Aiuto!Cisco 877 si congela

[Manuelix]

Buongiorno, ho un problema con il mio cisco 877, ho provato l'ios c870-advipservicesk9-mz.124-22.T, ma ho il seguente problema:

Codice: Seleziona tutto

000048: *Dec 31 06:59:13.467 cest: %SYS-2-PAK_SUBBLOCK_ALREADY: 2 -Process= "IP Input", ipl= 0, pid= 80,  -Traceback= 0x808DA290 0x8198BE14 0x8141515C 0x8141577C 0x81417604 0x80E31A4C 0x80E1A154 0x80E1A71C 0x80E1A944 0x80E1AB94 0x80367D2C 0x8036B178
000049: *Dec 31 06:59:13.471 cest: %IP_VFR-3-OVERLAP_FRAGMENTS: Dialer1: from the host 83.36.21.214 destined to 87.2.29.136
000050: *Dec 31 06:59:13.471 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=85559350, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x814150A4 0x8141577C 0x81417604 0x80E31A4C 0x80E1A154 0x80E1A71C 0x80E1A944 0x80E1AB94 0x80367D2C 0x8036B178
000051: *Dec 31 06:59:13.539 cest: %IP_VFR-3-OVERLAP_FRAGMENTS: Dialer1: from the host 83.36.21.214 destined to 87.2.29.136
000052: *Dec 31 06:59:13.539 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=856AA0A4, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x814150A4 0x8141577C 0x81417604 0x80E31A4C 0x80E1A154 0x80E1A71C 0x80E1A944 0x80E1AB94 0x80367D2C 0x8036B178
000053: *Dec 31 06:59:13.671 cest: %IP_VFR-3-OVERLAP_FRAGMENTS: Dialer1: from the host 83.36.21.214 destined to 87.2.29.136
000054: *Dec 31 06:59:13.671 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=856AAFD4, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x814150A4 0x8141577C 0x81417604 0x80E31A4C 0x80E1A154 0x80E1A71C 0x80E1A944 0x80E1AB94 0x80367D2C 0x8036B178
000055: *Dec 31 06:59:13.787 cest: %IP_VFR-3-OVERLAP_FRAGMENTS: Dialer1: from the host 83.36.21.214 destined to 87.2.29.136
000056: *Dec 31 06:59:13.787 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=856ABB38, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x814150A4 0x8141577C 0x81417604 0x80E31A4C 0x80E1A154 0x80E1A71C 0x80E1A944 0x80E1AB94 0x80367D2C 0x8036B178
000057: *Dec 31 06:59:13.895 cest: %IP_VFR-3-OVERLAP_FRAGMENTS: Dialer1: from the host 83.36.21.214 destined to 87.2.29.136
000058: *Dec 31 06:59:13.895 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=856AC69C, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x814150A4 0x8141577C 0x81417604 0x80E31A4C 0x80E1A154 0x80E1A71C 0x80E1A944 0x80E1AB94 0x80367D2C 0x8036B178
000059: *Dec 31 06:59:14.003 cest: %IP_VFR-3-OVERLAP_FRAGMENTS: Dialer1: from the host 83.36.21.214 destined to 87.2.29.136
000060: *Dec 31 06:59:14.003 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=85649618, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x814150A4 0x8141577C 0x81417604 0x80E31A4C 0x80E1A154 0x80E1A71C 0x80E1A944 0x80E1AB94 0x80367D2C 0x8036B178
000061: *Dec 31 06:59:16.479 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=8399F9F4, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x81416394 0x80367D2C 0x8036B178
000062: *Dec 31 06:59:16.559 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=856AAC08, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x81416394 0x80367D2C 0x8036B178
000063: *Dec 31 06:59:16.683 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=8517FE30, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x81416394 0x80367D2C 0x8036B178
000064: *Dec 31 06:59:16.799 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=8517DC0C, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x81416394 0x80367D2C 0x8036B178
000065: *Dec 31 06:59:16.903 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=839A1FEC, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x81416394 0x80367D2C 0x8036B178
000066: *Dec 31 06:59:17.015 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=8564A17C, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x81416394 0x80367D2C 0x8036B178
000067: *Dec 31 06:59:21.587 cest: %FW-6-DROP_PKT: Dropping tcp session 192.54.34.190:49972 192.168.60.254:64578  due to  Invalid Seq# with ip ident 49428 tcpflags 0x8011 seq.no 3652625882 ack 59246884
000068: *Dec 31 06:59:24.555 cest: %SYS-2-PAK_SUBBLOCK_ALREADY: 2 -Process= "IP Input", ipl= 0, pid= 80,  -Traceback= 0x808DA290 0x8198BE14 0x8141515C 0x8141577C 0x81417604 0x80E31A4C 0x80E1A154 0x80E1A71C 0x80E1A944 0x80E1AB94 0x80367D2C 0x8036B178
000069: *Dec 31 06:59:24.555 cest: %IP_VFR-3-OVERLAP_FRAGMENTS: Dialer1: from the host 79.9.219.95 destined to 87.2.29.136
000070: *Dec 31 06:59:24.555 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=8565238C, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x814150A4 0x8141577C 0x81417604 0x80E31A4C 0x80E1A154 0x80E1A71C 0x80E1A944 0x80E1AB94 0x80367D2C 0x8036B178
000071: *Dec 31 06:59:24.695 cest: %IP_VFR-3-OVERLAP_FRAGMENTS: Dialer1: from the host 79.9.219.95 destined to 87.2.29.136
000072: *Dec 31 06:59:24.695 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=85600288, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x814150A4 0x8141577C 0x81417604 0x80E31A4C 0x80E1A154 0x80E1A71C 0x80E1A944 0x80E1AB94 0x80367D2C 0x8036B178
000073: *Dec 31 06:59:28.099 cest: %SEC-6-IPACCESSLOGP: list 150 denied tcp 79.12.44.215(37242) -> 87.2.29.136(54298), 1 packet  
000074: *Dec 31 06:59:29.843 cest: %IP_VFR-3-OVERLAP_FRAGMENTS: Dialer1: from the host 82.91.255.2 destined to 87.2.29.136
000075: *Dec 31 06:59:29.843 cest: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=8578C544, count=0,  -Traceback= 0x808DA290 0x8030919C 0x8141424C 0x814150A4 0x8141577C 0x81417604 0x80E31A4C 0x80E1A154 0x80E1A71C 0x80E1A944 0x80E1AB94 0x80367D2C 0x8036B178
000076: *Dec 31 06:59:48.575 cest: %SYS-2-PAK_SUBBLOCK_ALREADY: 2 -Process= "IP Input", ipl= 0, pid= 80,  -Traceback= 0x808DA290 0x8198BE14 0x8141515C 0x8141577C 0x81417604 0x80E31A4C 0x80E1A154 0x80E1A71C 0x80E1A944 0x80E1AB94 0x80367D2C 0x8036B178

dopo pochi minuti di attività, attualmente uso l'ios c870-advipservicesk9-mz.124-15.T7 e non ho problemi.
Potrebbe essere un problema legato alla mia configurazione? O cosa di cui sospetto purtroppo, un problema hardware del mio piccolo cisco?
Grazie in anticipo.

[Helix]

sh ver e sh run subito!

[Manuelix]

Grazie in anticipo, ecco l'output con la versione funzionante di IOS:

Codice: Seleziona tutto

C-877-01#sh version 
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(15)T7, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 14-Aug-08 07:43 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI2, RELEASE SOFTWARE

C-877-01 uptime is 1 hour, 19 minutes
System returned to ROM by reload at 14:20:13 cest Wed Dec 31 2008
System restarted at 14:21:00 cest Wed Dec 31 2008
System image file is "flash:c870-advipservicesk9-mz.124-15.T7.bin"
Last reload reason: Reload Command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
[email protected].

Cisco 877 (MPC8272) processor (revision 0x200) with 236544K/25600K bytes of memory.
Processor board ID FCZ101221TA
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
128K bytes of non-volatile configuration memory.
53248K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

sh running-config

Codice: Seleziona tutto

version 12.4
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname C-877-01
!
boot-start-marker
boot-end-marker
!
logging exception 100000
logging count
logging userinfo
logging queue-limit 10000
logging buffered 150000 informational
logging console critical
enable secret 5 XXXXXXXXXXXXXXXX
!
no aaa new-model
clock timezone cest 1
clock summer-time CEST recurring
!
!
dot11 syslog
no ip source-route
no ip gratuitous-arps
ip icmp rate-limit unreachable 1000
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.60.241
ip dhcp excluded-address 192.168.60.250 192.168.60.254
!
ip dhcp pool CLIENT
   network 192.168.60.240 255.255.255.240
   dns-server 208.67.222.222 208.67.220.220 
   default-router 192.168.60.241 
   lease 0 2
!
!
ip dhcp update dns both
no ip bootp server
ip domain name cisco.com
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip name-server 151.99.125.1
ip name-server 193.70.192.100
ip inspect log drop-pkt
ip inspect max-incomplete low 300
ip inspect max-incomplete high 400
ip inspect one-minute low 300
ip inspect hashtable-size 2048
ip inspect tcp synwait-time 20
ip inspect tcp max-incomplete host 300 block-time 60
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw udp timeout 3600
ip inspect name myfw tcp router-traffic timeout 3600
ip inspect name myfw h323 timeout 3600
ip inspect name myfw sip timeout 3600
ip inspect name myfw rtsp timeout 3600
ip inspect name myfw icmp timeout 3600
ip inspect name myfw ntp timeout 3600
ip inspect name myfw dns timeout 3600
ip inspect name myfw ssh timeout 3600
ip ddns update method dyndns
 HTTP
  add http://ZZZZZZZZZZ:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
  remove http://ZZZZZZZZ:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
 interval maximum 28 0 0 0
!
login block-for 1 attempts 3 within 30
login on-failure
login on-success
!
multilink bundle-name authenticated
!
!         
username YYYYYYYYYY password 7 XXXXXXXXXXXX
username YYYYYYYYYY password 7 XXXXXXXXXXXX
! 
!
archive
 log config
  hidekeys
!
!
ip tcp selective-ack
ip tcp window-size 2144
ip tcp synwait-time 10
ip ssh logging events
!
!
!
interface Loopback0
 description INTERFACCIA VIRTUALE END-POINT VPN
 ip address 172.16.254.1 255.255.255.255
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 atm vc-per-vp 64
 no atm ilmi-keepalive
 pvc 8/35 
  pppoe-client dial-pool-number 1
 !
 dsl operating-mode auto 
!
interface FastEthernet0
 description * LAN to VFirewall *
 switchport access vlan 20
!
interface FastEthernet1
 description * MNGT Interface *
 switchport access vlan 100
!
interface FastEthernet2
 switchport access vlan 20
!
interface FastEthernet3
 switchport access vlan 20
!         
interface Vlan1
 description * Default VLAN Router *
 no ip address
 shutdown
!
interface Vlan10
 no ip address
!
interface Vlan100
 description * MNGT Interface *
 ip address 172.16.200.225 255.255.255.224
 ip access-group 152 out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip route-cache cef
 no ip route-cache
!
interface Vlan20
 description * CONNESSIONE LAN 192.168.60.241/28 *
 ip address 192.168.60.241 255.255.255.240
 ip access-group 151 out
 ip nat inside
 ip inspect myfw in
 no ip virtual-reassembly
 hold-queue 100 out
!
interface Dialer1
 description INTERFACCIA PER ACCESSO AD INTERNET
 ip ddns update hostname YYYYYYYYY.homelinux.YYY
