10-23-2016 08:38 AM - edited 03-08-2019 07:53 AM
Hi;
I configure router divise to 2 vlans on 1941, and I setup a EHWIC-D-8ESG card, make 4 and 4 ports to each vlan.
I found computer in same vlan, file transfer speed is OK, about 100mb/s.
But computer in different vlan, file transfer speed is maximum 30mb/s.
So what kind of reason cause this problem? how can I do to speed up? below is my conf could you have a check?
interface Vlan126
ip address 192.168.186.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface Vlan192
ip address 192.168.188.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface GigabitEthernet0/1/1
switchport access vlan 126
no ip address
interface GigabitEthernet0/1/7
switchport access vlan 192
no ip address
10-23-2016 09:26 AM
Hello,
first of all, I would configure the ip tcp adjust-mss 1452 on the physical GigabitEthernet interfaces as well.
With regard to your problem, are both VLANs experiencing about the same amount of traffic ?
10-23-2016 07:49 PM
I think ip tcp adjust-mss 1452 cannot use on physical port for EHWIC-D-8ESG card.
Also for tracffic it's same.
10-24-2016 12:50 AM
Hello,
makes sense. One thing you might want to try is to set the ip mtu size on your VLAN interfaces to 1492, since the 'ip tcp adjust-mss' affects TCP traffic only.
10-24-2016 05:27 AM
Hi,
I setup two vlan interfaces ip mtu to 1492, but file transfer speed between two vlan still same with before...
10-24-2016 11:22 AM
Hello,
can you post the full configuration of your router ? There might be something in there, or missing, that is causing the issue...
03-28-2017 11:18 PM
!
! Last configuration change at 19:18:13 beijing Tue Dec 15 2015 by fox
! NVRAM config last updated at 21:27:38 beijing Tue Dec 15 2015 by fox
!
version 15.4
service timestamps debug datetime localtime year
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.186.1 192.168.186.49
ip dhcp excluded-address 192.168.186.102 192.168.186.255
ip dhcp excluded-address 192.168.188.1 192.168.188.149
ip dhcp excluded-address 192.168.188.201 192.168.188.255
!
ip dhcp pool abc-126
network 192.168.186.0 255.255.255.0
update dns both
default-router 192.168.186.1
dns-server 192.168.186.1
lease 8
!
ip dhcp pool abc-192
network 192.168.188.0 255.255.255.0
update dns both
default-router 192.168.188.1
dns-server 192.168.186..1
lease 8
!
!
!
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
cts logging verbose
!
crypto pki trustpoint TP-self-signed-3153235583
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3153235583
revocation-check none
rsakeypair TP-self-signed-3153235583
!
!
crypto pki certificate chain TP-self-signed-3153235583
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33313533 32333535 3833301E 170D3135 31313232 30383238
33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31353332
33353538 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D59B A0CE5405 A29F58F1 84BEA716 04FB6C18 290C4628 1D7D3243 95ACAB6D
FD433F83 8089F490 4E829A86 ECF6EB2B D4D7C980 3FEB03F3 FBF7AB81 80DE6048
E53C3754 4E8AA88B DE1B4632 21125C2D 3FC8D85D 8CC4986D 355329D9 FF671B5B
21B761D2 A23E12C5 08A273EF FF81C794 8CFD7C28 64BEAF3B 1F56F698 E17E43A2
45A70203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14BB36E7 333230D0 03FE9978 FC2D84A2 72540CC6 D7301D06
03551D0E 04160414 BB36E733 3230D003 FE9978FC 2D84A272 540CC6D7 300D0609
2A864886 F70D0101 05050003 8181002B 02AF96F4 D76243DC 825DB324 6A29D2F9
20862E69 B50994F8 C8A4C5B5 922658E0 8F915534 6532B0D0 BA49987D 542ADDE9
FC1FA960 0F78BC48 1080CE93 D2C64FB8 92D0BB56 49ACBC52 082E1341 D6479CCC
0868528F A18481C7 84EC0C0E 582BEBE8 A10BDB92 D2017032 CE80D2EC 7557C2B4
9EE260E8 ACC455B8 F934D89B 9475E8
quit
license udi pid CISCO1941/K9 sn
license boot module c1900 technology-package securityk9
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.1.1.1 255.255.255.0
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface GigabitEthernet0/1
no ip address
ip tcp adjust-mss 1412
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/0/1
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/0/2
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/0/3
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/0
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/1
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/2
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/3
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/4
switchport access vlan 192
no ip address
!
