Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2727
Views
0
Helpful
5
Replies

Cisco 2811 performance issue - dual(new) isp

jacob6000
Level 1
Level 1

‎12-19-2011 07:59 PM - edited ‎03-04-2019 02:41 PM

Hello,

I have an issue that is really causing me grief. I recentely inherited a small network. There is an existing 1.5mbps Internet connection (fa0/0) (includes MPLS as well/same provider). We added a new ISP that allows for 50mb down/5mb up. I added the new ISP to fa0/1 and modified the NAT overload statements accordingly. I alo changed the default route to ONLY use the new, faster ISP connection. Using speedguide.net, I am only able to get 6 to 10mb down, most of the time. if I plug a laptop into the cable modem then I get 37 to 50mb down. Any idea why the 2811 is so slow? How much download speed can I expect to get? Any assisstance would be very much appreciated.

I have attached the config and various show outputs (nat, sh ver, memory, etc.). the file called "latest logs" contains a "sh ip traffic, sh int switching and a sh proc cpu sorted".

thank you,

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.12.17 17:47:41 =~=~=~=~=~=~=~=~=~=~=~=

2811rtr#
2811rtr#sh run
Building configuration...


Current configuration : 21129 bytes
!
! Last configuration change at 16:39:52 CST Sat Dec 17 2011 by rtradmin
! NVRAM config last updated at 20:45:10 CST Fri Dec 16 2011 by rtradmin2
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname 2811rtr
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.124-24.T2.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
no logging console
enable secret 5 2 32809482309841

enable password 7 548098903423266

!
aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network vpnauth local
!
!
aaa session-id common
clock timezone CST -6
clock summer-time CST recurring
!
dot11 syslog
ip source-route
!
!
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool voice
   network 172.18.1.0 255.255.255.0
   option 150 ip 192.168.1.31
   default-router 172.18.1.1
dns-server 192.168.2.203
!
!
no ip domain lookup
ip domain name CORP.COMPANY.COM
!
multilink bundle-name authenticated
!
!
!
!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
  accept-dialin
  protocol pptp
  virtual-template 1
!
!
!
trunk group Analog
!
!
!
voice service voip
address-hiding
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
redirect ip2ip
fax protocol cisco
sip
  bind control source-interface Vlan10
  bind media source-interface Vlan10
  rel1xx disable
header-passing error-passthru
  registrar server
   outbound-proxy ipv4:10.255.1.5
  early-offer forced
  midcall-signaling passthru
  sip-profiles 1
!
!
voice class codec 1
codec preference 1 g729r8
codec preference 2 g711ulaw
!

!
voice class sip-profiles 1
request INVITE sip-header Allow-Header modify ", UPDATE" ""
request REINVITE sip-header Allow-Header modify ", UPDATE" ""
response 180 sip-header Allow-Header modify ", UPDATE" ""
response 200 sip-header Allow-Header modify ", UPDATE" ""
!
!
voice translation-rule 1
rule 1 /^...$/ /2109790380/
!
voice translation-rule 2
rule 1 /7\(.*\)/ /\1/
!
voice translation-rule 7
rule 1 /^7/ //
!
voice translation-rule 210
rule 1 /210\(.......\)/ /150/
rule 2 /972\(.......\)/ /150/
rule 3 /281\(.......\)/ /150/
!
!
voice translation-profile 210
translate called 210
!
voice translation-profile PaetecOutbound
translate calling 1
translate called 2
!
voice translation-profile strip-7
translate calling 1
translate called 7
!
!
voice-card 0
dspfarm
dsp services dspfarm
!
!
crypto pki trustpoint TP-self-signed-444663626022273
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-39962996022273
revocation-check none
rsakeypair TP-self-signed-36260222744388
!

crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 10 5 periodic
!
crypto isakmp client configuration group company
key rtrcrypt
pool vpn_pool
acl 110
!
!
crypto ipsec transform-set vpn_set esp-3des esp-md5-hmac
!
crypto dynamic-map vpnmap 80
set transform-set vpn_set
reverse-route
qos pre-classify
!
!
crypto map vpnmap isakmp authorization list vpnauth
crypto map vpnmap client configuration address respond
crypto map vpnmap 10 ipsec-isakmp
set peer 201.201.201.xx
set transform-set vpn_set
match address 100
crypto map vpnmap 20 ipsec-isakmp
set peer 40.40.40.40
set transform-set vpn_set
match address 120
crypto map vpnmap 30 ipsec-isakmp
set peer 50.50.50.50
set transform-set vpn_set
match address 130
crypto map vpnmap 40 ipsec-isakmp
set peer 60.60.60.60
set transform-set vpn_set
match address 140
crypto map vpnmap 80 ipsec-isakmp dynamic vpnmap
!
!
!
!
class-map match-any VOICE-CONTROL
match ip dscp af31
match ip dscp cs3
class-map match-any AutoQoS-VoIP-RTP-Trust
match ip dscp ef
class-map match-all VOICE
match ip dscp ef
class-map match-any AutoQoS-VoIP-Control-Trust
match ip dscp cs3
match ip dscp af31
!
!
policy-map VoiceQos
class VOICE
priority 224
class VOICE-CONTROL
    bandwidth percent 5
class class-default
    fair-queue
policy-map AutoQoS-Policy-Trust
class AutoQoS-VoIP-RTP-Trust
    priority percent 70
class AutoQoS-VoIP-Control-Trust
    bandwidth percent 5
class class-default
    fair-queue
!
!
!
!
!
interface FastEthernet0/0
description ***To Internet***
ip address 100.100.195.132 255.255.255.240
no ip redirects
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
service-policy output AutoQoS-Policy-Trust
!
interface Service-Engine0/0
ip unnumbered Vlan10
service-module ip address 192.168.1.2 255.255.255.0
service-module ip default-gateway 192.168.1.30
hold-queue 60 out
!
interface FastEthernet0/1
ip address 200.200.200.66 255.255.255.0
no ip redirects
ip nat outside
ip virtual-reassembly
duplex full
speed 100
!
interface FastEthernet1/0
description ***To MPLS***
switchport access vlan 10
switchport voice vlan 1
mls qos trust dscp
auto qos voip trust
auto discovery qos
spanning-tree portfast
!
!
!
interface Virtual-Template1
ip unnumbered Vlan1
ip virtual-reassembly
no peer default ip address
ppp encrypt mppe auto passive
ppp authentication pap chap ms-chap
!
interface Vlan1
ip address 172.18.1.1 255.255.255.0
h323-gateway voip interface
!
interface Vlan10
ip address 192.168.1.30 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan80
ip address 10.10.80.1 255.255.0.0
!
ip local pool vpn_pool 172.18.1.50 172.18.1.75
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 200.200.200.254
ip route 10.255.1.0 255.255.255.0 192.168.1.254
ip route 172.18.2.0 255.255.255.0 192.168.1.254
ip route 172.18.3.0 255.255.255.0 192.168.1.254
ip route 192.168.1.2 255.255.255.255 Service-Engine0/0
ip route 192.168.2.0 255.255.255.0 192.168.1.254
ip route 192.168.3.0 255.255.255.0 192.168.1.254
ip http server
ip http authentication local
ip http secure-server
ip http path flash:GUI
!
ip flow-top-talkers
top 50
sort-by bytes
!
ip nat inside source list 111 interface FastEthernet0/1 overload
!
!
logging 192.168.1.100
logging 192.168.2.53
access-list 102 remark NAT ACL
access-list 102 deny   ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 102 deny   ip 192.168.0.0 0.0.255.255 172.18.0.0 0.0.255.255
access-list 102 deny   ip 172.18.0.0 0.0.255.255 172.18.0.0 0.0.255.255
access-list 102 deny   ip 172.18.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 remark NAT ACL
access-list 110 remark VPN Access Special ACL
access-list 110 permit ip 192.168.0.0 0.0.3.255 172.18.1.0 0.0.0.255
access-list 110 permit ip 172.18.0.0 0.0.3.255 172.18.1.0 0.0.0.255
access-list 110 remark Intersite IPSec ACL
access-list 110 remark VPN Access Special ACL
access-list 111 remark NAT ACL
access-list 111 permit ip 192.168.1.0 0.0.0.255 any
access-list 111 remark NAT ACL
access-list 120 permit gre host x.x.x.x host x.x.x.x
access-list 130 remark Intersite IPSec ACL
access-list 130 permit gre host x.x.x.x host x.x.x.x

access-list 130 remark Intersite IPSec ACL
!
!
control-plane
!
!
!
!
!
sccp local Vlan10
sccp ccm 192.168.1.31 identifier 1 version 3.1
sccp
!
sccp ccm group 1
associate ccm 1 priority 1
associate profile 2 register cfb0015f956d548
associate profile 1 register mtp0015f956d548
!
dspfarm profile 1 transcode 
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729br8
codec g729r8
maximum sessions 4
associate application SCCP
!
dspfarm profile 2 conference 
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
associate application SCCP
!
!
dial-peer voice 401 mmoip
description Main FAX
service fax_on_vfc_onramp_app out-bound
destination-pattern 181
information-type fax
session target mailto:fax@company.com
!
dial-peer voice 210 voip
translation-profile incoming 210
voice-class codec 1
session protocol sipv2
session target sip-server
incoming called-number 210.......
dtmf-relay sip-notify rtp-nte
!
dial-peer voice 972 voip
translation-profile incoming 210
voice-class codec 1
session protocol sipv2
session target sip-server
incoming called-number 972.......
dtmf-relay sip-notify rtp-nte
!
dial-peer voice 281 voip
translation-profile incoming 210
voice-class codec 1
session protocol sipv2
session target sip-server
incoming called-number 281.......
dtmf-relay sip-notify rtp-nte
!
dial-peer voice 100 voip
destination-pattern 1..
voice-class codec 1
voice-class sip outbound-proxy ipv4:192.168.1.31
session protocol sipv2
session target ipv4:192.168.1.31
dtmf-relay rtp-nte
no vad
!
dial-peer voice 9000 voip
translation-profile outgoing strip-7
destination-pattern 7T
session protocol sipv2
session target ipv4:10.255.1.5
dtmf-relay rtp-nte
no vad
!
!
dial-peer hunt 2
gateway
timer receive-rtp 1200
!
sip-ua
credentials username ssssssssss password 7 ssssssss realm isp.net
authentication username rrrrrrrrrrrrrrr password 7 rrrrrrrrrrrrrrr
no remote-party-id
max-forwards 15
retry invite 2
retry response 3
retry bye 3
retry prack 6
timers expires 300000
registrar dns:10.255.1.5 expires 3600
sip-server dns:10.255.1.5
!
!
!
call-manager-fallback
video
secondary-dialtone 7
max-conferences 4 gain -6
transfer-system full-consult
ip source-address 172.18.1.1 port 2000
max-ephones 30
max-dn 120 dual-line
sdspfarm units 5
sdspfarm transcode sessions 2
system message primary SRST Mode - contact IT
transfer-pattern .T
voicemail 600
call-forward pattern .T
moh flash:moh.wav
time-zone 8
!

Labels:
119219-2811log-nat.txt.zip
119218-latest 2811 logs.txt.zip
0 Helpful
5 Replies 5

sleepyshark
Level 1
Level 1

‎12-20-2011 12:07 PM

I see you're manually set for 100mb/full duplex.  Verify with your ISP that they're handing off at 100mb/full - Mismatch duplex/speed can dramatically affect your speed.

Sean

http://www.sleepyshark.com/about/sean-brown-professional-biography/

0 Helpful

jacob6000
Level 1
Level 1
In response to sleepyshark

‎12-20-2011 12:26 PM

I actually put it back to Auto and it still negotiates at 100mbps full duplex. ?? Still trying to figure it out. Thanks.

0 Helpful

sleepyshark
Level 1
Level 1
In response to jacob6000

‎12-20-2011 12:29 PM

Doesn't matter -- you need to call your ISP - both sides need to match speed/duplex settings.  Even though you're on Auto/Auto, you should still sync at what the other side wants to see.  Take a few minutes, call the ISP and specifically ask them what their side is set at - once that is ruled out, we can look at some other things.

Sean

0 Helpful

JFlorian33
Level 1
Level 1
In response to sleepyshark

‎12-20-2011 06:29 PM

Speed/Duplex was deffinetly the first thing that came to my mind when I saw your initial configuration. From the looks of it though, he's using a cable modem as his gateway which recieves a BIN file telling it how to configure. Everything is typically set auto but certainly doesn't hurt to call them up and make sure. Also now that your multi-homing its very well possible your tests could be coming back through your other ISP interface if its seen as a better route back to the outside world. Try shutting down your slow ISP connection and see if you get the same results. Another option is to ask the ISP if they have there own bandwidth testing server. I don't see QOS configurations on your new WAN interface but there is on the Fa1/0 interface if thats your test port your using but I'm not familiar with that aspect to tell ya if thats where the problem is.

0 Helpful

jacob6000
Level 1
Level 1
In response to JFlorian33

‎12-20-2011 08:48 PM

Jonathon,

I actually did shut down the original isp interface (fa0/0) tonight. The fa0/1 interface is set to AUTO and it has no QoS applied. Thoughts?

Thanks,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card