DMVPN in Cisco 3945 output drop in tunnel interface
I configured DMVPN in Cisco 3945 and checked the tunnel interface. I found out that I have output drop. How can I remove that output drop? I already set the ip mtu to 1400.
CORE-ROUTER#sh int tunnel 20
Tunnel20 is up, line protocol is up
Hardware is Tunnel
Description: <Voice Tunneling to HO>
Internet address is 172.15.X.X./X
MTU 17878 bytes, BW 1024 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 10.15.X.X (GigabitEthernet0/1)
Tunnel Subblocks:
src-track:
Tunnel20 source tracking subblock associated with GigabitEthernet0/1
Set of tunnels with source GigabitEthernet0/1, 1 member (includes iterators), on interface <OK>
Tunnel protocol/transport multi-GRE/IP
Key 0x3EA, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1438 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Tunnel protection via IPSec (profile "tunnel_protection_profile_2")
Last input 00:00:01, output never, output hang never
--More-- Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 7487
Queueing strategy: fifo
Output queue: 0/0 (size/max)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
48007 packets input, 4315254 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
42804 packets output, 4638561 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
interface Tunnel20
description <Bayantel Voice tunneling>
bandwidth 30720
ip address 172.15.X.X 255.255.255.128
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 20
no ip split-horizon eigrp 20
ip nhrp authentication 0r1x@IT
ip nhrp map multicast dynamic
ip nhrp network-id 1002
ip nhrp holdtime 300
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0/1
tunnel mode gre multipoint
tunnel key 1002
tunnel protection ipsec profile tunnel_protection_profile_2 shared
Hi,
Thanks for the input. If the radio is sending out the packet but client did not receive, not output drop should be seen since packet is sent out, right?
From my understanding, output drop is related to congested interface. Outgoing interface cannot take the rate packets coming in and thus droping it. What I don't understand is input and output rate has not reached limit yet. Also input queue is seeing drop of packet as well even though input queue is empty.
Any idea?
Similar Messages
-
Hi All,
I have been trying to diagnose a issue we have been having with packet loss on video calls (which I think we may have now resolved as the problem lay elsewhere), but in the process we have trailed some equipment from PathView and this seems to have created a new problem.
We have a standalone 3560G switch which connects into a providers 3750G as part of an MPLS network. There is a single uplink to the 3750 from the 3560 (@ 1Gbps) and whilst I can manage the 3560, I have no access to the providers switch. Our 3560 has a fairly vanilla config on it with no QoS enabled.
There are only a few ports used on the 3560, mainly for Cisco VCS (Video Conferencing Servers) and a PathView traffic analysis device.The VCS devices are used to funnel videoconferencing traffic across the MPLS network into another institutions network.The PathView device can be used to send traffic bursts (albeit relatively small compared with the Bandwidth that is available) across the same route as the VC traffic to an opposing device, however, I have also disabled all of these paths for the moment.
I can run multiple VC calls which utilise the VCS devices so traffic is routing into the relevant organisations and everything is good. In fact, I have 5 x 2Mb calls in progress now and there are 0 (or very, very few) errors.
However, I have actually shut-down the port (Gi0/3) connected to the PathView device for the moment. If I re-enable it I start to see a lot of errors on the VC calls, and the Total Output Drops on the UPLINK interface (Gi0/23) starts rising rapidly. As soon as I shut-down the PathView port again (Gi0/3), the error stop and all returns to normal.
I have read that issues on the Output queue are often attributed to a congested network/interface, but I don't believe that this is the case in this instance. My 5 VC calls would only come in at 10Mbps so is a way short of the 1000Mpbs available. Even the PathView device only issue burst up to 2Mbps, and with the Paths actually disabled even this shouldn't be happening, so only a small amount of management traffic should be flowing. Still, as soon as I enable the port, problems start.
So, is it possible that either the port on the switch, cable or PathView device is actually faulty and cause such errors? Has anyone seen anything like this?
Cheers
Chris"As far as I know, such drops shouldn't be caused by faulty hardware, but if the hardware is really faulty, you would need to involve TAC."
Ok, thanks.
"BTW, all the other interfaces, which have the low bandwidth rates you describe, are physically running at low bandwidth settings on the interface, e.g. 10 Mbps? If not, you can have short transient micros bursts which can cause drops. This can happen even when average bandwidth utilization is low. (NB: if these other ports average utilization is so low, if not already doing so, you could run the ports at 10 Mbps too.)"
