05-27-2016 12:09 AM - edited 03-05-2019 04:06 AM
Hi everyone,
So recently our company has purchased a Cisco C881. I've loaded CP Express on it just in case because I'm still learning to work with the CLI. I've configured a static WAN interface (fixed speed at 100Mbps Full Duplex) just like on our old router. Static DNS, IP etc. While I am able to access the internet, it is incredibly slow for some reason. And not all sites, twitter.com opens up just like that. While Google takes it sweet time and sometimes does not open at all. Most of the websites do this.
I tried pinging websites from the router (like Google) and get 40% and 60% most, a lot of packets are being dropped. On CP Expres I opened pretty much everything from LAN to WAN. Is there a config. that I'm possibly missing that is causing this? Tried putting a switch between the Cisco router and my laptop but the problem still remains.
Current configuration : 13471 bytes
!
! Last configuration change at 08:51:58 GMT Thu May 26 2016 by burak
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login local_access local
!
!
!
!
!
aaa session-id common
ethernet lmi ce
clock timezone GMT 2 0
!
crypto pki trustpoint TP-self-signed-3666389536
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3666389536
revocation-check none
rsakeypair TP-self-signed-3666389536
!
!
crypto pki certificate chain TP-self-signed-3666389536
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363636 33383935 3336301E 170D3136 30353235 30373539
33335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36363633
38393533 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E5EF 09070186 6C15041A D675F986 5692906A C278BCD0 873EBB29 43A0C964
1E1EF3AD 7DA6BF58 E62FB01D 4865EBF6 6D0EB398 F86EB71E 561538A1 0A3A1923
D36AE67C 67E205E4 4382AFD8 F8E6FF5A 2F883EAF 617ABC21 351E2177 F6A39A4A
22740755 96E776A2 DECCE802 C390E079 02283F2F DD76FB0E 19FCB275 C687DDB7
EDDD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14F434B6 1D63EA9F 68BEF920 A76F4013 BA080691 D8301D06
03551D0E 04160414 F434B61D 63EA9F68 BEF920A7 6F4013BA 080691D8 300D0609
2A864886 F70D0101 05050003 8181003F F29BC2D5 88E11ED1 0FF6D186 2DC53E55
828F6EDA 2CF21659 45ACB21D 1E314290 E37C9B64 0BDCFD09 36078CBA 34365501
F6FE7AC8 063D87AE 270DCB58 FEBA694F 97A8B31A E65EA5FD 2237EBA6 A30F658B
C3B5818A A52B4AD5 81B6C114 4C6E7F76 49EF2600 9B6D8EAE B6A1D891 6D4377B8
7876503B 573B6ACB 8500F0F5 6EFFDD
quit
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool data
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
lease 0 8
!
ip dhcp pool ccp-pool
dns-server [DNS provided by ISP and Google’s as second DNS]
!
!
ip name-server [DNS provided by ISP]
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
!
flow record nbar-appmon
match ipv4 source address
match ipv4 destination address
match application name
collect interface output
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
!
!
flow monitor application-mon
cache timeout active 60
record nbar-appmon
!
parameter-map type inspect global
max-incomplete low 18000
max-incomplete high 20000
nbar-classify
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C881-K9 sn FCZ20089296
!
!
object-group service INTERNAL_UTM_SERVICE
!
object-group network local_cws_net
!
object-group network local_lan_subnets
192.168.1.0 255.255.255.0
!
object-group network netwerk_dst_net
any
!
object-group network netwerk_src_net
any
!
object-group service netwerk_svc
ip
!
object-group network vpn_remote_subnets
any
!
object-group network web_dst_net
any
!
object-group network web_src_net
any
!
object-group service web_svc
ip
!
username [username] privilege 15 password 0 [password] privilege admin
username [myname] privilege 15 password 0 [password]
!
!
!
!
!
!