 ip ddns update dyndns
 ip address negotiated
 ip access-group 150 in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting access-violations
 ip mtu 1492
 ip nat outside
 ip inspect myfw out
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 no ip mroute-cache
 dialer pool 1
 dialer-group 1
 no snmp trap link-status
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname [email protected]
 ppp chap password 7 XXXXXXXXXXXXXXXX
 ppp pap sent-username [email protected] password 7 XXXXXXXXX
 ppp ipcp dns request
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
no ip http server
no ip http secure-server
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation udp-timeout 120
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.60.254 2234 interface Dialer1 2234
ip nat inside source static udp 192.168.60.254 4444 interface Dialer1 4444
ip nat inside source static tcp 192.168.60.254 4444 interface Dialer1 4444
ip nat inside source static tcp 192.168.60.254 9999 interface Dialer1 9999
ip nat inside source static tcp 192.168.60.254 1214 interface Dialer1 1214
ip nat inside source static tcp 192.168.60.254 6881 interface Dialer1 6881
ip nat inside source static tcp 192.168.60.254 6882 interface Dialer1 6882
ip nat inside source static udp 192.168.60.254 6347 interface Dialer1 6347
ip nat inside source static tcp 192.168.60.254 6347 interface Dialer1 6347
ip nat inside source static udp 192.168.60.254 6346 interface Dialer1 6346
ip nat inside source static tcp 192.168.60.254 6346 interface Dialer1 6346
ip nat inside source static tcp 192.168.60.254 1755 interface Dialer1 1755
ip nat inside source static udp 192.168.60.254 1756 interface Dialer1 1756
ip nat inside source static tcp 192.168.60.254 1758 interface Dialer1 1758
ip nat inside source static udp 192.168.60.254 1758 interface Dialer1 1758
ip nat inside source static tcp 192.168.60.254 1723 interface Dialer1 1723
ip nat inside source static tcp 192.168.60.254 5556 interface Dialer1 5556
ip nat inside source static tcp 192.168.60.254 5557 interface Dialer1 5557
ip nat inside source static tcp 192.168.60.254 80 interface Dialer1 80
ip nat inside source static tcp 192.168.60.254 443 interface Dialer1 443
ip nat inside source static tcp 192.168.60.254 21 interface Dialer1 21
ip nat inside source static udp 192.168.60.254 6348 interface Dialer1 6348
ip nat inside source static tcp 192.168.60.254 6348 interface Dialer1 6348
ip nat inside source static udp 192.168.60.254 1194 interface Dialer1 1194
ip nat inside source static udp 192.168.60.254 1195 interface Dialer1 1195
ip nat inside source static tcp 192.168.60.254 5060 interface Dialer1 5060
ip nat inside source static udp 192.168.60.254 5004 interface Dialer1 5004
ip nat inside source static tcp 192.168.60.254 3478 interface Dialer1 3478
ip nat inside source static udp 192.168.60.254 3478 interface Dialer1 3478
ip nat inside source static udp 192.168.60.254 8000 interface Dialer1 8000
ip nat inside source static udp 192.168.60.254 8001 interface Dialer1 8001
ip nat inside source static udp 192.168.60.254 5061 interface Dialer1 5061
ip nat inside source static tcp 192.168.60.254 5143 interface Dialer1 5143
ip nat inside source static udp 192.168.60.254 5143 interface Dialer1 5143
!
!
logging trap notifications
logging facility local3
logging 172.16.200.240
access-list 23 permit 172.16.200.240 log
access-list 102 remark *************************************************************
access-list 102 remark *** ACL DEFAULT  ***
access-list 102 permit ip host 192.168.60.250 any
access-list 102 permit ip host 192.168.60.251 any
access-list 102 permit ip host 192.168.60.252 any
access-list 102 permit ip host 192.168.60.253 any
access-list 102 permit ip host 192.168.60.254 any
access-list 150 remark *************************************************************
access-list 150 remark *** ACL ANTI-SPOOFING ***
access-list 150 deny   ip host 0.0.0.0 any log
access-list 150 deny   ip 127.0.0.0 0.255.255.255 any log
access-list 150 deny   ip 192.0.2.0 0.0.0.255 any log
access-list 150 deny   ip 224.0.0.0 31.255.255.255 any log
access-list 150 deny   ip 10.0.0.0 0.255.255.255 any log
access-list 150 deny   ip 172.16.0.0 0.15.255.255 any log
access-list 150 deny   ip 192.168.0.0 0.0.255.255 any log
access-list 150 remark *************************************************************
access-list 150 remark *** ACL PER BLOCCARE L'ACCESSO A VIRUS E ATTACCHI ***
access-list 150 deny   tcp any any eq 135
access-list 150 deny   udp any any eq 135
access-list 150 deny   udp any any eq netbios-ns
access-list 150 deny   udp any any eq netbios-dgm
access-list 150 deny   tcp any any eq 139
access-list 150 deny   udp any any eq netbios-ss
access-list 150 deny   tcp any any eq 445
access-list 150 deny   tcp any any eq 593
access-list 150 deny   tcp any any eq 2049
access-list 150 deny   udp any any eq 2049
access-list 150 deny   tcp any any eq 2000
access-list 150 deny   tcp any any range 6000 6010
access-list 150 deny   udp any any eq 1433
access-list 150 deny   udp any any eq 1434
access-list 150 deny   udp any any eq 5554
access-list 150 deny   udp any any eq 9996
access-list 150 deny   udp any any eq 113
access-list 150 deny   udp any any eq 3067
access-list 150 remark *************************************************************
access-list 150 remark *** ACL PER VARIE ***
access-list 150 permit udp any any eq ntp
access-list 150 permit udp any any
access-list 150 remark *************************************************************
access-list 150 remark *** ACL PER CONTROLLARE TRAFFICO ICMP ***
access-list 150 permit icmp any any echo
access-list 150 permit icmp any any echo-reply
access-list 150 permit icmp any any time-exceeded
access-list 150 permit icmp any any unreachable
access-list 150 permit icmp any any administratively-prohibited
access-list 150 permit icmp any any packet-too-big
access-list 150 permit icmp any any traceroute
access-list 150 deny   icmp any any
access-list 150 remark *************************************************************
access-list 150 remark *** ACL TRAFFICO P2P ***
access-list 150 permit tcp any any range 6881 6889
access-list 150 permit tcp any any eq 1755
access-list 150 permit udp any any eq 1755
access-list 150 permit udp any any eq 1756
access-list 150 permit tcp any any eq 1758
access-list 150 permit udp any any eq 1758
access-list 150 permit tcp any any eq 6346
access-list 150 permit udp any any eq 6346
access-list 150 permit tcp any any eq 6347
access-list 150 permit udp any any eq 6347
access-list 150 permit tcp any any eq 6348
access-list 150 permit udp any any eq 6348
access-list 150 permit tcp any any eq 6882
access-list 150 permit tcp any any eq 6881
access-list 150 permit tcp any any eq 5143
access-list 150 permit udp any any eq 5143
access-list 150 permit tcp any any eq 1214
access-list 150 permit tcp any any eq 9999
access-list 150 permit tcp any any eq 2234
access-list 150 remark *************************************************************
access-list 150 remark *** ACL OPENVPN SERVER ***
access-list 150 permit udp any host 192.168.60.254 eq 1194
access-list 150 permit udp any host 192.168.60.254 eq 1195
access-list 150 remark *************************************************************
access-list 150 remark *** ACL FTP SERVER ***
access-list 150 permit tcp any gt 1023 any eq ftp
access-list 150 remark *************************************************************
access-list 150 remark *** ACL ASSISTANCES SERVER ***
access-list 150 permit tcp any gt 1023 any range 5556 5557
access-list 150 permit tcp any any eq 1723
access-list 150 permit gre any any
access-list 150 remark *************************************************************
access-list 150 remark *** ACL SSLEXPLORER SERVER ***
access-list 150 permit tcp any any eq 443
access-list 150 remark *************************************************************
access-list 150 remark *** ACL VOIP ***
access-list 150 permit tcp any any eq 5060
access-list 150 permit udp any any eq 5060
access-list 150 permit tcp any any eq 5061
access-list 150 permit udp any any eq 5061
access-list 150 permit udp any any eq 5004
access-list 150 permit tcp any any eq 3478
access-list 150 permit udp any any eq 3478
access-list 150 permit udp any any eq 8000
access-list 150 permit udp any any eq 8001
access-list 150 remark *************************************************************
access-list 150 remark *** ACL WEB SERVER ***
access-list 150 permit tcp any any eq www
access-list 150 remark *************************************************************
access-list 150 remark *** ACL Block ***
access-list 150 deny   ip any any log
access-list 150 remark *************************************************************
access-list 151 remark *************************************************************
access-list 151 remark *** ACL dalla Vlan 20 al Router ***
access-list 151 permit ip any any
access-list 152 remark *************************************************************
access-list 152 remark *** ACL Vlan 100 MNGT ***
access-list 152 permit ip host 172.16.200.225 host 172.16.200.240
access-list 152 deny   ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
banner motd ^C

***********************!!!IMPORTANT NOTICE!!!***********************
*                                                                  *
* This is a restricted system. All connections are logged.         *
* If you are not authorized to connect to this system, log         *
* off now.                                                         *
*                                                                  *
* Violators will be prosecuted to the full extent of the law.      *
* SysAdmin - YYYYYYYYYYYYYYYY                                      *
********************************************************************

^C
!
line con 0
 exec-timeout 120 0
 password 7 XXXXXXXXXXX
 login local
 no modem enable
 transport preferred ssh
line aux 0
 monitor
line vty 0 4
 access-class 23 in
 exec-timeout 120 0
 password 7 XXXXXXXXXXXX
 login local
 length 0
 transport input ssh
 transport output ssh
!
scheduler max-task-time 5000
scheduler interval 500
ntp clock-period 17175656
ntp server 193.204.114.232 prefer
!
webvpn context Default
 ssl authenticate verify all
 !
 no inservice
!
end

[Helix]

Fai un paio di prove:

1) Disabilita l'inspect
2) Disattiva la parte di timer negli statements relativi al nat!

[Manuelix]

Buongiorno, scusate il ritardo, ma purtroppo sono stato via per qualche giorno, ho fatto le prove, ma purtroppo la situazione peggiora, il router si congela senza alcun errore, nemmeno connesso in console ho output, l'unica cosa che viene visualizzata è:

Codice: Seleziona tutto

%Software-forced reload

A questo punto non saprei, attendo ulteriori consigli e grazie ancora.

[k4mik4ze]

...dando per scontato che non sia un problema della IOS [Nel senso di errori di download/upload]...


Non per essere ped/sante, non ho ancora letto la configurazione intera ad ogni modo temo che cisco.com sostenga il tuo essere in da sci'.

%SYS-2-PAK_SUBBLOCK_ALREADY : [dec]

Explanation: An error in attempting to allocate a packet subblock has occurred. A subblock was already associated with the packet.

Recommended Action: Copy the error message exactly as it appears on the console or in the system log, include the stack trace, contact your Cisco technical support representative, and provide the representative with the gathered information.

