Cisco Router 1812 - dropping tcp pkt - WTF ???
I'm seeing these both errors in the debugging logs and specifically the dropping tcp pkt occurs every 30 - 60 seconds and I'm not sure if it's affecting our database application.
access-list logging rate-limited or missing X packets
dropping tcp pkt xxxxxxxxx (PCTil DROP PKT)
IOS Version = 12.4(6)T7
SDM Version = 2.4.1
derek - cisco router guru I'm not
Answers (5)
Did you database application ever work? Can you telnet to the port of the device you are trying to connect to? Are the IP addresses of the database server and the client listed in the log? From this limited info, I would guess you have an access list applied to an interface or line with the log keyword? If your database application is new and never worked, you will probably have to permit this new traffic in the access list. Usually the name or number of the access list will be listed in the log. You can use the show access-list {name} to see the specific list. Usually the last line of the list will have "deny any log" or "deny any any log". All Cisco access-lists have a implicit deny at the end even if the statement is not listed. If you would like me to look at the log, email me at procisco@gmail.com. You can remove the IP addresses if you'd like.
john
Aaron M.
Principal at NonStop Networks, LLC - CCIE #21942 - Cisco Select Partner - Plan, Design & Optimize all Cisco Networks
Best Answers in: Computer Networking (1), Information Security (1)
The access-list logging rate-limited means that the deny statement with the log at the end couldn't write it to the logging buffer. The route doesn't log every deny to the buffer to save cpu from being overburdened.
Do you have many deny entries with log at the end? How many lines of acl do you have?
Syslog would be the optimal way to capture your denies.
Aaron Magruder
NonStop Networks, LLC
http://www.nonstopnetworks.net
Daniel R.
Network Consulting Engineer IV at Cisco Systems
Best Answers in: Computer Networking (5), Planning (1)
The access list logging rate limited means that there are so many "logging" messages that the router can not keep up. Do you look at all the ACL logs? If not, only log the ACL entries that you really care about, or only turn it on when troubleshooting an issue.
As for the "dropping TCP pkt", their could be many reasons for that, and it doesn't nessesarily mean it's related to the database application. It could be web traffic or most other "connection" based applications.
A look at the config would help, but please don't post tje config to the forum, as it's got security info tat could be used against it. If you want to remove any identifying info and send it to me, i can take a look for you.
Dan
Ravi S.
Learner & Helper - IT, Project, Green, Wildlife, Media
Best Answers in: Organizational Development (3), Career Management (2), Computers and Software (2), Education and Schools (1), Job Search (1), Government Policy (1), Compensation and Benefits (1), Nonprofit Management (1), Social Enterpreneurship (1), Market Research and Definition (1), Computer Networking (1), Information Security (1), Information Storage (1), Web Development (1)
You may start troubleshooting first to check pkt drop is in LAN or WAN side. If its WAN side check with your ISP as well.
Thanks
Ravi Sharma
Could you be confusing these two things:
1. The ACL Logging having so many hits (for example, of denies) that it's dropping their *logging* (beside whichever match of the ACL actually happening, such as a deny).
2. Packets that ought to make it across the router being dropped.
If 1., you have that so that the performance of your little router is not killed.
It can be remedied by not logging so much, getting a bigger router, or not denying so much (permitting traffic, and again, not logging the permit action.)
If 2., and assuming the traffic is legitimate (makes it through the ACLs), I doubt your router would be telling you this... unless you were checking for drops on the interface statistics.
So, I think you are mixing up "drops" of the logging data with drops of tcp packets. You could verify network drops with a packet sniffer on either side of the router or at the client or server hosts.
