Come già detto in un post precedente, ho acquistato da poco un 857.
Sembra funzionare ma ho problemi ad uploadare i files.
Sia su ftp che webmail (addirittura anche con msg troppo lungo qui nel forum) non riesco a mandare nessun files. Da uno sniff della rete ho notato che dopo il primo pacchetto non riesce più ad inviare nulla di nuovo e continua rimandare lo stesso. Di seguito allego il traffico in questione.
Problemi Cisco 857 e ritrasmissione pacchetti
Moderatore: Federico.Lagni
-
mazy
- n00b
- Messaggi: 23
- Iscritto il: sab 05 nov , 2005 6:03 pm
No Time Source Destination Protocol Info
1 0.000000 192.168.1.33 213.205.33.11 TCP 1266 > http [SYN] Seq=0 Ack=0 Win=32767 Len=0 MSS=1460 WS=0
2 0.115885 213.205.33.11 192.168.1.33 TCP http > 1266 [SYN, ACK] Seq=0 Ack=1 Win=33396 Len=0 MSS=1452 WS=1
3 0.115965 192.168.1.33 213.205.33.11 TCP 1266 > http [ACK] Seq=1 Ack=1 Win=33396 Len=0
4 0.116249 192.168.1.33 213.205.33.11 TCP [TCP segment of a reassembled PDU]
5 0.116442 192.168.1.33 213.205.33.11 TCP [TCP segment of a reassembled PDU]
6 0.254825 213.205.33.11 192.168.1.33 TCP http > 1266 [ACK] Seq=1 Ack=697 Win=66096 Len=0
7 0.254925 192.168.1.33 213.205.33.11 TCP [TCP segment of a reassembled PDU]
8 0.254951 192.168.1.33 213.205.33.11 TCP [TCP segment of a reassembled PDU]
1 0.000000 192.168.1.33 213.205.33.11 TCP 1266 > http [SYN] Seq=0 Ack=0 Win=32767 Len=0 MSS=1460 WS=0
2 0.115885 213.205.33.11 192.168.1.33 TCP http > 1266 [SYN, ACK] Seq=0 Ack=1 Win=33396 Len=0 MSS=1452 WS=1
3 0.115965 192.168.1.33 213.205.33.11 TCP 1266 > http [ACK] Seq=1 Ack=1 Win=33396 Len=0
4 0.116249 192.168.1.33 213.205.33.11 TCP [TCP segment of a reassembled PDU]
5 0.116442 192.168.1.33 213.205.33.11 TCP [TCP segment of a reassembled PDU]
6 0.254825 213.205.33.11 192.168.1.33 TCP http > 1266 [ACK] Seq=1 Ack=697 Win=66096 Len=0
7 0.254925 192.168.1.33 213.205.33.11 TCP [TCP segment of a reassembled PDU]
8 0.254951 192.168.1.33 213.205.33.11 TCP [TCP segment of a reassembled PDU]
-
mazy
- n00b
- Messaggi: 23
- Iscritto il: sab 05 nov , 2005 6:03 pm
9 2.712302 192.168.1.33 213.205.33.11 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
10 7.842443 192.168.1.33 213.205.33.11 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
11 17.800974 192.168.1.33 213.205.33.11 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
12 37.818627 192.168.1.33 213.205.33.11 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
13 77.853898 192.168.1.33 213.205.33.11 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
14 180.377545 213.205.33.11 192.168.1.33 TCP http > 1266 [FIN, ACK] Seq=1 Ack=697 Win=66096 Len=0
15 180.377608 192.168.1.33 213.205.33.11 TCP 1266 > http [RST] Seq=697 Ack=3305626091 Win=0 Len=0
Nei prossimi post invio la configurazione del router in quanto non riesco in questo proprio a causa dei problemi in questione.
Grazie ed aspetto fiducioso.....
10 7.842443 192.168.1.33 213.205.33.11 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
11 17.800974 192.168.1.33 213.205.33.11 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
12 37.818627 192.168.1.33 213.205.33.11 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
13 77.853898 192.168.1.33 213.205.33.11 TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
14 180.377545 213.205.33.11 192.168.1.33 TCP http > 1266 [FIN, ACK] Seq=1 Ack=697 Win=66096 Len=0
15 180.377608 192.168.1.33 213.205.33.11 TCP 1266 > http [RST] Seq=697 Ack=3305626091 Win=0 Len=0
Nei prossimi post invio la configurazione del router in quanto non riesco in questo proprio a causa dei problemi in questione.
Grazie ed aspetto fiducioso.....
Ultima modifica di mazy il ven 18 nov , 2005 8:04 pm, modificato 1 volta in totale.
-
mazy
- n00b
- Messaggi: 23
- Iscritto il: sab 05 nov , 2005 6:03 pm
Building configuration...
Current configuration : 4918 bytes
!
! Last configuration change at 17:41:49 CET Fri Nov 18 2005 by xxxxxx
! NVRAM config last updated at 20:28:53 CET Thu Nov 10 2005 by xxxxxx
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname xxxxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username xxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
username xxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
aaa new-model
!
!
Current configuration : 4918 bytes
!
! Last configuration change at 17:41:49 CET Fri Nov 18 2005 by xxxxxx
! NVRAM config last updated at 20:28:53 CET Thu Nov 10 2005 by xxxxxx
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname xxxxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username xxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
username xxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
aaa new-model
!
!
-
mazy
- n00b
- Messaggi: 23
- Iscritto il: sab 05 nov , 2005 6:03 pm
aaa authentication login userlist local
aaa authentication ppp userlist local
aaa session-id common
ip subnet-zero
no ip source-route
ip dhcp excluded-address 192.168.1.1 192.168.1.39
ip dhcp excluded-address 192.168.1.51 192.168.1.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
ip cef
ip tcp synwait-time 10
no ip bootp server
ip domain name yourdomain.com
ip name-server 151.99.125.2
vpdn enable
!
vpdn-group PPTP
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
no ftp-server write-enable
!
!
!
!
aaa authentication ppp userlist local
aaa session-id common
ip subnet-zero
no ip source-route
ip dhcp excluded-address 192.168.1.1 192.168.1.39
ip dhcp excluded-address 192.168.1.51 192.168.1.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
ip cef
ip tcp synwait-time 10
no ip bootp server
ip domain name yourdomain.com
ip name-server 151.99.125.2
vpdn enable
!
vpdn-group PPTP
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
no ftp-server write-enable
!
!
!
!
-
mazy
- n00b
- Messaggi: 23
- Iscritto il: sab 05 nov , 2005 6:03 pm
interface ATM0
mtu 1452
bandwidth 4000
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $FW_OUTSIDE$$ES_WAN$
bandwidth 4000
pvc 8/35
oam-pvc manage
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface Virtual-Template1
ip unnumbered Vlan1
peer default ip address pool vpn-pool
ppp encrypt mppe auto
mtu 1452
bandwidth 4000
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $FW_OUTSIDE$$ES_WAN$
bandwidth 4000
pvc 8/35
oam-pvc manage
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface Virtual-Template1
ip unnumbered Vlan1
peer default ip address pool vpn-pool
ppp encrypt mppe auto
-
mazy
- n00b
- Messaggi: 23
- Iscritto il: sab 05 nov , 2005 6:03 pm
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxx
!
ip local pool vpn-pool 192.168.1.51 192.168.1.60
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxx
!
ip local pool vpn-pool 192.168.1.51 192.168.1.60
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
-
mazy
- n00b
- Messaggi: 23
- Iscritto il: sab 05 nov , 2005 6:03 pm
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat translation timeout 3600
ip nat translation tcp-timeout 900
ip nat translation udp-timeout 900
ip nat translation finrst-timeout 900
ip nat translation syn-timeout 30
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation port-timeout tcp 80 300
ip nat translation max-entries 10240
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 192.168.1.33 20065 interface Dialer0 20065
i
!
logging trap debugging
access-list 1 permit xxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxx
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat translation timeout 3600
ip nat translation tcp-timeout 900
ip nat translation udp-timeout 900
ip nat translation finrst-timeout 900
ip nat translation syn-timeout 30
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation port-timeout tcp 80 300
ip nat translation max-entries 10240
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 192.168.1.33 20065 interface Dialer0 20065
i
!
logging trap debugging
access-list 1 permit xxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxx
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
-
mazy
- n00b
- Messaggi: 23
- Iscritto il: sab 05 nov , 2005 6:03 pm
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
privilege level 15
password 7 xxxxxxxxxxxx
login authentication userlist
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 1 in
privilege level 15
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17175154
ntp server 193.204.114.105
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
privilege level 15
password 7 xxxxxxxxxxxx
login authentication userlist
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 1 in
privilege level 15
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17175154
ntp server 193.204.114.105
-
mazy
- n00b
- Messaggi: 23
- Iscritto il: sab 05 nov , 2005 6:03 pm
Navigando un pò su cisco ho trovato che il problema potrebbe essere legato agli errori CRC.
