Results listed by "show" commands The following hyperlinks are headings for the supported commands that you submitted. Each hyperlink takes you to the relevant section within the analysis results. SHOW TECH-SUPPORT Analysis SHOW RUNNING-CONFIG SECURITY Analysis SHOW RUNNING-CONFIG - NAT Analysis SHOW INTERFACE FAST/GIGABIT/ETHERNET Analysis SHOW INTERFACE SERIAL Analysis ROUTER CONSOLE MESSAGE Analysis STACK DECODE Analysis -------------------------------------------------------------------------------- Back to topSHOW TECH-SUPPORT NOTIFICATIONS (if any) Jump to Section: BUFFER ANALYSIS CPU UTILIZATION ANALYSIS VERSION ANALYSIS MEMORY ANALYSIS PROCESS INFORMATION ------------------- SHOW RUNNING-CONFIG ------------------- NOTE: This tool uses the output from 'show running-config' to correlate values against other show commands. It is not meant to be a configuration assistant. --------------- BUFFER ANALYSIS --------------- WARNING: This router has dropped 7 packet(s) (0.00787%) due to a shortage of 'Middle buffers'. WARNING: This router has dropped 126 packet(s) (0.08023%) due to a shortage of 'Big buffers'. ERROR: This router has dropped 1 packet(s) (33.33333%) due to a shortage of 'Huge buffers'. Note: The term 'Failures' in the output tracks the number of packets that were dropped due to unsuccessful attempts to allocate a buffer. This can occur in spite of (or even because of) the router's attempts to create additional free buffers when their number declines below minimum. The following Interface(s) have dropped packets because of this condition: Serial0 TRY THIS: Use the 'show memory' command to check the amount of available memory before you attempt to modify public pool buffers. Increase the minimum number of free buffers for the affected pool. The following are the initial values that usually work well in buffer tuning: - permanent: take the number of total buffers in a pool, and add about 20%. - minimum: set min-free to about 20-30% of permanent. - maximum: set max-free to something equal to, or greater than the sum of permanent and minimum. Use these commands and buffer setting as a general starting point to tune the Huge buffers. buffers {buffer_name} permanent {new_size} buffers {buffer_name} min-free {new_size} buffers {buffer_name} max-free {new_size} NOTE: This condition may also occur due to a temporary traffic burst. CAUTION: Care, expertise, and follow-up monitoring are necessary when you adjust system buffers. Incorrect adjustments can severely affect hardware and network performance. If you are uncertain about how to proceed, you may wish to contact the Cisco TAC for further assistance. REFERENCE: For more information, see Buffer Tuning INFO: The buffer counters can be cleared only by reloading the router. INFO: Interfaces use the 'interface buffer' pools for input and output (I/O). When there are no more buffers in the interface buffer free list, the router goes to the public buffer pools as a fallback. Performance is not affected in case of a fallback. Interface buffers should not be tuned. Back to contents ------------------------ CPU UTILIZATION ANALYSIS ------------------------ INFO: Total CPU Utilization is comprised of process and interrupt percentages. Total CPU Utilization: 99% Process Utilization: 92% Interrupt Utilization: 7% These values are found on the first line of the output: CPU utilization for five seconds: x%/y%; one minute: a%; five minutes: b% Total CPU Utilization: x% Process Utilization: (x - y)% Interrupt Utilization: y% Process Utilization is the difference between the Total and Interrupt; x minus y. The one and five minute utilizations are exponentially decayed averages (rather than an arithmetic average), therefore recent values have more influence on the calculated average. ERROR: Total CPU Utilization is at 99% for the past 5 seconds, which is very high (>90%). This can cause the following symptoms: - Input queue drops - Slow performance - Slow response in Telnet or unable to Telnet to the router - Slow response on the console - Slow or no response to ping - Router doesn't send routing updates The following processes are causing excessive CPU usage: PID CPU Time Process 20 98.85 IP Input TRY THIS: If IP Input is consuming the CPU, one of the following might be the cause: - Traffic that can't be fast switched is arriving. This could be any of the following types of traffic: * Packet for which there is no entry yet in the switching cache. INFO: If there is a device in the network which is generating lots of packets at an extremely high rate