network-clock-participate slot 1
    > > no network-clock-participate wic 0
    > > no aaa new-model
    > > ip subnet-zero
    > > ip cef
    > > !
    > > no ftp-server write-enable
    > > !
    > > interface FastEthernet0/0
    > > ip address 192.168.xxx.xxx 255.255.255.0 secondary
    > > ip address 207.xxx.xxx.xxx 255.255.255.240
    > > ip access-group 101 out
    > > ip helper-address 207.254.213.255
    > > no ip mroute-cache
    > > speed auto
    > > full-duplex
    > > no mop enabled
    > > !
    > > interface Serial0/0
    > > bandwidth 1544
    > > ip unnumbered FastEthernet0/0
    > > no ip mroute-cache
    > > !
    > > router eigrp 1
    > > redistribute connected
    > > network xxx.xxx.xxx.0
    > > auto-summary
    > > !
    > > ip nat pool pool1 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask
    > > 255.255.255.240
    > > ip nat inside source list 51 pool pool1 overload
    > > ip classless
    > > ip route 0.0.0.0 0.0.0.0 Serial0/0
    > > ip http server
    > > !
    > > access-list 51 permit xxx.xxx.xxx.0 0.0.0.255
    > > access-list 101 permit tcp any any eq domain
    > > access-list 101 permit udp any any eq domain
    > > access-list 101 permit tcp any any eq smtp
    > > access-list 101 permit tcp any any eq www
    > > access-list 101 permit udp any any eq 27910
    > > access-list 101 permit ip any any
    > > snmp-server community public RO
    > > snmp-server enable traps tty
    > > !
    > > line con 0
    > > exec-timeout 0 0
    > > line aux 0
    > > transport input all
    > > line vty 0 4
    > > exec-timeout 0 0
    > > password xxxxx
    > > login
    > > !
    > > !
    > > !
    > > end

    >
    > Randy,
    > I am guessing that FastEthernet0/0 is connected to the PIX. I see
    > on Fa0/0 you have duplex set to full and speed set to auto. I am not
    > sure the PIX can be hardcoded for duplex but left auto for speed, you
    > might have a speed and/or duplex mismatch which might be causing the
    > issues. You mentioned you had a 2514 before, which if I remember
    > correctly is Ethernet (10/half) only and not FastEthernet, so if you
    > have not changed the config on the PIX then a speed and/or duplex
    > mismatch is more certain.
    >
    > However, there could be a software bug of some kind as well. If
    > you eliminate the speed and/or duplex mismatch as the problem, then
    > open a ticket with Cisco TAC and then can scour the bug lists and see
    > if maybe you are encountering a bug issue.
    >
    > Good luck
    > -Robert


    Thanks Robert. I actually did think of that over the weekend, so I
    came in this morning and set the port to 10 half-duplex, as well as
    the port on the switch where firewall is plugged in. It's actually a
    SonicWall, not a PIX.

    After I set the speed on the ports, it didn't happen as often, but it
    did drop a couple of times today, but I didn't get the transmit error,
    which makes things even more strange. I guess I'll have to get with
    cisco and see if there is a bug....

    thanks

    Randy
     
    Randy Henson, Nov 9, 2004
    #4
  5. Randy,
    I am guessing now that the connection issue has nothing to do with
    the underruns, but clearing those interfaces and getting the speed and
    duplex matched up right was a good idea none-the-less. Are there any
    other messages in the logs at the time that the connection is dropping
    that might help us pinpoint the issue? Is there maybe something on the
    SonicWall that can help (I am not that familair with SonicWall gear)?

    I guess I am wondering if the connection is being dropped on the
    router-side or the firewall-side. Not sure what SonicWall has to offer
    with regards to helping you ascertain that.

    Also, it is probably a good idea to contact Cisco TAC and see if there
    is a bug. It maybe something in your config, we are not even
    considering that may be dropping the connection, if it is indeed the
    router.

    Good luck
    -Robert

    On 8 Nov 2004 16:00:21 -0800, (Randy Henson)
    wrote:

    > (Robert B. Phillips II) wrote in message news:<>...
    >> (Randy Henson) wrote in message news:<>...
    >> > I've just installed a new 2600XM to replace a 2514. It's in front of
    >> > the firewall, so the config is very generic. However, I'm having an
    >> > issue with it losing connection after about an hour. We can't get
    >> > out, so I restart the router and we're good for about another hour. I
    >> > left the console on, and am receiving the following error before it
    >> > drops. I can put us back on the old router and this never happens.
    >> >
    >> > AMDP2_FE-3-UNDERFLO: FastEthernet0/0 Transmit Error
    >> >
    >> > When I run a show int f0/0, it shows an underrun.
    >> >
    >> > I appreciate any help on this, it really has me thrown!!!
    >> >
    >> > Here is the config:
    >> >
    >> > !
    >> > version 12.3
    >> > service timestamps debug uptime
    >> > service timestamps log uptime
    >> > no service password-encryption
    >> > service udp-small-servers
    >> > service tcp-small-servers
    >> > !
    >> > hostname router
    >> > !
    >> > boot-start-marker
    >> > boot-end-marker
    >> > !
    >> > enable secret xxxxxxxxxxxxxxxxxxxxxxx
    >> > enable password xxxxx
    >> > !
    >> > no network-clock-participate slot 1
    >> > no network-clock-participate wic 0
    >> > no aaa new-model
    >> > ip subnet-zero
    >> > ip cef
    >> > !
    >> > no ftp-server write-enable
    >> > !
    >> > interface FastEthernet0/0
    >> > ip address 192.168.xxx.xxx 255.255.255.0 secondary
    >> > ip address 207.xxx.xxx.xxx 255.255.255.240
    >> > ip access-group 101 out
    >> > ip helper-address 207.254.213.255
    >> > no ip mroute-cache
    >> > speed auto
    >> > full-duplex
    >> > no mop enabled
    >> > !
    >> > interface Serial0/0
    >> > bandwidth 1544
    >> > ip unnumbered FastEthernet0/0
    >> > no ip mroute-cache
    >> > !
    >> > router eigrp 1
    >> > redistribute connected
    >> > network xxx.xxx.xxx.0
    >> > auto-summary
    >> > !
    >> > ip nat pool pool1 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask
    >> > 255.255.255.240
    >> > ip nat inside source list 51 pool pool1 overload
    >> > ip classless
    >> > ip route 0.0.0.0 0.0.0.0 Serial0/0
    >> > ip http server
    >> > !
    >> > access-list 51 permit xxx.xxx.xxx.0 0.0.0.255
    >> > access-list 101 permit tcp any any eq domain
    >> > access-list 101 permit udp any any eq domain
    >> > access-list 101 permit tcp any any eq smtp
    >> > access-list 101 permit tcp any any eq www
    >> > access-list 101 permit udp any any eq 27910
    >> > access-list 101 permit ip any any
    >> > snmp-server community public RO
    >> > snmp-server enable traps tty
    >> > !
    >> > line con 0
    >> > exec-timeout 0 0
    >> > line aux 0
    >> > transport input all
    >> > line vty 0 4
    >> > exec-timeout 0 0
    >> > password xxxxx
    >> > login
    >> > !
    >> > !
    >> > !
    >> > end

    >>
    >> Randy,
    >> I am guessing that FastEthernet0/0 is connected to the PIX. I see
    >> on Fa0/0 you have duplex set to full and speed set to auto. I am not
    >> sure the PIX can be hardcoded for duplex but left auto for speed, you
    >> might have a speed and/or duplex mismatch which might be causing the
    >> issues. You mentioned you had a 2514 before, which if I remember
    >> correctly is Ethernet (10/half) only and not FastEthernet, so if you
    >> have not changed the config on the PIX then a speed and/or duplex
    >> mismatch is more certain.
    >>
    >> However, there could be a software bug of some kind as well. If
    >> you eliminate the speed and/or duplex mismatch as the problem, then
    >> open a ticket with Cisco TAC and then can scour the bug lists and see
    >> if maybe you are encountering a bug issue.
    >>
    >> Good luck
    >> -Robert

    >
    >Thanks Robert. I actually did think of that over the weekend, so I
    >came in this morning and set the port to 10 half-duplex, as well as
    >the port on the switch where firewall is plugged in. It's actually a
    >SonicWall, not a PIX.
    >
    >After I set the speed on the ports, it didn't happen as often, but it
    >did drop a couple of times today, but I didn't get the transmit error,
    >which makes things even more strange. I guess I'll have to get with
    >cisco and see if there is a bug....
    >
    >thanks
    >
    >Randy
     
    Robert B. Phillips, II, Nov 9, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rob
    Replies:
    3
    Views:
    634
    AnyBody43
    May 11, 2004
  2. simon watson

    cisco 2600xm VPN question.

    simon watson, Nov 9, 2006, in forum: Cisco
    Replies:
    1
    Views:
    621
    Walter Roberson
    Nov 9, 2006
  3. Arnaud P
    Replies:
    0
    Views:
    384
    Arnaud P
    Jan 7, 2007
  4. Arnaud P
    Replies:
    1
    Views:
    348
    www.BradReese.Com
    Jan 7, 2007
  5. garywi

    Wireless Connection Drops, then connects, drops...

    garywi, Feb 12, 2009, in forum: Wireless Networking
    Replies:
    1
    Views:
    715
    Robert L. \(MS-MVP\)
    Feb 12, 2009
Loading...

Share This Page