| Cisco 1841 connected to cable modem - slow performance I have a Cisco 1841 connected to a Comcast cable modem via ethernet. The service is configured for 16 mbps down and 2 mbps up. Using speedtest.net and several other test, I cannot get above 6 mbps download. Configuration posted below. Any assistance would be helpful.
************************************************
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname FTM1841
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
no logging console
logging monitor notifications
enable password 7
!
no aaa new-model
clock summer-time edt recurring
no ip source-route
ip cef
!
!
!
!
no ip domain lookup
ip inspect name ethernetin udp alert on audit-trail off
ip inspect name ethernetin tcp alert on audit-trail off
ip inspect name ethernetin ftp alert on audit-trail off
ip inspect name ethernetin http java-list 5 urlfilter alert on audit-trail off
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip urlfilter allow-mode on
ip urlfilter exclusive-domain permit .bnatax.com
ip urlfilter exclusive-domain permit .cnn.com
ip urlfilter exclusive-domain permit .bnataxmanagement.com
ip urlfilter exclusive-domain permit .bna.com
ip urlfilter exclusive-domain permit .fowlerwhite.com
ip urlfilter exclusive-domain permit .msn.com
ip urlfilter exclusive-domain permit .yahoo.com
ip urlfilter exclusive-domain permit .google.com
ip urlfilter exclusive-domain permit .speedtest.net
ip urlfilter urlf-server-log
ip urlfilter server vendor websense 172.3.100.180
!
!
!
username password 7
!
!
!
class-map match-any VoIP
match ip dscp ef
class-map match-any VideoConf
match access-group 150
!
!
policy-map vpnQoS
class VoIP
priority 406
class VideoConf
drop
class class-default
fair-queue
random-detect
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key qazWSXedcRFV address x.x.x.x
!
!
crypto ipsec transform-set vpnset1 esp-3des esp-md5-hmac
mode transport
!
crypto map vpnmap1 local-address Serial0/0/0
crypto map vpnmap1 10 ipsec-isakmp
set peer x.x.x.x
set transform-set vpnset1
match address 180
qos pre-classify
!
!
!
interface Loopback0
description [LOOPBACK0][OSPF 10]
ip address 10.10.9.50 255.255.255.248
ip nat inside
ip virtual-reassembly
!
interface Loopback1
description [LOOPBACK1][OSPF 20]
ip address 10.10.9.57 255.255.255.248
!
interface Tunnel0
description [FTM1841][TUNNEL0][VPN][QFL][10.10.11.6/30]
bandwidth 1000
ip address 10.10.12.6 255.255.255.252
ip mtu 1440
delay 1000
qos pre-classify
tunnel source Serial0/0/0
tunnel destination x.x.x.x
!
interface FastEthernet0/0
description [FTM1841][FA0/0][172.3.1.3/16]
ip address 172.3.1.3 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip inspect ethernetin in
ip virtual-reassembly
ip route-cache same-interface
ip route-cache flow
speed 100
full-duplex
no cdp enable
no mop enabled
standby 1 ip 172.3.1.1
standby 1 preempt
!
interface FastEthernet0/1
ip address x.x.x.x 255.255.255.248
ip access-group 102 in
ip access-group 103 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache same-interface
ip route-cache flow
no ip mroute-cache
duplex auto
speed auto
ntp disable
no cdp enable
no mop enabled
!
interface Serial0/0/0
ip address x.x.x.x 255.255.255.252
ip access-group 102 in
ip access-group 103 out
ip nat outside
ip virtual-reassembly
shutdown
ntp disable
fair-queue
no service-module t1 remote-loopback full
service-module t1 remote-alarm-enable
no cdp enable
crypto map vpnmap1
!
router ospf 10
router-id 10.10.9.50
log-adjacency-changes
redistribute static
redistribute ospf 20 match external 1 external 2
network 172.3.0.0 0.0.255.255 area 3
default-information originate
!
router ospf 20
router-id 10.10.9.57
log-adjacency-changes
redistribute ospf 10 subnets
network 10.10.12.0 0.0.0.255 area 1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 100
ip route 172.31.0.0 255.255.0.0 Tunnel0 140
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map nonat interface FastEthernet0/1 overload
!
logging trap notifications
logging 172.31.100.183
access-list 5 remark ---- JAVA ACL ----
access-list 5 permit any
access-list 10 remark ---- TELNET ACL ----
access-list 10 permit 172.0.0.0 0.255.255.255
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 102 remark ---- FIREWALL ACL ----
access-list 102 deny icmp any any
access-list 102 permit udp host x.x.x.x host x.x.x.x eq isakmp
access-list 102 permit esp host x.x.x.x host x.x.x.x
access-list 102 permit gre host x.x.x.x host x.x.x.x
access-list 102 deny ip any any log
access-list 103 remark ---- VIDEO WAN PRIORITY ----
access-list 103 permit ip 172.0.3.0 0.255.0.255 any
access-list 103 remark ---- OUTBOUND ACL ----
access-list 103 deny tcp any any eq 137 log
access-list 103 deny udp any any eq netbios-ns log
access-list 103 deny tcp any any eq 138 log
access-list 103 deny udp any any eq netbios-dgm log
access-list 103 deny tcp any any eq 139 log
access-list 103 deny udp any any eq netbios-ss log
access-list 103 deny tcp any any eq 445 log
access-list 103 deny udp any any eq 445 log
access-list 103 permit ip any any
access-list 107 remark ---- VOICE WAN PRIORITY ----
access-list 107 permit ip 172.0.7.0 0.255.0.255 any
access-list 110 remark ---- VPN ----
access-list 110 permit ip 172.3.0.0 0.0.255.255 172.31.0.0 0.0.255.255
access-list 130 remark ---- IP NAT ACL ----
access-list 130 deny ip 172.3.0.0 0.0.255.255 172.1.0.0 0.0.255.255
access-list 130 deny ip 172.3.0.0 0.0.255.255 172.5.0.0 0.0.255.255
access-list 130 deny ip 172.3.0.0 0.0.255.255 172.9.0.0 0.0.255.255
access-list 130 deny ip 172.3.0.0 0.0.255.255 172.25.0.0 0.0.255.255
access-list 130 deny ip 172.3.0.0 0.0.255.255 172.31.0.0 0.0.255.255
access-list 130 deny ip 172.3.0.0 0.0.255.255 192.168.254.0 0.0.0.255
access-list 130 permit ip 172.3.0.0 0.0.255.255 any
access-list 150 remark ----Disable VideoConf ACL ----
access-list 150 deny ip 172.3.0.0 0.0.255.255 any
access-list 180 remark ---- QFL VPN ACL ----
access-list 180 permit gre host x.x.x.x host x.x.x.x
snmp-server community RO
snmp-server enable traps tty
no cdp run
!
route-map nonat permit 10
match ip address 130
!
!
!
!
control-plane
!
!
!
line con 0
password 7
login local
line aux 0
password 7
login local
transport input all
line vty 0 4
access-class 10 in
exec-timeout 30 0
password 7
login local
line vty 5 15
access-class 10 in
exec-timeout 30 0
password 7
login local
!
scheduler allocate 20000 1000
end |
|
aguenPremium
join:2003-07-16
Grants Pass, OR | Try posting in the Cisco or Comcast forum. Dumping your boot cfg here does nothing for you. |
|
| reply to Nighttrain72
Where exactly is the speeds slow, or are you wanting to make sure you get the full rated speed of your line?
See here to start : »[HELP] Cisco 800/837 Slow Upload Speeds Various Download Speeds
for some basic troubleshooting to verify your speeds.
Does the 1841 have a VPN accelerator card?
Regards |
|
| reply to aguen
said by aguen:Try posting in the Cisco or Comcast forum. Dumping your boot cfg here does nothing for you. This IS the Cisco forum.......... |
|
|
|
| reply to HELLFIRE
I know mine does (has the VPN accelerator card). |
|
| reply to HELLFIRE
The post was moved, thank you. (First post and it shows)
Yes the router has an AIM card installed.
Thank you |
|
| reply to OVERKILL
I will take a look at the post. Yes the router has an AIM card installed.
Yes I want to make sure we can get at least 65-75% of the rated speed.
Thank you |
|
2 edits | said by Nighttrain72:I will take a look at the post. Yes the router has an AIM card installed. Yes I want to make sure we can get at least 65-75% of the rated speed. Thank you First things first, what, if anything, jumps out at you if you run "show log" ?
I'm pulling 12Mbit through my 1841 downloading a torrent as we speak. CPU usage is hovering around 41-51%, mem is at 22%, and I have three VPN tunnels open. |
|
| I have checked the log several times and nothing, but CBAC entries exist. Average CPU is less than 10%. I have the VPN setup but I do not have it running through the ethernet port, just the serial. Both ethernet ports are clean with no errors at all.
I am in the midst of testing the cable service but I cannot seem to get even 50% of the rated speed. AT this point I am at a lose as to what it could be. |
|
| But if you connect directly to the cable modem, bypassing the router you get the rated speed?
What is the output of the command:
sh int fastethernet0/1
Please paste it in the thread. |
|
| I am plugged directly into the cable modem. I think I found the issue. I was using IE8 to perform the test and on a whim I downloaded Chrome and the speeds where up in the 11+ mbps download and 2.5 mbps for upload.
At this point I am going to say the issue was the browser and not the config. I appreciate the assistance! |
|
| reply to Nighttrain72
Keep testing if you're not sure. The 1841 is not a great piece of gear but 16/2
is WELL below its performance limits with your config.
Regards |
|
| said by HELLFIRE:Keep testing if you're not sure. The 1841 is not a great piece of gear but 16/2 is WELL below its performance limits with your config. Regards Hey now, it's not THAT bad! LOL! |
|
| reply to HELLFIRE
I will keep testing as I am not 100% certain nor convinced 100%. Below are the interface configs for both ethernet ports if you would like to take a look.
FA0/0 (Internal):
#sh ip int fa0/0
FastEthernet0/0 is up, line protocol is up
Internet address is 172.3.1.3/16
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.2 224.0.0.5 224.0.0.6
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is disabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are never sent
ICMP unreachables are never sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is enabled
IP CEF switching is enabled
IP CEF Flow Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, Flow cache, CEF, Full Flow
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Inbound inspection rule is ethernetin
FA01 (External):
#sh ip int fa0/1
FastEthernet0/1 is up, line protocol is up
Internet address is x.x.x.x/29
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is 103
Inbound access list is 102
Proxy ARP is disabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are never sent
ICMP unreachables are never sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is enabled
IP CEF switching is enabled
IP CEF Flow Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, Flow cache, CEF, Full Flow
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Stats for FA0/0 (Internal):
#sh int fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is Gt96k FE, address is 001e.1371.2112 (bia 001e.1371.2112)
Description: [FTM1841][FA0/0][172.3.1.3/16]
Internet address is 172.3.1.3/16
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 26000 bits/sec, 15 packets/sec
5 minute output rate 255000 bits/sec, 18 packets/sec
349451 packets input, 58221807 bytes
Received 117930 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
374235 packets output, 389774805 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
8966 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Stats for FA0/1 (External):
#sh int fa0/1
FastEthernet0/1 is up, line protocol is up
Hardware is Gt96k FE, address is 001e.1371.2113 (bia 001e.1371.2113)
Description: [FTM1841][FA0/1][173.165.216.97/30]
Internet address is 173.165.216.97/29
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 288000 bits/sec, 19 packets/sec
5 minute output rate 32000 bits/sec, 14 packets/sec
343099 packets input, 392999952 bytes
Received 902 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
226059 packets output, 48681016 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out |
|
| reply to OVERKILL
I posted the stats for both FA0/0 and 0/1.
Thank you for all that assistance! |
|
| reply to HELLFIRE
Thank you for the assistance! |
|
| reply to Nighttrain72
Interfaces don't look too bad, and CEF's enabled.
Load up the router with as many traffic streams as possible
and see what the 5 min input/output rate looks like.
Regards |
|
| reply to Nighttrain72
Just noticed this:
IP fast switching on the same interface is enabled
You are using two separate interfaces. Therefore, this should not be enabled. |
|
| OK after removing ip route-cache same-interface and ip route-cache flow the speed increased to 10.5 mbps download.
So the question is should I settle?  |
|
1 edit | reply to Nighttrain72
I'm using ip flow ingress on my interfaces. Same router. And I see 16+mbit downloads with torrents regularly. Maxing out at around 18 or so. Sync is ~20Mbit for my DSL.
We seem to have found a few of your problems though, which is good  |
|
