2 Replies Latest reply: Jun 24, 2010 12:41 PM by cisco_jr RSS

    Flapping interface

    cisco_jr

      background: ATT MPLS circuit, 3845 CISCO router, Multilink T1

       

      I have a case of an interface that is bundled in a multilink that keeps flapping for the most part during office hours. We contacted our provider and they tested the circuit where that interface is connected to and all tests went OK

       

      All zeroes test
      High Density test
      Quasi Random test
      55-Octet test

       

      They told us that it was problem in our router or someone with a particular traffic causing it. I opened a TAC and they would not work on it until I upgrade the IOS image. Now the router started showing those errors 3 months ago. I have not upgraded the IOS yet and I am trying to determine what is causing this flapping:

       


      003150: *Jun 18 06:53:37.683 PCTime: %LINK-3-UPDOWN: Interface Serial0/1/0, changed state to down
      003151: *Jun 18 06:53:38.683 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0, changed state to down
      003152: *Jun 18 06:53:47.691 PCTime: %LINK-3-UPDOWN: Interface Serial0/1/0, changed state to up
      003153: *Jun 18 06:54:00.767 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0, changed state to up

      003154: *Jun 18 08:10:22.259 PCTime: %LINK-3-UPDOWN: Interface Serial0/1/0, changed state to down
      003155: *Jun 18 08:10:23.259 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0, changed state to down
      003156: *Jun 18 08:10:33.267 PCTime: %LINK-3-UPDOWN: Interface Serial0/1/0, changed state to up
      003157: *Jun 18 08:10:46.367 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0, changed state to up

       

       

      Could anyone provide some hints in how to troubleshoot or diagnose this issue? I tend to believe that it is not related to upgrading the IOS image.

       

      here is the a show on the interface:

       

      ROUTER#show service-module serial 0/1/0
      Module type is T1/fractional
          Hardware revision is 1.2, Software revision is 20061106,
          Image checksum is 0x3E88B0, Protocol revision is 0.1
      Receiver has no alarms.
      Framing is ESF, Line Code is B8ZS, Current clock source is line,
      Fraction has 24 timeslots (64 Kbits/sec each), Net bandwidth is 1536 Kbits/sec.
      Last module self-test (done at startup): Passed
      Last clearing of alarm counters 17w6d
          loss of signal        :    0,
          loss of frame         :    3, last occurred 7w4d
          AIS alarm             :    3, last occurred 7w4d
          Remote alarm          :    3, last occurred 1w0d
          Module access errors  :    0,
      Total Data (last 96 15 minute intervals):
          355521 Line Code Violations, 12476 Path Code Violations
          0 Slip Secs, 0 Fr Loss Secs, 3561 Line Err Secs, 421 Degraded Mins
          3569 Errored Secs, 2395 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
      Data in current interval (678 seconds elapsed):
          465 Line Code Violations, 29 Path Code Violations
          0 Slip Secs, 0 Fr Loss Secs, 10 Line Err Secs, 1 Degraded Mins
          10 Errored Secs, 5 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

      Is there any way to diagnose this issue? the fact that the above display shows errors, means that the interface is going bad?

       

       

       

      Thanks,

       

       

      Below is the configuration.

       

       

      version 12.4
      no service pad
      service tcp-keepalives-in
      service tcp-keepalives-out
      service timestamps debug datetime msec localtime show-timezone
      service timestamps log datetime msec localtime show-timezone
      service password-encryption
      service sequence-numbers
      !
      hostname 3845
      !
      boot-start-marker
      boot-end-marker
      !
      security authentication failure rate 3 log
      security passwords min-length 6
      logging buffered 51200 debugging
      logging console critical
      enable secret 5 $1$7J4r%$^adas$#$%%
      !
      no aaa new-model
      !
      resource policy
      !
      clock timezone PCTime -5
      clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
      ip subnet-zero
      no ip source-route
      ip cef
      ip tcp synwait-time 10
      !
      !
      no ip dhcp use vrf connected
      ip dhcp excluded-address 192.168.0.1 192.168.101.0
      ip dhcp excluded-address 192.168.103.255 192.168.255.254
      !
      ip dhcp pool sdm-pool1
         import all
         network 192.168.0.0 255.255.0.0
         default-router 192.168.254.254
         domain-name domain.com
         dns-server 192.168.11.6 192.168.11.1
      !
      !
      no ip bootp server
      ip domain name domain.com
      ip name-server 192.168.1.254
      ip ssh time-out 60
      ip ssh authentication-retries 2
      !
      voice-card 0
      no dspfarm
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      crypto pki trustpoint TP-self-signed-3693895623
      enrollment selfsigned
      subject-name cn=IOS-Self-Signed-Certificate-3693895623
      revocation-check none
      rsakeypair TP-self-signed-3693770616
      !
      !
      crypto pki certificate chain TP-self-signed-3693895623
      certificate self-signed 01
        30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
        31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
        69666963 6174652D 33363933 37373036 3136301E 170D3037 30323134 31353230
        32355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
        4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36393337
        37303631 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
        8100B397 C7C0681F B106A2AD C41F168C E186EC25 C99793DB 4442DCFC 8D890B65
        B86AE250 7CBF6444 C39AC091 D0FE1344 EBEBF0D2 B80AB14F 88EA9FC7 CE913BBA
        6C8E32A9 932BA9CB 41E9E2B1 20E40EFA D1658FA5 2C076632 210E29F3 F29AE4B9
        13C945C5 891FE99B 6E463325 31A7BA69 0B3593FA 22981BDC A42D664B 92FDE564
        7E6B0203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
        551D1104 1E301C82 1A434F4C 2D4D504C 532E6475 636B6372 65656B74 6563682E
        636F6D30 1F060355 1D230418 30168014 0D350E16 786242A3 FE341594 07A52D59
        6A782E9B 301D0603 551D0E04 1604140D 350E1678 6242A3FE 34159407 A52D596A
        782E9B30 0D06092A 864886F7 0D010104 05000381 810050D3 FB6C121D 520D7329
        B44AFEAC 1737EDF8 FDE67855 10C9962F A54C7B07 687E8A78 A1A100E9 CC023FF0
        80FCD286 273A74AC 3ED96827 CD716F9B 94BD0FEC 87FC54C7 2416B574 79A065DD
        4BFFCF79 1573DE87 0D404482 510E475C B5726E54 8DC2BC95 3CFCCB5D 2C8C05B2
        E1CC2E92 A0405A7F 4F95D582 91996DFC E73DBE0A 8812
        quit
      username Admin privilege 15 secret 5 $1$qEkW$XbGM.v2RAVFVdasddd/
      username AAadmin privilege 15 password 7 00370A0801ddsagsdfgsd
      !
      !
      !
      crypto isakmp policy 1
      encr 3des
      authentication pre-share
      group 2
      crypto isakmp key DctSharedKey address XX.XXX.174.61
      !
      !
      crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
      !
      crypto map SDM_CMAP_1 1 ipsec-isakmp
      description Tunnel toXX.XX.174.61
      set peer xx.xx.174.61
      set transform-set ESP-3DES-SHA
      match address 100
      !
      !
      !
      !
      interface Multilink1
      ip address xx.xx.21.154 255.255.255.252
      ip route-cache flow
      no peer neighbor-route
      no keepalive
      no cdp enable
      ppp chap hostname company-xx.xx.21.154
      ppp multilink
      ppp multilink fragment disable
      ppp multilink group 1
      !
      interface GigabitEthernet0/0
      description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ES_LAN$$FW_INSIDE$
      ip address 192.168.254.254 255.255.0.0
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip nat inside
      ip virtual-reassembly
      ip route-cache flow
      duplex full
      speed 1000
      media-type rj45
      negotiation auto
      no mop enabled
      !
      interface GigabitEthernet0/1
      description $ES_WAN$$FW_OUTSIDE$
      ip address dhcp client-id GigabitEthernet0/1
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip nat outside
      ip virtual-reassembly
      ip route-cache flow
      duplex auto
      speed auto
      media-type rj45
      negotiation auto
      no mop enabled
      crypto map SDM_CMAP_1
      !
      interface Serial0/0/0
      no ip address
      no ip proxy-arp
      encapsulation ppp
      no cdp enable
      ppp chap hostname company -xx.xx.21.154
      ppp multilink
      ppp multilink group 1
      !
      interface Serial0/1/0
      no ip address
      encapsulation ppp
      no cdp enable
      ppp chap hostname company -xx.xx.21.154
      ppp multilink
      ppp multilink group 1
      !
      router bgp 65001
      no synchronization
      bgp log-neighbor-changes
      network 192.168.0.0 mask 255.255.0.0
      neighbor xx.xx.21.153 remote-as 7018
      neighbor xx.xx.21.153 timers 15 45
      no auto-summary
      !
      ip classless
      !
      ip flow-export source GigabitEthernet0/0
      ip flow-export version 5
      ip flow-export destination 192.168.100.60 2055
      !
      ip http server
      ip http authentication local
      ip http secure-server
      ip http timeout-policy idle 60 life 86400 requests 10000
      ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/1 overload
      !
      logging trap warnings
      logging 192.168.100.60
      access-list 1 remark INSIDE_IF=GigabitEthernet0/0
      access-list 1 remark SDM_ACL Category=2
      access-list 1 permit 192.168.0.0 0.0.255.255
      access-list 100 remark SDM_ACL Category=4
      access-list 100 remark IPSec Rule
      access-list 100 permit ip 192.168.0.0 0.0.255.255 10.250.0.0 0.0.255.255
      access-list 101 remark SDM_ACL Category=2
      access-list 101 remark IPSec Rule
      access-list 101 deny   ip 192.168.0.0 0.0.255.255 10.250.0.0 0.0.255.255
      access-list 101 permit ip 192.168.0.0 0.0.255.255 any
      snmp-server community cmpny#1 RO
      no cdp run
      !
      route-map SDM_RMAP_1 permit 1
      match ip address 101
      !
      !
      !
      !
      control-plane