Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1283
Views
0
Helpful
0
Replies

very slow connection from ISR4321

Hulk8647
Level 1
Level 1

‎04-10-2018 01:16 PM - edited ‎03-05-2019 10:15 AM

I have no idea what it is but I plugged a laptop directly into the ISP modem and I'm hitting speed of into 90's. But, when I plug the 4321 into the modem, and use the second interface directly into a laptop, my speed is in mid to high 18. So, I drop from 90's to 18's. Here is the config and other show commands. I cannot find that would be causing this issue. My g0/0/0 goes into the laptop, and g0/0/1 into the modem. With this license, I should be pushing 50 in and 50 out.

 

!
version 16.6
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname RTE
!
boot-start-marker
boot system flash bootflash:isr4300-universalk9.16.06.02.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging buffered warnings
no logging console
no logging monitor
enable secret 5 $1$7vG5$PIahg9O40FxoTHfozgtXW/
!
aaa new-model
!
!
aaa group server tacacs+ ISE_TACACS
 server name alcise01
 server name alcise02
!
aaa authentication password-prompt "Password_: "
aaa authentication username-prompt "Username_: "
aaa authentication login default group tacacs+ local
aaa authentication login VTY group ISE_TACACS local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec VTY group ISE_TACACS local if-authenticated
aaa authorization commands 1 VTY group ISE_TACACS local if-authenticated
aaa authorization commands 15 VTY group ISE_TACACS local if-authenticated
aaa accounting update periodic 15
aaa accounting exec default start-stop group ISE_TACACS
aaa accounting commands 1 default start-stop group ISE_TACACS
aaa accounting commands 15 default start-stop group ISE_TACACS
!
!
!
!
!
!
aaa session-id common
process cpu threshold type total rising 80 interval 60 falling 40 interval 60
clock timezone CDT -5 0
clock summer-time CDT recurring
no ip source-route
ip options drop
!
ip name-server 10.255.0.190 10.255.0.191
ip domain list alcco.com
ip domain lookup source-interface GigabitEthernet0/0/0
ip domain name alcco.com
no ip dhcp use vrf connected
ip dhcp excluded-address 10.50.10.1 10.50.10.70
ip dhcp excluded-address 10.50.10.100 10.50.10.254
!
ip dhcp pool CLIENT
 network 10.50.10.0 255.255.255.0
 default-router 10.50.10.254
 dns-server 10.255.0.190 10.255.0.191
 netbios-name-server 10.255.0.190 10.255.0.191
 domain-name alcco.com
 lease 2
!
ip dhcp pool Pinicon-1
 host 10.50.10.101 255.255.255.0
 client-identifier 0180.9b20.b576.b8
 dns-server 10.255.0.190 10.255.0.191
 default-router 10.50.10.254
 domain-name alcco.com
 netbios-name-server 10.255.0.190 10.255.0.191
 lease 2
!
ip dhcp pool Pinicon-2
 host 10.50.10.102 255.255.255.0
 client-identifier 0180.9b20.b848.54
 dns-server 10.255.0.190 10.255.0.191
 default-router 10.50.10.254
 domain-name alcco.com
 netbios-name-server 10.255.0.190 10.255.0.191
 lease 2
!
ip dhcp pool Pinicon-3
 host 10.50.10.103 255.255.255.0
 client-identifier 0144.8a5b.e917.45
 dns-server 10.255.0.190 10.255.0.191
 default-router 10.50.10.254
 domain-name alcco.com
 netbios-name-server 10.255.0.190 10.255.0.191
 lease 2
!
ip dhcp pool Pinicon-4
 host 10.50.10.104 255.255.255.0
 client-identifier 01b8.8a60.3e6d.9c
 dns-server 10.255.0.190 10.255.0.191
 default-router 10.50.10.254
 domain-name alcco.com
 lease 2
!
!
!
!
!
!
license udi pid ISR4321/K9 sn FDO19490H76
license boot level securityk9
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
!
username ALCADMIN privilege 15 password 7 09685C200F5419
