Cisco 2621 Slows Down Over Time...

Discussion in 'Cisco' started by Eric Swartz, Dec 1, 2003.

  1. Eric Swartz

    Eric Swartz Guest

    Help! We have a Cisco 2621 (attached is the configuration) that slows
    down over time... to the point where the only solution is to reboot
    the router. We're doing some filtering to the outside, and we're
    routing two subnets through the LAN ports, both to each other and to
    the serial port (our T1 connection to the internet).

    We need to figure out if we're trying to do too much w/ this router,
    or if it's our configuration. Naturally, we didn't have this problem
    until we started filtering. Using this device to route the subnets
    could be adding to the problem, but we were having the slow down
    issues before we subnetted the network.

    We don't seem to be running out of memory as the slow down occurs even
    when we still have almost 50% free memory. We do have multiple people
    being routed to an internal VPN server (as shown in the
    configuration), but even without them connected it seems there's
    enough internet traffic going on to slow things down over time as
    well.

    Any help would be appreciated. We don't want to go spending $1K's on a
    faster router when all it'll do is extend the amount of time before a
    slow down.

    Thx,

    Eric Swartz

    Configuration Follows:

    Current configuration:
    !
    version 12.1
    service timestamps debug uptime
    service timestamps log datetime localtime
    service password-encryption
    !
    hostname 2621R
    !
    logging buffered 4096 debugging
    enable secret 5 $1$BeaA$qtuzsXAFQPlr62DhijcP4.
    !
    !
    !
    !
    !
    ip subnet-zero
    no ip source-route
    ip name-server 216.68.1.100
    !
    ip audit notify log
    ip audit po max-events 100
    ip reflexive-list timeout 60
    isdn switch-type basic-ni
    !
    !
    !
    interface FastEthernet0/0
    description connected to EthernetLAN
    ip address 10.92.0.1 255.255.255.0
    ip nat inside
    duplex auto
    speed auto
    no cdp enable
    !
    interface BRI0/0
    no ip address
    shutdown
    isdn switch-type basic-ni
    no cdp enable
    !
    interface Serial0/0
    description connected to Internet
    ip address 66.161.130.2 255.255.255.252
    ip access-group inbound in
    ip access-group outbound out
    ip nat outside
    fair-queue
    no cdp enable
    !
    interface FastEthernet0/1
    ip address 10.92.1.1 255.255.255.0
    ip nat inside
    duplex auto
    speed auto
    no cdp enable
    !
    ip nat pool 2621R-nat 66.161.226.34 66.161.226.34 netmask
    255.255.255.224
    ip nat inside source list 1 pool 2621R-nat overload
    ip nat inside source static 10.92.0.2 66.161.226.60
    ip nat inside source static 10.92.0.8 66.161.226.62
    ip classless
    ip route 0.0.0.0 0.0.0.0 Serial0/0
    no ip http server
    !
    !
    ip access-list extended inbound
    deny ip 10.0.0.0 0.255.255.255 any
    deny ip 127.0.0.0 0.255.255.255 any
    deny ip 172.16.0.0 0.15.255.255 any
    deny ip 192.168.0.0 0.0.255.255 any
    permit tcp any any established
    permit tcp any host 66.161.226.60 eq smtp
    permit tcp any host 66.161.226.60 eq pop3
    permit tcp any host 66.161.226.60 eq 143
    permit tcp any host 66.161.226.62 eq www
    permit tcp any host 66.161.226.62 eq 1723
    permit gre any any
    evaluate outfilter
    ip access-list extended outbound
    permit tcp host 66.161.226.60 any gt 1023 established
    permit tcp host 66.161.226.62 any gt 1023 established
    permit tcp any any eq www
    permit tcp any any eq smtp
    permit tcp any any eq ftp reflect outfilter
    permit tcp any any eq ftp-data reflect outfilter
    permit udp any any eq domain reflect outfilter
    permit tcp any any eq domain reflect outfilter
    permit tcp any any eq pop3
    permit tcp any any eq 443
    permit tcp any any eq 445
    permit tcp any any eq 1494
    permit tcp any any eq 1723
    permit tcp any any eq 1863
    permit tcp any any eq 1996
    permit tcp any any eq 1997
    permit tcp any any eq 5900
    permit gre any any
    access-list 1 permit 10.92.0.0 0.0.255.255
    no cdp run
    banner motd ^CUnauthorized Access is Prohibited!!!^C
    !
    line con 0
    exec-timeout 0 0
    password 7 105C08171618
    login
    transport input none
    line aux 0
    line vty 0 4
    password 7 105C08171618
    login
    !
    ntp clock-period 17180313
    ntp server 192.5.41.209 source Serial0/0
    end
    Eric Swartz, Dec 1, 2003
    #1
    1. Advertising

  2. Eric Swartz

    ERP Guest

    Slowing down is kind of vague but, here are some things to try. The router
    should be ok unless you are sending a massive amount of traffic through it.
    Do a "sh proc cpu" and look to see what processes are using the most CPU.
    If you have a very high IP input make sure you don't have a wrom infecting
    you network. We had the welchia worm on some of our pc's and it tries to
    connect to internet addresses. A few infected pc's were sending over2 mg per
    sec. of traffic to the internet and would eventually crash the router.
    If you don't have a worm try turning on cef with the "ip cef" command. It's
    much better then prcess switched.
    If you don't have a worm and you still have a lot of input traffic turn on
    netflow switching.
    under the interface type " ip route cache flow"
    then do a sh ip cache flow
    this will give you a break down of traffic per protocol. If you do have a
    shortage of capacity you could try some priority queing/ class of service
    type stuff.
    I am typing the commands above from memory so the syntax may not be exact
    but, pretty close.

    "Eric Swartz" <> wrote in message
    news:...
    > Help! We have a Cisco 2621 (attached is the configuration) that slows
    > down over time... to the point where the only solution is to reboot
    > the router. We're doing some filtering to the outside, and we're
    > routing two subnets through the LAN ports, both to each other and to
    > the serial port (our T1 connection to the internet).
    >
    > We need to figure out if we're trying to do too much w/ this router,
    > or if it's our configuration. Naturally, we didn't have this problem
    > until we started filtering. Using this device to route the subnets
    > could be adding to the problem, but we were having the slow down
    > issues before we subnetted the network.
    >
    > We don't seem to be running out of memory as the slow down occurs even
    > when we still have almost 50% free memory. We do have multiple people
    > being routed to an internal VPN server (as shown in the
    > configuration), but even without them connected it seems there's
    > enough internet traffic going on to slow things down over time as
    > well.
    >
    > Any help would be appreciated. We don't want to go spending $1K's on a
    > faster router when all it'll do is extend the amount of time before a
    > slow down.
    >
    > Thx,
    >
    > Eric Swartz
    >
    > Configuration Follows:
    >
    > Current configuration:
    > !
    > version 12.1
    > service timestamps debug uptime
    > service timestamps log datetime localtime
    > service password-encryption
    > !
    > hostname 2621R
    > !
    > logging buffered 4096 debugging
    > enable secret 5 $1$BeaA$qtuzsXAFQPlr62DhijcP4.
    > !
    > !
    > !
    > !
    > !
    > ip subnet-zero
    > no ip source-route
    > ip name-server 216.68.1.100
    > !
    > ip audit notify log
    > ip audit po max-events 100
    > ip reflexive-list timeout 60
    > isdn switch-type basic-ni
    > !
    > !
    > !
    > interface FastEthernet0/0
    > description connected to EthernetLAN
    > ip address 10.92.0.1 255.255.255.0
    > ip nat inside
    > duplex auto
    > speed auto
    > no cdp enable
    > !
    > interface BRI0/0
    > no ip address
    > shutdown
    > isdn switch-type basic-ni
    > no cdp enable
    > !
    > interface Serial0/0
    > description connected to Internet
    > ip address 66.161.130.2 255.255.255.252
    > ip access-group inbound in
    > ip access-group outbound out
    > ip nat outside
    > fair-queue
    > no cdp enable
    > !
    > interface FastEthernet0/1
    > ip address 10.92.1.1 255.255.255.0
    > ip nat inside
    > duplex auto
    > speed auto
    > no cdp enable
    > !
    > ip nat pool 2621R-nat 66.161.226.34 66.161.226.34 netmask
    > 255.255.255.224
    > ip nat inside source list 1 pool 2621R-nat overload
    > ip nat inside source static 10.92.0.2 66.161.226.60
    > ip nat inside source static 10.92.0.8 66.161.226.62
    > ip classless
    > ip route 0.0.0.0 0.0.0.0 Serial0/0
    > no ip http server
    > !
    > !
    > ip access-list extended inbound
    > deny ip 10.0.0.0 0.255.255.255 any
    > deny ip 127.0.0.0 0.255.255.255 any
    > deny ip 172.16.0.0 0.15.255.255 any
    > deny ip 192.168.0.0 0.0.255.255 any
    > permit tcp any any established
    > permit tcp any host 66.161.226.60 eq smtp
    > permit tcp any host 66.161.226.60 eq pop3
    > permit tcp any host 66.161.226.60 eq 143
    > permit tcp any host 66.161.226.62 eq www
    > permit tcp any host 66.161.226.62 eq 1723
    > permit gre any any
    > evaluate outfilter
    > ip access-list extended outbound
    > permit tcp host 66.161.226.60 any gt 1023 established
    > permit tcp host 66.161.226.62 any gt 1023 established
    > permit tcp any any eq www
    > permit tcp any any eq smtp
    > permit tcp any any eq ftp reflect outfilter
    > permit tcp any any eq ftp-data reflect outfilter
    > permit udp any any eq domain reflect outfilter
    > permit tcp any any eq domain reflect outfilter
    > permit tcp any any eq pop3
    > permit tcp any any eq 443
    > permit tcp any any eq 445
    > permit tcp any any eq 1494
    > permit tcp any any eq 1723
    > permit tcp any any eq 1863
    > permit tcp any any eq 1996
    > permit tcp any any eq 1997
    > permit tcp any any eq 5900
    > permit gre any any
    > access-list 1 permit 10.92.0.0 0.0.255.255
    > no cdp run
    > banner motd ^CUnauthorized Access is Prohibited!!!^C
    > !
    > line con 0
    > exec-timeout 0 0
    > password 7 105C08171618
    > login
    > transport input none
    > line aux 0
    > line vty 0 4
    > password 7 105C08171618
    > login
    > !
    > ntp clock-period 17180313
    > ntp server 192.5.41.209 source Serial0/0
    > end
    ERP, Dec 1, 2003
    #2
    1. Advertising

  3. Eric Swartz

    Eric Swartz Guest

    Thanks! What you just explained is exactly what I was looking for.
    I'm not a Cisco expert by any stretch of the imagination, so adding
    "ip route cache flow" to the configuration and then running "sh ip
    cache flow" allowed me to find a couple machines we had just recently
    imaged (with an older image not yet patched) that had the Nachi worm.

    Another connected their laptop to the network and the cpu utilization
    skyrocketed... sure enough I tracked him down too.

    Now if I can find some software to help me monitor this real time (or
    semi-real time) I'll be set.

    Thanks again for your help!

    Eric



    "ERP" <> wrote in message news:<>...
    > Slowing down is kind of vague but, here are some things to try. The router
    > should be ok unless you are sending a massive amount of traffic through it.
    > Do a "sh proc cpu" and look to see what processes are using the most CPU.
    > If you have a very high IP input make sure you don't have a wrom infecting
    > you network. We had the welchia worm on some of our pc's and it tries to
    > connect to internet addresses. A few infected pc's were sending over2 mg per
    > sec. of traffic to the internet and would eventually crash the router.
    > If you don't have a worm try turning on cef with the "ip cef" command. It's
    > much better then prcess switched.
    > If you don't have a worm and you still have a lot of input traffic turn on
    > netflow switching.
    > under the interface type " ip route cache flow"
    > then do a sh ip cache flow
    > this will give you a break down of traffic per protocol. If you do have a
    > shortage of capacity you could try some priority queing/ class of service
    > type stuff.
    > I am typing the commands above from memory so the syntax may not be exact
    > but, pretty close.
    >
    > "Eric Swartz" <> wrote in message
    > news:...
    > > Help! We have a Cisco 2621 (attached is the configuration) that slows
    > > down over time... to the point where the only solution is to reboot
    > > the router. We're doing some filtering to the outside, and we're
    > > routing two subnets through the LAN ports, both to each other and to
    > > the serial port (our T1 connection to the internet).
    > >
    > > We need to figure out if we're trying to do too much w/ this router,
    > > or if it's our configuration. Naturally, we didn't have this problem
    > > until we started filtering. Using this device to route the subnets
    > > could be adding to the problem, but we were having the slow down
    > > issues before we subnetted the network.
    > >
    > > We don't seem to be running out of memory as the slow down occurs even
    > > when we still have almost 50% free memory. We do have multiple people
    > > being routed to an internal VPN server (as shown in the
    > > configuration), but even without them connected it seems there's
    > > enough internet traffic going on to slow things down over time as
    > > well.
    > >
    > > Any help would be appreciated. We don't want to go spending $1K's on a
    > > faster router when all it'll do is extend the amount of time before a
    > > slow down.
    > >
    > > Thx,
    > >
    > > Eric Swartz
    > >
    > > Configuration Follows:
    > >
    > > Current configuration:
    > > !
    > > version 12.1
    > > service timestamps debug uptime
    > > service timestamps log datetime localtime
    > > service password-encryption
    > > !
    > > hostname 2621R
    > > !
    > > logging buffered 4096 debugging
    > > enable secret 5 $1$BeaA$qtuzsXAFQPlr62DhijcP4.
    > > !
    > > !
    > > !
    > > !
    > > !
    > > ip subnet-zero
    > > no ip source-route
    > > ip name-server 216.68.1.100
    > > !
    > > ip audit notify log
    > > ip audit po max-events 100
    > > ip reflexive-list timeout 60
    > > isdn switch-type basic-ni
    > > !
    > > !
    > > !
    > > interface FastEthernet0/0
    > > description connected to EthernetLAN
    > > ip address 10.92.0.1 255.255.255.0
    > > ip nat inside
    > > duplex auto
    > > speed auto
    > > no cdp enable
    > > !
    > > interface BRI0/0
    > > no ip address
    > > shutdown
    > > isdn switch-type basic-ni
    > > no cdp enable
    > > !
    > > interface Serial0/0
    > > description connected to Internet
    > > ip address 66.161.130.2 255.255.255.252
    > > ip access-group inbound in
    > > ip access-group outbound out
    > > ip nat outside
    > > fair-queue
    > > no cdp enable
    > > !
    > > interface FastEthernet0/1
    > > ip address 10.92.1.1 255.255.255.0
    > > ip nat inside
    > > duplex auto
    > > speed auto
    > > no cdp enable
    > > !
    > > ip nat pool 2621R-nat 66.161.226.34 66.161.226.34 netmask
    > > 255.255.255.224
    > > ip nat inside source list 1 pool 2621R-nat overload
    > > ip nat inside source static 10.92.0.2 66.161.226.60
    > > ip nat inside source static 10.92.0.8 66.161.226.62
    > > ip classless
    > > ip route 0.0.0.0 0.0.0.0 Serial0/0
    > > no ip http server
    > > !
    > > !
    > > ip access-list extended inbound
    > > deny ip 10.0.0.0 0.255.255.255 any
    > > deny ip 127.0.0.0 0.255.255.255 any
    > > deny ip 172.16.0.0 0.15.255.255 any
    > > deny ip 192.168.0.0 0.0.255.255 any
    > > permit tcp any any established
    > > permit tcp any host 66.161.226.60 eq smtp
    > > permit tcp any host 66.161.226.60 eq pop3
    > > permit tcp any host 66.161.226.60 eq 143
    > > permit tcp any host 66.161.226.62 eq www
    > > permit tcp any host 66.161.226.62 eq 1723
    > > permit gre any any
    > > evaluate outfilter
    > > ip access-list extended outbound
    > > permit tcp host 66.161.226.60 any gt 1023 established
    > > permit tcp host 66.161.226.62 any gt 1023 established
    > > permit tcp any any eq www
    > > permit tcp any any eq smtp
    > > permit tcp any any eq ftp reflect outfilter
    > > permit tcp any any eq ftp-data reflect outfilter
    > > permit udp any any eq domain reflect outfilter
    > > permit tcp any any eq domain reflect outfilter
    > > permit tcp any any eq pop3
    > > permit tcp any any eq 443
    > > permit tcp any any eq 445
    > > permit tcp any any eq 1494
    > > permit tcp any any eq 1723
    > > permit tcp any any eq 1863
    > > permit tcp any any eq 1996
    > > permit tcp any any eq 1997
    > > permit tcp any any eq 5900
    > > permit gre any any
    > > access-list 1 permit 10.92.0.0 0.0.255.255
    > > no cdp run
    > > banner motd ^CUnauthorized Access is Prohibited!!!^C
    > > !
    > > line con 0
    > > exec-timeout 0 0
    > > password 7 105C08171618
    > > login
    > > transport input none
    > > line aux 0
    > > line vty 0 4
    > > password 7 105C08171618
    > > login
    > > !
    > > ntp clock-period 17180313
    > > ntp server 192.5.41.209 source Serial0/0
    > > end
    Eric Swartz, Dec 2, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JimD
    Replies:
    17
    Views:
    6,715
    ßnôtråg
    May 11, 2005
  2. Bones

    Router slows things down

    Bones, Jul 23, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    542
    Ryan Garvey
    Jul 23, 2003
  3. stickems

    mouse slows down and stops

    stickems, Jul 23, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    594
    Unknown
    Jul 24, 2003
  4. BasketCase

    Comp slows down.

    BasketCase, Oct 11, 2003, in forum: Computer Support
    Replies:
    7
    Views:
    579
    Mike H
    Oct 23, 2003
  5. Theo Markettos

    VOIP over VPN over TCP over WAP over 3G

    Theo Markettos, Feb 3, 2008, in forum: UK VOIP
    Replies:
    2
    Views:
    821
    Theo Markettos
    Feb 14, 2008
Loading...

Share This Page