ERROR MESSAGE NOTIFICATIONS (if any) SHOW TECH-SUPPORT NOTIFICATIONS (if any) Jump to Section: BUFFER ANALYSIS CPU UTILIZATION ANALYSIS VERSION ANALYSIS MEMORY ANALYSIS PROCESS INFORMATION ------------------- SHOW RUNNING-CONFIG ------------------- NOTE: This tool uses the output from 'show running-config' to correlate values against other show commands. It is not meant to be a configuration assistant. --------------- BUFFER ANALYSIS --------------- WARNING: This router has dropped 303 packet(s) (0.00041%) due to a shortage of 'Small buffers'. The term 'Failures' in the output tracks the number of packets that were dropped due to unsuccessful attempts to allocate a buffer. This can occur in spite of (or even because of) the router's attempts to create additional free buffers when their number declines below minimum. The following Interface(s) have dropped packets because of this condition: TRY THIS: Use the 'show memory' command to check the amount of available memory before you attempt to modify public pool buffers. Increase the minimum number of free buffers for the affected pool. The following are initial values that usually work well in buffer tuning: - permanent: take the number of total buffers in a pool and add about 20% - minimum: set min-free to about 20-30% of permanent - maximum: set max-free to something equal or greater than the sum of permanent and minimum NOTE: This condition may also occur due to a temporary traffic burst. The small buffer failure or middle buffer failure is common in the production environment. Usually, buffer tuning is required when there is a buffer failure in the huge buffer pool. This is because, the router attempts to allocate the smallest buffer that can hold an incoming packet. If no buffers of the correct size are available, the router uses the buffers of the next available size. CAUTION: Care, expertise, and follow-up monitoring are necessary when you adjust system buffers. Incorrect adjustments can severely affect hardware and network performance. REFERENCE: For more information see Buffer Tuning INFO: The buffer counters can be cleared only by reloading the router. INFO: Interfaces use the 'interface buffer' pools for input and output (I/O). When there are no more buffers in the interface buffer free list, the router goes to the public buffer pools as a fallback. Performance is not affected in case of a fallback. Interface buffers should not be tuned. Back to contents ------------------------ CPU UTILIZATION ANALYSIS ------------------------ INFO: Total CPU Utilization is comprised of process and interrupt percentages. Total CPU Utilization: 15% Process Utilization: 13% Interrupt Utilization: 2% These values are found on the first line of the output: CPU utilization for five seconds: x%/y%; one minute: a%; five minutes: b% Total CPU Utilization: x% Process Utilization: (x - y)% Interrupt Utilization: y% Process Utilization is the difference between the Total and Interrupt; x minus y. The one and five minute utilizations are exponentially decayed averages (rather than an arithmetic average), therefore recent values have more influence on the calculated average. Back to contents ---------------- VERSION ANALYSIS ---------------- Jump to Section: CONFIGURATION REGISTER ANALYSIS INFO: The loaded IOS image is supported on the Unknown platform. INFO: For a list and information about the features supported by the loaded image, click on Software Advisor-IOS Image Name. INFO: For a list of MIBs that are supported by the loaded image, please see: SNMP Object Navigator. INFO: This device has 995328 K available for main memory INFO: This device has 53248 K available for IO memory (shared memory). INFO: The loaded IOS image is running from RAM INFO: For recent bug reports on IOS version 12.4(2)T see: Bug NavigatorII ------------------------------- CONFIGURATION REGISTER ANALYSIS ------------------------------- Current Value (in hexadecimal): 0x2102 Current Value (in binary): 0010 0001 0000 0010 Default Value (in hexadecimal): 0x2102 Default Value (in binary): 0010 0001 0000 0010 General Software Configuration Register Bit Meanings (left to right): Bit(s) Meaning: Current Status ----- ------------------------------------------- -------------- 15 Enables diagnostic messages and ignores NVRAM contents: No 14 IP broadcasts do not have net numbers: No 13 Boots default ROM software if network boot fails: Yes (default) � Setting this bit causes the system to load the helper image from ROM without any network retries. Clearing this bit causes the system to load image from ROM after six unsuccessful attempts to load a boot file from the network. 11-12 Console Baud Rate in bps: 9600 (default) 10 IP broadcast with all zeros : No � This causes the following setting based on bits 14 and 10 Net all ones, Host all ones (default) 9 Reserved 8 Break disabled: Yes (default) � Clearing this bit causes the processor to interpret Break as a command to force the system into the bootstrap monitor, halting normal operation. A Break can be sent in the first sixty seconds while the system reboots, regardless of the configuration settings. 7 Original Equipment Manufacturer(OEM) bit enabled: No � Enabling the OEM bit disables the boot strap messages at start up. 6 Ignore NVRAM contents: No (default) � Setting this bit causes the system software to ignore nonvolatile memory contents during next bootup 5 Not used 4 Reserved 3-0 Current boot field value is 0010 (default) � This causes the system to boot the image from default boot filename "cisco2-3800" if boot from flash fails. Note: Enabling the boot system command override the default filename for booting over the network from a TFTP server. More notes for 3800 devices: � IOS reads the config-register in littleendian byte order, LSB first (i.e. 0x21022 becomes 0x1022 or a 1200 baud console). � Command to change config-reg in ROM mode: confreg {register value} REFERENCE: For more information, see Configuration Register. INFO: On power-up or reload, this router will load the IOS image stored in flash-RAM (assuming one exists). If no valid IOS image or flash-RAM exists, this router will attempt to boot in order of following methods: - boot system commands - a TFTP-server (using a default IOS image filename) - boot-ROM (reduced IOS image, if one is available) INFO: On power-up or reload, this router will load it's configuration from a file stored in Non-Volatile RAM (NVRAM). Back to contents REFERENCE: For further information about Cisco IOS Software Releases, see: How to Choose a Cisco IOS Software Release REFERENCE: For further information about Troubleshooting Router Crashes, see Troubleshooting Router Crashes REFERENCE: See Technical Support for Router-specific issues. REFERENCE: For further information about this command see: Show Version --------------- MEMORY ANALYSIS --------------- INFO: Processor memory utilization is 6.44514%. INFO: Processor memory or main memory stores the running configuration and routing tables. The Cisco IOS software executes from main memory. INFO: The amount of processor memory required by the router is affected by the Cisco IOS version used, the size of the network and by the access list configurations. Ensure that an optimal IOS version has been chosen. INFO: The top 3 processes that are holding less than 1 MB of memory are: 'CCAAL2_CT' is holding 873512 bytes 'CCSIP_SPI_CONTRO' is holding 719724 bytes 'Chunk Manager' is holding 422100 bytes No Memory Problems Were Found. Back to contents ------------------- PROCESS INFORMATION ------------------- No misbehaving processes were found to report on. SHOW RUNNING-CONFIG SECURITY NOTIFICATIONS (if any) This process will suggest enhancements to an IP network's first line of defense, the router. Please note the following: 1. This is NOT a substitute for an overall network security policy. Responsible network security management requires careful research, planning, as well as continued vigilance. It is important to develop, document, and maintain standards for appropriate network access and utilization. 2. While a guide to your first steps in securing the TCP/IP operations within a Cisco router running IOS, this process is NO substitute for expertise in IP network security and exploit reduction. It is crucial for network support personnel to cultivate and maintain a base of knowledge in these areas. 3. DO NOT deploy any proposed configuration changes without thorough testing in a non-critical environment. You will want to research any commands with which you are not very familiar. Cisco's web-site has many outstanding resources, documents, templates, and links for further information, to assist you in this effort. Also, the Cisco Technical Assistance Center (TAC) is always available. Product Security Incident Response Team(PSIRT) advisories. PASSWORD MANAGEMENT: WARNING: This router's passwords are not as secure as they can be. TRY THIS: To improve password security, you may wish to introduce the following configuration command(s): * 'service password-encryption' INFO: This service directs IOS to encrypt passwords, CHAP secrets and similar data. The encryption method is NOT strong and can be reversed by any competent amateur cryptographer in a few hours. * 'aaa new-model' 'aaa authentication login' INFO: These commands establish a more sophisticated authentication model for logins and privileged sessions. In conjunction with a security server (TACACS+ or RADIUS), login passwords may be secured and tracked much more thoroughly than before. Even without a security server, these commands improve the information available from the system logs by associating each login and privileged session with a specific username/password combination. NOTE: Create AT LEAST ONE local user account on the router before adding these commands to the configuration. * 'username ... password ...' INFO: This command creates user accounts local to the router. While these local accounts are no more secure then the standard vty 'password', they improve the quality of information stored in log files by associating each login with a specific user. These accounts can also serve as backup authentication if primary authentication from a security server (TACACS+ or RADIUS) becomes unavailable. NOTE: It is always important to secure all copies of the router configuration file from unauthorized individuals. SECURING INTERACTIVE SESSIONS: WARNING: Interactive sessions initiated to and from this router are not as secure as they can be. TRY THIS: Consider introducing the following configuration command(s): * 'banner login' INFO: In some jurisdictions, civil and/or criminal prosecution of unauthorized users is much easier when you provide a banner warning them that their access is unauthorized. Legal notification requirements are complex and these should be discussed with your own legal counsel. Once the appropriate login warning has been developed for your router, you may incorporate it into your unit for display before all interactive logins with the 'banner login' configuration command. PORT/LINE SECURITY: WARNING: This router's ports/lines are not as secure as they can be. TRY THIS: Consider introducing the following configuration command(s): * 'line con 0' � 'transport input none' INFO: This command guards against anyone initiating a reverse-telnet session to the router's console port. � 'exec-timeout' INFO: This command will end an interactive session if it remains inactive for a specified number of minutes. * 'line aux 0' � 'transport input none' INFO: This command guards against anyone initiating a reverse-telnet session to the router's aux port. � 'exec-timeout' INFO: This command will end an interactive session if it remains inactive for a specified number of minutes. * 'line vty 0 4' � 'transport input ssh' INFO: This command restricts the session protocols that can be used to only SSH, in order to initiate a session to the router. Using SSH is preferable to TELNET since sessions are encrypted. SSH has been supported since IOS 12.0.5.S. REFERENCE: Configuring SSH on Cisco IOS routers � 'exec-timeout' INFO: This command will end an interactive session if it remains inactive for a specified number of minutes. � 'access-class ... in' INFO: This command, in conjunction with an access-list, restricts interactive sessions to a specific list of source hosts. This parameter can be added to all vty ports or just the last. The later case will allow access to the router from anywhere on the network but holds the last port in reserve for a trusted host should the others 'fill-up' for any reason. SNMP MANAGEMENT SERVICE: INFO: The SNMP v1 management service is enabled on this router. To disable, prefix a 'no' to each 'snmp-server community' command currently in the router's configuration. REFERENCE: Search for 'SNMP security advisory' INFO: SNMP v1 (and v2) do not use encrypted community strings in communications between router and SNMP server, so an attacker may still exploit the SNMP management service by obtaining the RW community string with a packet sniffer. To alleviate the threat, you may want to investigate using SNMP v3, which is available on some routers. The SNMP server(s) must also have SNMP v3 capability. REFERENCE: For more information, see SNMP Version 3 ROUTE/PATH