- Posts: 5
- Thank you received: 0
Hindering Download Speed With Cisco Router
19 years 2 months ago #10665
by Person
Hindering Download Speed With Cisco Router was created by Person
Hey,
I have recently purchased a Cisco 871 ISR. Being totally inexperienced with Cisco equipment (this is my first Cisco router) I used the Cisco SDM and got everything setup instantly.
My reason buying an expensive router like the 871 for home use was because of the performance however, it has performed really bad compared to my previous Netgear FR114P router.
I am not able to download at ~150kb/s like I did with the Netgear. All the downloads spike at around 20kb/s and I have no idea why. If I connect the Netgear back, it downloads at the full potiential of my ADSL connection.
I have set the speed and duplex of the fe4 and the brigded ADSL modem at 100/full and also loaded registry settings from CableNut (cablenut.com)
Running-config (incase it is needed):
[code:1]Building configuration...
Current configuration : 5046 bytes
!
! Last configuration change at 20:38:31 PCTime Fri Oct 14 2005 by sean
! NVRAM config last updated at 18:36:00 PCTime Fri Oct 14 2005 by sean
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret <removed>
!
username <removed> privilege 15 secret <removed>
clock timezone PCTime 8
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
!
!
ip tcp synwait-time 10
no ip bootp server
ip name-server 203.21.20.20
ip name-server 203.10.1.9
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip ips sdf location flash://128MB.sdf
ip ips notify SDEE
ip ips po max-events 100
ip ips name sdm_ips_rule
no ftp-server write-enable
!
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface FastEthernet4
description $ETH-WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip ips sdm_ips_rule in
ip ips sdm_ips_rule out
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip inspect DEFAULT100 out
ip ips sdm_ips_rule in
ip ips sdm_ips_rule out
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname <removed>
ppp chap password <removed>
ppp pap sent-username <removed> password <removed>
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 10.10.10.0 0.0.0.255
access-list 2 deny any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 203.10.1.9 eq domain any
access-list 101 permit udp host 203.21.20.20 eq domain any
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 remark VTY Access-class list
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport preferred all
transport output telnet
line aux 0
login local
transport preferred all
transport output telnet
line vty 0 4
access-class 102 in
privilege level 15
login local
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end[/code:1]
Does anyone know of any idea on how to fix this strange problem.
Thanks in advance!
- Person
I have recently purchased a Cisco 871 ISR. Being totally inexperienced with Cisco equipment (this is my first Cisco router) I used the Cisco SDM and got everything setup instantly.
My reason buying an expensive router like the 871 for home use was because of the performance however, it has performed really bad compared to my previous Netgear FR114P router.
I am not able to download at ~150kb/s like I did with the Netgear. All the downloads spike at around 20kb/s and I have no idea why. If I connect the Netgear back, it downloads at the full potiential of my ADSL connection.
I have set the speed and duplex of the fe4 and the brigded ADSL modem at 100/full and also loaded registry settings from CableNut (cablenut.com)
Running-config (incase it is needed):
[code:1]Building configuration...
Current configuration : 5046 bytes
!
! Last configuration change at 20:38:31 PCTime Fri Oct 14 2005 by sean
! NVRAM config last updated at 18:36:00 PCTime Fri Oct 14 2005 by sean
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret <removed>
!
username <removed> privilege 15 secret <removed>
clock timezone PCTime 8
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
!
!
ip tcp synwait-time 10
no ip bootp server
ip name-server 203.21.20.20
ip name-server 203.10.1.9
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip ips sdf location flash://128MB.sdf
ip ips notify SDEE
ip ips po max-events 100
ip ips name sdm_ips_rule
no ftp-server write-enable
!
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface FastEthernet4
description $ETH-WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip ips sdm_ips_rule in
ip ips sdm_ips_rule out
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip inspect DEFAULT100 out
ip ips sdm_ips_rule in
ip ips sdm_ips_rule out
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname <removed>
ppp chap password <removed>
ppp pap sent-username <removed> password <removed>
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 10.10.10.0 0.0.0.255
access-list 2 deny any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 203.10.1.9 eq domain any
access-list 101 permit udp host 203.21.20.20 eq domain any
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 remark VTY Access-class list
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport preferred all
transport output telnet
line aux 0
login local
transport preferred all
transport output telnet
line vty 0 4
access-class 102 in
privilege level 15
login local
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end[/code:1]
Does anyone know of any idea on how to fix this strange problem.
Thanks in advance!
- Person
19 years 2 months ago #10689
by jwj
-Jeremy-
Replied by jwj on topic Re: Hindering Download Speed With Cisco Router
I've never configured one of these, so I'm trying to find a configuration that could be slowing down your router. The only thing I really noticed is that the IPS is configured on both Interface Dialer0 and Vlan1. Would this be necessary for an IDS sensor to be monitoring both those interfaces? I just don't see the need, IMO. Also, perhaps instead of having "ip tcp adjust-mss 1452" on the Vlan1 interface, should it be on FastEthernet4?
-Jeremy-
19 years 2 months ago #10695
by Person
Replied by Person on topic Re: Hindering Download Speed With Cisco Router
Thanks for the reply,
The CPU is only working at less than 10% most of the time even with P2P running so it would not effect the performance much.
There is already a MTU setting for fe4 and have been told to remove "ip tcp adjust-mss 1452" but, it doesn't change anything either.
Thanks again for your time and effort
The CPU is only working at less than 10% most of the time even with P2P running so it would not effect the performance much.
There is already a MTU setting for fe4 and have been told to remove "ip tcp adjust-mss 1452" but, it doesn't change anything either.
Thanks again for your time and effort
19 years 2 months ago #10718
by Person
Replied by Person on topic Re: Hindering Download Speed With Cisco Router
Thanks for the concern,
There is lots of avaliable CPU power left but I did turn it off. Thanks for the tip.
There is lots of avaliable CPU power left but I did turn it off. Thanks for the tip.
19 years 2 months ago #10840
by Person
Replied by Person on topic Re: Hindering Download Speed With Cisco Router
For some reason, when IDS is disabled, all the speed comes back even though the CPU is hardly being used.
Solution: Disable IDS
Thanks for your ideas jwj (you are correct with your idea) and TheBishop
Solution: Disable IDS
Thanks for your ideas jwj (you are correct with your idea) and TheBishop
Time to create page: 0.145 seconds