No. All ports on the switch connect to devices with 1Gb capable interfaces. They have been left to auto negotiate and have negotiated at 1000/full. The bandwidth described is more with regard to the actual data throughput of a call. Technically, the VCS devices are licence to handle 50 simultaneous call of up to 4Mbps so potentially could require a bandwidth of 200Mbps, although it is unlikely that we will see this amount of traffic.
"Also, even if you have physically low bandwidth ingress, with a high bandwidth egress, and even if the egress's bandwidth is more than the aggregate of all the ingress, you can still have drops caused by concurrent arrivals."
In general, the ingress and the egress should be similar. Think of this as a stub network - one path in and out (via Gi0/23). The VCS act as a kind or proxy/router for video traffic, simply terminating inbound legs, and generating a next hop outbound leg. The traffic coming in to the VCS should be the same as the traffic go out.
There will of course be certain management traffic, but this will be relatively low volume, and of course the PathView traffic analyser can generate a burst of UDP packets to simulate voice traffic.
"Some other "gotchas" include, you mention you don't have QoS configured, but you're sure QoS is disabled too?"
Yes.
switch#show mls qos
QoS is disabled
QoS ip packet dscp rewrite is enabled
I can't see a lot of point enabling QoS on this particular switch. Pretty much all of the traffic passing through it will be QoS tagged at the same level. Therefore it ALL prioritised.
Indeed running a test overnight with these multiple calls live and the PathView port shutdown, resulted in 0 Total Output Drops.Each leg did suffer a handful of dropped packets end-to-end, but I think I can live with 100 packets dropped in 10 million during a 12 hour period (and this, I suspect, will be somewhere else on the network).
"Lastly, Cisco has documented, at least for the 3750X, that uplink ports have the same buffer RAM resources as 24 copper edge ports. Assuming the earlier series are similar, there might be benefit to moving your uplink, now on g0/23, to an uplink port (if your 3650G has them)."
Unfortunately, no can do. we are limited to the built in ports on the switch as we have no SFP modules installed.
Apologies about the formatting - this is yet another thing that has been broken in these new forums. I looks a lok better in the Reply window than it looks in this normal view. -
DMVPN + IPSec protected VRFs; IPSec SAs established only on one tunnel interface
Hello folks!
I have a setup between two Cisco ISR routers, running IOS 15.1(4)M3. I have tried to establish DMVPN connectivity with two VRFs (ie. two tunnel interfaces per router) between the routers and it mostly seems to be working as I expected. But... IPSec SAs seem to get tied to only one of the tunnel interface, not two (one per direction) per tunnel interface as they should. There's no MPLS backbone in between the routers, only "global VRF", routed IP network.
Command "show crypto ipsec sa" or indirectly a missing OSPF neighborhood between the routers verifies the erroneuous situation. Occasionally, after an "interface tunnel[ 0 or 1] shut, no shut" or "clear crypto sa" command I seem to get it up and running, two SAs per tunnel interface, but if I reboot either one of the routers or just clear the IPSec SA, they most likely will appear under either one of two tunnel interfaces. So, what should I change to instruct the router setup SAs correctly, two SAs (one per direction) per tunnel interface?
I'll enclose appropriate parts of the configurations and output of command "show crypto ipsec sa".I think I figured it out, for anyone who might stumble across this post in the future. It looks like you need to add the shared keyword to the tunnel protection command. ie...
interface tunnel 0
tunnel protection ipsec profile MyProfile shared
end
I should note that one of the first things I tried was to created a separate IPSec profile for each unique tunnel interface. It ended up not fixing the problem and I had to go with the solution above. -
ME 3800 output drops with Copper SFP
We have installed a copper SFP (GCL-T) in a access port on an ME-3800 running 12.2(52r)EY2. The port connects to an ONS-CE-100 copper line card on an FE Port. Both ports are set to auto-negotiate. We see output drops on the interface. We tried hard setting the speed on both sides, but the drops persisted. We tried hard setting the duplex to full, but that made things worse. On ports where we use the optical SFPs we do not see these issues.