!
redundancy
 mode none
!
!
!
crypto keyring keyring
  pre-shared-key address 0.0.0.0 0.0.0.0 key ******
!
!
!
!
!
!
crypto isakmp policy 10
 encr aes
 authentication pre-share
crypto isakmp keepalive 10 periodic
crypto isakmp nat keepalive 20
!
!
crypto ipsec transform-set *****************
 mode transport
!
crypto ipsec profile AES-SHA
 set transform-set AES-SHA
!
!
!
!
interface Tunnel0
 description DMVPN
 ip address 10.255.14.60 255.255.254.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication enlivant
 ip nhrp map 10.255.14.1 38.69.52.4
 ip nhrp map multicast 38.69.52.4
 ip nhrp network-id 1
 ip nhrp holdtime 300
 ip nhrp nhs 10.255.14.1
 ip nhrp redirect
 ip tcp adjust-mss 1360
 keepalive 5 3
 tunnel source GigabitEthernet0/0/1
 tunnel mode gre multipoint
 tunnel key 1
 tunnel protection ipsec profile AES-SHA shared
 ip virtual-reassembly
!
interface GigabitEthernet0/0/0
 description LAN-INSIDE
 ip address 10.50.10.254 255.255.255.0
 ip mtu 1460
 ip nat inside
 ip tcp adjust-mss 1350
 ip policy route-map PBR
 negotiation auto
 hold-queue 32 in
 hold-queue 100 out
 ip virtual-reassembly
!
interface GigabitEthernet0/0/1
 description INTERNET-OUTSIDE
 ip address dhcp
 ip nat outside
 negotiation auto
 no cdp enable
 ip virtual-reassembly
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
!
router eigrp 2
 distribute-list prefix BLOCK-EIGRP-DEFAULT in
 network 10.0.0.0
 passive-interface default
 no passive-interface Tunnel0
 eigrp stub connected
!
ip nat inside source list NAT interface GigabitEthernet0/0/1 overload
ip forward-protocol nd
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
ip ftp source-interface Tunnel0
ip ftp username zgil
no ip http server
no ip http secure-server
ip http secure-trustpoint TP-self-signed-3430957644
ip http client secure-trustpoint TP-self-signed-3430957644
ip tftp source-interface GigabitEthernet0/0/0
ip tacacs source-interface GigabitEthernet0/0/0
!
ip ssh version 2
!
!
ip prefix-list BLOCK-EIGRP-DEFAULT seq 5 deny 0.0.0.0/0
ip prefix-list BLOCK-EIGRP-DEFAULT seq 10 permit 0.0.0.0/0 le 32
!
ip access-list extended NAT
 permit ip 10.50.10.224 0.0.0.15 any
ip access-list extended PBR
 deny   ip 10.50.10.224 0.0.0.15 any
 deny   ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
 permit ip 10.0.0.0 0.255.255.255 any
kron occurrence MONTHLY_BACKUP at 2:54 10 recurring
 policy-list CONFIG_BACKUP
!
kron policy-list CONFIG_BACKUP
 cli copy running-config tftp://10.255.0.150/Pinicon_Place
!
logging trap warnings
logging host 10.255.0.150
access-list 2 permit 10.6.0.0 0.0.255.255
access-list 2 permit 10.20.0.0 0.0.255.255
access-list 2 permit 10.40.0.0 0.0.255.255
access-list 2 permit 10.50.0.0 0.0.255.255
access-list 2 permit 10.90.0.0 0.0.255.255
access-list 2 permit 10.255.0.0 0.0.255.255
access-list 2 permit 38.69.52.0 0.0.0.63
access-list 2 permit 96.90.112.240 0.0.0.7
access-list 2 deny   any
!
!
route-map PBR permit 10
 match ip address PBR
 set ip next-hop 10.255.14.1
!
snmp-server community ALCpub RO
snmp-server community 177h@ouses RW
snmp-server location Pinicon Place
snmp-server contact Enlivant
snmp-server enable traps snmp coldstart
snmp-server enable traps tty
snmp-server enable traps memory bufferpeak
snmp-server enable traps cpu threshold
snmp-server host 10.255.8.158 ALCpub
tacacs-server timeout 10
tacacs-server directed-request
tacacs server alcise01
 address ipv4 10.255.0.30
 key 7 ********
tacacs server alcise02
 address ipv4 10.255.0.31
 key 7 *************
!
!
!
!
control-plane
!
banner motd ^CCC