interface GigabitEthernet0/1/5
switchport access vlan 192
no ip address
!
interface GigabitEthernet0/1/6
switchport access vlan 192
no ip address
!
interface GigabitEthernet0/1/7
switchport access vlan 192
no ip address
!
interface Vlan1
no ip address
!
interface Vlan126
ip address 192.168.186.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan192
ip address 192.168.188.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly in max-reassemblies 1024
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname
ppp chap password 0
no cdp enable
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source list DSL_ACCESSLIST interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip ssh version 2
!
ip access-list extended DSL_ACCESSLIST
permit ip 172.16.1.0 0.0.0.255 any
permit ip 192.168.188.0 0.0.0.255 any
permit ip any any
!
dialer-list 1 protocol ip permit
!
!
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 1 permit 192.168.188.0 0.0.0.255
access-list 1 deny any
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
!
scheduler allocate 20000 1000
!
end
03-29-2017 12:02 AM
Hello,
I have made a few adjustments to your configuration (marked in bold), check if those make a difference:
version 15.4
!
service timestamps debug datetime localtime year
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip dhcp excluded-address 192.168.186.1 192.168.186.49
ip dhcp excluded-address 192.168.186.102 192.168.186.255
ip dhcp excluded-address 192.168.188.1 192.168.188.149
ip dhcp excluded-address 192.168.188.201 192.168.188.255
!
ip dhcp pool abc-126
network 192.168.186.0 255.255.255.0
update dns both
default-router 192.168.186.1
dns-server 8.8.8.8 8.8.8.4
lease 8
!
ip dhcp pool abc-192
network 192.168.188.0 255.255.255.0
update dns both
default-router 192.168.188.1
dns-server 8.8.8.8 8.8.8.4
lease 8
!
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
crypto pki trustpoint TP-self-signed-3153235583
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3153235583
revocation-check none
rsakeypair TP-self-signed-3153235583
!
crypto pki certificate chain TP-self-signed-3153235583
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33313533 32333535 3833301E 170D3135 31313232 30383238
33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31353332
33353538 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D59B A0CE5405 A29F58F1 84BEA716 04FB6C18 290C4628 1D7D3243 95ACAB6D
FD433F83 8089F490 4E829A86 ECF6EB2B D4D7C980 3FEB03F3 FBF7AB81 80DE6048
E53C3754 4E8AA88B DE1B4632 21125C2D 3FC8D85D 8CC4986D 355329D9 FF671B5B
21B761D2 A23E12C5 08A273EF FF81C794 8CFD7C28 64BEAF3B 1F56F698 E17E43A2
45A70203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14BB36E7 333230D0 03FE9978 FC2D84A2 72540CC6 D7301D06
03551D0E 04160414 BB36E733 3230D003 FE9978FC 2D84A272 540CC6D7 300D0609
2A864886 F70D0101 05050003 8181002B 02AF96F4 D76243DC 825DB324 6A29D2F9
20862E69 B50994F8 C8A4C5B5 922658E0 8F915534 6532B0D0 BA49987D 542ADDE9
FC1FA960 0F78BC48 1080CE93 D2C64FB8 92D0BB56 49ACBC52 082E1341 D6479CCC
0868528F A18481C7 84EC0C0E 582BEBE8 A10BDB92 D2017032 CE80D2EC 7557C2B4
9EE260E8 ACC455B8 F934D89B 9475E8
quit
license udi pid CISCO1941/K9 sn
!
license boot module c1900 technology-package securityk9
!
redundancy
!
interface Loopback0
ip address 192.1.1.1 255.255.255.0
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface GigabitEthernet0/1
no ip address
--> removed ' ip tcp adjust-mss 1412
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/0/1
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/0/2
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/0/3
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/0
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/1
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/2
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/3
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/4
switchport access vlan 192
no ip address
!
interface GigabitEthernet0/1/5
switchport access vlan 192
no ip address
!
interface GigabitEthernet0/1/6
switchport access vlan 192
no ip address
!