Sotto ho riportato lo sh int atm0 dove in effetti riscontro diversi input errors.
ATM0 is up, line protocol is up
Hardware is MPC ATMSAR (with Alcatel ADSL Module)
MTU 4470 bytes, sub MTU 4470, BW 4000 Kbit, DLY 1150 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ATM, loopback not set
Encapsulation(s): AAL5 AAL2, PVC mode
10 maximum active VCs, 1024 VCs per VP, 1 current VCCs
VC Auto Creation Disabled.
VC idle disconnect time: 300 seconds
Last input 01:20:53, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 6
Queueing strategy: Per VC Queueing
5 minute input rate 5000 bits/sec, 3 packets/sec
5 minute output rate 3000 bits/sec, 2 packets/sec
7785782 packets input, 1472927239 bytes, 18 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
37 input errors, 125 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
8475031 packets output, 94602997 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Il link Cisco è www.cisco.com/warp/public/121/crc_tshooting.html
Mi aiutate a comprendere meglio la cosa???
Grazie
Sotto ho riportato lo sh int atm0 dove in effetti riscontro diversi input errors.
ATM0 is up, line protocol is up
Hardware is MPC ATMSAR (with Alcatel ADSL Module)
MTU 4470 bytes, sub MTU 4470, BW 4000 Kbit, DLY 1150 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ATM, loopback not set
Encapsulation(s): AAL5 AAL2, PVC mode
10 maximum active VCs, 1024 VCs per VP, 1 current VCCs
VC Auto Creation Disabled.
VC idle disconnect time: 300 seconds
Last input 01:20:53, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 6
Queueing strategy: Per VC Queueing
5 minute input rate 5000 bits/sec, 3 packets/sec
5 minute output rate 3000 bits/sec, 2 packets/sec
7785782 packets input, 1472927239 bytes, 18 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
37 input errors, 125 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
8475031 packets output, 94602997 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Il link Cisco è www.cisco.com/warp/public/121/crc_tshooting.html
Mi aiutate a comprendere meglio la cosa???
Grazie
-
MaiO
- Messianic Network master
- Messaggi: 1083
- Iscritto il: sab 15 ott , 2005 10:55 am
- Località: Milano
- Contatta:
Perche superi la MTU ethernet.
Mi meraviglierei se funzionasse.
http://en.wikipedia.org/wiki/MTU_%28networking%29
(leggi bene che dice sull'utilizzo dei protocolli PPP)
Ciao
Mi meraviglierei se funzionasse.
http://en.wikipedia.org/wiki/MTU_%28networking%29
(leggi bene che dice sull'utilizzo dei protocolli PPP)
Ciao
-=] MaiO [=-
-
mazy
- n00b
- Messaggi: 23
- Iscritto il: sab 05 nov , 2005 6:03 pm
Il problema che mi sembra di riscontrare è che non frammenta correttamente i pacchetti più grandi. Infatti è quello che succede nello sniff che ho postato.
Teoricamente il router, correggetemi se sbaglio, dovrebbe frammentare i pacchetti per adattarli all'interfaccia più bassa per poi permettere la ricostruzione al destinatario.
Il sintomo più evidente è che mentre postavo i messaggi superando un certo numero di caratteri non riuscivo ad inviarli ed il server mi rispondeva che non riusciva ad interpretare ciò che avevo mandato.
Inoltre si può pingare superando l'mtu.
gw#ping 192.168.1.55 size 18024 timeout 50
Type escape sequence to abort.
Sending 5, 18024-byte ICMP Echos to 192.168.1.55, timeout is 50 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4980/4995/5020 ms
Questo ping è stato effettuato dal router verso un client in vpn
Teoricamente il router, correggetemi se sbaglio, dovrebbe frammentare i pacchetti per adattarli all'interfaccia più bassa per poi permettere la ricostruzione al destinatario.
Il sintomo più evidente è che mentre postavo i messaggi superando un certo numero di caratteri non riuscivo ad inviarli ed il server mi rispondeva che non riusciva ad interpretare ciò che avevo mandato.
Inoltre si può pingare superando l'mtu.
gw#ping 192.168.1.55 size 18024 timeout 50
Type escape sequence to abort.
Sending 5, 18024-byte ICMP Echos to 192.168.1.55, timeout is 50 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4980/4995/5020 ms
Questo ping è stato effettuato dal router verso un client in vpn
