cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1390
Views
4
Helpful
2
Replies

Need Opinion - Bandwidth (Download/Upload) is "Flipped" When Behind PIX

hyounkim80
Level 1
Level 1

As of right now, I don't have access to the PIX itself but can get access to it later today.  In the meantime, I wanted to get everyone's opinions on a very peculiar issue I'm seeing with Internet download speeds.

Prior to last week, my company was utilizing a Sprint T1 connection for all visitor traffic.  Attached to the Sprint T1 was a Cisco router -> C3524 Switch -> PIX-506E device.

Last week, a decision was made to upgrade our bandwith for our visitor traffic and we replaced the T1 with a Comcast Business Class cable solution. The bandwidth we ordered was 22Mbit down/5Mbit up.  From the cable modem that was provided, we connected it in the same manner -> C3524 Switch -> PIX-506E device.

Since the change, I noticed that our visitor VLAN hasn't really had much of a change in Internet speeds.  Doing some quick speed tests, it shows that our download caps at around 5Mbit but our uploads are in the 22Mbit range.

Thinking Comcast messed up and accidently flipped our download/upload speeds, I was on the phone with them for almost an hour as we investigated the issue.  They finally had me connect directly to the Comcast cable modem to test on my laptop.  The results are that from the cable modem, the speeds are correct (I get 22Mbit down, 5Mbit up).

I'm not really sure how to troubleshoot this or where to even begin. At first I thought maybe our PIX couldn't handle the speeds, but it's handling the upload rate just fine.  All I know this has to be equipment on our side since Comcast had me test directly from the cable modem.

Does anyone have any insights, opinions, or suggestions?

Thanks in advance.

2 Replies 2

aswami300
Level 1
Level 1

Hi Kim,

Please check following on PIX firewall.

1. Show interface (make sure that it is not negotiating at half duplex, no crc error, no overrun and any other type of error on ingress and egress interface).

2. Show memory

3. Show cpu usage

Note: above should not exceed 90%.

4. show conn count (if you see that connection count is very high)

Run show conn detail and see if any specfic server is sending traffic.

--

Anubhav Swami

Thanks Anubhav.  It looks like the problem was on the switch-side.  It looks like the cable modem was plugged in directly into the same port that the router was connected to.  The port had the speed & duplex manually set to 100/full.  Apparently that caused the switch to report interface/CRC errors every 5 seconds.  Setting it to auto/auto fixed it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: