|reply to phardacre |
Re: [Config] Setup Cisco 877 to work with Bt Infinity
I think I may be getting slightly confused with the MTU values. I've set them subsequently to posting the config, which is why they aren't showing up. I found a few posts on Google where people had done similar to me, and stated that you had to match the MTU to the packet size you settle on doing ping -l -f. It doesn't seem to have made any difference.
For clarity should I just set MTU 1492 on Dialer 1 and MSS 1452 on Dialer 1 too? Do I need to set the MSS on any of the VLAN interfaces?
Oh I tested the VPN from home last night it works fine. I realise now that testing it from the web server doesn't work (1723 isn't opened) and nmap and shields up were correctly reporting that the port is open.
Edit: additionally I find that if I disable the Cisco FW downloads work fine. We can surf the net with the FW up, but no downloads or speed test
Not sure what in the FW might be blocking it, but imagine maybe it isn't necessarily specific to using PPPoE like this scenario...
You should just need to set them on Dialer1 as that's where the limitation is. Other traffic can use a higher MTU and anything going over the Dialer1 interface should automatically get it's MSS lowered to the correct value in the SYN packet.
Given that your downloads work with the firewall off, it's pointing to a problem with the firewall inspection. My guess is you need to add
match protocol http to the sdm-cls-insp-traffic class-map.. Make sure you add it before the
match protocol tcp
Ok great I'll give that a go. Many thanks again Paul.
|reply to phardacre |
Right well I got somewhere by moving the match http rule above the sdm-class-inspect-traffic rule in the SDM - speedtest got a bit further, but slower than normal, before eventually erroring out. Back to the drawing board I guess.
Just out of curiosity, what speedtest are you using? I've just started using »www.measurementlab.net/run-ndt
which seems to be quite good, can give you some useful info. What errors are you getting? Does anything pop up in the console logs on the router?
You're doing a lot with that router so it could be that it's CPU is maxed. As I said, ours will top out at ~30Mbps downstream just doing NAT - no ZBF at the moment. If it's gotta inspect all the packets coming in as well, I'd expect that to add more load. Try a
sh proc cpu history
and see what the cpu loads are like. Though, saying that, I'd expect it to just get slower rather than cause a connection to drop if the cpu load was causing the problem..
I normally just use speedtest.net (37.99 down / 9.00 up)
I had a go with the site you linked and got 37 down / 9 up. I can post the details too but they dont seem amiss.
If you're just using NAT on the router what're you using for the ZBF? Another Cisco or proxy server? NAT on our router is working fine, although non-used ports are closed rather than stealthed. The speed is absolutely fine too, it's only when we enable basic FW that we run into problems.