- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Problems with internet traffic on procurve
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-18-2009 01:35 PM
02-18-2009 01:35 PM
Problems with internet traffic on procurve
2009.02.18 22:19:04 FIREWALL id=firewall time="2009-02-18 22:19:04" fw=router pri=1 proto=http src=192.168.0.101 dst=63.245.209.93 msg="TCP connection request received is invalid (expected SYN, got ACK), dropping packet Src 1829 Dst 80 from Private policy-class on interface eth 0/1" agent=AdFirewall
or
2009.02.18 22:19:12 FIREWALL id=firewall time="2009-02-18 22:19:12" fw=router pri=1 rule=5 proto=1773/tcp src=66.77.15.231 dst=yy.yy.yy.yy msg="Invalid sequence number received with Reset, dropping packet Src 443 Dst 1773 from Public policy-class" agent=AdFirewall
192.168.0.0/24 is local subnet on eth0/1
yy.yy.yy.yy is asigned IP of pp1 ADSL interface
Firewall is configured using procurv web interface firewall wizard and web interface VPN wizard.
Any idea where is the problem? Users are quite upset because of "poor" internet connection and I cannot switch firewall off.
Thank you for any idea.
Martin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-19-2009 03:58 AM
02-19-2009 03:58 AM
Re: Problems with internet traffic on procurve
looks like the firewall declares the session down, while the client thinks it's still active!
is the 7102dl the only network component involved?
also take into account
- how many users are connecting to the internet
- what's the speed (up/down) of the adsl-connection?
- how much vpn-connections are active
- how much cpu is used on the switch/firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-19-2009 07:59 AM
02-19-2009 07:59 AM
Re: Problems with internet traffic on procurve
regarding other involved components see attached "scheme". There is backup line shown on it but problems are same with or without it.
Almost every time user tries to load some web page using IE or FF it generates couple of above mentioned errors. Same when user is using web based software updater - it fails after a while.
From the user side it seems like some web pages are sometimes impossible to load, or some page components (styles, scripts, pictures) are unable to load.
I mentioned VPN wizard because it adds some policies to firewall configuration. I didn't used it to configure firewall. It was used only to configure VPN access. Nothing more.
There are approx. 8 users connecting to internet at the same time plus some irregular server processes (1 or 2) - very small company.
There are max 2 clients connecting through VPN at the same time.
ADSL line speed is 8Mbps/512kbps
Line is ADSL2+ with MTU set to 1454
Max CPU load on router is about 30% average 10% to 15%. It is almost sleeping...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-19-2009 11:47 PM
02-19-2009 11:47 PM
Re: Problems with internet traffic on procurve
ftp://ftp.hp.com/pub/networking/software/SR7000dl-Basic-C07-ADSL-Nov2006.pdf
page 7-9 up
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-20-2009 12:02 AM
02-20-2009 12:02 AM
Re: Problems with internet traffic on procurve
it may be an idea to change the "training-mode from the default "Multi-Mode" to "ADSL2+".
also you may experiment with the "signal-to-noise ratio (SNR) margin" page 7-15 up (this seems to need manual tuning).
please post "show running-config interface adsl 1/1"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-20-2009 07:10 AM
02-20-2009 07:10 AM
Re: Problems with internet traffic on procurve
splitter is connected (also I tried two other splitters from different manufacturers). It seems to work properly - "connectivity errors" are occuring regardless of voice traffic on phone line.
Training mode is set to ADSL2+ at the moment. There was problem with ADSL module 4 months ago when migrating from ADSL line TO ADSL2+ as original module firmware was not able to manage ADSL2+ line. This problem was fixed by new module firmware (J8759A_11_01_04.biz) I am not sure how much this FW is supported, but I find no other version on procurve support site and reply from procurve support took more than 3 months :-/. I will try changing training mode from ADSL2+ to multi-mode, but I have information from my provider that line is already ADSL2+ and line speed is currently slightly below reccomended physical line capability. So they do not expect errors on line. I will try setting training mode when I arrive on site (19:00 CET). I will post result immediately after trying.
Here is running config of ADSL interface, more info about ppp/adsl/atm interfaces in attached file.
You can see current SNR from there - ADSL module firmware need some tuning it shows some strange numbers in place of downstream SNR and attenuation.
show running-config interface adsl 1/1
Building configuration...
!
!
interface adsl 1/1
description "CRA ADSL"
snr-margin showtime-monitor
training-mode ADSL2+
no shutdown
!
end
Btw. there is also one type of error message in log which occurs rarely, but I am not sure, maybe it can provide some keys or maybe it is useless.
2009.02.20 15:37:27 FIREWALL id=firewall time="2009-02-20 15:37:27" fw=router pri=1 rule=5 proto=http src=192.168.0.33 dst=193.226.140.51 msg="Zero bytes transferred for connection Src 33884 Dst 80 from Private policy-class" agent=AdFirewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-20-2009 11:00 AM
02-20-2009 11:00 AM
Re: Problems with internet traffic on procurve
after 3 hours of trying various ADSl settings...
The problem has nothing to do with ADSL. Problem is the same with ADSL interface disabled using only backup WiFi interface.
I have tried to disable rpf-check on all firewall interfaces but problem still persists.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-20-2009 11:29 AM
02-20-2009 11:29 AM
Re: Problems with internet traffic on procurve
All above means to me that problem is in router unit and its firmware or configuration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-21-2009 10:02 AM
02-21-2009 10:02 AM
Re: Problems with internet traffic on procurve
Turning syn-flood check on firewall off.
Turning rst-seq check on firewall off. Strange - according to CLI guide it does not require any parameter but my CLI insists on port number parameter when switching off.
Setting policy-timeout for tcp protocol to 12 hours.
Turning load-sharing on and off.
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP