cisco 2800

[promisek2]

i have a cisco 2800 that i use for one of my branches. the memory usage flactuates between 20% and 100%. when it reaches 100%, it freezes and i have to restart the router.it does this almost after every 5-6 hrs. i have pasted my configs. thanks for your help in advznce.


SSC_2801#sh run
Building configuration...

Current configuration : 8840 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SSC_2801
!
boot-start-marker
boot system flash c2801-adventerprisek9-mz.124-16.bin
boot system flash c2801-ipbase-mz.124-16a.bin
boot-end-marker
!
logging buffered 10000 debugging
enable secret 5 $1$ouPz$IFO4816QEE.uv5j5zOc1M/
!
aaa new-model
!
!
aaa authentication password-prompt Password:
aaa authentication username-prompt ROUTER-LOGIN:
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authentication ppp default local
aaa authorization exec default group tacacs+ local
aaa authorization commands 14 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa authorization network default if-authenticated
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 5 default start-stop group tacacs+
aaa accounting commands 14 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
!
aaa session-id common
ip cef
ip cef accounting per-prefix non-recursive prefix-length
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.70.85.200
ip dhcp excluded-address 10.70.85.221
ip dhcp excluded-address 10.70.85.1 10.70.85.100
ip dhcp excluded-address 10.70.85.218
ip dhcp excluded-address 10.70.85.250
ip dhcp excluded-address 10.70.85.217
ip dhcp excluded-address 10.70.85.204
ip dhcp excluded-address 10.70.85.205
ip dhcp excluded-address 10.70.85.223
ip dhcp excluded-address 10.70.85.222
ip dhcp excluded-address 10.70.85.119
ip dhcp excluded-address 10.70.85.219
ip dhcp excluded-address 10.70.85.224
!
ip dhcp pool SSC
network 10.70.85.0 255.255.255.0
dns-server xxxxxxxxx
default-router 10.70.85.221
domain-name xxxxxxxxx
netbios-name-server 100.0.0.1
!
ip dhcp pool ssc
dns-server xxxxxxxxxxx
!
!
ip name-server xxxxxxxxxx
ip name-server xxxxxxxxxxxxx
ip sla monitor 1
type echo protocol ipIcmpEcho 10.255.5.81
timeout 1000
threshold 2
frequency 3
ip sla monitor schedule 1 life forever start-time now
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
local name my-vpn
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!

archive
log config
hidekeys
!
!
!
track 100 rtr 2 reachability
!
track 123 rtr 1 reachability
!
!
crypto isakmp policy 5
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key 2embp11b@2799 address xxxxxxxx
!
!
crypto ipsec transform-set STRONG esp-3des esp-sha-hmac
!
crypto map xxxxxx 10 ipsec-isakmp
set peer xxxxxxxxx
set transform-set STRONG
set pfs group2
match address 107
!
!
!
!
interface Tunnel0
no ip address
!
interface Tunnel2
description to xxxxxx
ip address 12.12.12.1 255.255.255.252
ip mtu 1400
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1360
tunnel source 120.120.0.207
tunnel destination 192.168.200.22
tunnel mode ipip
!
interface Tunnel3
description xxxxxx
ip address 12.12.12.5 255.255.255.252
ip nat inside
ip virtual-reassembly
tunnel source 120.120.0.207
tunnel destination 192.168.214.243
!
interface Tunnel4
description xxxxx
bandwidth 10000000
ip address 10.10.30.1 255.255.255.252
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1436
tunnel source 41.xxxxxx
tunnel destination 41.xxxxxx
tunnel mode ipip
!
interface FastEthernet0/0
description WAN
no ip address
load-interval 30
duplex auto
speed auto
!
interface FastEthernet0/0.1
description to_Afri_PDN
encapsulation dot1Q 1 native
ip address 120.120.0.207 255.255.0.0
!
interface FastEthernet0/0.94
description Internet
bandwidth 2048
encapsulation dot1Q 94
ip address 19.19.19.1 255.255.255.252 secondary
ip address 41.xxxxxxxx 255.255.255.252
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
crypto map xxxxxx
!
interface FastEthernet0/0.101
description xxxxxxxxxxx
encapsulation dot1Q 101
ip address 100.0.0.4 255.255.255.0
!
interface FastEthernet0/0.203
encapsulation dot1Q 203
ip address 10.222.222.253 255.255.255.0
!
interface FastEthernet0/0.800
encapsulation dot1Q 348
ip address 41.xxxxxxx 255.255.255.252
ip nat outside
ip virtual-reassembly
!
interface FastEthernet0/0.1000
encapsulation dot1Q 1000
ip address 10.13.1.102 255.255.255.0
!
interface FastEthernet0/1
description LAN
ip address 10.12.3.202 255.255.255.0 secondary
ip address 10.70.85.221 255.255.255.0
ip nat inside
ip virtual-reassembly
load-interval 30
duplex auto
speed auto
!
interface FastEthernet0/1.101
!
interface FastEthernet0/1.1001
ip nat outside
ip virtual-reassembly
!
interface Virtual-Template1
ip unnumbered FastEthernet0/1
peer default ip address pool VPN-IN
no keepalive
ppp encrypt mppe 40 required
ppp authentication ms-chap
!
ip local policy route-map test
ip local pool VPN-IN 10.70.85.91 10.70.85.94
ip route 10.255.5.80 255.255.255.252 120.120.0.253 track 123
ip route 0.0.0.0 0.0.0.0 41xxxxxxx
ip route 10.1.2.0 255.255.255.252 120.120.0.253
ip route 10.1.8.0 255.255.255.0 120.120.0.253
ip route 10.11.0.0 255.255.255.0 120.120.0.45
ip route 10.12.3.17 255.255.255.255 10.12.3.246
ip route 10.77.90.0 255.255.255.0 120.120.3.4
ip route 10.251.0.0 255.255.255.0 10.13.1.1
ip route 10.253.0.0 255.255.255.0 120.120.0.45
ip route 10.253.1.0 255.255.255.0 120.120.0.45
ip route 10.255.5.80 255.255.255.252 19.19.19.2 254
ip route 140.140.0.0 255.255.0.0 120.120.0.253
ip route 172.16.5.0 255.255.255.224 120.120.0.253
ip route 192.168.0.0 255.255.255.0 100.0.0.254
ip route 192.168.1.0 255.255.255.0 120.120.0.253
ip route 192.168.200.0 255.255.255.0 120.120.0.253
ip route 192.168.214.0 255.255.255.0 120.120.0.253
ip route 192.168.218.0 255.255.255.0 12.12.12.6
ip route 192.168.218.0 255.255.255.0 120.120.0.253
ip route 192.168.220.4 255.255.255.252 120.120.0.253
ip route 196.44.176.73 255.255.255.255 41xxxxxxxx
ip route 200.200.10.0 255.255.255.0 12.12.12.2
!
!
ip http server
ip http port 2799
no ip http secure-server
ip nat inside source route-map POLICY-NAT interface FastEthernet0/0.94 overload
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0.94 overload
ip nat inside source static tcp 10.251.0.21 80 41.xxxxx 80 extendable
ip nat inside source static tcp 10.70.85.200 22 41.xxxxxxxxxx 22 extendable
ip nat inside source static tcp 10.70.85.222 25 41.xxxxxxxxxx 25 extendable
ip nat inside source static tcp 10.70.85.200 80 41.xxxxxxxxxx 80 extendable
ip nat inside source static tcp 10.70.85.204 443 41.xxxxxxxxxx 443 extendable
ip nat inside source static tcp 10.70.85.204 3389 41.xxxxxxxxxx 3389 extendable
ip nat inside source static tcp 10.70.85.200 8080 41.xxxxxxxxxx 8080 extendable
ip nat inside source static tcp 10.70.85.222 8081 41.xxxxxxxxxx 8081 extendable
ip nat inside source static tcp 10.70.85.87 8443 41.xxxxxxxxxx 8443 extendable
ip nat inside source static tcp 10.70.85.30 8980 41.xxxxxxxxxx 8980 extendable
ip nat inside source static tcp 10.70.85.30 22 41.xxxxxxxxxx 10000 extendable
!
ip access-list extended NAT
deny ip 10.70.85.0 0.0.0.255 172.18.31.48 0.0.0.15
permit ip 10.70.85.0 0.0.0.255 any
permit ip 200.200.10.0 0.0.0.255 any
permit ip 192.168.218.0 0.0.0.255 any
ip access-list extended to_tdm
permit ip host 10.70.85.224 any
permit ip host 10.70.85.168 any
!
access-list 101 permit icmp any host 10.255.5.82 echo
access-list 107 permit ip 10.70.85.0 0.0.0.255 172.18.31.48 0.0.0.15
access-list 107 permit ip 200.200.10.0 0.0.0.255 172.18.31.48 0.0.0.15
access-list 107 permit ip 192.168.218.0 0.0.0.255 172.18.31.48 0.0.0.15

!
route-map test permit 10
match ip address 101
set ip next-hop 120.120.0.253
set interface Null0
!
route-map to_tdm permit 10
match ip address to_tdm
set ip next-hop 10.10.30.2
!
route-map POLICY-NAT permit 10
match ip address NAT
!
!
!

!
control-plane
!
!
!
!
!
!
!
!
alias exec tdm ip policy route-map to_tdm
!
line con 0
password xxxxx
line aux 0
line vty 0 4
password xxxxx
line vty 5 807
!
scheduler allocate 20000 1000
end

SSC_2801#

 

[dgrizzard]

Run this command and see which processes are taking up the memory first...(when this happens)

show processes memory sorted

 

[promisek2]

this is whats holding up the memory. what does that mean

SSC_2801#show processes memory sorted
Processor Pool Total: 293507184 Used: 96382188 Free: 197124996
I/O Pool Total: 40894464 Used: 4278144 Free: 36616320

PID TTY Allocated Freed Holding Getbufs Retbufs Process
1 0 65270056 26468 65250560 0 0 Chunk Manager
0 0 52701312 11446576 30793828 0 0 *Init*
39 0 654480 1272 635208 0 0 USB Startup
153 0 365620 37092 341108 0 0 IPSEC key engine
18 0 256804 0 266776 113400 0 EEM ED Syslog

 

[dgrizzard]

I would also do a show logg to see if you have a lot of messages regarding fragment table above threshold on a specific interface. The chunk manager is for managing fragmentation in memory. It looks like it has a memory leak (its not releasing the memory back to the system) so eventually you will get to 100% again and need to reload.

Two things, let's see what the log says. Then we can fix the fragmentation and then to fix the memory leak on Chunk Manager you will most likely need to switch IOS version (most likely is a bug in your version). But even if you switch to a new version the fragmentation issue still needs to be corrected.