interface GigabitEthernet0/1/7
switchport access vlan 192
no ip address
!
interface Vlan1
no ip address
!
interface Vlan126
ip address 192.168.186.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1420
!
interface Vlan192
ip address 192.168.188.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1420
!
interface Dialer1
ip address negotiated
ip nat outside
ip mtu 1460
ip virtual-reassembly in max-reassemblies 1024
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
ppp authentication chap callin
ppp chap hostname
ppp chap password 0
no cdp enable
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source route-map ISP_ACCESS interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip ssh version 2
!
route-map ISP_ACCESS permit 10
match ip address DSL_ACCESSLIST
match interface Dialer1
!
ip access-list extended DSL_ACCESSLIST
permit ip 172.16.1.0 0.0.0.255 any
permit 192.168.186.0 0.0.0.0.255 any
permit ip 192.168.188.0 0.0.0.255 any
permit ip any any
!
dialer-list 1 protocol ip permit
!
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 1 permit 192.168.186.0 0.0.0.255
access-list 1 permit 192.168.188.0 0.0.0.255
access-list 1 deny any
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
!
scheduler allocate 20000 1000
10-24-2016 09:41 AM
Hi there
PC-A——Vlan126/Gig0/1/1
PC-B——Vlan192/Gig0/1/7
File is transferred from PC-A to PC-B. It is *essential* to understand where the limitation is. What do I mean by this?
When PC-A sends a file to PC-B, this traffic leaves PC-A/NIC and enters Vlan126/Gig0/0/1. What is the rate at which the traffic is entering the router/ingress interface? If it is not at the desired rate, then please consider investigating why the PC-A is sending traffic at a rate below your expectation.
Kind regards …. Palani
12-18-2016 11:34 AM
With all due respect Palani, that is just not accurate for the Cisco 1941. When you go from Vlan126 to Vlan192, that is no longer a L2 connection. The router is now doing L3 routing between the VLANs. This has 2 issues on the 1941:
1) Any traffic that is routed (e.g., between VLANS) goes across the MGF. The aggregate throughput of all the ehwic ports TO the MGF is only ~1Gb/sec (~125MB/sec).
2) Any traffic routed (again, between VLANs) is going to consume CPU.
The combination of #1 and #2 are both contributing to your less than stellar performance. You really need to add a L3 switch and do your L3/routing between VLANs on the switch that is purpose built for that use case.
I own the 1941w with the 8 port EHWIC switch btw.
Regards,
12-19-2016 07:05 AM
Hi there
I 100% agree with your comments #1 and #2. Having said that, I did not see any hard data that established the bottleneck to be the router/CPU. My intent was to define the problem as accurately as possible.
My belief is that we do not have enough to say that the low-throughput seen in inter-VLAN traffic is caused by the router/CPU limitation. It could be and on other hand, it may not be. Anytime a performance issue is encountered, it is essential to identify where the bottleneck is, for the given deployment. When we deal with precise data, often it helps to resolve with the least amount of time/resources.
I hope it clarifies.
Kind regards .... Palani
10-24-2016 10:09 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Cisco recommends a 1941 for up to 25 Mbps.
When PCs transfer data within the same VLAN, that's a L2 transfer and 1941 probably needs to little use its CPU.
When PCs transfer data between different VLANs, the 1941 must now route, and then you're much more likely to bump up against its performance limitations.
To speed up the latter, have a routed configuration that does as little as possible.
10-24-2016 05:44 PM
Hi;
Thanks a lot for your information.
So are there any way to speed up for performance limitations?
what's it effect to?
10-24-2016 06:10 PM
Then how the configuration of new switch? only for the VLAN switchport ?
"It depends" kind of answers, and no, not only for VLANs switchports.
what's it effect to?
Less work the CPU does, the more CPU available for forwarding traffic.
For example, you have an ingress ACL. 99% of your packets match your 10th ACE. If there no logical reason to have that ACL as number 10, i.e. if logically you get the same results if it were the first ACE, then make it the first ACE.
Variation of foregoing, NetFlow might forward packets with less work rather than checking every packet against ACL.
Variation of foregoing, you really, really don't need the ACL, so remove it.
10-24-2016 09:46 PM
I checked on internet, it said WAN speed was 25mb/s, does VLAN also has this limit?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide