ethernet connections dropping

[davewalden777]

I have a new 1841 for our T1 connection and the ethernet interfaces won't stay up. If we change the speed to 10 it will come up for a second or two then drop, change it to 100 and the same thing happens. I haven't done much router work and what I do know I learned from setting up our pix 501's so I am at a loss as to where to go from here. Everything from the router to the internet is fine, it's the connection from the 1841 to the pix 501 that won't work. I have tried both interfaces(I think this config is using the second one) and both act the same. Can someone take a look at this config and see if there is a problem?
Using 1754 out of 196600 bytes
!
! Last configuration change at 23:34:36 MST Tue Nov 7 2006 by cisco
! NVRAM config last updated at 23:34:41 MST Tue Nov 7 2006 by cisco
!
version 12.4
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Marken-BZMNMT-CPE
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$U8zu$wAtuoA1nI46uHCwwTR00a/
!
no aaa new-model
clock timezone MST -7
clock summer-time MDT recurring
ip cef
!
!
!
!
ip ftp username deploy
ip ftp password 7 14040252080D2F3A25
ip domain name mt.cust.transaria.net
ip name-server 69.51.76.26
!
!
file verify auto
username cisco privilege 15 secret 5 $1$z3z9$76zuxaTGrT96PMA51bYMT/
!
!
!
interface FastEthernet0/0
description Unused
ip address 10.0.0.2 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
description to Pix
ip address 209.137.247.121 255.255.255.252
duplex auto
speed auto
!
interface Serial0/0/0
description To TransAria
ip address 64.25.129.190 255.255.255.252
encapsulation ppp
no fair-queue
!
ip route 0.0.0.0 0.0.0.0 64.25.129.189
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 10.10.10.0 0.0.0.7
dialer-list 1 protocol ip permit
!
!
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
password 7 120B001F1309
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password 7 120B001F1309
login local
transport input telnet
!
scheduler allocate 20000 1000
ntp clock-period 17178798
ntp server 69.51.76.36
ntp server 69.51.76.26
end

 

[Jimtron26]

Have you tried swapping your cable between the two devices?

 

[DanInRaleigh]

davewalden777,

..i think your going to need a cross over between the devices..if not, then i think your going to need a straight through pin out.. lol (pretty sure its cross)
..how are you determining that the interface is dropping?
..by the terminal output..

.i think when you where changing the speeds...the ckt will come up for a second then go back down ...doesnt mean it was really up...

..also...how did you set the pix interface? is it on? speed/duplex..

..if it wasnt the cable or the speed rates..i guess you will paste

..show ip interface brief
..show interface f0/0
..do it on both pix and router pleasee

http://www.daniel-white.com

 

[davewalden777]

when i changed speeds it would show up on the console as f0/1 is up...then it would say it was down and it would stay down.

i have tried both types of cord and believe it needs the x-over - i just unplugged our adsl modem and plugged it into the router. the pix is set up to use the 209.137.247.121 as a gateway(inside interface of router).

the speed on the pix was changed as we changed the router to test different settings(auto,10,100)

I don't have a cord plugged into the router since we need the pix for work during the day.


pasting show ip interface brief(router):
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0/0 10.0.0.2 YES NVRAM up down

FastEthernet0/1 209.137.247.121 YES NVRAM up down

Serial0/0/0 64.25.129.190 YES NVRAM up up

show interface f0/1(router):
FastEthernet0/1 is up, line protocol is down
Hardware is Gt96k FE, address is 0019.aae9.d3c9 (bia 0019.aae9.d3c9)
Description: to Pix
Internet address is 209.137.247.121/30
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, 10Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
13650 packets output, 825731 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

interface on pix:
Result of firewall command: "show interface"

interface ethernet0 "outside" is up, line protocol is up
Hardware is i82559 ethernet, address is 0015.c699.d4a7
IP address 209.137.247.122, subnet mask 255.255.255.192
MTU 1500 bytes, BW 100000 Kbit full duplex
7326858 packets input, 2628555931 bytes, 0 no buffer
Received 156 broadcasts, 825 runts, 0 giants
925 input errors, 100 CRC, 0 frame, 0 overrun, 100 ignored, 0 abort
7299045 packets output, 1655866606 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
1196 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/100)
output queue (curr/max blocks): hardware (0/98) software (0/1)
interface ethernet1 "inside" is up, line protocol is up
Hardware is i82559 ethernet, address is 0015.c699.d4a9
IP address 10.0.0.1, subnet mask 255.255.255.0
MTU 1500 bytes, BW 100000 Kbit full duplex
7427241 packets input, 1395604404 bytes, 0 no buffer
Received 132888 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
7299688 packets output, 2353333074 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/47)
output queue (curr/max blocks): hardware (3/24) software (0/1)

 

[kbing]

manually set the speed and duplex on the router to match the Pix. Your pix looks like it is set for 100/full.

Set your router interface from auto to 100/full.

Then see if it shows up/up.

 

[castlesmadeofsand]

Uh, the mask for the ethernet on the router is /30, and the one on the pix is /26. Also, line protocol is a layer 2 problem. The fact that they are in different subnets could pose a problem...
And it looks like your router fa0/1 is set for 10Mbps, and the PIX is set for 100Mbps, like kbing is suggesting. You know, the router would make an excellent firewall to where you wouldn't even need the PIX...

Also, aren't you going to do any NATting?

Tim

 

[rainman]

Try looking at 1841's ethernet port at the controller level versus the interface level to see if you have any error fields incrementing:

Example:

Router# show controllers FastEthernet0/1
Interface FastEthernet0/1
Hardware is AMD Am79c977
ADDR: 848DA988, FASTSEND: 8011314C, MCI_INDEX: 0
DIST ROUTE ENABLED: 0
Route Cache Flag: 11
LADRF=0x0000 0x0100 0x0000 0x0000
CSR0 =0x00000042, CSR3 =0x00000004, CSR4 =0x0000080C, CSR15 =0x00000000
CSR80 =0x00001800, CSR114=0x00000000, CRDA =0x00000000, CXDA =0x00000000
BCR9 =0x00000001 (full-duplex)
CSR5 =0x00000001, CSR7 =0x00000008, CSR100=0x00000000, CSR125=0x00005C3C
BCR2 =0x00001000, BCR9 =0x00000001, BCR18 =0x00001880, BCR22 =0x00001818
BCR25 =0x00000200, BCR26 =0x00000100, BCR27 =0x00000000, BCR32 =0x00004D80
HW filtering information:
Promiscuous Mode Disabled, PHY Addr Enabled, Broadcast Addr Enabled
PHY Addr=0014.F21C.8DA1, Multicast Filter=0x0000 0x0100 0x0000 0x0000
amdp2_instance=0x848DBA50, registers=0x40100000, ib=0x7971480
rx ring entries=64, tx ring entries=128
rxring=0x79714E0, rxr shadow=0x848DBFAC, rx_head=48, rx_tail=0
txring=0x7971920, txr shadow=0x848DC0E0, tx_head=120, tx_tail=120, tx_count=0
Software MAC address filter(hash:length/addr/mask/hits):
need_af_check = 0
0x00: 0 ffff.ffff.ffff 0000.0000.0000 0
0xC0: 0 0100.0ccc.cccc 0000.0000.0000 0

Look thru this section for errors incrementing:

spurious_idon=0, throttled=0, enabled=0, disabled=0
rx_framing_err=0, rx_overflow_err=0, rx_buffer_err=0
rx_bpe_err=0, rx_soft_overflow_err=0, rx_no_enp=0, rx_discard=0
tx_one_col_err=0, tx_more_col_err=0, tx_no_enp=0, tx_deferred_err=0
tx_underrun_err=0, tx_late_collision_err=0, tx_loss_carrier_err=0
tx_exc_collision_err=0, tx_buff_err=0, fatal_tx_err=0
hsrp_conf=0, need_af_check=0
tx_limited=0(64)


PHY registers:
Register 0x00: 2100 780D 0013 78E2 0101 0000 0004 2001
Register 0x08: 0000 003F 003F 003F 003F 003F 003F 003F
Register 0x10: 0104 4600 0000 0074 0000 0000 0000
Register 0x18: 0000 0000 00C8 0000 003F


I had an issue this past week where an interface would work at 10Mb/s full but would not go up at 100 / full. Ended up being the cabling (CAT3 versus CAT5).

IP addresses have no relevance of the physical (layer 1) and datalink (layer 2) status of your FastEthernet interface. Sounds like you have a low-level CSMA/CD issue due to physical cabling and/or a speed/duplex configuration issue.

You can also turn on debugs on your C1841 regarding your ethernet port:

debug ethernet-interface

Also, here is a simple test you can do:

Unplug your PIX temporarily from your 1841, and use that cross-over cable to plug it into a test PC's NIC card... then check your router's FastEthernet interface to see if it's up and verify speed/duplex. Try AUTO, forcing it to 10/100, etc to see if that eth port links up to another NIC card other than your PIX... i'm sure your prob is cabling or a config problem on the PIX.

Hope this helps lead you in the right direction.


-Rainman

 

[helpdeskdan]

I second Rainman and Dan "the man" (DanInRaleigh). Note the runts on the PIX. Runts are almost always a duplex mismatch. However, I'm suprised auto isn't working. Could be a layer 1 issue.

Castlesmadeofsand caught a subnet mask problem - doesn't effect layer 2, but you'll want it fixed eventually. However, replacing a firewall with a router - the security guys will get on you for even suggesting that!

 

[helpdeskdan]

layer 1 - i should have said could be HARDWARE.

 

[castlesmadeofsand]

FastEthernet0/1 is up, line protocol is down
=layer one? Hmmm...

 

[davewalden777]

Think I got it. Made sure the cable was x-over and ended
up with 100 and half duplex. This seems to do the trick.
Will know for sure when we try to cutover tonight.
Thanks for the help.

 

[kbing]

BEWARE using HALF-DUPLEX. Your connection will be likely to be dropping packets.

If both interfaces can support FULLDUPLEX use it. Otherwise you will you will degrade the performance of the system because half-duplex does not allow two-way traffic. You will create a one-way traffic scenario and will start seeing dropped packets...etc...

 

[davewalden777]

thanks kbing, I'll switch both over to full and test them.