Websites, Streaming, videos loading etc...all very slow

c.shinneman1 · ‎08-15-2015

Hello again,

So I have the following setup: Cisco 2821 Router with Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 15.1(4)M10, RELEASE SOFTWARE (fc2). My switch is a Cisco 2950 Series 24-port Switch with 2 Gig ports. My WAP is a Cisco AP541N.

Here is my problem: On devices connected via Ethernet, browsing the internet seems to be okay. I do not really notice any issues. However, browsing via WiFi, anything I do, whether its Facebook on my phone, to browsing on my laptop, it is really really slow. Ive done ping tests from wifi devices and the results are spotty. I ping the WAP and response times are great! I then ping the switch and response times vary and sometimes time out. I ping the Router and again, times vary and sometimes time out. Sometimes, pages loading will give a "Connection Reset" error and I have to refresh and then it will load but very very slowly. And good luck loading a video on youtube or FB or something.

I am very new to this Cisco Networking stuff and I am trying to learn as I go (which is why I got Cisco Equipment for my home network--Hands on and real life experiences with Network Issues). So honestly, I do not really know what I am doing. *shrugs* I just want my network to be fast, yet, secure.

Here is the config for the Router:

R1#Show run
Building configuration...

Current configuration : 6183 bytes
!
! No configuration change since last restart
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname R1
!
boot-start-marker
boot system flash c2800nm-advipservicesk9-mz.151-4.M10.bin
boot-end-marker
!
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096
logging console critical
enable secret 5 $1$9Gsw$wcbeQ.v6jX.eXrvawGNcv/
enable password 7 094D4A1D49554E4359
!
aaa new-model
!
!
aaa authentication login local_auth local
!
!
!
!
!
aaa session-id common
!
clock timezone UTC -8 0
!
dot11 syslog
no ip source-route
no ip gratuitous-arps
!
!
ip cef
ip dhcp excluded-address 10.0.0.1 10.0.0.99
!
ip dhcp pool ARAMISDOMAIN
network 10.0.0.0 255.255.0.0
default-router 10.0.0.1
dns-server 8.8.8.8 10.0.0.5
lease 0 4
!
!
!
no ip bootp server
no ip domain lookup
ip domain name Aramis
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect tcp reassembly queue length 1024
ip inspect name autosec_inspect ftp timeout 3600
ip inspect name autosec_inspect http timeout 3600
ip inspect name autosec_inspect rcmd timeout 3600
ip inspect name autosec_inspect realaudio timeout 3600
ip inspect name autosec_inspect smtp timeout 3600
ip inspect name autosec_inspect tftp timeout 30
ip inspect name autosec_inspect udp timeout 15
ip inspect name autosec_inspect tcp timeout 3600
login block-for 240 attempts 2 within 60
login delay 10
login on-failure log
login on-success log
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-845216861
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-845216861
revocation-check none
rsakeypair TP-self-signed-845216861
!
!
crypto pki certificate chain TP-self-signed-845216861
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 38343532 31363836 31301E17 0D313530 31323230 35303031
375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3834 35323136
38363130 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
CE0573A1 36FDBCD5 CC2F04EF 5DB0770F 716A7986 1486E295 2E1120DF 89C86FBA
1CAA7DCA E4C8A98E A8AF55D4 6C987C13 CBE9002F FF62A98D 7E2E8412 E935E49A
941E84A2 602A32F5 7260F85B C4A0D960 05D79EB9 F424DF8F C04AB4C4 10A1350A
942EB9E1 043937D2 26F899AD DB6D0BB1 C83900FF CE234D7E 48FE4B56 004AEAE5
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 16801430 641B2ED5 791236AB A9A04C86 E1441C45 C50BB430 1D060355
1D0E0416 04143064 1B2ED579 1236ABA9 A04C86E1 441C45C5 0BB4300D 06092A86
4886F70D 01010505 00038181 00AD0DB5 77AC4F84 7C1A8FCC 2AE67901 BAB2D7D2
37AD9C7D 8EE3BF35 26C5A400 7C1B66BD 74D21343 C5794868 577A7E04 404C2A22
01132955 200FAEB4 2E73A3F4 DB99EA03 C2996C87 5FE364CF CE880574 524B70EC
AD6BAE7E 35F6DB6F 8038ACC8 CBF835D1 068FBA5E 09FCD7F2 AABF2927 E7A32CF9
B6BE6814 D747FAEF B05F6885 3F
quit
!
!
license udi pid CISCO2821 sn FTX1116A2S5
archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys
username administrator privilege 15 secret 5 $1$hEvL$q4TOhPZPwD3r3ytipTDBo.
!
redundancy
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description WAN-ComcastInternet105mbps
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect autosec_inspect out
ip virtual-reassembly in
ip verify unicast source reachable-via rx allow-default 102
ip tcp adjust-mss 1360
duplex auto
speed auto
ipv6 address dhcp
no mop enabled
!
interface GigabitEthernet0/1
description LAN-AramisDomain
ip address 10.0.0.1 255.255.0.0
ip access-group 100 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source list LAN-Addresses interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
ip access-list standard LAN-Addresses
permit 10.0.0.0 0.0.255.255
!
!
logging trap notifications
logging facility local2
logging 10.0.0.5
access-list 23 permit 10.0.0.0 0.0.255.255
access-list 100 permit udp any any eq bootpc
access-list 100 permit ip any any
no cdp run
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
banner exec ^C
AUTHORIZED ADMINISTRATORS ONLY!^C
banner login ^C
Authorized Access Only!
This system is the Property of Aramis-Domain.
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.
You must have explicit permission to access this
device. All activities performed or attempted are
recorded. Any violations of this access policy will
result in disciplinary action, including but not
limited to, criminal prosecution.
AUTHORIZED ACCESS ONLY!^C
banner motd ^CC
Authorized Access Only
This System is the property of Aramis-Domain.
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.
You must have explicit permission to access this
device. All activities performed or attempted are
recorded. Any violations of access policy will
result in disciplinary action, including but not
limited to, criminal prosecution.
^C
!
line con 0
exec-timeout 5 0
privilege level 15
logging synchronous
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
access-class 23 in
privilege level 15
login authentication local_auth
transport input ssh
line vty 5 15
access-class 23 in
login authentication local_auth
transport input ssh
!
scheduler allocate 20000 1000
ntp server 10.0.0.5
end

Here is the config for the Switch:

S1#show run
Building configuration...

Current configuration : 3208 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
!
hostname S1
!
enable secret 5 $1$fXM5$QeXpmeXipHpYaExFlLOU/.
!
username administrator privilege 15 secret 5 $1$CpEQ$OvKGorrxJdg2WeT0psild/
ip subnet-zero
!
no ip domain-lookup
ip domain-name Aramis.local
ip ssh time-out 120
ip ssh authentication-retries 2
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 20
!
interface GigabitEthernet0/1
switchport access vlan 20
spanning-tree portfast
!
interface GigabitEthernet0/2
switchport access vlan 20
spanning-tree portfast
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan20
description Aramis-LAN
ip address 10.0.0.2 255.255.0.0
no ip route-cache
!
interface Vlan99
no ip address
no ip route-cache
shutdown
!
ip default-gateway 10.0.0.1
no ip http server
logging trap notifications
logging 10.0.0.5
banner motd ^C
UNAUTHORIZED ACCESS IS PROHIBITED!^C
!
line con 0
password 7 02050C542A055A77590D584B
logging synchronous
login
line vty 0 4
password 7 104D01162414475D19477B79
logging synchronous
login local
transport input ssh
line vty 5 15
password 7 104D01162414475D19477B79
logging synchronous
login local
transport input ssh
!
!
end

My WAP doesn't have a CLI...it is configured using a GUI. So I am not sure how to post the config of that to this. But I have attached Screenshots of the WAP Config, so if you need a different screenshot, please let me know.

So what commands do I need to input to make things fast yet secure? What is wrong with my configs?

It seems to be just the WiFi as of now. So I am thinking it has something to do with that configuration. Please request whatever additional Screenshots you need to help me out.

Thanks a ton for all help received.

Chris

c.shinneman1 · ‎08-15-2015

Also, another thing I forgot to mention above in my first post: My router, on occasion (once every month or two) will lose its DHCP IP Address from my cable modem and will not get it back. I have called comcast and everything checks out. I reboot and it still won't pull a DHCP Address. The ONLY way, I have found, to get the WAN IP Address back from the modem is to default the router and load my config from backup. Then it works flawlessly for another month or two. It has happened twice now. No idea what is going on or why that is happening or how to fix it.

Martin Hruby · ‎08-17-2015

Hello Chris

To which port on the switch is your WAP connected? Do you have more than one SSID configured on the WAP? How many clients are on average associated to the WAP? What software version are you running on the WAP (newest is 2.0.4)?

Can you please post the output of show dhcp lease from your 2821 router?

Best regards,
Martin

c.shinneman1 · ‎08-17-2015

Router g0/1 is connected to Switch g0/1. The WAP is connected to Switch g0/1. All other devices are connected F0/1-0/24. At any given time, there are usually no more than 5 devices connected via wifi. 2 laptops and 2 phones (sometimes 4 smartphones are connected, but not often). I only have ONE SSID and it is hidden.

The WAP is running V2.0.4.

Router Output (show DHCP Lease):

R1#show dhcp lease
Temp IP addr: 67.160.181.29 for peer on Interface: GigabitEthernet0/0
Temp sub net mask: 255.255.252.0
   DHCP Lease server: 76.96.95.6, state: 5 Bound
   DHCP transaction id: 1687
   Lease: 345600 secs, Renewal: 172800 secs, Rebind: 302400 secs
Temp default-gateway addr: 67.160.180.1
   Next timer fires after: 12:43:33
   Retry count: 0   Client-ID: cisco-001b.54d5.1ba8-Gi0/0
   Client-ID hex dump: 636973636F2D303031622E353464352E
                       316261382D4769302F30
   Hostname: R1
R1#

Again, the router losing its IP from the modem is a rare thing. Only happened twice. Hasn't happened yet since June or early July. I am more worried about the WiFi being severely slow when browsing or streaming or trying to load videos on FB or Youtube.

Thanks,

Martin Hruby · ‎08-20-2015

Hello Chris

There doesn't seem to be anything wrong with the DHCP lease.

The AP541N is known for poor performance under certain conditions, you can find some advise in this thread: https://communities.cisco.com/thread/9701?tstart=0

Best regards,
Martin

c.shinneman1 · ‎08-20-2015

Martin,

I have reviewed the thread and none of the fixes in that thread have worked. I am running the latest Firmware and have Factory Defaulted and reconfigured my WAP.

Attached are two ping reports. One from my Server, which is Ethernet connected. The other from my wifi laptop.

Here is an interesting thing that I have noticed. During the daytime hours, the WAP seems to function normally (see ping results). But after about 7pm, that is when wifi service starts to degrade and as the night gets later, the service degrade gets more severe. As of now, 9:06am PDT, I have great Wifi connectivity and no browsing issues.

I will browse the internet this evening and post a second ping test to my router from my Wifi Laptop that shows the degrade. The response time increases AND even times out. Same goes for my switch when pinging it from the Laptop. But pinging the WAP is fine with no issues.

In regards to the DHCP issue, again, that issue is random and rare. The router will just suddenly lose its IP Address from the cable modem on Int g0/0 and not get it back until I default the router and reload config from backup. Has nothing to do with the WAP. In the last 8 months (since I have had the router), it has only occurred twice.

Martin Hruby · ‎08-21-2015

Hello Chris

It's very interesting that you experience normal performance during office hours but it deteriorates after 7pm. It's just a wild guess but is it possible that your AP is configured for some sort of power-saving mode based on time of day or number of clients associated? Try to change the system time and have a look at any suspicious "auto" settings.

Were you able to reproduce the behavior on the 2nd night?

Best regards,
Martin

c.shinneman1 · ‎08-21-2015

It was reported to me at about 2pm yesterday that the WiFi was non-responsive or severely slow. There are no auto-settings configured. I disabled the WAP and switched configurations to a backup WAP to temporarily fix the problem while this issue is being looked into.

I am to the point of just replacing the WAP all together. Do you have any suggestions of a Cisco WAP that can handle 5 or more clients at once, produce excellent speeds and response times, is dual-band, AND requires little configuration? Basically, I want my Router and Firewall to control everything. All the WAP needs to do is authenticate the WiFi password and connect my clients to the internet. That is it. I cannot have these types of issues. So what do you recommend for a WAP?

Martin Hruby · ‎08-23-2015

Hello Chris

It's also my opinion that replacing the WAP is the next logical step in troubleshooting. I would recommend you have a look at Cisco Aironet access points. A high-level overview can be found here: http://www.cisco.com/c/en/us/products/wireless/buyers-guide.html

For example the Cisco Aironet 1600 series APs support 802.11n and you can configure them through a web interface or command-line (it's running Cisco IOS). They're not very expensive and should fit your environment.

Best regards,
Martin