for devices reachable through the router and is using different source or destination ip addresses, there won't be a match for these packets in the switching cache, so they will be processed by the IP Input process. This source device can be a malfunctioning device or a device attempting a Denial-of-Service (DOS) attack. * Packets destined for the router (ie. Routing Updates or a Spoof Attack) * IP packets with options * Compressed traffic. If there's no Compression Service Adapter (CSA) in the router, compressed packets must be process-switched. * Encrypted traffic. If there's no Encryption Service Adapter (ESA) in the router, encrypted packets must be process-switched. - A lot of packets, arriving at an extremely high rate, for a destination in a directly attached subnet, for which there is no entry in the ARP table. This shouldn't happen with TCP traffic, because of the windowing mechanism, but it can happen with UDP traffic. - A lot of multicast traffic going through the router. Unfortunately, there's no easy way to examine the amount of multicast traffic. The 'show interfaces' output reflects the amount of multicast traffic received and does not include the amount sent. Enable fast switching of multicast packets using the 'ip mroute-cache' interface configuration command (fast switching of multicast packets is off by default). - IP NAT is configured on the router and there are lots of DNS packets going through the router. UDP or TCP packets with source and/or destination port 53 (DNS) are always redirected to process level by NAT. - Check who's logged on to the router and what they are doing. If someone is logged on and is issuing commands that produce long output, the high CPU utilization by the IP input process will be followed by a much higher CPU utilization by the virtual EXEC process. Be sure that debugs are off by issuing the 'show debug' command. REFERENCE: For troubleshooting information, please visit Troubleshooting High CPU Utilization on Cisco Routers Back to contents ---------------- VERSION ANALYSIS ---------------- Jump to Section: CONGIGURATION REGISTER ANALYSIS INFO: The loaded IOS image is supported on the Unknown platform. INFO: For a list and information about the features supported by the loaded image, click on Software Advisor-IOS Image Name and press 'Next' button of 'Enter Image Name' section. INFO: For a list of MIBs that are supported by the loaded image, please see: SNMP Object Navigator. INFO: This device has 47612 K available for main memory INFO: This device has a total of 46.4960938 MB of RAM installed. INFO: The loaded IOS image is running from RAM INFO: For recent bug reports on IOS version 12.0(7)T3 see: Bug NavigatorII ------------------------------- CONGIGURATION REGISTER ANALYSIS ------------------------------- Current Value (in hexadecimal): 0x2102 Current Value (in binary): 0010 0001 0000 0010 Default Value (in hexadecimal): 0x2102 Default Value (in binary): 0010 0001 0000 0010 General Software Configuration Register Bit Meanings (left to right): Bit(s) Meaning: Current Status ----- ------------------------------------------- -------------- 15 Enables diagnostic messages and ignores NVRAM contents: No 14 IP broadcasts do not have net numbers: No 13 Boots default ROM software if network boot fails: Yes (default) • Setting this bit causes the system to load the helper image from ROM without any network retries. Clearing this bit causes the system to load image from ROM after six unsuccessful attempts to load a boot file from the network. 11-12 Console Baud Rate in bps: 9600 (default) 10 IP broadcast with all zeros : No • This causes the following setting based on bits 14 and 10 Net all ones, Host all ones (default) 9 Reserved 8 Break disabled: Yes (default) • Clearing this bit causes the processor to interpret Break as a command to force the system into the bootstrap monitor, halting normal operation. A Break can be sent in the first sixty seconds while the system reboots, regardless of the configuration settings. 