Has anybody else run into this issue? Does the ME 3800 support auto-negotiation with the copper SFPs? Any thoughts on this would be appreciated.Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
I'm not familiar with the ME series, but if you can "tune" interface egress buffer/queue sizes, increasing resources for bursts can often mitigate and/or eliminate egress drops. Of course, this also can increase latency. -
Tunnel interface to physical interface
Hi All,
I was wondering if it is possible to build a site to site vpn connection one side using tunnel interface and the other end using a physical interface.
My plan is to use a 3945 router, build multiple tunnel interfaces on the router to connect 50 clients. By using tunnel interface on the router i could leverage on the vrf feature to isolate clients but if i use tunnel interface on my end i am not certain if the tunnel will come up if my client is using 1) ASA 2) PIX 3) vpn concentrator - which doesnt support tunnel interface.
Thanks for your help in advance.
LouMark Mattix wrote:I did some reading on EIGRP and is it correct that the EIGRP Header and Payload (TLV) are encapsulated in an IP packet and addressed to the address, 224.0.0.10? Is this the reason why multicast traffic must be encapsulated first in GRE to travel over the internet? Olivier Pelerin> This is correct
When I set up a site to site VPN using GRE tunnels and an IPSec config on the interfaces would this be considered, IPSec over GRE, or GRE over IPSec? I don't understand that difference.
Olivier Pelerin> See the diagram below - this explain GRE over IPSEC. That's a diagram I did here for a training
On the example packet I posted above, is the public address that's routed over the internet part of the IPSec packet/suite? I guess a better question is, what portions of the packet make up IPSec and which portion is just regular IPv4 addressing?
Olivier Pelerin> the diagram below should answer that
I've been wrong in thinking that GRE and IPSec go hand in hand when infact it's possible to only use IPSec and no type of tunnel. If IPSec is set up on the interfaces and the tunnels are configured at both end points, what does your information first get encapsulated by, GRE or IPSec? In your example packet format Olpeleri, is looks like the IP packet is first encapsulated in GRE then encapsulated by IPSec. Is this correct? If so when information leaves our LAN and heads to the internet, does it first go through the tunnel to be encapsulated by GRE then out the physical link that adds the IPSec encapsulation?
Olivier Pelerin> Correct. GRE first then encryption
Sorry for all these questions, I'm just trying to learn how this works! Thanks again for the help!
[red = encrypted] -
Output drops on cisco link connecting to F5 Loadbalancer's management port
On a connection like below:
Cisco 6509: gi x/y <<-->> F5 BIGIP LTM: mgmt (Management Port)
We observed incrementing packet drops on the F5 BIGIP mgmt interface.
Also, at the cisco end, incrementing output drops were observed.
tcpdump (packet capture) on the F5 BIGIP's mgmt port show brodcast packets/ multicast including the HSRP hellos being received from the cisco device. It is an expected behaviour that, F5 will reject any packets it cant understand (including the cdp, hsrp and other broadcast), and this will cause the packet drop counter of F5 BIGIP's mgmt port to increase. (F5 TAC acknowledged this behaviour)
Will this cause the output drop counter at the cisco interface to roll up?
Note: On the cisco interface, i do not see any other errors, also utilisation on the link is very minimal.
Thanks
Sudheer NairHi, this is probably late, but the software counters for output drops on these types of switches (3750's, blade switches) are not reliable.
What you need to check is "show platform port-asic statistics drop" for a reliable drop counter on an interface. This will give you the hardware counters
https://tools.cisco.com/bugsearch/bug/CSCtq86186/?reffering_site=dumpcr
Switch stack shows incorrect values for output drops/discards
on show interfaces. For e.g.,
--- show interfaces ---
GigabitEthernet2/0/5 is up, line protocol is up (connected)
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 4294967163
Conditions:
This is seen on Stackable switches running 12.2(58)SE or later.
Workaround:
None. -
Increasing Total Output Drops number
I have an autonomous Cisco AP1242 running on channel 11 (best channel avail) with only one client associated.
Signal Strength and Channel Utilization look good.
By design this client is constantly sending UDP/Multicast packets, so I had to disable IGMP Snooping on the AP. However, I have noticed data dropout and have been able to correlate it by running the command:
show interface dot11radio 0
Every-time I run the above command the Total Output Drops increases:
Dot11Radio0 is up, line protocol is up
Hardware is 802.11G Radio, address is 001c.b0eb.eb70 (bia 001c.b0eb.eb70)
MTU 1500 bytes, BW 54000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:37:46
Input queue: 0/1127/0/0 (size/max/drops/flushes); Total output drops: 3178
Queueing strategy: fifo
Output queue: 0/30 (size/max)
5 minute input rate 43000 bits/sec, 14 packets/sec
5 minute output rate 92000 bits/sec, 17 packets/sec
29799 packets input, 12551639 bytes, 0 no buffer
Received 17376 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
41308 packets output, 25121942 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
I cleared the statistics and ran the command after a few minutes.
Any ideas what could be causing packets to be dropped?
QOS is disabled on the AP.
ThanksHi,
There is only one wireless client.
Just took a 5 min Wireshark reading and it giving the following:
Packets: 2286
Avg. packets/sec: 7.729
Avg packet size: 671.527 bytes
Avg bytes/sec: 5190.457
I am new to this. Is the above considered high volume for one client?
I just compared a wired vs wireless captures... I am only losing packets on the wireless medium.
When you say that the radio may not have enough buffer... are you reffering to wireless adapater or the Acess Point?
Thanks -
Output Drop by RESOLVE_VPLS_REFLECTION_FILTER_DROP_CNT
Hello!
How i can determine a reason of output drops?
>sh inter tenGigE 0/0/0/6
Fri Nov 2 15:26:05.358 MSK
TenGigE0/0/0/6 is up, line protocol is up
Interface state transitions: 11
Hardware is TenGigE, address is 108c.cf1d.f326 (bia 108c.cf1d.f326)
Layer 1 Transport Mode is LAN
Description: To_XXX
Internet address is 10.1.11.77/30
MTU 9194 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)
reliability 255/255, txload 2/255, rxload 5/255
Encapsulation ARPA,
Full-duplex, 10000Mb/s, LR, link type is force-up
output flow control is off, input flow control is off
loopback not set,
ARP type ARPA, ARP timeout 04:00:00
Last input 00:00:00, output 00:00:00
Last clearing of "show interface" counters 50w1d
30 second input rate 218575000 bits/sec, 41199 packets/sec
30 second output rate 115545000 bits/sec, 30555 packets/sec
481020016118 packets input, 287815762466192 bytes, 876403 total input drops
0 drops for unrecognized upper-level protocol
Received 29 broadcast packets, 39255653 multicast packets
0 runts, 17 giants, 0 throttles, 0 parity
17 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
368901547057 packets output, 180820085800502 bytes, 28931652 total output drops
Output 5 broadcast packets, 39284266 multicast packets
0 output errors, 0 underruns, 0 applique, 0 resets
0 output buffer failures, 0 output buffers swapped out
10 carrier transitions
>show controllers np counters np7 location 0/0/CPU0 | i DROP
Fri Nov 2 15:27:03.815 MSK
31 PARSE_INGRESS_DROP_CNT 849353 0
32 PARSE_EGRESS_DROP_CNT 1236171 0
33 RESOLVE_INGRESS_DROP_CNT 868559 0
34 RESOLVE_EGRESS_DROP_CNT 3636654813 293
37 MODIFY_EGRESS_DROP_CNT 669 0
84 RESOLVE_AGE_NOMAC_DROP_CNT 1 0
85 RESOLVE_AGE_MAC_STATIC_DROP_CNT 187392316 8
371 MPLS_PLU_DROP_PKT 1 0
468 RESOLVE_VPLS_SPLIT_HORIZON_DROP_CNT 28931887 6
469 RESOLVE_VPLS_REFLECTION_FILTER_DROP_CNT 3293536501 272
481 RESOLVE_L2_EGR_PW_UIDB_MISS_DROP_CNT 4 0
491 RESOLVE_VPLS_EGR_PW_FLOOD_UIDB_DOWN_DROP_CNT 1 0
499 RESOLVE_MAC_NOTIFY_CTRL_DROP_CNT 313463638 16
500 RESOLVE_MAC_DELETE_CTRL_DROP_CNT 1591242 0
622 EGR_DHCP_PW_UNTRUSTED_DROP 1236171 0
Input drops by RESOLVE_VPLS_REFLECTION_FILTER_DROP_CNT was considered at https://supportforums.cisco.com/thread/2099283
But how we can apply it for output?Last column at "show controllers np counters np7 location 0/0/CPU0 | i DROP" is a pps. So we see 293pps
RESOLVE_EGRESS_DROP_CNT and 0pps RESOLVE_INGRESS_DROP_CNT. Therefore RESOLVE_VPLS_REFLECTION_FILTER_DROP_CNT is a part of RESOLVE_EGRESS_DROP_CNT, aren't it?
Also, counters egress_drop are increases, but ingress_drop are not:
33 RESOLVE_INGRESS_DROP_CNT 868559 0
34 RESOLVE_EGRESS_DROP_CNT 3637707596 149
469 RESOLVE_VPLS_REFLECTION_FILTER_DROP_CNT 3294483194 129
And one minute later:
33 RESOLVE_INGRESS_DROP_CNT 868559 0
34 RESOLVE_EGRESS_DROP_CNT 3637718845 156
469 RESOLVE_VPLS_REFLECTION_FILTER_DROP_CNT 3294492975 135
Also no new input drops at "sh inter":
sh inter tenGigE 0/0/0/6 | i drops
Fri Nov 2 16:57:39.828 MSK
481200652943 packets input, 287931866783215 bytes, 876403 total input drops
0 drops for unrecognized upper-level protocol
369034005321 packets output, 180881208804090 bytes, 28963679 total output drops
One minute later:
sh inter tenGigE 0/0/0/6 | i drops
Fri Nov 2 16:59:23.441 MSK
481203274011 packets input, 287933491017363 bytes, 876403 total input drops
0 drops for unrecognized upper-level protocol
369035900847 packets output, 180882007120600 bytes, 28964280 total output drops -
Hi,
I am having Cisco 3945 router and is having image "c3900-universalk9-mz.SPA.150-1.M1.bin" , and now want to check if SRST can be enabled on the same or not.
I have checked it with command output "show callmanager fallback" and "show call-manager fallback all", attaching the output of the same. Please confirm id SRST already configured on it or not?
And if not configured how to configure it.Hi Chris,
Thank you for your reply. I have one more query on this.
After creating new Device Pool for SRST, we need to move remote Ip phones from their original Device Pool and map them into newly created Device pool. So in the scenario of calls working through WAN link,will those phones work? as we have removed them from their original Device Pool. -
Cisco 3945 Policy Base Routing
I have a Cisco 3945, it has on it two DS3 lines which I like to treat independent from each other.
I can ping both Serial interfaces from the internet, and I can ping only GIG 0/0 from the internet. but since the router is configured with one static route, GIG 0/1 can't be ping from the outside
Any help would be greatly appreciated
This is my current config:
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname MOVLABT3-CA-ES
boot-start-marker
boot-end-marker
card type t3 1
card type t3 2
enable secret 4 oMCBqgRTCeX5XeEW3HsBW6zI763Fibuq/UrLhF/91Rs
no aaa new-model
no ipv6 cef
ip source-route
ip cef
multilink bundle-name authenticated
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-1015775704
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1015775704
revocation-check none
rsakeypair TP-self-signed-1015775704
crypto pki certificate chain TP-self-signed-1015775704
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303135 37373537 3034301E 170D3132 30393237 31383132
32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30313537
37353730 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
810097B2 EE9BF6EF F19DDD93 71CA6D5B D672A749 6997BB7E 81256BFA A2BE8B0F
E8EC5D36 F8618878 88C7016D D8998B95 293DE6F3 C0BB5CFE F2356AFD 26645A29
F3BB69C9 46B6959B 98F35193 9729499A 8C9097FE BD0A80A4 727C87F8 963200CE
E852DD3E 1F9F3B97 1DA1902D 7B352FAE 4FA08D32 95362373 887C6D02 6209152F
73850203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14BCCEA0 AF8EBDF2 05F01968 14CAE720 A41AE8FE EA301D06
03551D0E 04160414 BCCEA0AF 8EBDF205 F0196814 CAE720A4 1AE8FEEA 300D0609
2A864886 F70D0101 05050003 81810066 18505A9D 0D3C4C8F 0C90108D F0606014
0EAE4129 2908928E D4DA7FDC 17D2A21A 4B2689F3 AF6CA062 82A5E7EF 1A0EDA37
297AE79B 65F7182E ED4A57D7 081EC729 A85F2AFB 5A46136A F0F91853 46C89FA7
A1D9F67F 83961EFF E92D7363 D2862517 D1214501 84D675A0 8561891F 4E791F32
6E67990A 9A7B49F9 8D1A8CA0 51AAF2
quit
license udi pid C3900-SPE150/K9 sn FOC16313DE8
hw-module sm 1
hw-module sm 2
controller T3 1/0
cablelength 75
controller T3 2/0
cablelength 75
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 207.168.4.49 255.255.255.240
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 206.135.120.114 255.255.255.240
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
interface Serial1/0
ip address 206.135.100.202 255.255.255.252
ip nat outside
ip virtual-reassembly in
dsu bandwidth 44210
interface Serial2/0
ip address 205.214.40.6 255.255.255.252
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dsu bandwidth 44210
no ip classless
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 206.135.100.201
access-list 1 permit 10.0.0.0 0.0.0.255
snmp-server community RO-N1mS0ft RO
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
scheduler allocate 20000 1000
endThis is what it looks like now, and I still can't ping gig 0/1 from the internet
interface GigabitEthernet0/0
ip address 207.168.4.49 255.255.255.240
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 206.135.120.114 255.255.255.240
ip virtual-reassembly in
ip policy route-map pbr
duplex auto
speed auto
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
interface Serial1/0
ip address 206.135.100.202 255.255.255.252
ip virtual-reassembly in
dsu bandwidth 44210
interface Serial2/0
ip address 205.214.40.6 255.255.255.252
ip virtual-reassembly in
encapsulation ppp
dsu bandwidth 44210
ip local policy route-map PBR
no ip classless
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 206.135.100.201
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 101 permit ip 206.135.120.112 0.0.0.15 any
route-map pbr permit 10
match ip address 101
set ip next-hop 205.214.40.5
snmp-server community RO-N1mS0ft RO
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
scheduler allocate 20000 1000
end -
OIB value for Total output drops
Hi, we have a Cisco C7200P router at work running IOS 12.4(12.2r)T, and we monitor it using Zenoss 3.1. We want to be able to capture the total output drops for a Gigabit Ethernet interface. I created a custom monitoring template and I added the following data source:
Name: cieIfOutputQueueDrops
OIB: 1.3.6.1.4.1.9.9.276.1.1.1.1.11
The total output drops as viewed via the CLI are as follows:
Input queue: 0/75/1335749/399902 (size/max/drops/flushes); Total output drops: 53882894
However the graph on Zenoss reports a completely different value of ~360M. Here is the output of snmpwalk:
SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.1 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.2 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.3 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.4 = Counter32: 363270064 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.5 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.6 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.7 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.12 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.13 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.14 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.15 = Counter32: 653008 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.26 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.125 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.139 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.140 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.194 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.196 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.254 = Counter32: 0 SNMPv2-SMI::enterprises.9.9.276.1.1.1.1.11.288 = Counter32: 0
The value it retunrs is incorrect. I would appreciate some assistance.Did you tried using ifOutDiscards (.1.3.6.1.2.1.2.2.1.19). These are counted as output drops as shown in the show interfaces command.
It shows the number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space.
For more details on interface couter please check following document :
SNMP Counters: Frequently Asked Questions
-Thanks
Vinod
**Encourage Contributors. RATE Them.** -
3750ME Total output drops, OutDiscards
Hi,
I am testing a 3750ME switch as L2 device with iperf and Agilent router tester. I have a physical loop on 2 fastethernet ports - one port is access in vlan A and the other is access in vlan B. On the switch uplink both vlans are allowed. The test traffic comes from the uplink via vlan A, loops to vlan B via the physical loop and then goes back via vlan B through the uplink.
I have tested a lot of Cisco switches in this way and had no issues until now. Now I have 18 OutDiscards (Total output drops) on one of the fastethernet interfaces, connected via the physical loop.
The IOS is 12.2(44)SE1. I've read the release notes for this IOS, aka
http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/release/12.2_44_se/release/notes/OL14631.html
where it says:
CSCsj53001
The Total- output-drops field in the show interfaces privileged EXEC command output now displays accurate ASIC drops.
so the counters are correct.
I generate less then 5Mbps duplex traffic, so the switch must not be overloaded.
Do you have any idea why I get these 18 output errors?
Regards,
MladenPlease generate more definitive test - clear the counters and generate much more traffic - like 100 Mbps (full port speed if you're not using the uplinks on 3750ME).
Also, be sure the port is in "switchport" mode, because there could be an issue with mac addresses when switch is routing.
Is your test setup in pure L2? without L3? -
Total output drops & dot1dBridgeEventsV2
I am seen a lot of "Total output drops: " in the LAN/WAN Router, does any one have any documents that plains the cause of "Total output drops" and what it it's?
Also I am getting a lot of traps in the LAN, but I can't find documents that explains the event, "dot1dBridgeEventsV2" Can you guys guide me to a document where it explains the events?
ThanksTotal output drops is the number of packets in the output queue that have been dropped because of a full queue. Check out the following link for troubleshooting input queue drops and output queue drops :
http://www.cisco.com/warp/public/63/queue_drops.html -
Cisco 3945- boot up fails with no error
Greetings,
Just throwing it out there to see if anyone throw some ideas my way. I recently sent a working/tested Cisco 3945 ISR router out to a office for redundancy. Before I did that, I removed WLAN controller and slot module, 1xVWIC2 T1 and 1xVIC2 FX0 modules. I did however leave the PVDM3 64ch and 1x VWIC t1 modules and flash card, which had a v15 IOS loaded and basic config. Upon delivery they said it doesn't work, "it hangs" and no damage externally or failed hardware (power supplies/fans). These things always make me wonder, cause hangs is so vague and do not really see Cisco routers do this unless they are taking larger than normal packets or someone turned on debugging without turning it off.
Here's my thinking and hope someone can chime in and throw some ideas at me before I get on a call with them on Monday. I attached a screen shot they sent of the boot up and looks to me that its trying to initialize the current config file which which may be trying to initialize the voice channels. Could this be as easy as killing the current config loaded, going into rommon and setting it back to default maybe? Or just removing the PVDM card maybe?
I hate to say something is just broke, I rarely see this and being I powered it up and tested the hardware, I don't want to involve tac until I can rule out the obvious. I did, however, test and powered down the router before removing the additional hardware. Would this current config on the router that may have lingering hardware (which I removed) in the config cause this to happen as well?
Side note: The flash cleared and below were the contents of the flash before sending out the router.
Router#sho flash
-#- --length-- -----date/time------ path
1 55277232 Jul 07 2014 07:51:20 c3900-universalk9-mz.SPA.150-1.M3.bin
201228288 bytes available (55279616 bytes used)
Thanks in advanceRemove all modules and boot.
Another thing, your IOS is very old. VERY.
If you want to stick with 15.0(1)M-series then go to M10 but don't just "sit" in an old M3. -
Cisco Prime Infrastructure deployment through Cisco 3945 ISR
Dears,
I have Cisco 3945 ISR include module for the Cisco prime infrastructure.
I need to deploy the prime but when I connected monitor on the module I saw that it is looking for DHCP only.
Please can anyone support me with procedure to install the prime?
Should I install the ESXi on this module by make it boot from external device (USB, or CD drive)?
Your support is highly appreciated,
Regards,Duplicate post.
Go HERE.
Maybe you are looking for
-
I need a macbook pro for my job But i want to know if i can use it as a real PC as i heard it was maybe possible ?.. Can you tell me guys if its really possible and if this trick you ll propose me will allow me to use every PC i need ?
-
Where are the moderators? [split]
Dusty wrote:He's also basically taken over the forums here as head administrator in a system that was once governed by multiple moderators. Recent changes were made without any involvement of the other advisors. Where are these moderators you speak o
-
Mail sent to SBWP outbox but not showing in SOST
hi... i am using... CALL FUNCTION 'SO_NEW_DOCUMENT_ATT_SEND_API1' EXPORTING document_data = w_document_data put_in_outbox = 'X' commit_work = 'X' IMPORTING sent_to_all
-
How to trace drop command in oracle database.
Dear All, As a DBA how can we trace the drop cammand in database to know who droped , deleted the tables or deleted data from tables or droped directory from dba_directories. Thanks,
-
Disabled Java-now Safari won't display pages.......
I really thought that I was doing a good thing by disabling Java because of security concerns. Well, apparently it wasn't a good thing and now I don't know how to restore Safari to how it was before I did something so stupid! So I am hoping someone c