Options
Bandwidth issues with NAT on Cisco 877W router
SteveThing
Member Posts: 42 ■■□□□□□□□□
in Off-Topic
Hey gang,
I'm currently using this router with my cable modem and routing from Vlan1 (inside) to Vlan2 (outside) since I can't use the ADSL port. I've noticed that I get a maximum of 1.7Mb/s throughput and curious if it is due to my config or the hardware. When I bypass the router, I get 10.98 Mb/s. Here is my config:
Output from show version:
Output from show ip route:
* is masked ISP addresses
Output from show ip nat statistics:
Output from show processes cpu history during speedtest.net runs:
Spike is from reload I would imagine...
Finally, the most confusing is show int fa0:
That is alot of errors for a little over a day of uptime. Didn't think to try another port till just now... Will attempt tomorrow.
Any suggestions or ideas?
I'm currently using this router with my cable modem and routing from Vlan1 (inside) to Vlan2 (outside) since I can't use the ADSL port. I've noticed that I get a maximum of 1.7Mb/s throughput and curious if it is due to my config or the hardware. When I bypass the router, I get 10.98 Mb/s. Here is my config:
version 15.1 no service pad service timestamps debug datetime localtime show-timezone service timestamps log datetime localtime show-timezone service password-encryption service sequence-numbers ! hostname **** ! boot-start-marker boot-end-marker ! ! logging buffered 4096 informational enable secret **** ! aaa new-model ! ! aaa authentication login default local aaa authentication enable default enable aaa authorization config-commands aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated aaa authorization network default local if-authenticated ! ! ! ! ! aaa session-id common clock timezone CST -6 0 clock summer-time CDT recurring clock save interval 8 crypto pki token default removal timeout 0 ! ! dot11 syslog ! dot11 ssid **** vlan 1 max-associations 3 authentication open authentication key-management wpa wpa-psk ascii 7 **** ! ip source-route ! ! ! ip cef ip cef accounting non-recursive ip inspect name INSPECT tcp ip inspect name INSPECT udp ip inspect name INSPECT icmp ip inspect name INSPECT fragment maximum 256 timeout 1 no ip bootp server ip domain name **** ip name-server 8.8.4.4 ip name-server 8.8.8.8 ! ! ! ! archive path flash:/Backups ! username ****** ! ! vlan 2 name Outside ! ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh source-interface Vlan1 ip ssh logging events ip ssh version 2 ! ! ! ! ! ! ! interface ATM0 no ip address shutdown no atm ilmi-keepalive ! interface FastEthernet0 description Link to Cable Modem switchport access vlan 2 duplex full speed 100 no cdp enable spanning-tree portfast ! interface FastEthernet1 description Tower duplex full speed 100 no cdp enable spanning-tree portfast ! interface FastEthernet2 description PS3 duplex full speed 100 no cdp enable spanning-tree portfast ! interface FastEthernet3 shutdown ! interface Dot11Radio0 no ip address no ip redirects no ip unreachables no ip proxy-arp shutdown ! Temporarily shutdown no dot11 extension aironet ! encryption vlan 1 mode ciphers aes-ccm tkip ! ! broadcast-key change 60 membership-termination ! ! ssid **** ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Dot11Radio0.1 encapsulation dot1Q 1 native ip address 10.0.10.1 255.255.255.240 ip virtual-reassembly in shutdown ! Temporarily shutdown ! interface Vlan1 description Inside (+WiFi) ip address 10.0.0.1 255.255.255.240 ip nat inside ip virtual-reassembly in ! interface Vlan2 description Outside (ISP) ip address dhcp hostname dNET no ip unreachables ip nat outside ip virtual-reassembly in ! ip forward-protocol nd no ip http server no ip http secure-server ! ip dns server ip nat inside source route-map NAT_LAN interface Vlan2 overload ! ip access-list standard IPs_LAN permit 10.0.0.0 0.0.0.15 ip access-list standard IPs_WiFi permit 10.0.10.0 0.0.0.15 ip access-list extended Management permit tcp host **** eq 22 log deny ip any any log ! ! ! ! route-map NAT_LAN permit 10 match ip address IPs_LAN match interface Vlan2 FastEthernet0 route-map NAT_WiFi permit 10 match ip address IPs_WiFi match interface Vlan2 FastEthernet0 ! ! ! control-plane ! ! line con 0 exec-timeout 5 0 logging synchronous login ctrlc-disable no modem enable line aux 0 line vty 0 1 access-class Management in exec-timeout 5 0 logging synchronous transport preferred ssh transport input ssh transport output ssh line vty 2 4 exec-timeout 0 0 no exec transport preferred none transport input none transport output none ! scheduler max-task-time 5000 ntp server 132.163.4.101 prefer ntp server 132.163.4.102 ntp server 132.163.4.103 end
Output from show version:
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 15.1(3)T, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Tue 16-Nov-10 04:45 by prod_rel_team ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE **** uptime is 1 day, 18 hours, 17 minutes System returned to ROM by reload at 05:30:11 CDT Sun Mar 20 2011 System restarted at 05:31:08 CDT Sun Mar 20 2011 System image file is "flash:c870-advsecurityk9-mz.151-3.T.bin" Last reload reason: Reload Command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco 877W (MPC8272) processor (revision 2.0) with 118784K/12288K bytes of memory. Processor board ID FHK111211D4 MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10 4 FastEthernet interfaces 1 ATM interface 1 Virtual Private Network (VPN) Module 1 802.11 Radio 128K bytes of non-volatile configuration memory. 24576K bytes of processor board System flash (Intel Strataflash) Configuration register is 0x2102
Output from show ip route:
* is masked ISP addresses
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is *.*.4.1 to network 0.0.0.0 S* 0.0.0.0/0 [254/0] via *.*.4.1 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.0.0.0/28 is directly connected, Vlan1 L 10.0.0.1/32 is directly connected, Vlan1 *.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C *.*.4.0/22 is directly connected, Vlan2 L *.*.4.10/32 is directly connected, Vlan2 172.31.0.0/32 is subnetted, 1 subnets S 172.31.251.29 [254/0] via *.*.4.1, Vlan2
Output from show ip nat statistics:
Total active translations: 13 (0 static, 13 dynamic; 13 extended) Peak translations: 193, occurred 14:53:36 ago Outside interfaces: Vlan2 Inside interfaces: Vlan1 Hits: 20272144 Misses: 0 CEF Translated packets: 20266700, CEF Punted packets: 5444 Expired translations: 9692 Dynamic mappings: -- Inside Source [Id: 1] route-map NAT_LAN interface Vlan2 refcount 13 Total doors: 0 Appl doors: 0 Normal doors: 0 Queued Packets: 0
Output from show processes cpu history during speedtest.net runs:
**** 11:51:27 PM Monday Mar 21 2011 CDT 11111 224444422222333331111133333222222222222222555553333311111333 100 90 80 70 60 50 40 30 20 10 ********** 0....5....1....1....2....2....3....3....4....4....5....5....6 0 5 0 5 0 5 0 5 0 5 0 CPU% per second (last 60 seconds) 111 1211 11 111211 1 1111 111 11 111 111111 1 111 11 11 333930428227224035842431138714581295228873222327096129329923 100 90 80 70 60 50 40 30 20 * * * * * * 10 ***************#*** * ************************************** 0....5....1....1....2....2....3....3....4....4....5....5....6 0 5 0 5 0 5 0 5 0 5 0 CPU% per minute (last 60 minutes) * = maximum CPU% # = average CPU% 113223911112212222112222222222121111122342 667236284948565554654430362453648755527314 100 90 * 80 * 70 * 60 * 50 * 40 * ** * 30 * ** ** *** * * *** 20 ******** * ******************************* 10 **#*##*****#***##***##**#####**#*****##### 0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.. 0 5 0 5 0 5 0 5 0 5 0 5 0 CPU% per hour (last 72 hours) * = maximum CPU% # = average CPU%
Spike is from reload I would imagine...
Finally, the most confusing is show int fa0:
FastEthernet0 is up, line protocol is up Hardware is Fast Ethernet, address is *.*.c9d3 (bia *.*.c9d3) Description: Link to Cable Modem MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 33000 bits/sec, 36 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 16367368 packets input, 3511780220 bytes, 0 no buffer Received 6048989 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 627922 input errors, 312998 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 10044152 packets output, 876371092 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out
That is alot of errors for a little over a day of uptime. Didn't think to try another port till just now... Will attempt tomorrow.
Any suggestions or ideas?
CompTIA: Net+, Sec+
Aruba: ACMA, ACMP
Air Force:
2E251, 3D152, Fiber Installation Expert, Certified Cryptographic Network Professional, and a couple hundred useless certs on nothing important in real life (aka, Tree Killing+)
Aruba: ACMA, ACMP
Air Force:
2E251, 3D152, Fiber Installation Expert, Certified Cryptographic Network Professional, and a couple hundred useless certs on nothing important in real life (aka, Tree Killing+)
Comments
-
OptionsSteveThing Member Posts: 42 ■■□□□□□□□□So I tried another port, no change. Tried a Router-On-A-Stick with my 3640 and my 2960 and still had the same problem (albeit a little better). So i booted up my pfsense livecd on a Core2Duo laptop (overkill for NAT and routing). I setup the laptop as a router on a stick, created 2 vlans on it, and trunked it to the switch. The cable modem was pluged into vlan10 on the switch and my PC was on vlan 20. The modem gave an IP to the lappy (vlan 10) and everything was going well. No input errors, no CRC errors, nothing bad. Still no decent bandwidth.
I ran a couple runs on a few websites for speed tests and then the switch started alternating green and amber on the cable modem interface. Sure enough, input errors started flowing in when I pushed the connection beyond simple e-mail/surfing. Double checked all my settings. Little me has always been in the train of thought that auto-negotiation is bad ("You auto not use it"?).
So I monkied around with a few speed/duplex settings. Finally I gave up and tried auto. Sure enough, my problems were solved. ANNOYING!
Anyways, thanx for reading and I hope this helps someone else in the future.CompTIA: Net+, Sec+
Aruba: ACMA, ACMP
Air Force:
2E251, 3D152, Fiber Installation Expert, Certified Cryptographic Network Professional, and a couple hundred useless certs on nothing important in real life (aka, Tree Killing+) -
OptionsSteveO86 Member Posts: 1,423Maybe changing the MTU settings on the outside interface.
What is the MTU? DSL FAQ | DSLReports.com, ISP InformationMy Networking blog
Latest blog post: Let's review EIGRP Named Mode
Currently Studying: CCNP: Wireless - IUWMS