INTEGRITY: WARNING: This router does not show any filter against ICMP redirects. INFO: An ICMP redirect is a message to a host to use a specific router as its path to a particular destination. In a properly functioning network, these messages will be sent within a local segment only. If this rule is violated, however, ICMP redirects can become the basis of attack. TRY THIS: Consider the introduction of or addition to an access-list applied to externally facing interfaces to prevent these messages from crossing network segments. Use the 'access-list 100 deny icmp any any redirect' configuration command. REFERENCE: See Extended Access List Examples for more information. WARNING: This router does not show protection against commonly 'spoofed' IP addresses. INFO: Spoofing is the practice of falsifying the source-address of an IP packet so as to disguise it's origin and/or intent. TRY THIS: Consider the introduction of OR addition to an IP access-list applied to incoming packets on all active interfaces. The LAN interface should block all IP source-addresses not specifically permitted to exist on that network segment. The WAN interface should block any traffic attempting to represent itself as from the WAN interface itself, the internal LAN segment, a private network (impossible from the Internet), a loopback address (not permitted on the Internet), or from multicast/experimental address-space (invalid under most circumstances). INFO: Private network addresses are within these ranges: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 INFO: Loopback and multicast addresses exist within these ranges: 127.0.0.0 - 127.255.255.255 224.0.0.0 - 255.255.255.255 NOTE: Research the anti-spoofing requirements of your own network before applying this protection. INFO: At least one routing protocol is configured. Routing protocols (like EIGRP and OSPF) that support route filtering and authentication are much more secure when these features are enabled. Routing protocols that do not support these features (or have them disabled) are more vulnerable to exploits/attacks. SERVICE-EXPLOIT REDUCTION: WARNING: One or more services are running that can be exploited. TRY THIS: To reduce possible service-based exploits that may be attempted against this router, consider disabling these services using the following configuration command(s): * 'no ip finger' * 'no ip domain-lookup' These services are rarely used for legitimate purposes and can be co-opted to launch a denial-of-service as well as other types of attacks. WARNING: NTP (Network Time Protocol) has not been secured. INFO: While not particularly dangerous, can be used to subvert certain security protocols (those that use a time-base) and foul the time-stamps on the router's log messages. TRY THIS: To disable NTP on a per interface basis, use the 'ntp disable' interface configuration command. To use NTP more securely, consider the following configuration command(s): * 'ntp authenticate' TRAFFIC-FLOOD MANAGEMENT: INFO: Many denial-of-service (DOS) attacks are based on sending a flood of useless packets to vulnerable units. WARNING: This router may not respond well in the face of a flood-based attack. TRY THIS: To improve this router's response, consider introducing the following configuration command(s): ATM2/0 * 'no ip unreachables' * 'no ip redirects' ATM2/0.10 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.20 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.30 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.40 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.50 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.60 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.70 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.80 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.110 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.121 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.130 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.140 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.150 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.160 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.170 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.180 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.200 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.210 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.220 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.230 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.240 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.250 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.260 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.270 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.280 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.290 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.300 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.360 point-to-point * 'no ip unreachables' * 'no ip redirects' ATM2/0.600 point-to-point * 'no ip unreachables' * 'no ip redirects' INFO: These commands will disable the replies utilized by the more common DoS-attacks at the interface-level. While these do not specifically protect this router/network from attack, they do much to prevent it being used as an unwitting 'reflector' of attacks directed towards others. * 'ip verify unicast reverse-path' INFO: This interface command examines each packet received as input on that interface. If the source IP address does not have a route in the CEF tables that points back to the same interface on which the packet arrived, the router drops the packet. The feature should be applied to internet facing interfaces and CEF (Cisco Express Forwarding) should be enabled on the router. REFERENCE: Configuring Unicast Reverse Path Forwarding INFO: If this router is a 2600 series or higher (this includes Catalyst 5000 series units configured with an RSM), you may wish to investigate the TCP Intercept feature introduced in IOS Version 11.2. This is a powerful feature designed to protect selected hosts from SYN-flood attacks common to the Internet. There is some cost, however, with regard to the router's performance. REFERENCE: For more information, see Cisco IOS TCP Intercept and TCP Intercept. INFO: You may consider enabling the 'committed access rate' (CAR) feature to limit the bandwidth consumed by certain traffic types such as ICMP, TCP 'SYN', UDP and multicast packets. These should be applied to internet facing interfaces using the 'rate-limit' interface configuration command and an appropriate access-list. This can be helpful in limiting the effect of denial of service attacks. CAR is a functionality that works with Cisco Express Forwarding, found in 11.1CC and releases from 12.0. REFERENCE: For more information, see Configuring Committed Access Rate LOGGING: WARNING: This router is not taking full advantage of its logging capabilities. INFO: The router is capable of logging accesses and other significant events using a variety of methods. These logs, when detailed over a significant interval, are invaluable in identifying/responding to attacks and other abuses. TRY THIS: To take advantage of these logging activities consider introducing the following configuration command(s): * 'logging (IP address of syslog server)' * 'logging trap' INFO: These commands set up communication between the router's logging process and a syslog server. A syslog server is an inexpensive and widely available application/agent that stores log entries from network devices. This facility allows you permanent storage for logging information, which is especially valuable when physical access to the router is impractical. A syslog server also affords greater detail within the logs themselves (less reliance on the router's logging buffer). The level of 'urgency' (detail) of the syslog server-stored logs is set via the 'logging trap' command. There is minimal performance impact to the router, regardless of the level of logging detail. Like any component of a network-management system, the syslog server application should be run only from a secured, trusted host. * 'aaa accounting' INFO: The best, most detailed logging is done in conjunction with a TACACS+ or RADIUS server. While this option would require some setup, configuration, and ongoing support, the benefits to your overall network security are considerable and extend well beyond logging functions. * 'exception dump' INFO: When a router crashes, a copy of the core memory is kept. Before the memory is erased on reboot, the router can be set up to copy the core dump out to a UNIX server. These dumps can be extremely useful in identifying the cause of a crash. An account (ftp, tftp, or rcp) and sufficient disk space (equal to the amount of memory on the router per dump) needs to be set up and allocated. One example, using FTP to export the dump: ! ip ftp source-interface Loopback0 ip ftp username [enter username here] ip ftp password [enter password here] ! exception protocol ftp exception dump [enter IP address of FTP Server here] ! REFERENCE: For more information on configuring core dumps, see: Configuring Core Dumps * 'ntp source interface Loopback0' INFO: The commands above will enable services on your router to send messages sourced from a loopback interface (Loopback0 in these examples). Using a loopback address as a source interface will keep your messages consistent and simplify access-list statements for security purposes. * 'ip accounting access-violations' INFO: This command enables IP accounting on an interface with the ability to identify IP traffic that fails IP access lists. The following interfaces could benefit from this: GigabitEthernet0/0 GigabitEthernet0/1 Serial0/3/0 GigabitEthernet1/0 ATM2/0 ATM2/0.10 point-to-point ATM2/0.20 point-to-point ATM2/0.30 point-to-point ATM2/0.40 point-to-point ATM2/0.50 point-to-point ATM2/0.60 point-to-point ATM2/0.70 point-to-point ATM2/0.80 point-to-point ATM2/0.100 point-to-point ATM2/0.110 point-to-point ATM2/0.121 point-to-point ATM2/0.130 point-to-point ATM2/0.140 point-to-point ATM2/0.150 point-to-point ATM2/0.160 point-to-point ATM2/0.170 point-to-point ATM2/0.180 point-to-point ATM2/0.200 point-to-point ATM2/0.210 point-to-point ATM2/0.220 point-to-point ATM2/0.230 point-to-point ATM2/0.240 point-to-point ATM2/0.250 point-to-point ATM2/0.260 point-to-point ATM2/0.270 point-to-point ATM2/0.280 point-to-point ATM2/0.290 point-to-point ATM2/0.300 point-to-point ATM2/0.360 point-to-point ATM2/0.600 point-to-point GigabitEthernet3/0 Once enabled, violations may be viewed with the 'show ip accounting access-violations' command. REFERENCE: For additional information see: Practical Reading: Improving Security on Cisco Routers Characterizing and Tracing Packet Floods Using Cisco Routers Cisco Security Solutions: Security Solutions SHOW RUNNING-CONFIG - NAT NOTIFICATIONS (if any) No Significant NAT Problems found. REFERENCE: NAT (Network Address Translation) REFERENCE: NAT order of operations. REFERENCE: 'ip nat' commands, command reference. REFERENCE: 'ip nat' commands, configuration guide. Link to Command Lookup Tool NOTIFICATIONS (if any) Click the links below to see detailed information on each command: Building configuration... Current configuration: ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone no service password-encryption ! hostname LOGSNBRTR01 ! boot-start-marker boot-end-marker ! logging buffered 32768 debugging no logging console enable secret 5 ! no aaa new-model ! resource policy ! clock timezone EST -5 clock summer-time EDT recurring ip subnet-zero no ip source-route ip cef ! ! no ip dhcp use vrf connected ! ! no ip bootp server no ip domain lookup ip host cha 10.33.2.1 ip host md 10.11.2.1 ip host mn 10.55.2.1 ip host va 10.10.2.1 ip host bca 10.22.2.1 ip host jax 10.23.2.1 ip host tn 10.39.2.1 ip host li 10.62.2.1 ip host ms 10.45.2.1 ip host ok 10.51.2.1 ip host pa 10.47.2.1 ip host oh 10.37.2.1 ip host wa 10.31.2.1 ip host tam 10.20.2.1 ip host fleet 10.12.2.1 ip host la 10.53.2.1 ip host mo 10.49.2.1 ip host ks 10.43.2.1 ip host al 10.41.2.1 ip host az 10.35.2.1 ip host mia 10.26.2.1 ip host mot 10.59.2.1 no ip ips deny-action ips-interface ! ipx routing 0008.a3ed.9641 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! buffers small permanent 400 buffers small max-free 376 buffers small min-free 82 buffers middle permanent 215 buffers middle max-free 258 buffers middle min-free 56 buffers big permanent 180 buffers big max-free 230 buffers big min-free 50 buffers verybig permanent 107 buffers verybig max-free 136 buffers verybig min-free 30 buffers large permanent 10 buffers large max-free 15 buffers large min-free 3 buffers huge permanent 2 buffers huge max-free 5 buffers huge min-free 3 ! ! ! interface Loopback0 ip address 10.132.0.29 255.255.255.255 no ip redirects no ip unreachables no ip proxy-arp ! interface GigabitEthernet0/0 description Link-to PIX ip address 10.250.1.3 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp no ip mroute-cache load-interval 30 duplex full speed 1000 media-type rj45 negotiation auto no mop enabled ! interface GigabitEthernet0/1 description RESERVED FOR ILD no ip address no ip redirects no ip unreachables no ip proxy-arp load-interval 30 shutdown duplex full speed 1000 media-type rj45 negotiation auto ! interface Serial0/3/0 description PRIVATE 128kb to UPN ip address 172.17.100.101 255.255.255.252 no ip redirects no ip unreachables encapsulation ppp no ip mroute-cache no fair-queue service-module t1 timeslots 1-2 ! interface GigabitEthernet1/0 description link to EXCHANGE ip address 10.240.0.1 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip ospf cost 400 load-interval 30 negotiation auto ! interface ATM2/0 no ip address no ip mroute-cache load-interval 30 atm framing cbitplcp no atm ilmi-keepalive ! interface ATM2/0.10 point-to-point description Connection to Oklahoma City OK mtu 1500 ip address 192.168.51.5 255.255.255.252 ip nat inside no ip virtual-reassembly no ip mroute-cache pvc 1/10 protocol ip 192.168.51.6 vbr-nrt 1766 1765 33 vc-hold-queue 175 encapsulation aal5snap ! ! interface ATM2/0.20 point-to-point description Connection to Jackson MS mtu 1500 ip address 192.168.45.5 255.255.255.252 ip nat inside no ip virtual-reassembly no ip mroute-cache pvc 1/20 protocol ip 192.168.45.6 vbr-nrt 1766 1765 33 vc-hold-queue 160 encapsulation aal5snap ! ! interface ATM2/0.30 point-to-point description Connection to Memphis TN mtu 1500 ip address 192.168.39.5 255.255.255.252 no ip mroute-cache pvc 1/30 protocol ip 192.168.39.6 vbr-nrt 1766 1765 33 vc-hold-queue 300 encapsulation aal5snap ! ! interface ATM2/0.40 point-to-point description Connection to Birmingham AL mtu 1500 ip address 192.168.41.5 255.255.255.252 ip nat inside no ip virtual-reassembly no ip mroute-cache pvc 1/40 protocol ip 192.168.41.6 vbr-nrt 1766 1765 33 vc-hold-queue 400 encapsulation aal5snap ! ! interface ATM2/0.50 point-to-point description Connection to Metairie LA mtu 1500 ip address 192.168.53.5 255.255.255.252 no ip mroute-cache pvc 1/50 protocol ip 192.168.53.6 vbr-nrt 1766 1765 33 vc-hold-queue 200 encapsulation aal5snap ! ! interface ATM2/0.60 point-to-point description Connection to Tampa FL mtu 1500 ip address 192.168.20.5 255.255.255.252 no ip mroute-cache pvc 1/60 protocol ip 192.168.20.6 vbr-nrt 1766 1765 33 vc-hold-queue 320 encapsulation aal5snap ! ! interface ATM2/0.70 point-to-point description Connected to Boca Raton FL mtu 1500 ip address 192.168.22.5 255.255.255.252 no ip mroute-cache pvc 1/70 protocol ip 192.168.22.6 vbr-nrt 1766 1765 33 vc-hold-queue 200 encapsulation aal5snap no protocol ipx inarp ! ! interface ATM2/0.80 point-to-point description Connection to Charlotte NC Frame (3725) ip address 192.168.33.17 255.255.255.252 ip nat inside no ip virtual-reassembly pvc 1/80 protocol ip 192.168.33.18 vbr-nrt 5300 5299 33 vc-hold-queue 200 encapsulation aal5snap ! ! interface ATM2/0.100 point-to-point description Connection to Charlotte NC ip address 192.168.33.5 255.255.255.252 no ip mroute-cache shutdown pvc 1/100 protocol ip 192.168.33.6 vbr-nrt 1766 1765 33 vc-hold-queue 160 encapsulation aal5snap ! ! interface ATM2/0.110 point-to-point description Connection to Earth City MO mtu 1500 ip address 192.168.49.5 255.255.255.252 no ip mroute-cache pvc 1/110 protocol ip 192.168.49.6 vbr-nrt 1766 1765 33 vc-hold-queue 175 encapsulation aal5snap ! ! interface ATM2/0.121 point-to-point description Connection to Chesterfield MO mtu 1500 ip address 192.168.59.5 255.255.255.252 no ip mroute-cache pvc 1/121 protocol ip 192.168.59.6 vbr-nrt 1766 1765 33 vc-hold-queue 160 encapsulation aal5snap ! ! interface ATM2/0.130 point-to-point description Connection to Cleveland OH ip address 192.168.37.5 255.255.255.252 no ip mroute-cache pvc 1/130 protocol ip 192.168.37.6 vbr-nrt 5300 5299 33 vc-hold-queue 325 encapsulation aal5snap ! ! interface ATM2/0.140 point-to-point description Connection to Phoenix AZ mtu 1500 ip address 192.168.35.5 255.255.255.252 ip nat inside no ip virtual-reassembly no ip mroute-cache pvc 1/140 protocol ip 192.168.35.6 vbr-nrt 1766 1765 33 vc-hold-queue 200 encapsulation aal5snap ! ! interface ATM2/0.150 point-to-point description Connection to Colorado Springs CO mtu 1500 ip address 192.168.29.5 255.255.255.252 no ip mroute-cache pvc 1/150 protocol ip 192.168.29.6 vbr-nrt 1766 1765 33 vc-hold-queue 320 encapsulation aal5snap ! ! interface ATM2/0.160 point-to-point description Connection to Pasadena TX mtu 1500 ip address 192.168.21.5 255.255.255.252 ip nat inside no ip virtual-reassembly no ip mroute-cache pvc 1/160 protocol ip 192.168.21.6 vbr-nrt 1766 1765 33 vc-hold-queue 640 encapsulation aal5snap ! ! interface ATM2/0.170 point-to-point description Connection to Vancouver WA mtu 1500 ip address 192.168.31.5 255.255.255.252 no ip mroute-cache pvc 1/170 protocol ip 192.168.31.6 vbr-nrt 1766 1765 33 vc-hold-queue 160 encapsulation aal5snap ! ! interface ATM2/0.180 point-to-point description Connection to Overland Park KS mtu 1500 ip address 192.168.43.5 255.255.255.252 ip nat inside no ip virtual-reassembly no ip mroute-cache pvc 1/180 protocol ip 192.168.43.6 vbr-nrt 1766 1765 33 vc-hold-queue 175 encapsulation aal5snap ! ! interface ATM2/0.200 point-to-point description Connection to Sudbury MA mtu 1500 ip address 192.168.25.5 255.255.255.252 no ip mroute-cache pvc 1/200 protocol ip 192.168.25.6 vbr-nrt 1766 1765 33 vc-hold-queue 160 encapsulation aal5snap ! ! interface ATM2/0.210 point-to-point description Connection to Vprotocol ip 192.168.13.6 mtu 1500 ip address 192.168.27.5 255.255.255.252 no ip mroute-cache pvc 1/210 protocol ip 192.168.27.6 vbr-nrt 1766 1765 33 vc-hold-queue 300 encapsulation aal5snap ! ! interface ATM2/0.220 point-to-point description Connection to Marlton NJ mtu 1500 ip address 192.168.13.5 255.255.255.252 ip nat inside no ip virtual-reassembly no ip mroute-cache pvc 1/220 protocol ip 192.168.13.6 vbr-nrt 1766 1765 33 vc-hold-queue 275 encapsulation aal5snap ! ! interface ATM2/0.230 point-to-point description Connection to Fairfax VA mtu 1500 ip address 192.168.10.5 255.255.255.252 ip nat inside no ip virtual-reassembly no ip mroute-cache pvc 1/230 protocol ip 192.168.10.6 vbr-nrt 1766 1765 33 vc-hold-queue 675 encapsulation aal5snap ! ! interface ATM2/0.240 point-to-point description Connection to Atlanta GA mtu 1500 ip address 192.168.19.5 255.255.255.252 ip nat inside no ip virtual-reassembly no ip mroute-cache pvc 1/240 protocol ip 192.168.19.6 vbr-nrt 1766 1765 33 vc-hold-queue 325 encapsulation aal5snap ! ! interface ATM2/0.250 point-to-point description Connection to Rochester NY mtu 1500 ip address 192.168.14.5 255.255.255.252 no ip mroute-cache pvc 1/250 protocol ip 192.168.14.6 vbr-nrt 1766 1765 33 vc-hold-queue 225 encapsulation aal5snap ! ! interface ATM2/0.260 point-to-point description Connection to Commack NY mtu 1500 ip address 192.168.62.5 255.255.255.252 no ip mroute-cache pvc 1/260 protocol ip 192.168.62.6 vbr-nrt 1766 1765 33 vc-hold-queue 350 encapsulation aal5snap ! ! interface ATM2/0.270 point-to-point description Connection to King of Prussia PA mtu 1500 ip address 192.168.47.5 255.255.255.252 ip nat inside no ip virtual-reassembly no ip mroute-cache pvc 1/270 protocol ip 192.168.47.6 vbr-nrt 1766 1765 33 vc-hold-queue 400 encapsulation aal5snap ! ! interface ATM2/0.280 point-to-point description Connection to Portland ME mtu 1500 ip address 192.168.30.5 255.255.255.252 ip nat inside no ip virtual-reassembly no ip mroute-cache pvc 1/280 protocol ip 192.168.30.6 vbr-nrt 1766 1765 33 vc-hold-queue 160 encapsulation aal5snap ! ! interface ATM2/0.290 point-to-point description Connection to Gaithersburg MD mtu 1500 ip address 192.168.11.5 255.255.255.252 no ip mroute-cache pvc 1/290 protocol ip 192.168.11.6 vbr-nrt 1766 1765 33 vc-hold-queue 640 encapsulation aal5snap ! ! interface ATM2/0.300 point-to-point description Connection to Scottdale AZ (Pima) mtu 1500 ip address 192.168.56.5 255.255.255.252 no ip mroute-cache pvc 1/300 protocol ip 192.168.56.6 vbr-nrt 1766 1765 33 vc-hold-queue 160 encapsulation aal5snap ! ! interface ATM2/0.310 point-to-point ! interface ATM2/0.360 point-to-point description Connection to Edina MN mtu 1500 ip address 192.168.55.5 255.255.255.252 no ip mroute-cache pvc 1/360 protocol ip 192.168.55.6 vbr-nrt 1766 1765 33 vc-hold-queue 175 encapsulation aal5snap ! ! interface ATM2/0.370 point-to-point ! interface ATM2/0.600 point-to-point description Connected to Arlington Heights ip address 192.168.6.1 255.255.255.252 no ip mroute-cache pvc 1/600 protocol ip 192.168.6.2 vbr-nrt 20000 19500 33 vc-hold-queue 200 encapsulation aal5snap no protocol ipx inarp ! ! interface GigabitEthernet3/0 description Link LOGSNBSWCH01 ip address 10.1.3.3 255.255.255.0 secondary ip address 10.1.1.6 255.255.255.0 ip helper-address 10.1.1.110 ip helper-address 10.1.1.111 no ip redirects no ip unreachables no ip proxy-arp ip nat outside no ip virtual-reassembly no ip mroute-cache load-interval 30 no negotiation auto ipx network FE1002 encapsulation SAP ipx type-20-propagation ! router ospf 2 log-adjacency-changes redistribute static subnets redistribute bgp 65001 subnets network 10.1.1.6 0.0.0.0 area 0 network 10.1.3.0 0.0.0.255 area 0 network 10.132.0.29 0.0.0.0 area 0 network 10.132.200.0 0.0.0.255 area 76 network 10.240.0.1 0.0.0.0 area 0 network 172.17.1.34 0.0.0.0 area 61 network 172.17.100.0 0.0.0.255 area 0 network 192.168.6.1 0.0.0.0 area 0 network 192.168.10.5 0.0.0.0 area 0 network 192.168.11.5 0.0.0.0 area 0 network 192.168.13.5 0.0.0.0 area 0 network 192.168.14.5 0.0.0.0 area 0 network 192.168.15.5 0.0.0.0 area 0 network 192.168.18.5 0.0.0.0 area 0 network 192.168.19.5 0.0.0.0 area 0 network 192.168.20.5 0.0.0.0 area 0 network 192.168.21.5 0.0.0.0 area 0 network 192.168.22.5 0.0.0.0 area 0 network 192.168.25.5 0.0.0.0 area 0 network 192.168.26.5 0.0.0.0 area 0 network 192.168.27.5 0.0.0.0 area 0 network 192.168.29.5 0.0.0.0 area 0 network 192.168.30.5 0.0.0.0 area 0 network 192.168.31.5 0.0.0.0 area 0 network 192.168.33.17 0.0.0.0 area 0 network 192.168.35.5 0.0.0.0 area 0 network 192.168.37.5 0.0.0.0 area 0 network 192.168.39.5 0.0.0.0 area 0 network 192.168.41.5 0.0.0.0 area 0 network 192.168.43.5 0.0.0.0 area 0 network 192.168.45.5 0.0.0.0 area 0 network 192.168.47.5 0.0.0.0 area 0 network 192.168.49.5 0.0.0.0 area 0 network 192.168.51.5 0.0.0.0 area 0 network 192.168.53.5 0.0.0.0 area 0 network 192.168.55.5 0.0.0.0 area 0 network 192.168.56.5 0.0.0.0 area 0 network 192.168.57.5 0.0.0.0 area 0 network 192.168.59.5 0.0.0.0 area 0 network 192.168.62.5 0.0.0.0 area 0 default-information originate ! router bgp 65001 no synchronization bgp log-neighbor-changes network 10.1.1.0 mask 255.255.255.0 network 10.1.3.0 mask 255.255.255.0 network 10.100.2.0 mask 255.255.255.0 neighbor 10.1.1.3 remote-as 65000 neighbor 10.1.1.3 soft-reconfiguration inbound no auto-summary ! ip classless ip route 0.0.0.0 0.0.0.0 10.250.1.1 ip route 10.1.9.0 255.255.255.0 10.1.1.1 ip route 10.132.0.0 255.255.255.0 Null0 240 ip route 10.199.89.0 255.255.255.0 10.1.1.3 ip route 10.250.2.0 255.255.255.0 10.250.1.9 ip route 12.110.153.81 255.255.255.255 10.1.1.1 ip route 12.110.253.51 255.255.255.255 172.17.100.102 ip route 12.110.253.52 255.255.255.255 172.17.100.102 ip route 12.110.253.81 255.255.255.255 10.1.1.1 ip route 65.90.77.1 255.255.255.255 10.250.1.1 ip route 172.17.101.80 255.255.255.255 172.17.100.102 ip route 192.168.2.0 255.255.255.0 10.250.1.1 ip route 192.168.2.11 255.255.255.255 10.250.1.1 ip route 192.168.3.0 255.255.255.0 10.250.1.1 ip route 192.168.4.0 255.255.255.0 10.250.1.1 ip route 192.168.5.0 255.255.255.0 10.250.1.1 ip route 192.168.11.32 255.255.255.248 172.17.100.102 ip route 192.168.167.0 255.255.255.0 172.17.100.102 ip route 192.168.241.0 255.255.255.0 172.17.100.102 ip route 208.145.195.0 255.255.255.0 10.1.1.3 ! ! no ip http server no ip http secure-server ip nat pool fando 10.1.1.40 10.1.1.40 netmask 255.255.255.0 ip nat inside source list 2 pool fando overload ! access-list 2 deny 10.1.7.6 access-list 2 deny 10.1.7.3 access-list 2 deny 10.10.2.18 access-list 2 permit 10.33.2.59 access-list 2 deny 10.1.7.26 access-list 2 deny 10.35.2.60 access-list 2 permit 10.47.2.63 access-list 2 deny 10.43.2.57 access-list 2 deny 10.51.2.18 access-list 2 permit 10.45.2.15 access-list 2 permit 10.41.2.15 access-list 2 permit 10.19.2.52 access-list 2 permit 10.51.2.20 access-list 2 permit 10.13.2.61 access-list 2 permit 10.13.2.73 access-list 2 deny 10.13.2.74 access-list 2 deny 10.21.2.68 access-list 2 deny 10.1.7.105 access-list 2 deny 10.41.2.72 access-list 2 deny 10.19.2.96 access-list 2 permit 10.10.2.161 access-list 2 permit 10.33.2.250 access-list 2 permit 10.33.2.252 access-list 99 permit 10.30.2.22 access-list 101 permit ip 10.51.2.0 0.0.0.255 199.89.182.0 0.0.0.255 log access-list 101 permit ip 10.13.2.0 0.0.0.255 199.89.182.0 0.0.0.255 log access-list 101 permit ip host 10.13.2.12 any log access-list 101 permit ip any host 10.13.2.12 log access-list 101 permit ip any 10.13.2.0 0.0.0.255 log access-list 101 permit ip 10.13.2.0 0.0.0.255 any log access-list 101 permit ip any 10.47.2.0 0.0.0.255 log access-list 101 permit ip 10.47.2.0 0.0.0.255 any log access-list 101 permit ip any any access-list 102 permit ip any any log access-list 103 permit udp any any log access-list 103 permit tcp any any log access-list 103 permit icmp any any log access-list 103 deny ip any any log access-list 111 permit ip any host 199.89.182.23 access-list 111 permit ip any any access-list 112 permit ip any any access-list 198 permit ip host 199.89.182.23 any access-list 198 permit ip any any access-list 199 permit ip host 10.1.1.40 host 199.89.182.23 access-list 199 permit ip any any snmp-server community RO snmp-server community RW no cdp run ! ! ! ! ipx router eigrp 1 log-neighbor-changes ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! SHOW CRYPTO NOTIFICATIONS (if any) No messages to report. SHOW INTERFACE ATM NOTIFICATIONS (if any) Interface ATM2/0 (up/up) WARNING: The counters are older than 1 hour and may not accurately reflect the current status of this interface. The information presented here assumes counters are less than 1 hour old. The last clearing was 2 days 16 hours ago. TRY THIS: Reset the counters using the 'clear counters' command. Wait 5 minutes and resubmit to Output Interpreter. ERROR: There have been 1 CRC errors reported on this interface. CRC errors can be caused by corrupted or dropped cells. These errors could also indicate excessive noise on the line or faulty hardware. TRY THIS: 1. Use 'show controller atm' and check for physical level errors. 2. Monitor the CRC errors over time, is the interface new? 3. Check (with the carrier) if there is congestion in the switch cloud. Also, check traffic shaping parameters with your provider, does the provider see cell drops on its switches? 4. Consider carrying out local and line loopback tests on the interface. See: Understanding Loopback Modes on Cisco Routers 5. Consider using the 'debug atm errors' command. WARNING: There have been 667995 output queue drops reported on this interface. Output drops can occur for traditional reasons such as due to the amount of traffic or the method in which the router is switching packets from the ingress (incoming interface) to the egress (exiting interface). On ATM interfaces, drops can also occur due to traffic shaping on a virtual circuit. TRY THIS: 1. Determine if you are exceeding the PCR (peak cell rate) and SCR (sustained cell rate) values of any PVCs, look for the 'OutPktDrops' counter in the output of the 'show atm pvc {vpi}/{vci}' command. This command is only available, per VC, on the PA-A3 and on Cisco 2600 and 3600 routers (DS3, E3,OC3 and IMA interfaces). 2. Minimize periodic broadcast traffic like routing and Service Advertising Protocol (SAP) updates (if applicable) by using access lists or by other means. 3. If your IOS version supports per-vc-queueing, use the following commands to check for per-vc output drops: 'show queueing interface atm x/y' and 'show policy-map interface' (if CBWFQ is configured). 4. Reduce the traffic sent over the overloaded PVCs. 5. Increase the traffic parameters (increase the PVC bandwidth) on the affected PVCs. 6. Use intelligent queueing mechanisms such as CBWFQ to make sure important traffic is not impacted by an overloaded PVC. 7. If intelligent queueing mechanisms are already used, tune their parameters to reduce the impact of the drops. 8. Submit the output from 'show buffers' to Output Interpreter to determine if buffers need to be tuned. REFERENCE: For more information see: IP to ATM Class of Service Troubleshooting Input Drops Troubleshooting Output Drops on ATM Router Interfaces Interface ATM2/0.10 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.51.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.20 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.45.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.30 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.39.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.40 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.41.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.50 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.53.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.60 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.20.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.70 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.22.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.80 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.33.17/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.100 (administratively down/down) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.33.5/30' INFO: This subinterface is 'adminstratively down'. TRY THIS: Enable the subinterface using the 'no shutdown' subinterface command. Interface ATM2/0.110 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.49.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.121 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.59.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.130 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.37.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.140 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.35.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.150 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.29.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.160 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.21.5/30' No significant problems were found. Interface ATM2/0.170 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.31.5/30' WARNING: There have been 1 CRC errors reported for this sub-interface. This typically indicates that one or more cells have been discarded in the provider's ATM network. TRY THIS: Confirm that traffic shaping is being applied at the source. Repeat this show command to see whether CRC errors are increasing. Dropped cells could simply indicate sustained congestion in the ATM network. REFERENCE: For more information on CRC toubleshooting for ATM Interfaces, see CRC Troubleshooting Guide for ATM Interfaces INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.180 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.43.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.200 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.25.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.210 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.27.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.220 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.13.5/30' No significant problems were found. Interface ATM2/0.230 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.10.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.240 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.19.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.250 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.14.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.260 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.62.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.270 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.47.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.280 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.30.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.290 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.11.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.300 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.56.5/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.310 (up/up) INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.360 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.55.5/30' No significant problems were found. Interface ATM2/0.370 (up/up) INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management Interface ATM2/0.600 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.6.1/30' INFO: No OAM (Operation, Administration, and Maintenance) cells have been sent or received on this subinterface. This feature detects when a PVC is down so that traffic will not be routed over a down PVC. REFERENCE: For more information, see Using OAM for PVC Management REFERENCE: Command Reference - 'show interface atm' SHOW CALL HISTORY VOICE NOTIFICATIONS (if any) INFO: There are no call-legs to report. INFO: The maximum number of calls contained in the table can be set to a number between 0 and 500 using the 'dial-control-mib' command in global configuration mode. The default maximum number of table entries is 50. A value of 0 will prevent any history from being retained. Each call record is aged out of the table after a configurable number of minutes has elapsed, also specified by the 'dial-control-mib' command. This default timer value is 15 minutes. REFERENCE: For more information on Voice, see: VC: Configuring Dial Plans, Dial Peers, and Digit Manipulation Troubleshooting One Way Voice Issues Understanding and Troubleshooting Analog E & M Interface Types and Wiring Arrangements Voice over IP - Per Call Bandwidth Consumption Cisco IOS Voice Troubleshooting and Monitoring Voice-Related Commands - show call history voice SHOW DIAG NOTIFICATIONS (if any) REFERENCE: For additional information on VIP Field Notices, visit: Cisco Versatile Interface Processors Field Notices. INFO: For basic information about the hardware installed in the slots of your device, e-mail the output of show diag to diag@external.cisco.com. You will receive a reply through email. Please visit the Cisco Fusion for information on how to select a Cisco IOS version that supports your hardware. The Cisco Fusion also provides additional manufacturer-related information about the hardware installed on several Cisco products. SHOW INTERFACE FAST/GIGABIT/ETHERNET NOTIFICATIONS (if any) Interface GigabitEthernet0/0 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 10.250.1.3/24' WARNING: This interface's counters have not been cleared for 2 days 16 hours and may not accurately reflect the current status of this interface. TRY THIS: Reset the counters using the 'clear counters' command and wait a few minutes to resubmit the output to Output Interpreter. INFO: The interface should be cleared at least 24hours before performing an analysis. Interface GigabitEthernet0/1 (administratively down/down) INFO: Interface GigabitEthernet0/1 is administratively disabled. Therefore no traffic is passing and statistics may be misleading. TRY THIS: Issue a 'no shutdown' on this interface to enable it. REFERENCE: For more information, see Troubleshooting Ethernet. Interface GigabitEthernet1/0 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 10.240.0.1/30' WARNING: This interface's counters have not been cleared for 2 days 16 hours and may not accurately reflect the current status of this interface. TRY THIS: Reset the counters using the 'clear counters' command and wait a few minutes to resubmit the output to Output Interpreter. INFO: The interface should be cleared at least 24hours before performing an analysis. Interface GigabitEthernet3/0 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 10.1.1.6/24' WARNING: This interface's counters have not been cleared for 2 days 16 hours and may not accurately reflect the current status of this interface. TRY THIS: Reset the counters using the 'clear counters' command and wait a few minutes to resubmit the output to Output Interpreter. INFO: The interface should be cleared at least 24hours before performing an analysis. REFERENCE: Command Reference - 'show interface gigabitethernet' SHOW INTERFACE SERIAL NOTIFICATIONS (if any) Interface Serial0/3/0 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 172.17.100.101/30' WARNING: The counters for this interface have not been cleared for 2 days 16 hours. TRY THIS: Use the 'clear counters Serial0/3/0' command to ensure current information is being displayed. This will assist when troubleshooting serial interface issues. REFERENCE: For more information on Serial Lines, see: Troubleshooting Serial Line Problems Configuring Serial Interfaces Troubleshooting Serial Lines Loopback Tests for T1/56K Lines REFERENCE: For more information on PPP, see: Dialup Technology Troubleshooting Techniques Point to Point Protocol Configuring and Troubleshooting PAP REFERENCE: Command Reference - 'show interface serial' SHOW MEMORY NOTIFICATIONS (if any) INFO: Processor memory utilization is 6.44517%. INFO: Processor memory or main memory stores the running configuration and routing tables. The Cisco IOS software executes from main memory. INFO: The amount of processor memory required by the router is affected by the Cisco IOS version used, the size of the network and by the access list configurations. Ensure that an optimal IOS version has been chosen. INFO: The smallest amount of free processor memory since the last boot is 114709328 byte(s). INFO: The largest amount of processor memory available is 527216872 byte(s). INFO: For detailed memory analysis with respect to specific processes, consider pasting "show processes memory" output to Output Interpreter. REFERENCE: For more information see Troubleshooting Memory Problems ROUTER CONSOLE MESSAGE NOTIFICATIONS (if any) INFO: The system has been manually rebooted using "reload" command. This is not a system crash. REFERENCE: For more information, see: Troubleshooting Router Crashes Less Common Types of System Crashes STACK DECODE NOTIFICATIONS (if any) There are no software or hardware bugs to report. SHOW IP NAT NOTIFICATIONS (if any) REFERENCE: For information on known bugs see Bug Toolkit. REFERENCE: For more information on troubleshooting NAT issues see NAT Pools and Subnet Zero. How NAT Handles ICMP Fragments. Verifying NAT Operation and Basic NAT Troubleshooting.