7 Original Equipment Manufacturer(OEM) bit enabled: No • Enabling the OEM bit disables the boot strap messages at start up. 6 Ignore NVRAM contents: No (default) • Setting this bit causes the system software to ignore nonvolatile memory contents during next bootup 5 Not used 4 Reserved 3-0 Current boot field value is 0010 (default) • This causes the system to boot the image from default boot filename "cisco2-C805" if boot from flash fails. Note: Enabling the boot system command override the default filename for booting over the network from a TFTP server. More notes for C805 devices: • IOS reads the config-register in littleendian byte order, LSB first (i.e. 0x21022 becomes 0x1022 or a 1200 baud console). • Command to change config-reg in ROM mode: confreg {register value} REFERENCE: For more information, see Configuration Register INFO: On power-up or reload, this router will load the IOS image stored in flash-RAM (assuming one exists). If no valid IOS image or flash-RAM exists, this router will attempt to boot in order of following methods: - boot system commands - a TFTP-server (using a default IOS image filename) - boot-ROM (reduced IOS image, if one is available) INFO: On power-up or reload, this router will load it's configuration from a file stored in Non-Volatile RAM (NVRAM). Back to contents REFERENCE: For further information about Cisco IOS Software Releases, see: How to Choose a Cisco IOS Software Release REFERENCE: For further information about Troubleshooting Router Crashes, see Troubleshooting Router Crashes REFERENCE: See Technical Support for Router-specific issues. REFERENCE: For further information about this command see: Show Version --------------- MEMORY ANALYSIS --------------- No Memory Problems Were Found. Back to contents ------------------- PROCESS INFORMATION ------------------- No misbehaving processes were found to report on. -------------------------------------------------------------------------------- Back to topSHOW RUNNING-CONFIG SECURITY NOTIFICATIONS (if any) This process will suggest enhancements to an IP network's first line of defense, the router. Please note the following: 1. This is NOT a substitute for an overall network security policy. Responsible network security management requires careful research, planning, as well as continued vigilance. It is important to develop, document, and maintain standards for appropriate network access and utilization. 2. While a guide to your first steps in securing the TCP/IP operations within a Cisco router running IOS, this process is NO substitute for expertise in IP network security and exploit reduction. It is crucial for network support personnel to cultivate and maintain a base of knowledge in these areas. 3. DO NOT deploy any proposed configuration changes without thorough testing in a non-critical environment. You will want to research any commands with which you are not very familiar. Cisco's web-site has many outstanding resources, documents, templates, and links for further information, to assist you in this effort. Also, the Cisco Technical Assistance Center (TAC) is always available. Product Security Incident Response Team(PSIRT) advisories. PASSWORD MANAGEMENT: WARNING: This router's passwords are not as secure as they can be. TRY THIS: To improve password security, you may wish to introduce the following configuration command(s): * 'service password-encryption' INFO: This service directs IOS to encrypt passwords, CHAP secrets and similar data. The encryption method is NOT strong and can be reversed by any competent amateur cryptographer in a few hours. * 'aaa new-model' 'aaa authentication login' INFO: These commands establish a more sophisticated authentication model for logins and privileged sessions. In conjunction with a security server (TACACS+ or RADIUS), login passwords may be secured and tracked much more thoroughly than before. Even without a security server, these commands improve the information available from the system logs by associating each login and privileged session with a specific username/password combination. NOTE: Create AT LEAST ONE local user account on the router before adding these commands to the configuration. * 'username ... password ...' INFO: This command creates user accounts local to the router. While these local accounts are no more secure then the standard vty 'password', they improve the quality of information stored in log files by associating each login with a specific user. These accounts can also serve as backup authentication if primary authentication from a security server (TACACS+ or RADIUS) becomes unavailable. NOTE: It is always important to secure all copies of the router configuration file from unauthorized individuals. SECURING INTERACTIVE SESSIONS: WARNING: Interactive sessions initiated to and from this router are not as secure as they can be. TRY THIS: Consider introducing the following configuration command(s): * 'service tcp-keepalives-in' INFO: This command enables TCP keepalives on incoming connections to the router, thus preventing 'orphaned' sessions created by sudden disconnects such as a modem failure or a remote system crash. * 'service tcp-keepalives-out' INFO: This command enables TCP keepalives on outgoing connections from the router. While not unbreakable, this feature makes more difficult the practice of using a false host to assume an active session initiated from the router. * 'banner login' INFO: In some jurisdictions, civil and/or criminal prosecution of unauthorized users is much easier when you provide a banner warning them that their access is unauthorized. Legal notification requirements are complex and these should be discussed with your own legal counsel. Once the appropriate login warning has been developed for your router, you may incorporate it into your unit for display before all interactive logins with the 'banner login' configuration command. ROUTE/PATH INTEGRITY: WARNING: This router will accept packets with the IP source-routing option. These packets have the ability to control not only their own route toward destination but any replies as well. Some older IP implementations are vulnerable to these packets and their associated systems may crash while trying to process. TRY THIS: You can direct the router to drop any packet with the source-routing option using the 'no ip source-route' configuration command. WARNING: This router does not show any filter against ICMP redirects. INFO: An ICMP redirect is a message to a host to use a specific router as its path to a particular destination. In a properly functioning network, these messages will be sent within a local segment only. If this rule is violated, however, ICMP redirects can become the basis of attack. TRY THIS: Consider the introduction of or addition to an access-list applied to externally facing interfaces to prevent these messages from crossing network segments. Use the 'access-list 100 deny icmp any any redirect' configuration command. REFERENCE: See Extended Access List Examples for more information. WARNING: This router does not show protection against commonly 'spoofed' IP addresses. INFO: Spoofing is the practice of falsifying the source-address of an IP packet so as to disguise it's origin and/or intent. TRY THIS: Consider the introduction of OR addition to an IP access-list applied to incoming packets on all active interfaces. The LAN interface should block all IP source-addresses not specifically permitted to exist on that network segment. The WAN interface should block any traffic attempting to represent itself as from the WAN interface itself, the internal LAN segment, a private network (impossible from the Internet), a loopback address (not permitted on the Internet), or from multicast/experimental address-space (invalid under most circumstances). INFO: Private network addresses are within these ranges: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 INFO: Loopback and multicast addresses exist within these ranges: 127.0.0.0 - 127.255.255.255 224.0.0.0 - 255.255.255.255 NOTE: Research the anti-spoofing requirements of your own network before applying this protection. SERVICE-EXPLOIT REDUCTION: WARNING: One or more services are running that can be exploited. TRY THIS: To reduce possible service-based exploits that may be attempted against this router, consider disabling these services using the following configuration command(s): * 'no service finger' * 'no ip bootp server' * 'no ip domain-lookup' These services are rarely used for legitimate purposes and can be co-opted to launch a denial-of-service as well as other types of attacks. WARNING: NTP (Network Time Protocol) has not been secured. INFO: While not particularly dangerous, can be used to subvert certain security protocols (those that use a time-base) and foul the time-stamps on the router's log messages. TRY THIS: To disable NTP on a per interface basis, use the 'ntp disable' interface configuration command. To use NTP more securely, consider the following configuration command(s): * 'ntp server' * 'ntp authenticate' WARNING: CDP (Cisco Discovery Protocol) is currently running on this router. INFO: While CDP can be used to provide some network management functions, the information it offers to each directly connected segment can be used to design attacks against your network. TRY THIS: You can disable CDP using the 'no cdp run' configuration command. To continue running CDP, consider adding the 'no cdp enable' interface command to any/every EXTERNAL interface. WARNING: Proxy ARP may be enabled on the following interfaces: Ethernet0 INFO: The Cisco IOS software uses proxy ARP (as defined in RFC 1027) to help hosts with no knowledge of routing determine the media addresses of hosts on other networks or subnets. Proxy ARP can lead to increased ARP traffic on a segment, increased ARP table size in hosts, and can prove vulnerable to 'spoofing' attacks, where a machine can claim to be another in order to intercept packets. TRY THIS: Check whether Proxy ARP is enabled using the 'show ip interface' command. You can disable proxy ARP using the 'no ip proxy-arp' configuration command. TRAFFIC-FLOOD MANAGEMENT: INFO: Many denial-of-service (DOS) attacks are based on sending a flood of useless packets to vulnerable units. WARNING: This router may not respond well in the face of a flood-based attack. TRY THIS: To improve this router's response, consider introducing the following configuration command(s): * 'scheduler allocate' INFO: This command guarantees that the router's CPU will respond to interactive sessions regardless of heavy traffic loads. Ethernet0 * 'no ip unreachables' * 'no ip redirects' Serial0 * 'no ip unreachables' * 'no ip redirects' INFO: These commands will disable the replies utilized by the more common DoS-attacks at the interface-level. While these do not specifically protect this router/network from attack, they do much to prevent it being used as an unwitting 'reflector' of attacks directed towards others. * 'ip verify unicast reverse-path' INFO: This interface command examines each packet received as input on that interface. If the source IP address does not have a route in the CEF tables that points back to the same interface on which the packet arrived, the router drops the packet. The feature should be applied to internet facing interfaces and CEF (Cisco Express Forwarding) should be enabled on the router. REFERENCE: Configuring Unicast Reverse Path Forwarding INFO: If this router is a 2600 series or higher (this includes Catalyst 5000 series units configured with an RSM), you may wish to investigate the TCP Intercept feature introduced in IOS Version 11.2. This is a powerful feature designed to protect selected hosts from SYN-flood attacks common to the Internet. There is some cost, however, with regard to the router's performance. REFERENCE: For more information, see Cisco IOS TCP Intercept and TCP Intercept. INFO: You may consider enabling the 'committed access rate' (CAR) feature to limit the bandwidth consumed by certain traffic types such as ICMP, TCP 'SYN', UDP and multicast packets. These should be applied to internet facing interfaces using the 'rate-limit' interface configuration command and an appropriate access-list. This can be helpful in limiting the effect of denial of service attacks. CAR is a functionality that works with Cisco Express Forwarding, found in 11.1CC and releases from 12.0. REFERENCE: For more information, see Configuring Committed Access Rate LOGGING: WARNING: This router is not taking full advantage of its logging capabilities. INFO: The router is capable of logging accesses and other significant events using a variety of methods. These logs, when detailed over a significant interval, are invaluable in identifying/responding to attacks and other abuses. TRY THIS: To take advantage of these logging activities consider introducing the following configuration command(s): * 'logging buffered (buffer size)' INFO: This command changes the default size of the router's internal logging buffer. Most low-end routers can afford a buffer size of 16384 (4 times the default of 4096). For high-end routers with a large amount of memory, a buffer size of 262144 may be appropriate. * 'logging (IP address of syslog server)' * 'logging trap' INFO: These commands set up communication between the router's logging process and a syslog server. A syslog server is an inexpensive and widely available application/agent that stores log entries from network devices. This facility allows you permanent storage for logging information, which is especially valuable when physical access to the router is impractical. A syslog server also affords greater detail within the logs themselves (less reliance on the router's logging buffer). The level of 'urgency' (detail) of the syslog server-stored logs is set via the 'logging trap' command. There is minimal performance impact to the router, regardless of the level of logging detail. Like any component of a network-management system, the syslog server application should be run only from a secured, trusted host. * 'no logging console' INFO: This command disables all logging to the console terminal. Excessive debugs to the console