%IP_VFR-3-OVERLAP_FRAGMENTS : [chars]: from the host [IP_address] destined to [IP_address]

Explanation The router has encountered overlap fragments. "Overlap fragment" means that the offset of one fragment overlaps the offset of another fragment. For example, if the offset of the first fragment is 0 and its length is 800, the offset of the second fragments offset must be 800. If the offset of the second fragment is less than 800, the second fragment overlaps the first fragment. This condition might indicate a hostile attack.

Recommended Action Configure a static ACL to prevent further overlap fragments from the sender.

Qui non ho mica capito bene che c'entrano le ACL con l'offset. Qualcuno me lo spiega?

%IP_VFR-4-FRAG_TABLE_OVERFLOW : [chars]: the fragment table has reached its maximum threshold [dec]

Explanation: The number of datagrams being reassembled at any one time has reached it maximum limit.

Recommended Action: Increase the maximum number of datagrams that can be reassembled by entering the ip virtual-reassembly max-reassemblies number command, with number being the maximum number of datagrams that can be reassembled at any one time.

%SYS-2-BADSHARE: Bad refcount in [chars], ptr=[hex], count=[hex]

A reference count is used to track the usage of many data structures. A function increments the count when it begins to use a structure and decrements it when it is finished. When the count becomes zero, the data structure is freed. When the count is accessed, it is found to be negative, which means that the data structure is not freed until the system is re-loaded. The error message indicates that the process is trying to free a packet which no one is referencing.

On a Catalyst 6500 running native Cisco IOS Software Release 12.1E, the error message is sometimes displayed. It is followed by a traceback, under heavy traffic conditions.

Io voto problema HW. E mi sa che non è neanche sull'interfaccia.
Ad ogni modo rimetto il parere ai più esperti.

[Manuelix]

Buongiorno, la cosa strana è che con l'ios precedente funziona senza problemi, in caso di problema hardware diventerebbe un po' un casino. Avevo letto la pagina di cisco, ma speravo in qualche soluzione alternativa, magari dovuto solo ad una configurazione astrusa.

[k4mik4ze]

Allora fossi in te, tanto per essere sicurerrimo.
Monterei una IOS che sei sicuro essere funzionante [tipo quella che hai rimosso], così tanto per essere sicuro che il problema sia software o hardware.

Se appena rimetti l'altra IOS i problemi sparicono allora il problema è meno peso di quanto si pensi. Se i problemi rimangono...allora dobbiamo "affondare" il router mi sa .


Intanto continuo a vedere qualcosina, tanto oggi si lavora poco a quanto pare

[Manuelix]

Rieccomi, sì infatti vi scrivo con la precedente, che no presenta problemi, nessun riavvio, nessun errore (almeno credo ), comunque la cosa è veramente strana. Grazie ancora per il tempo che mi state dedicando.

[Manuelix]

Buongiorno, potrebbe essere la mia configurazione che da problemi? Non ho altre spiegazioni, anche perchè con c870-advipservicesk9-mz.124-15.T7.bin funziona bene.

[keycien]

ti confermo che anch'io ho problemi di frezee randomici con la 22T e cisco 877w

succede sopratutto con software p2p emule-xtreme e utorrent

[Manuelix]

Il mio problema è che avviene subito dopo qualche minuto, anche senza scaricare nulla.

[Raistlin]

Quando non si sa dovì'è il problema e meglio cercarli tutti!! no, raga?^^

Sh diag e vedi se ti rileva tutte le tue schede, sh process cpu history e vedi coem ti lavora la cpu mMm vedi pure facendo un po di ping con source le interfaccie se ques'utlime ti danno CRC error etc etc ^^
(nn ho visto la run perchè ho 38 di febbre^^ ho dato una letta al volo al prob e alle risposte)

[Helix]

Il mio problema è che avviene subito dopo qualche minuto, anche senza scaricare nulla.

aspetta una nuova release!

[Manuelix]

Grazie mille per l'aiuto ragazzi, Raistlin appena ho un attimo procedo con i test che mi hai indicato.
Helix spero che la nuova release risolva il mio problema e non sia un problema hardware.