er51
join:2005-01-26
Delmar, NY | Optimizing Cisco 871w for Verizon FiOS I got FiOS recently, and after running some tests, have been getting better speeds with the D-Link 604 provided by Verizon then with my Cisco 871w. I've heard that the 604 they provide has some special firmware, so I'm guessing there are some kind of optimizations built in that boost the speed. Is there anything I could do on my Cisco router to optimize the speeds. FiOS is using PPPoE at the moment, if that matters. |
|
|
|
| Set you MTU in the router to 1490 instead of 1500. I would also set your receive window to some thing like 128480.
I used TCPOptimizer to change my settings on my PC's. |
|
| reply to er51
I can't see how you could optimise a router (especially a D-Link  ) to give you a better speed than you can achieve with an 871W.
Post your full config without passwords or public IPs and we can see if there is anything that needs to be changed. |
|
er51
join:2005-01-26
Delmar, NY | reply to er51
Here is my running config. I'm using IOS 12.4(2)T. File name of the image is c870-advipservicesk9-mz.124-2.T.bin. I think the problem may have something to do with MTU, but I'm not really sure what to do.
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname BT1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxx
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.4
!
ip dhcp pool sdm-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server 151.198.0.38 151.202.0.85
default-router 10.10.10.1
!
!
ip tcp synwait-time 10
no ip bootp server
ip name-server 151.198.0.38
ip name-server 151.202.0.85
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
no ip ips deny-action ips-interface
!
!
crypto pki trustpoint TP-self-signed-2759550239
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2759550239
revocation-check none
rsakeypair TP-self-signed-2759550239
!
!
crypto pki certificate chain TP-self-signed-2759550239
certificate self-signed 01
xxxx
quit
username xxxx privilege 15 secret 5 xxxx
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface Dot11Radio0
no ip address
!
encryption key 1 size 128bit 7 xxxx transmit-key
encryption mode wep mandatory
!
ssid BT1
authentication open
guest-mode
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no dot11 extension aironet
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
bridge-group 1
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 102 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname braunstein
ppp chap password 7 08711C1E5949
ppp pap sent-username braunstein password 7 00544356540B
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.10.10.3 6881 interface Dialer0 6881
ip nat inside source static tcp 10.10.10.2 8098 interface Dialer0 8098
ip nat inside source static tcp 10.10.10.2 80 interface Dialer0 80
ip nat inside source static tcp 10.10.10.2 21 interface Dialer0 21
ip nat inside source static tcp 10.10.10.2 2198 interface Dialer0 2198
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 remark auto-generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto-generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark Bittorrent
access-list 101 permit tcp any eq 6881 any eq 6881
access-list 101 permit udp host 151.202.0.85 eq domain any
access-list 101 permit udp host 151.198.0.38 eq domain any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq 8098
access-list 102 permit tcp any any eq ftp
access-list 102 permit tcp any any eq 2198
access-list 102 permit tcp any any eq 6881
access-list 102 deny ip 10.10.10.0 0.0.0.255 any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end |
|
| Hello, i have the cisco 871w series router and I'm trying to configure the basics so i can connect. I'm nto sure what verizon uses, i know PPOE but I'm not sure weather to use CHAP or PAP and verizon tech support doesnt know either. they did tell me they are going to DHCP so PPOE and DHCP will be your options.
can you assist me in setting this up. thanks. |
|
2 edits | I believe they use CHAP for their auth. For the MTU, you would want to set that to 1490. ER51 has his working, but his speeds are off. It could be his MTU settings. So I would look over his config and adjust yours accordingly.
The lines for mtu I think are ip mtu 1452 and ip tcp adjust-mss 1452.
You may also want to use TCPOptimizer to adjust your PC's setting and use BBR's test tools to see if every thing is ok.
Also, if you have SMartNet support, install the full version on your PC to change your settings. It has more options then the light version. |
|
er51
join:2005-01-26
Delmar, NY | reply to karlehenry
karlehenry, if you want some help, feel free to email me at eric51 (at) nycap.rr.com, or IM me on AIM at "Er 51". |
|
 DaSneaky1Done wall to block them allPremium,MVM
join:2001-03-29
The Lou | reply to er51
Curious, what is the speed difference. Keep in mind that your Cisco has a much more extensive configuration, so that could be contributing.
--
:: my trivial ramblings :: |
|
tdoranPremium
join:2003-09-27
Ridge, NY | reply to er51
said by er51:I got FiOS recently, and after running some tests, have been getting better speeds with the D-Link 604 provided by Verizon then with my Cisco 871w. I've heard that the 604 they provide has some special firmware, so I'm guessing there are some kind of optimizations built in that boost the speed. Is there anything I could do on my Cisco router to optimize the speeds. FiOS is using PPPoE at the moment, if that matters. There is talk in the FiOS Forum that VZ has modified the firmware on the D-Link 604; and as far as I know no one has reversed engineered or decompiled the firmware to see what changes were made on behalf of VZ by D-Link.
I know that the firmware has "hooks" and "provisions" for FiOS TV, and talks to some firmware on the ONT.
Tim |
|
 CovenantPremium,MVM
join:2003-07-01
England | reply to TROLL131313
MTU should never match MSS but actually be 40 bytes less.
So, set your MTU to 1492 on the PPPoE dialer which takes into account the 8 byte PPPoE overhead.
On the LAN interface, add the command ip tcp adjust-mss 1452. If you still have "slow downloads", tweak your windows sizes as has been touched above and also advise whether the downloads comparing the D-LINK and the Cisco have been to the same server not far apart in time frames.
Also, there is a handy document which explains PPPoE MTU/MSS issues...
»www.cisco.com/warp/public/794/ro···mtu.html
I guess the important questions are:
1) Where are you downloading from?
2.) Using what protocol? (FTP/SFTP/HTTP/P2P/etc)
3.) What is your upload/download?
4.) Is it consistent all the time or does it happen at different times?
5.) Are your other web applications slow too (web browsing/etc)?
--
If only my employers can see how much effort I put into the Cisco forum. They would then understand why I sleep at my desk.  |
|