port of a router can cause it to hang. This is because the router automatically prioritizes console output ahead of other router functions. Hence, if the router is processing a large debug output to the console port, it may hang. Hence, if the debug output is excessive, use the vty (telnet) ports or the log buffers to obtain your debugs. REFERENCE: Important Information on Debug Commands * 'aaa accounting' INFO: The best, most detailed logging is done in conjunction with a TACACS+ or RADIUS server. While this option would require some setup, configuration, and ongoing support, the benefits to your overall network security are considerable and extend well beyond logging functions. * 'exception dump' INFO: When a router crashes, a copy of the core memory is kept. Before the memory is erased on reboot, the router can be set up to copy the core dump out to a UNIX server. These dumps can be extremely useful in identifying the cause of a crash. An account (ftp, tftp, or rcp) and sufficient disk space (equal to the amount of memory on the router per dump) needs to be set up and allocated. One example, using FTP to export the dump: ! ip ftp source-interface Loopback0 ip ftp username [enter username here] ip ftp password [enter password here] ! exception protocol ftp exception dump [enter IP address of FTP Server here] ! REFERENCE: For more information on configuring core dumps, see: Configuring Core Dumps * 'ip accounting access-violations' INFO: This command enables IP accounting on an interface with the ability to identify IP traffic that fails IP access lists. The following interfaces could benefit from this: Ethernet0 Serial0 Once enabled, violations may be viewed with the 'show ip accounting access-violations' command. REFERENCE: For additional information see: Practical Reading: Improving Security on Cisco Routers Characterizing and Tracing Packet Floods Using Cisco Routers Cisco Security Solutions: Security Solutions -------------------------------------------------------------------------------- Back to topSHOW RUNNING-CONFIG - NAT NOTIFICATIONS (if any) WARNING: The following static statements are allowed by the access-list referenced by dynamic NAT: Access-list 1 -> 'ip nat inside source static tcp 10.40.0.10 110 80.65.91.xx 110 extendable' Access-list 1 -> 'ip nat inside source static tcp 10.40.0.10 25 80.65.91.xx 25 extendable' Access-list 1 -> 'ip nat inside source static tcp 10.40.0.10 80 80.65.91.xx 80 extendable' Access-list 1 -> 'ip nat inside source static tcp 192.168.0.2 53 80.65.91.xx 53 extendable' Access-list 1 -> 'ip nat inside source static tcp 192.168.0.2 111 80.65.91.xx 111 extendable' Access-list 1 -> 'ip nat inside source static tcp 192.168.0.2 22 80.65.91.xx 22 extendable' Access-list 1 -> 'ip nat inside source static udp 192.168.0.2 53 80.65.91.xx 53 extendable' Access-list 1 -> 'ip nat inside source static udp 192.168.0.2 111 80.65.91.xx 111 extendable' TRY THIS: A good rule of thumb is to deny any local addresses that are used in static statements, from being included in access lists that are used for dynamic NAT. You could use 'access-list {acl_num} deny {inside_address}', before the permit statement. REFERENCE: For more information, see: Configuring Static and Dynamic NAT Simultaneously REFERENCE: NAT (Network Address Translation) REFERENCE: NAT order of operations. REFERENCE: 'ip nat' commands, command reference. REFERENCE: 'ip nat' commands, configuration guide. -------------------------------------------------------------------------------- Back to topSHOW INTERFACE FAST/GIGABIT/ETHERNET NOTIFICATIONS (if any) Interface Ethernet0 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 192.168.0.1/24' WARNING: The counters have never been cleared on this interface and may not accurately reflect the current status of this interface. TRY THIS: Use the 'clear counters' command to reset the counters and monitor the interface parameters over time (less than 24 hours). Reset the counters and wait a few minutes to resubmit the output to Output Interpreter. WARNING: The collision rate is 0.25377%, which is greater than 0.1%. TRY THIS: Look for unterminated or overly long ethernet cables, and/or malfunctioning transceiver(s). This may require a host-by-host inspection or the use of a protocol analyzer. Consider reducing the number of hosts on the segment to reduce the collision rate, or subdividing the collision domain using switches/bridges. REFERENCE: For further information, see: Troubleshooting Ethernet Troubleshooting Ethernet Collisions Optimizing Your Network: Replacing Hubs with Desktop Switches WARNING: More than 0.1% of input traffic has caused 'throttles' (receivers on port disabled). This could be due to buffer or processor overload. TRY THIS: Monitor CPU usage with the 'show process cpu' command, and buffer usage with the 'show buffers' command. Consider pasting the output from these commands into Output Interpreter for analysis. REFERENCE: For further information, see: Troubleshooting Ethernet Troubleshooting Input and Output Queue Drops WARNING: There have been 15 'frame errors' reported. This indicates the number of packets received incorrectly, having a CRC error and a non-integer number of octets. On a LAN, this is usually the result of collisions or a malfunctioning Ethernet device. TRY THIS: Monitor the level of frame errors over time. If they are increasing, try swapping interfaces and or ports to identify the problem. REFERENCE: For further information, see: Troubleshooting Ethernet. WARNING: 163 packets have been 'ignored' by the interface because the interface hardware ran low on internal buffers. TRY THIS: Monitor the ignored packets over time. If they are increasing, paste the output from the 'show buffers' command into Output Interpreter to see if the buffers can be tuned. Also compare with the 'no buffer' counter and input/output queue drops. Broadcast storms can cause the 'ignored' counter to increment. REFERENCE: For more information, see: Buffer Tuning Troubleshooting Ethernet Troubleshooting Input and Output Queue Drops INFO: The 'deferred' counter represents the number of times the interface has tried to send a frame, but found the carrier busy at the first attempt (Carrier Sense). This normally does not constitute a problem, and is part of Ethernet operation. However, if the deferred counter becomes excessive, verify you have the proper duplex and speed configured on both sides of the link. If you are using autonegotiation on this port, then hard code the speed and duplex instead. Do the same on the neighboring device. REFERENCE: Command Reference - 'show interface ethernet' -------------------------------------------------------------------------------- Back to topSHOW INTERFACE SERIAL NOTIFICATIONS (if any) Interface Serial0 (up/up) INFO: Please click the link below to have the IP SUBNET CALCULATOR automatically calculate the supported range of IP addresses for the configured network and subnet mask. 'Ip Subnet Calculator for 80.65.91.86/30' WARNING: 1 packets have been dropped because there were no free buffers to copy the packet. TRY THIS: If this is incrementing, paste the output from the 'show buffers' command into Output Interpreter to see if the buffers can be tuned. Also compare with the 'ignored' counter and input/output queue drops. Broadcast storms and bursts of noise on serial lines are often responsible for no buffer events. REFERENCE: For more information see: Buffer Tuning Troubleshooting Input and Output Queue Drops REFERENCE: For more information on Serial Lines, see: Troubleshooting Serial Line Problems Configuring Serial Interfaces Troubleshooting Serial Lines Loopback Tests for T1/56K Lines REFERENCE: For more information on PPP, see: Dialup Technology Troubleshooting Techniques Point to Point Protocol Configuring and Troubleshooting PAP REFERENCE: Command Reference - 'show interface serial' -------------------------------------------------------------------------------- Back to topROUTER CONSOLE MESSAGE NOTIFICATIONS (if any) WARNING: The system was either power-cycled, or the power source went down for a few seconds. For the 7200 series router with some specific port adapters, this problem may occur due to watchdog timeout, but the "System returned to ROM by power-on" message is displayed. TRY THIS: 1. Verify the power source and troubleshoot the outlet circuit (power to router). 2. If you are using the 7200 series router with any of the 'PA-CT1/PRI', 'PA-CE1/PRI-75', 'PA-CE1/PRI-120', 'PA-4E', 'PA-5EFL', 'PA-8E' port adapters, and if the error is not caused due to the power source, paste the output of the "show tech-support" command to Output Interpreter, to display potential issues and fixes. REFERENCE: For more information, see TAC Case Collection - Reload due to power on Less Common Types of System Crashes - Power-On REFERENCE: For more information, see: Troubleshooting Router Crashes Less Common Types of System Crashes -------------------------------------------------------------------------------- Back to topSTACK DECODE NOTIFICATIONS (if any) There are no software or hardware bugs to report.