This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internal NIC being reported as down periodically

Periodically I get bursts of kernel messages related to internet connected NIC going down. What might cause this? UTM is connected to ISP modem that's in router mode for what that's worth.

It's a 3 wk old unit where there was only ISP router before. There aren't widespread reports of connections failing, maybe because it's only for a couple seconds and people are blaming the other end. There was a complaint of zoom session reporting bandwidth was low (which never happened before UTM) but think that was fixed by excluding zoom.com from web filtering (not yet confirmed).

Any info would be appreciated.

2021:03:07-12:19:28 lyneutm kernel: [316673.226072] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Down
2021:03:07-12:19:28 lyneutm kernel: [316673.226134] br0: port 1(eth1) entered disabled state
2021:03:07-12:19:31 lyneutm kernel: [316676.529641] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Up 100 Mbps Full Duplex, Flow Control: RX/TX
2021:03:07-12:19:31 lyneutm kernel: [316676.529783] br0: port 1(eth1) entered forwarding state
2021:03:07-12:19:31 lyneutm kernel: [316676.529801] br0: port 1(eth1) entered forwarding state
2021:03:07-12:19:46 lyneutm kernel: [316691.548052] br0: port 1(eth1) entered forwarding state
--------

2021:03:07-12:29:00 lyneutm kernel: [317245.206282] igb 0000:01:00.0 eth0: igb: eth0 NIC Link is Down 2021:03:07-12:29:00 lyneutm kernel: [317245.206345] br0: port 3(eth0) entered disabled state 2021:03:07-12:29:02 lyneutm kernel: [317247.414163] igb 0000:01:00.0 eth0: igb: eth0 NIC Link is Up 100 Mbps Full Duplex, Flow Control: RX/TX 2021:03:07-12:29:02 lyneutm kernel: [317247.414302] br0: port 3(eth0) entered forwarding state 2021:03:07-12:29:02 lyneutm kernel: [317247.414321] br0: port 3(eth0) entered forwarding state 2021:03:07-12:29:17 lyneutm kernel: [317262.440610] br0: port 3(eth0) entered forwarding state
--------- 2021:03:07-12:30:32 lyneutm kernel: [317337.009373] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Down 2021:03:07-12:30:32 lyneutm kernel: [317337.009432] br0: port 1(eth1) entered disabled state 2021:03:07-12:30:33 lyneutm kernel: [317338.717503] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Up 10 Mbps Full Duplex, Flow Control: RX/TX 2021:03:07-12:30:33 lyneutm kernel: [317338.717646] br0: port 1(eth1) entered forwarding state 2021:03:07-12:30:33 lyneutm kernel: [317338.717665] br0: port 1(eth1) entered forwarding state 2021:03:07-12:30:34 lyneutm kernel: [317339.376656] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Down 2021:03:07-12:30:34 lyneutm kernel: [317339.716391] br0: port 1(eth1) entered disabled state 2021:03:07-12:30:37 lyneutm kernel: [317342.268387] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX 2021:03:07-12:30:37 lyneutm kernel: [317342.268650] br0: port 1(eth1) entered forwarding state 2021:03:07-12:30:37 lyneutm kernel: [317342.268669] br0: port 1(eth1) entered forwarding state 2021:03:07-12:30:38 lyneutm kernel: [317343.355436] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Down 2021:03:07-12:30:38 lyneutm kernel: [317343.355497] br0: port 1(eth1) entered disabled state 2021:03:07-12:30:41 lyneutm kernel: [317346.311117] igb 0000:02:00.0 eth1: igb: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX 2021:03:07-12:30:41 lyneutm kernel: [317346.311378] br0: port 1(eth1) entered forwarding state 2021:03:07-12:30:41 lyneutm kernel: [317346.311397] br0: port 1(eth1) entered forwarding state 2021:03:07-12:30:56 lyneutm kernel: [317361.353523] br0: port 1(eth1) entered forwarding state


This thread was automatically locked due to age.
Parents
  • Do you have NIC ports bridged but not both connected?  That may cause this error.

    You might have a problem with that NIC port itself, you might want to try another port if you have it.

    Double check your MTU as well.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • oops, it's not the internet connected NIC that's a problem. it's (primarily) one of the 3 bridged ports for LAN use - 'eth1'. (I have 4 ports total.) I searched back through a week of kernel logs for "NIC Link is Down" and twice out of at least 2 dozen entries, it was 'eth0', another of the bridged ports for LAN use. 

    Two of the 3 bridged ports are connected to windows 10 PC's (not sure which two and unit is at remote site), and the other has a Ubiquity Unifi AP connected to it. I know one of the PC's is shutdown periodically - would that cause NIC to go down? But then wouldn't it just stay down if it's related to that PC's status? Is NIC kernel message related to status of what's connected to it, or is it about internal connection to hardware?

    I also see from searching for "NIC Link is Up" that the eth1 comes up at different speeds, 10,100,1000. In contrast to that, eth0 came back up at 100M both times it went down. (Is there a way to get more info from sophos as to what's connected to a port? not finding it but am new to sophos.)

    To try another port I'd have to go to the site (with a switch in hand as 3 LAN ports are needed.) Is there anything more I can do remotely first?

    MTU is 1500.

  • not familiar with tcpdump. googled it and it seems I would have to install it on the machine connected to eth1 (which I can only guess at this point as this is a remote site, and it might be an AP that would not be able to run it). Unless this tool available to run from sophos appliance? 

  • tcpdump is available in every UTM.  You can SSH into the UTM and do:

    tcpdump -i eth1

    That should give you the IP of the device active there.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • nice, now I just have to figure out why I can't ssh. I followed various instructions including https://support.sophos.com/support/s/article/KB-000038680?language=en_US and others and set the allowed networks to internal and the vpnnetwork I use. From the vpn LAN connection is refused and from a PC on the remote LAN (i.e. on internal network) no matter how many times I put the right password in, I get permission denied (password). I did set up shell to use password authentication and I did use loginuser instead of my webadmin userid (though I tried webadmin one for giggles too). I also changed the password to something easier in case I was just such a klutz with the first one. 

    As this is going in a different direction, unless there's a quick sophos ssh newbie thing that you can point to, I'll look into starting a separate thread as it is something Id like to set up and be able to use.

  • I always use the RSA key approach explained at the bottom of that KB article, Jean, and login directly as root.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • got someone at other end to switch eth1 and eth0 network cable then started seeing eth0 kernel messages so looking like an issue with NIC on one of the machines.

    Now, though I'm having lots of other problems. can't load webadmin, either through VPN (which was working but stopped working) or through UTM Manager, which says device is offline. had someone power cycle unit, VPN came back up temporarily but no access to webadmin via either channels. hadn't set up ssh yet so can't poke around that way.

    more to come

  • By default, eth1 and eth0 are your internal and external ports.  So, when you switch them, nothing has changed as far as configurations.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • SSH not working either with password or RSA. Instead of the expected first time alert with putty

    I get 

    I have the following allowed networks, which should cover it.

  • Did you get the 'Network error' after touching the [Yes] button, Jean?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • no. got it just trying to "Open" the putty session

  • I got a bit lazy here. Sorry about that. I just opened up a separate thread on trying to get SSH working...

    https://community.sophos.com/utm-firewall/f/general-discussion/126584/can-t-get-ssh-access-working---utm-9

Reply Children
  • so this issue appears to be related to what ended up being memory problems. I had a number of weird, intermittent issues on top of this one so I decided to memtest things and several errors were reported. I've replace the RAM; memtested it - all good); and problem is not occurring anymore. Now there remains possibility it's an issue with one of the PCs at remote site plugged into one of the ports I bridged together (I had to pull unit out to do more testing) but either way I don't see it as a sophos UTM issue.

    Thanks fir the replies