class-map type inspect match-any CATEGORY_EMAIL
match protocol bmpp
match protocol esro-emsdp
match protocol eudora-set
match protocol exchange
match protocol gmail
match protocol groupwise
match protocol imap
match protocol imsp
match protocol mail-ru
match protocol mailq
match protocol mpp
match protocol msexch-routing
match protocol msp
match protocol ni-mail
match protocol odmr
match protocol outlook-web-service
match protocol pop2
match protocol pop3
match protocol qmqp
match protocol qmtp
match protocol qotd
match protocol re-mail-ck
match protocol secure-imap
match protocol secure-pop3
match protocol secure-smtp
match protocol smtp
match protocol submission
match protocol ulistproc
match protocol xns-courier
match protocol xns-mail
match protocol yahoo-mail
class-map type inspect match-any INTERNAL_DOMAIN_FILTER
match protocol msnmsgr
match protocol ymsgr
class-map type inspect match-any CATEGORY_BROWSING_3
match protocol xbox-web-portal
match protocol xda-developers
match protocol xinhuanet
match protocol yahoo-accounts
match protocol yandex
match protocol yellowpages-us
match protocol youku
match protocol zendesk
match protocol zillow
match protocol zippyshare
match protocol zulily
class-map type inspect match-any CATEGORY_BROWSING_2
match protocol secure-http
match protocol sfgate
match protocol shockwave
match protocol shutterstock
match protocol sky-news
match protocol slate-magazine
match protocol slickdeals
match protocol sohu-com
match protocol southwest-airlines
match protocol spdy
match protocol speedtest
match protocol spiegel-online
match protocol ssl
match protocol stack-overflow
match protocol statcounter
match protocol swagbucks
match protocol t-mobile-web-services
match protocol tagged-com
match protocol taringa
match protocol ted
match protocol telegraph
match protocol tesco
match protocol the-atlantic
match protocol the-daily-beast
match protocol the-pirate-bay
match protocol thechive
match protocol thefreedictionary-com
match protocol tianya
match protocol time-news
match protocol tinyurl
match protocol tmz
match protocol torrentz
match protocol trulia
match protocol tudou
match protocol twitch-tv
match protocol typepad
match protocol unite-airlines
match protocol uol
match protocol usa-today
match protocol usaa
match protocol usbank
match protocol usps
match protocol verizon-web-services
match protocol verizon-wireless-web-services
match protocol vine
match protocol vkontakte
match protocol wall-street-journal
match protocol wap-push
match protocol wap-push-http
match protocol wap-push-https
match protocol wap-pushsecure
match protocol wap-vcal
match protocol wap-vcal-s
match protocol wap-vcard
match protocol wap-vcard-s
match protocol wap-wsp
match protocol wap-wsp-s
match protocol wap-wsp-wtp
match protocol wap-wsp-wtp-s
match protocol warriorforum
match protocol washington-post
match protocol weather-com
match protocol weather-gov-web-portal
match protocol webmd
match protocol weibo
match protocol wells-fargo
match protocol wetransfer
match protocol whitepages
match protocol wikia
match protocol wikipedia
match protocol wired-com
match protocol wordreference-com
match protocol worldstarhiphop
match protocol wunderground-com
class-map type inspect match-any CATEGORY_BROWSING_1
match protocol fox-news
match protocol github
match protocol gizmodo
match protocol gmx-mail
match protocol godaddy
match protocol goodreads
match protocol google-accounts
match protocol google-services
match protocol gopher
match protocol gss-http
match protocol hollywood-reporter
match protocol hootsuite
match protocol hostgator
match protocol hotels-com
match protocol htc-services
match protocol http
match protocol http-alt
match protocol huffingtonpost
match protocol imdb
match protocol indeed-com
match protocol independent-news
match protocol indiatimes
match protocol indiegogo
match protocol infusionsoft
match protocol intuit
match protocol investopedia
match protocol java-web-portal
match protocol jimdo
match protocol jingdong-360buy
match protocol joomla
match protocol kayak-com
match protocol kickstarter
match protocol letv-com
match protocol livedoor
match protocol liveperson
match protocol livestrong-com
match protocol mailchimp
match protocol major-league-baseball-com
match protocol mashable
match protocol mint-com
match protocol monster-com
match protocol ms-live-accounts
match protocol mtv
match protocol nate-com
match protocol national-institute-of-health
match protocol national-public-radio
match protocol nbc-news
match protocol nhl-com
match protocol nike
match protocol noaa
match protocol ny-daily-news
match protocol nytimes
match protocol okcupid
match protocol outbrain
match protocol patch-com
match protocol paypal
match protocol pbs-web-portal
match protocol people-web
match protocol pinterest
match protocol playstation-store
match protocol playstation-web-portal
match protocol pocket
match protocol prezi
match protocol priceline-com
match protocol publishers-clearing-house
match protocol qq-accounts
match protocol rakuten
match protocol realtor-com
match protocol rediff-com
match protocol retailmenot
match protocol reuters
match protocol rotten-tomatoes
match protocol samsung
match protocol scribd
class-map type inspect match-any CATEGORY_BROWSING
match protocol 4chan
match protocol 58-city
match protocol abc-news
match protocol accuweather
match protocol adcash
match protocol addthis
match protocol adweek
match protocol airbnb
match protocol allrecipes
match protocol ameba
match protocol american-express
match protocol ancestry-com
match protocol ask-com
match protocol asus
match protocol atlassian
match protocol att-web-services
match protocol audible-com
match protocol aweber
match protocol backpage
match protocol badoo
match protocol bandcamp-com
match protocol bank-of-america
match protocol basecamp
match protocol bbc
match protocol bild-de
match protocol bing
match protocol bitbucket
match protocol bitly
match protocol blackboard-com
match protocol blaze-news
match protocol bleacher-report
match protocol bluehost
match protocol buffer-com
match protocol business-insider
match protocol buzzfeed
match protocol california-gov
match protocol capital-one
match protocol cbs
match protocol cbs-sports
match protocol chase-bank
match protocol citi-bank
match protocol clickbank
match protocol cnbc
match protocol cnet
match protocol conduit-com
match protocol constant-contact-com
match protocol coupons-com
match protocol coursera
match protocol craigslist
match protocol csdn
match protocol daily-mail
match protocol dangdang
match protocol daum
match protocol discover-com
match protocol disney-web-portal
match protocol douban
match protocol drudge-report-com
match protocol e-online
match protocol ehow-web-portal
match protocol engadget
match protocol entertainment-weekly
match protocol espn-browsing
match protocol etsy
match protocol european-union-web-portal
match protocol eventbrite
match protocol evernote
match protocol fedex
match protocol feedly
match protocol fiver
match protocol flash-video
match protocol flashmyspace
match protocol flickr
match protocol foodnetwork
match protocol foursquare
class-map type inspect match-all web
match access-group name web_acl
class-map type inspect match-any netwerk_app
match class-map CATEGORY_BROWSING
match class-map CATEGORY_BROWSING_1
match class-map CATEGORY_BROWSING_2
match class-map CATEGORY_BROWSING_3
match class-map CATEGORY_EMAIL
class-map type inspect match-all netwerk
match access-group name netwerk_acl
match class-map netwerk_app
!
policy-map type inspect LAN-WAN-POLICY
class type inspect netwerk
inspect
class type inspect web
inspect
class type inspect INTERNAL_DOMAIN_FILTER
inspect
class class-default
drop log
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
zone-pair security LAN-WAN source LAN destination WAN
service-policy type inspect LAN-WAN-POLICY
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
zone-member security LAN
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description PrimaryWANDesc_
ip address [static ip provided by ISP + subnetmask]
ip nat outside
ip virtual-reassembly in
zone-member security WAN
duplex full
speed 100
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nbar protocol-discovery
ip flow monitor application-mon input
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
zone-member security LAN
load-interval 30
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source list nat-list interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 [my default gateway provided by ISP]
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
deny ip any any
ip access-list extended netwerk_acl
permit object-group netwerk_svc object-group netwerk_src_net object-group netwerk_dst_net
ip access-list extended web_acl
permit object-group web_svc object-group web_src_net object-group web_dst_net
!
!
access-list 101 permit udp any any eq domain
access-list 101 permit udp any eq domain any
access-list 102 permit tcp any any eq telnet
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
login authentication local_access
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login authentication local_access
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
05-27-2016 01:51 PM
Hi,
Check your routing table with show ip route.
There are likely two default routes with the same administrative distance that are both being used equally (load balanced).
Except one of your routes (ip route 0.0.0.0 0.0.0.0 FastEthernet4) is not going to work because you specified an interface which means it's going to ARP for every destination IP, thinking it's directly connected and then fail. Plus, even if it did work, that's unnecessary, so you should definitely remove that route either way.
Regards,
Tim
05-29-2016 10:38 AM
Hi Tim,
I've deleted the fastethernet 4 route like you said. The one with: 0.0.0.0 0.0.0.0 [ISP default gateway] is still enable though, should I delete that one as well? Still unclear on what this exactly does?
I put in the show ip route and got the following result:
Router#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan1
L 192.168.1.1/32 is directly connected, Vlan1
I'm assuming this is how it should look like. Currently my laptop is the only device connected to the router, can't connect the router to the modem until tomorrow. Once I get the results, I'll post them here. But should it look something like the output above?
I also deleted all the 'match' protocols, from what I understand that takes up a fair share of resources as well.
05-29-2016 12:27 PM
Hi there,
Leave the other route there - you need it. It's what is telling your router what to do with traffic destined for the Internet.
The one you deleted was a misconfigured route that was the likely cause of your router dropping half the packets.
When you connect the modem, your routing table will also include an S (static) route to 0.0.0.0. Just test and see how it goes. You should not be dropping half your packets now unless I'm missing something else.
Regards,
Tim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide