Please help with tracking lost packets via Cisco 2524??

Discussion in 'Cisco' started by Joshua Colvin, Oct 22, 2003.

  1. Hi all,
    We have software that talks to a webserver internal to our LAN. Now if
    the clients are inside our LAN they work great, no problems. However
    when outside our LAN there are certain periods of time where our
    gateway gets no packets and the clients timeout waiting for a connect.
    Sniffing packets I see them leaving the client machine, but never
    getting to our gateway, so I have a feeling it's our router.

    We have a Cisco 2524 using a full T1 span configured the following

    cisco1>>show running-config
    Building configuration...

    Current configuration:
    version 11.1
    service config
    service slave-log
    service udp-small-servers
    service tcp-small-servers
    hostname cisco1
    enable secret 5 #####
    enable password #####
    username admin
    prompt cisco1>>
    interface Ethernet0
    ip address
    interface Serial0
    ip address
    encapsulation frame-relay IETF
    no fair-queue
    service-module t1 timeslots 1-24
    frame-relay map ip 50 IETF nocompress
    interface Serial1
    no ip address
    router igrp 1
    ip classless
    ip route
    logging buffered
    access-list 150 permit ip any any
    snmp-server community marisys RO
    snmp-server community public RO
    banner incoming ^Celcome
    line con 0
    line aux 0
    line vty 0 4
    password #####


    I've been trying to learn how to sniff packets on the router itself,
    but I never see what I expect. For example, if I do:

    terminal monitor
    config t
    access-list 150 permit ip any any
    debug ip packet 150
    terminal monitor

    then just HTTP to (or wherever), I never see any packet
    showing going through, even though HTTP traffic is
    obviously occuring. Am I missing some debug option to see these
    packets? Does anyone see anything suspicious with my configuration?
    I've been browsing for over a day reading everything I can
    but no luck so far. My router might not be the problem after all, but
    since I can't even see packets going through that ARE going through,
    I'm not doing at least one thing right.

    I do notice "encapsulation failed" msgs every now and then, and this
    is the result of a test:
    cisco1>>show service-module
    Module type is T1/fractional
    Hardware revision is B, Software revision is 1.2 ,
    Image checksum is 0x2162E11, Protocol revision is 1.1
    Receiver has no alarms.
    Framing is ESF, Line Code is B8ZS, Current clock source is line,
    Fraction has 24 timeslots (64 Kbits/sec each), Net bandwidth is 1536
    Last module self-test (done 00:00:25): Passed
    Last clearing of alarm counters 21:44:55
    loss of signal : 0,
    loss of frame : 2, last occurred 00:00:24
    AIS alarm : 0,
    Remote alarm : 0,
    Module access errors : 0,
    Total Data (last 86 15 minute intervals):
    0 Line Code Violations, 1 Path Code Violations
    0 Slip Secs, 1 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
    1 Errored Secs, 0 Bursty Err Secs, 1 Severely Err Secs, 0 Unavail
    Data in current interval (893 seconds elapsed):
    1 Line Code Violations, 0 Path Code Violations
    0 Slip Secs, 1 Fr Loss Secs, 1 Line Err Secs, 0 Degraded Mins
    1 Errored Secs, 0 Bursty Err Secs, 1 Severely Err Secs, 0 Unavail

    If anyone can offer any advice or suggestions I'd really appreciate
    Joshua Colvin, Oct 22, 2003
  2. You have to turn off fast switching in order for "debug ip packet" to show

    #conf t
    interface Ethernet 0
    no ip route-cache
    interface Serial0
    no ip route-cache
    Barry Margolin, Oct 22, 2003
  3. Barry: thanks a lot for your help. That solved my problem and I'm now
    able to see all packets. :)
    I thought process-switching always occurs during packet establishment
    since there should be nothing in the cache, so I rebooted my router to
    clear out the cache and expected to see atleast the EST packet, but
    apparently that's not the case. Thanks again.
    Joshua Colvin, Oct 23, 2003
