Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Strange routing issues

Status
Not open for further replies.
stre1026

stre1026

IS-IT--Management
Jul 9, 2001
40
US
Hi Everyone,

I have a problem that used to happen only occassionally that seems to be happening more often now. Whenver I download large files, I lose internet connectivity on a few machines. What is strange is don't lose connectivity on all machines. Just on a few of them. If I leave the machines alone overnight, the problem fixes itself until I redownload a large file like updates, etc. Also, all of these machines are on the same network. I can ping the gateway which is a VLAN interface on a 3550 but can't get any further. I am also open to changing anything in the configs below. I have set it up so it works but may not be best practice so if you see something that should change, please let me know! My ISP is Verizon FIOS. My network looks like this:

FIOS ONT via cat5 --> Cisco 2651XM --> Cisco 3550 --> Machines.

The 3550 is doing the intervlan routing. The 2651 is a DMVPN spoke to my office and does NAT and firewall.

It seems like an MTU issue but I'm not sure. Thanks in advance for any help anyone can give me!

My configs are below.

---2651XM Router---

Current configuration : 5656 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname Router
!
boot-start-marker
boot system flash:c2600-adventerprisek9-mz.124-19.bin
boot-end-marker
!
aaa new-model
!
aaa user profile REMOVED
!
aaa authentication login default local
!
aaa session-id common
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp conflict logging
!
!
no ip domain lookup
ip inspect name firewall rcmd
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall udp
ip inspect name firewall tcp timeout 43200
ip inspect name firewall realaudio
ip inspect name firewall vdolive
ip inspect name firewall netshow
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
crypto isakmp policy 5
authentication pre-share
group 2
crypto isakmp key REMOVED address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set dmvpnset esp-3des esp-sha-hmac
!
crypto ipsec profile dmvpnprof
set transform-set dmvpnset
!
!
interface Tunnel0
description Dynamic Tunnel
bandwidth 1000
ip address 172.16.0.2 255.255.255.0
no ip redirects
ip nhrp authentication dmvpn
ip nhrp map multicast dynamic
ip nhrp map 172.16.0.1 REMOVED
ip nhrp map multicast REMOVED
ip nhrp network-id 99
ip nhrp holdtime 300
ip nhrp nhs 172.16.0.1
no ip mroute-cache
delay 1000
qos pre-classify
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 100000
tunnel path-mtu-discovery
tunnel protection ipsec profile dmvpnprof
!
interface FastEthernet0/0
ip address dhcp hostname Router
ip access-group 100 in
no ip unreachables
ip mtu 1492
ip nat outside
ip inspect firewall out
ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
ip address 172.16.2.1 255.255.255.252
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed auto
no cdp enable
!
router eigrp 1
network 172.16.0.0 0.0.0.255
network 172.16.2.0 0.0.0.255
auto-summary
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
ip http server
ip http secure-server
ip nat inside source static tcp 10.0.0.177 6346 interface FastEthernet0/0 6346
ip nat inside source route-map nonat interface FastEthernet0/0 overload
ip nat inside source static tcp 10.0.0.2 3389 interface FastEthernet0/0 3389
!
access-list 100 permit icmp 10.0.0.0 0.0.255.255 any
access-list 100 permit tcp 10.0.0.0 0.0.255.255 any eq telnet
access-list 100 deny icmp any any echo
access-list 100 deny tcp any any eq telnet
access-list 100 permit ip any any
access-list 101 permit ip 10.0.0.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 101 permit ip 10.0.5.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 110 permit tcp any eq 445 any
access-list 111 permit tcp any any
access-list 150 deny ip 10.0.0.0 0.0.0.255 10.0.8.0 0.0.0.255
access-list 150 deny ip 10.0.0.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 150 deny ip 10.0.0.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 150 permit ip 10.0.0.0 0.0.0.255 any
access-list 150 permit ip 10.0.5.0 0.0.0.255 any
access-list 150 permit ip 10.0.6.0 0.0.0.255 any
access-list 150 permit ip 10.0.7.0 0.0.0.255 any
access-list 150 permit ip 10.0.9.0 0.0.0.255 any
access-list 150 permit ip 172.16.2.0 0.0.0.3 any
access-list 150 permit ip 10.0.4.0 0.0.0.255 any
snmp-server community public RO
snmp-server enable traps tty
no cdp run
!
route-map nonat permit 10
match ip address 150
!
!
!
control-plane


---3550 Switch---

!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 3550
!
logging console warnings
aaa new-model
aaa authentication login default local
!
ip subnet-zero
ip routing
ip dhcp excluded-address 10.0.0.1 10.0.0.99
ip dhcp excluded-address 10.0.5.1 10.0.5.99
ip dhcp excluded-address 10.0.6.1 10.0.6.99
ip dhcp excluded-address 10.0.7.1 10.0.7.99
!
ip dhcp pool 10.0.0.x
network 10.0.0.0 255.255.255.0
bootfile OSChooser\i386\startrom.com
next-server 10.0.0.3
default-router 10.0.0.1
domain-name REMOVED
netbios-name-server 10.0.0.3 10.0.8.3
netbios-node-type h-node
dns-server 10.0.0.3 10.0.8.3
!
ip dhcp pool 10.0.5.x
network 10.0.5.0 255.255.255.0
default-router 10.0.5.1
dns-server 10.0.0.3 10.0.8.3
option 150 ip 10.0.5.2
!
ip dhcp pool 10.0.6.x
network 10.0.6.0 255.255.255.0
default-router 10.0.6.1
dns-server 10.0.0.3 10.0.8.3
!
ip dhcp pool 10.0.4.x
network 10.0.4.0 255.255.255.0
dns-server 208.67.222.222 208.67.220.220
default-router 10.0.4.1
!
ip tcp path-mtu-discovery
vtp domain REMOVED
vtp mode transparent
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan 100
name Data
!
vlan 200
name VOIP
!
vlan 300
name FIOS
!
vlan 400
name Video
!
vlan 500
name Test
!
vlan 600
buffers middle permanent 60
buffers middle max-free 300
buffers middle min-free 30
!
!
PORTS REMOVED TO SHORTEN
!
interface FastEthernet0/24
description **To Router**
no switchport
ip address 172.16.2.2 255.255.255.252
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
!
interface Vlan100
description Data
ip address 10.0.0.1 255.255.255.0
!
interface Vlan200
ip address 10.0.5.1 255.255.255.0
!
interface Vlan300
ip address 10.0.6.1 255.255.255.0
!
interface Vlan400
ip address 10.0.7.1 255.255.255.0
!
interface Vlan500
ip address 10.0.4.1 255.255.255.0
!
interface Vlan600
no ip address
!
router eigrp 1
network 10.0.0.0 0.0.0.255
network 10.0.4.0 0.0.0.255
network 10.0.5.0 0.0.0.255
network 10.0.6.0 0.0.0.255
network 10.0.7.0 0.0.0.255
network 172.16.2.0 0.0.0.255
auto-summary
eigrp log-neighbor-changes
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.2.1
ip http server
!
access-list 101 permit 53 10.0.4.0 0.0.0.255 10.0.0.0 0.0.255.255
access-list 101 permit 80 10.0.4.0 0.0.0.255 10.0.0.0 0.0.255.255
access-list 101 deny ip 10.0.4.0 0.0.0.255 10.0.0.0 0.0.255.255
access-list 101 permit ip 10.0.4.0 0.0.0.255 any
access-list 102 deny ip 10.0.0.0 0.0.255.255 10.0.4.0 0.0.0.255
access-list 102 permit ip 10.0.0.0 0.0.255.255 any
banner motd Private Network. Authorized Users Only!
!
 
Sort by date Sort by votes
how big is your internet pipe? is that a vpn tunnel to the outside world on your router off fa0/0? could be the large files you are downloading are 'too big' to fit in your tunnel or sending packets in improper order which would cause your gre tunnel to collapse.
 
Upvote 0 Downvote
Thanks for the response, North323. My internet pipe is 20/5 so I have plenty of bandwidth. The VPN tunnel is only to my office. Internet traffic does not flow through it. I just confirmed that to be sure by going to whatismyip.com. I didn't get my office IP. I got a Verizon IP which is correct as my office is on another ISP. Any other ideas?

Thanks!
 
Upvote 0 Downvote
Are the PC's that lose connectivity all on the same switch?

Is it always the same PC's?

Does it take 8 hours, 12 hours, ect before it corrects itself?


Stubnski
 
Upvote 0 Downvote
Yes, the PCs are on the same switch (the 3550). It always does seem to be the same ones. However, it seems to be IP address related. The ones it happens to have higher numbered DHCP leases. The ones that still work are lower. I can't really prove this though because if I static out the IP with a lower octet, it still won't work. I does take a large amount of time for it to correct itself. 8 hours could be right. I just go to bed and when I get home from work the next day, they work.
 
Upvote 0 Downvote
who is providing the DHCP? a server? the router? verizon?
 
Upvote 0 Downvote
The 3550 is providing the DHCP. The configs are in my original thread...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Pankaj88
  • Locked
  • Question
BGP Routing Clarification
Replies
0
Views
236
Pankaj88
Pankaj88
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
147
mikey789
mikey789
DrB0b
  • Locked
  • Question
Known issues or dangers in purchasing L3 switches that are used
Replies
3
Views
215
CASSBusinessSystems
CASSBusinessSystems
bmiller23
  • Locked
  • Question
Issues Between Cisco Network & NVT Phybridge POLRE 8 Port Extender
Replies
13
Views
522
VinceWhirlwind
VinceWhirlwind
paramjotsingh
  • Locked
  • Question
InterVALN Routing in Switch 3850
Replies
4
Views
216
paramjotsingh
paramjotsingh

Part and Inventory Search

Sponsor

Back
Top