Hey gang,
I'm currently using this router with my cable modem and routing from Vlan1 (inside) to Vlan2 (outside) since I can't use the ADSL port. I've noticed that I get a maximum of 1.7Mb/s throughput and curious if it is due to my config or the hardware. When I bypass the router, I get 10.98 Mb/s. Here is my config:
version 15.1
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ****
!
boot-start-marker
boot-end-marker
!
!
logging buffered 4096 informational
enable secret ****
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization config-commands
aaa authorization exec default local if-authenticated
aaa authorization commands 15 default local if-authenticated
aaa authorization network default local if-authenticated
!
!
!
!
!
aaa session-id common
clock timezone CST -6 0
clock summer-time CDT recurring
clock save interval 8
crypto pki token default removal timeout 0
!
!
dot11 syslog
!
dot11 ssid ****
vlan 1
max-associations 3
authentication open
authentication key-management wpa
wpa-psk ascii 7 ****
!
ip source-route
!
!
!
ip cef
ip cef accounting non-recursive
ip inspect name INSPECT tcp
ip inspect name INSPECT udp
ip inspect name INSPECT icmp
ip inspect name INSPECT fragment maximum 256 timeout 1
no ip bootp server
ip domain name ****
ip name-server 8.8.4.4
ip name-server 8.8.8.8
!
!
!
!
archive
path flash:/Backups
!
username ******
!
!
vlan 2
name Outside
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh source-interface Vlan1
ip ssh logging events
ip ssh version 2
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
description Link to Cable Modem
switchport access vlan 2
duplex full
speed 100
no cdp enable
spanning-tree portfast
!
interface FastEthernet1
description Tower
duplex full
speed 100
no cdp enable
spanning-tree portfast
!
interface FastEthernet2
description PS3
duplex full
speed 100
no cdp enable
spanning-tree portfast
!
interface FastEthernet3
shutdown
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
! Temporarily shutdown
no dot11 extension aironet
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
!
broadcast-key change 60 membership-termination
!
!
ssid ****
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip address 10.0.10.1 255.255.255.240
ip virtual-reassembly in
shutdown
! Temporarily shutdown
!
interface Vlan1
description Inside (+WiFi)
ip address 10.0.0.1 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface Vlan2
description Outside (ISP)
ip address dhcp hostname dNET
no ip unreachables
ip nat outside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source route-map NAT_LAN interface Vlan2 overload
!
ip access-list standard IPs_LAN
permit 10.0.0.0 0.0.0.15
ip access-list standard IPs_WiFi
permit 10.0.10.0 0.0.0.15
ip access-list extended Management
permit tcp host **** eq 22 log
deny ip any any log
!
!
!
!
route-map NAT_LAN permit 10
match ip address IPs_LAN
match interface Vlan2 FastEthernet0
route-map NAT_WiFi permit 10
match ip address IPs_WiFi
match interface Vlan2 FastEthernet0
!
!
!
control-plane
!
!
line con 0
exec-timeout 5 0
logging synchronous
login ctrlc-disable
no modem enable
line aux 0
line vty 0 1
access-class Management in
exec-timeout 5 0
logging synchronous
transport preferred ssh
transport input ssh
transport output ssh
line vty 2 4
exec-timeout 0 0
no exec
transport preferred none
transport input none
transport output none
!
scheduler max-task-time 5000
ntp server 132.163.4.101 prefer
ntp server 132.163.4.102
ntp server 132.163.4.103
end
Output from show version:
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 15.1(3)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 16-Nov-10 04:45 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE
**** uptime is 1 day, 18 hours, 17 minutes
System returned to ROM by reload at 05:30:11 CDT Sun Mar 20 2011
System restarted at 05:31:08 CDT Sun Mar 20 2011
System image file is "flash:c870-advsecurityk9-mz.151-3.T.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 877W (MPC8272) processor (revision 2.0) with 118784K/12288K bytes of memory.
Processor board ID FHK111211D4
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
1 802.11 Radio
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)
Configuration register is 0x2102
Output from show ip route:
* is masked ISP addresses
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is *.*.4.1 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via *.*.4.1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/28 is directly connected, Vlan1
L 10.0.0.1/32 is directly connected, Vlan1
*.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C *.*.4.0/22 is directly connected, Vlan2
L *.*.4.10/32 is directly connected, Vlan2
172.31.0.0/32 is subnetted, 1 subnets
S 172.31.251.29 [254/0] via *.*.4.1, Vlan2
Output from show ip nat statistics:
Total active translations: 13 (0 static, 13 dynamic; 13 extended)
Peak translations: 193, occurred 14:53:36 ago
Outside interfaces:
Vlan2
Inside interfaces:
Vlan1
Hits: 20272144 Misses: 0
CEF Translated packets: 20266700, CEF Punted packets: 5444
Expired translations: 9692
Dynamic mappings:
-- Inside Source
[Id: 1] route-map NAT_LAN interface Vlan2 refcount 13
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
Output from show processes cpu history during speedtest.net runs:
**** 11:51:27 PM Monday Mar 21 2011 CDT
11111
224444422222333331111133333222222222222222555553333311111333
100
90
80
70
60
50
40
30
20
10 **********
0....5....1....1....2....2....3....3....4....4....5....5....6
0 5 0 5 0 5 0 5 0 5 0
CPU% per second (last 60 seconds)
111 1211 11 111211 1 1111 111 11 111 111111 1 111 11 11
333930428227224035842431138714581295228873222327096129329923
100
90
80
70
60
50
40
30
20 * * * * * *
10 ***************#*** * **************************************
0....5....1....1....2....2....3....3....4....4....5....5....6
0 5 0 5 0 5 0 5 0 5 0
CPU% per minute (last 60 minutes)
* = maximum CPU% # = average CPU%
113223911112212222112222222222121111122342
667236284948565554654430362453648755527314
100
90 *
80 *
70 *
60 *
50 *
40 * ** *
30 * ** ** *** * * ***
20 ******** * *******************************
10 **#*##*****#***##***##**#####**#*****#####
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7..
0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per hour (last 72 hours)
* = maximum CPU% # = average CPU%
Spike is from reload I would imagine...
Finally, the most confusing is show int fa0:
FastEthernet0 is up, line protocol is up
Hardware is Fast Ethernet, address is *.*.c9d3 (bia *.*.c9d3)
Description: Link to Cable Modem
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 33000 bits/sec, 36 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
16367368 packets input, 3511780220 bytes, 0 no buffer
Received 6048989 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
627922 input errors, 312998 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
10044152 packets output, 876371092 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
That is alot of errors for a little over a day of uptime. Didn't think to try another port till just now... Will attempt tomorrow.
Any suggestions or ideas?