*********************  ATTENTION!!  ***********************
*                                                         *
*  STATE AND FEDERAL STATUTES MAKE IT A CRIME TO          *
*  GAIN UNAUTHORIZED ACCESS INTO THIS SYSTEM.VIOLATORS    *
*  WILL BE PROSECUTED TO THE FULLEST EXTENT OF THE LAW.c  *
*                                                         *
***********************************************************

Your session is being monitored by Enlivant network admins.


^C
!
line con 0
 session-timeout 40
 exec-timeout 120 0
 logging synchronous
 transport input none
 stopbits 1
line aux 0
 modem InOut
 no exec
 stopbits 1
 speed 115200
 flowcontrol hardware
line vty 0 4
 session-timeout 40
 access-class 2 in
 exec-timeout 120 0
 authorization commands 1 VTY
 authorization commands 15 VTY
 authorization exec VTY
 logging synchronous
 login authentication VTY
 length 0
 transport input ssh
line vty 5 15
 session-timeout 40
 access-class 2 in
 exec-timeout 120 0
 authorization commands 1 VTY
 authorization commands 15 VTY
 authorization exec VTY
 logging synchronous
 login authentication VTY
 transport input ssh
!
scheduler max-task-time 5000
ntp source Tunnel0
ntp server 10.255.0.1
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

 

Pinicon_Place#sh int g0/0/1
GigabitEthernet0/0/1 is up, line protocol is up
  Hardware is ISR4321-2x1GE, address is 00f2.8b29.2401 (bia 00f2.8b29.2401)
  Description: INTERNET-OUTSIDE
  Internet address is 50.82.97.181/23
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not supported
  Full Duplex, 1000Mbps, link type is auto, media type is RJ45
  output flow-control is off, input flow-control is off
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:20:12, output hang never
  Last clearing of "show interface" counters 00:02:01
  Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 1442000 bits/sec, 193 packets/sec
  5 minute output rate 344000 bits/sec, 106 packets/sec
     12236 packets input, 4942304 bytes, 0 no buffer
     Received 4767 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 14 multicast, 0 pause input
     6260 packets output, 2398991 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out
Pinicon_Place#
Pinicon_Place#
Pinicon_Place#
Pinicon_Place#sh int g0/0/0
GigabitEthernet0/0/0 is up, line protocol is up
  Hardware is ISR4321-2x1GE, address is 00f2.8b29.2400 (bia 00f2.8b29.2400)
  Description: LAN-INSIDE
  Internet address is 10.50.10.254/24
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not supported
  Full Duplex, 1000Mbps, link type is auto, media type is RJ45
  output flow-control is off, input flow-control is off
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:04, output hang never
  Last clearing of "show interface" counters 00:02:10
  Input queue: 0/32/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/100 (size/max)
  5 minute input rate 315000 bits/sec, 109 packets/sec
  5 minute output rate 1350000 bits/sec, 146 packets/sec
     7241 packets input, 2665464 bytes, 0 no buffer
     Received 140 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 510 multicast, 0 pause input
     7870 packets output, 5005100 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     5 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

RTE#sh license feature
Feature name             Enforcement  Evaluation  Subscription   Enabled  RightToUse
appxk9                   yes          yes         no             no       yes
uck9                     yes          yes         no             no       yes
securityk9               yes          yes         no             yes      yes
ipbasek9                 no           no          no             yes      no
FoundationSuiteK9        yes          yes         no             no       yes
AdvUCSuiteK9             yes          yes         no             no       yes
cme-srst                 yes          yes         no             no       yes
hseck9                   yes          no          no             no       no
throughput               yes          yes         no             no       yes
internal_service         yes          no          no             no       no

p

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents