Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Connectivity issue and IP Helper-Address

Status
Not open for further replies.
seong76

seong76

IS-IT--Management
Jan 17, 2002
45
US
Hi,
I've been asked to troubleshoot two Cisco 2801s, where one side is experiencing connectivity issues and they have to reboot the router to get connectivity back. I'm a Cisco newb and I despearately need some help. I've already been on the phone with ISP and they are not helping at all.

Here's the setup. Each router has its own connection to the ISP and they have another Interface connecting the two site Point-to-Point. Office B notices that they're not able to access Internet or make Voip calls through Office A. They manually power cycle Office B router and and everything works fine.

I want to log the CPU and Mem usage, but I do not know how... I also noticed the IP helper-address configured on the OFFICE B router, which I do not think is right. The DHCP server is in OFFICE A, but the IP helper address points to an IP address that is internal....

They also some sort of LAN Messenger called SoftPro, which I never heard of that broadcasts to find Messenger clients. Can broadcast traffic bring down the router? How and can I determine when too much is too much?

And it seems like they have policy base route maps for VoIP traffce, if someone out there can help me look over those settings, it would be nice to know that those are in correct.

Below is the config from OFFICE B.
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authentication login sdm_vpn_xauth_ml_3 local
aaa authentication login sdm_vpn_xauth_ml_4 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
aaa authorization network sdm_vpn_group_ml_3 local
aaa authorization network sdm_vpn_group_ml_4 local
!
aaa session-id common
!
resource policy
!
no network-clock-participate wic 1
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef table adjacency-prefix validate
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
ip ips notify SDEE
no ip domain lookup
ip name-server 10.140.16.254
ip name-server 10.140.17.254
!
!
!
controller T1 0/1/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/1/1
framing esf
clock source internal
linecode b8zs
channel-group 0 timeslots 1-24
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 3
encr 3des
group 2
!
crypto isakmp client configuration group vpnclient
key .....
pool SDM_POOL_2
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA3
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_4
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_4
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface FastEthernet0/0
description $ETH-LAN$main Ethernet for OFFICE B
ip address 10.1.1.33 255.255.255.224 secondary
ip address 192.168.0.1 255.255.255.0
ip helper-address 192.168.0.254
ip nat inside
ip nat allow-static-host
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
!
interface Serial0/1/0:0
description upstream point-to-point to ISP
ip address 10.89.216.214 255.255.255.252
ip nat outside
ip virtual-reassembly
crypto map SDM_CMAP_1
!
interface Serial0/1/1:0
description point-to-point to OFFICE A
ip address 10.2.0.2 255.255.255.252
ip nat inside
ip virtual-reassembly
!
ip local pool SDM_POOL_1 192.168.168.230 192.168.168.239
ip local pool SDM_POOL_2 192.168.0.230 192.168.0.239
ip classless
ip route 0.0.0.0 0.0.0.0 65.89.216.213
ip route 0.0.0.0 0.0.0.0 10.2.0.1 2
ip route 192.168.2.0 255.255.255.0 10.2.0.1
!
ip http server
no ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Serial0/1/0:0 overload
ip nat inside source static tcp 192.168.0.253 6130 10.89.216.214 6130 extendable
ip nat inside source static tcp 192.168.0.254 6131 10.89.216.214 6131 route-map SDM_RMAP_6 extendable
ip nat inside source static tcp 192.168.2.254 6132 10.89.216.214 6132 route-map SDM_RMAP_4 extendable
ip nat inside source static tcp 192.168.2.253 6133 10.89.216.214 6133 route-map SDM_RMAP_2 extendable
ip nat inside source static tcp 192.168.2.252 6134 10.89.216.214 6134 route-map SDM_RMAP_3 extendable
ip nat inside source static tcp 192.168.2.251 6135 10.89.216.214 6135 route-map SDM_RMAP_7 extendable
!
access-list 10 remark SDM_ACL Category=16
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 10 permit 192.168.2.0 0.0.0.255
access-list 100 remark SDM_ACL Category=2
access-list 100 deny ip any host 192.168.0.230
access-list 100 deny ip any host 192.168.0.231
access-list 100 deny ip any host 192.168.0.232
access-list 100 deny ip any host 192.168.0.233
access-list 100 deny ip any host 192.168.0.234
access-list 100 deny ip any host 192.168.0.235
access-list 100 deny ip any host 192.168.0.236
access-list 100 deny ip any host 192.168.0.237
access-list 100 deny ip any host 192.168.0.238
access-list 100 deny ip any host 192.168.0.239
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 101 remark SDM_ACL Category=2
access-list 101 deny ip host 192.168.2.253 host 192.168.0.239
access-list 101 deny ip host 192.168.2.253 host 192.168.0.238
access-list 101 deny ip host 192.168.2.253 host 192.168.0.237
access-list 101 deny ip host 192.168.2.253 host 192.168.0.236
access-list 101 deny ip host 192.168.2.253 host 192.168.0.235
access-list 101 deny ip host 192.168.2.253 host 192.168.0.234
access-list 101 deny ip host 192.168.2.253 host 192.168.0.233
access-list 101 deny ip host 192.168.2.253 host 192.168.0.232
access-list 101 deny ip host 192.168.2.253 host 192.168.0.231
access-list 101 deny ip host 192.168.2.253 host 192.168.0.230
access-list 101 permit ip host 192.168.2.253 any
access-list 102 remark SDM_ACL Category=2
access-list 102 deny ip host 192.168.2.252 host 192.168.0.239
access-list 102 deny ip host 192.168.2.252 host 192.168.0.238
access-list 102 deny ip host 192.168.2.252 host 192.168.0.237
access-list 102 deny ip host 192.168.2.252 host 192.168.0.236
access-list 102 deny ip host 192.168.2.252 host 192.168.0.235
access-list 102 deny ip host 192.168.2.252 host 192.168.0.234
access-list 102 deny ip host 192.168.2.252 host 192.168.0.233
access-list 102 deny ip host 192.168.2.252 host 192.168.0.232
access-list 102 deny ip host 192.168.2.252 host 192.168.0.231
access-list 102 deny ip host 192.168.2.252 host 192.168.0.230
access-list 102 permit ip host 192.168.2.252 any
access-list 103 remark SDM_ACL Category=2
access-list 103 deny ip host 192.168.2.254 host 192.168.0.239
access-list 103 deny ip host 192.168.2.254 host 192.168.0.238
access-list 103 deny ip host 192.168.2.254 host 192.168.0.237
access-list 103 deny ip host 192.168.2.254 host 192.168.0.236
access-list 103 deny ip host 192.168.2.254 host 192.168.0.235
access-list 103 deny ip host 192.168.2.254 host 192.168.0.234
access-list 103 deny ip host 192.168.2.254 host 192.168.0.233
access-list 103 deny ip host 192.168.2.254 host 192.168.0.232
access-list 103 deny ip host 192.168.2.254 host 192.168.0.231
access-list 103 deny ip host 192.168.2.254 host 192.168.0.230
access-list 103 permit ip host 192.168.2.254 any
access-list 104 remark SDM_ACL Category=2
access-list 104 deny ip host 192.168.0.253 host 192.168.0.239
access-list 104 deny ip host 192.168.0.253 host 192.168.0.238
access-list 104 deny ip host 192.168.0.253 host 192.168.0.237
access-list 104 deny ip host 192.168.0.253 host 192.168.0.236
access-list 104 deny ip host 192.168.0.253 host 192.168.0.235
access-list 104 deny ip host 192.168.0.253 host 192.168.0.234
access-list 104 deny ip host 192.168.0.253 host 192.168.0.233
access-list 104 deny ip host 192.168.0.253 host 192.168.0.232
access-list 104 deny ip host 192.168.0.253 host 192.168.0.231
access-list 104 deny ip host 192.168.0.253 host 192.168.0.230
access-list 104 permit ip host 192.168.0.253 any
access-list 105 remark SDM_ACL Category=2
access-list 105 deny ip host 192.168.0.254 host 192.168.0.239
access-list 105 deny ip host 192.168.0.254 host 192.168.0.238
access-list 105 deny ip host 192.168.0.254 host 192.168.0.237
access-list 105 deny ip host 192.168.0.254 host 192.168.0.236
access-list 105 deny ip host 192.168.0.254 host 192.168.0.235
access-list 105 deny ip host 192.168.0.254 host 192.168.0.234
access-list 105 deny ip host 192.168.0.254 host 192.168.0.233
access-list 105 deny ip host 192.168.0.254 host 192.168.0.232
access-list 105 deny ip host 192.168.0.254 host 192.168.0.231
access-list 105 deny ip host 192.168.0.254 host 192.168.0.230
access-list 105 permit ip host 192.168.0.254 any
access-list 106 remark SDM_ACL Category=2
access-list 106 deny ip host 192.168.2.251 host 192.168.0.239
access-list 106 deny ip host 192.168.2.251 host 192.168.0.238
access-list 106 deny ip host 192.168.2.251 host 192.168.0.237
access-list 106 deny ip host 192.168.2.251 host 192.168.0.236
access-list 106 deny ip host 192.168.2.251 host 192.168.0.235
access-list 106 deny ip host 192.168.2.251 host 192.168.0.234
access-list 106 deny ip host 192.168.2.251 host 192.168.0.233
access-list 106 deny ip host 192.168.2.251 host 192.168.0.232
access-list 106 deny ip host 192.168.2.251 host 192.168.0.231
access-list 106 deny ip host 192.168.2.251 host 192.168.0.230
access-list 106 permit ip host 192.168.2.251 any
disable-eadi
route-map SDM_RMAP_4 permit 1
match ip address 103
!
route-map SDM_RMAP_5 permit 1
match ip address 104
!
route-map SDM_RMAP_6 permit 1
match ip address 105
!
route-map SDM_RMAP_7 permit 1
match ip address 106
!
route-map SDM_RMAP_1 permit 1
match ip address 100
!
route-map SDM_RMAP_2 permit 1
match ip address 101
!
route-map SDM_RMAP_3 permit 1
match ip address 102
 
Sort by date Sort by votes
IP helper address tells the router what to do with DHCP requests that it receives -- normally this is for remote sites that maybe don't have any servers at all but you still want them to grab IPs for phones or whatever. Strange to have the helper address on the same subnet as the ethernet ports, though... I'm not saying it's wrong but it's odd.

I'd suggest setting up syslog so at least you can see what's going on in the router -- it's easier to do that than stare at all the memory and CPU reports. If you can isolate something that happens right before it crashes it might help. Check our Kiwi syslogd (google it), which is free and will get you started. You'll need to add "logging 192.168.x.x" to your config where 192.168.x.x is the IP address of the PC running syslogd.
 
Upvote 0 Downvote
I'm glad I'm not alone in thinking that the ip helper-address seem odd. Thanks for the info on syslog, I'll start researching it. Hopfully I'll have something more interesting to post after getting some logs. Thanks!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
136
Lccarter
Lccarter
phonedudeSr
  • Locked
  • Question
Cisco Unity Connection Subscriber issue
Replies
2
Views
105
phonedudeSr
phonedudeSr
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
71
NavinNet
NavinNet
Delta5
  • Locked
  • Question
Cisco setting for automatic ip arp cache refresh
Replies
3
Views
321
iggsterman
iggsterman
dmourghen
  • Locked
  • Question
PBR issue and Access-list
Replies
0
Views
85
dmourghen
dmourghen

Part and Inventory Search

Sponsor

Back
Top