Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
992
Views
0
Helpful
16
Replies

different vlan speed on 1941 router

ciscoreg2
Level 1
Level 1

‎10-23-2016 08:38 AM - edited ‎03-08-2019 07:53 AM

Hi;

I configure router divise to 2 vlans on 1941, and I setup a EHWIC-D-8ESG card, make 4 and 4 ports to each vlan.

I found computer in same vlan, file transfer speed is OK, about 100mb/s.

But computer in different vlan, file transfer speed is maximum 30mb/s.

So what kind of reason  cause this problem? how can I do to speed up? below is my conf could you have a check?

interface Vlan126

 ip address 192.168.186.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

 ip tcp adjust-mss 1452

interface Vlan192

 ip address 192.168.188.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

 ip tcp adjust-mss 1452

interface GigabitEthernet0/1/1

 switchport access vlan 126

 no ip address

interface GigabitEthernet0/1/7

 switchport access vlan 192

 no ip address

 

Labels:
0 Helpful
16 Replies 16

Georg Pauwen
VIP
VIP

‎10-23-2016 09:26 AM

Hello,

first of all, I would configure the ip tcp adjust-mss 1452 on the physical GigabitEthernet interfaces as well.

With regard to your problem, are both VLANs experiencing about the same amount of traffic ?

0 Helpful

ciscoreg2
Level 1
Level 1
In response to Georg Pauwen

‎10-23-2016 07:49 PM

I think ip tcp adjust-mss 1452 cannot use on physical port for EHWIC-D-8ESG card.

Also for tracffic it's same.

0 Helpful

Georg Pauwen
VIP
VIP
In response to ciscoreg2

‎10-24-2016 12:50 AM

Hello,

makes sense. One thing you might want to try is to set the ip mtu size on your VLAN interfaces to 1492, since the 'ip tcp adjust-mss' affects TCP traffic only.

0 Helpful

ciscoreg2
Level 1
Level 1
In response to Georg Pauwen

‎10-24-2016 05:27 AM

Hi,

I setup two vlan interfaces ip mtu to 1492, but file transfer speed between two vlan still same with before...

0 Helpful

Georg Pauwen
VIP
VIP
In response to ciscoreg2

‎10-24-2016 11:22 AM

Hello,

can you post the full configuration of your router ? There might be something in there, or missing, that is causing the issue...

0 Helpful

ciscoreg2
Level 1
Level 1
In response to Georg Pauwen

‎03-28-2017 11:18 PM

!

! Last configuration change at 19:18:13 beijing Tue Dec 15 2015 by fox

! NVRAM config last updated at 21:27:38 beijing Tue Dec 15 2015 by fox

!

version 15.4

service timestamps debug datetime localtime year

service timestamps log datetime

no service password-encryption

service sequence-numbers

!


!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

ip dhcp excluded-address 192.168.186.1 192.168.186.49

ip dhcp excluded-address 192.168.186.102 192.168.186.255

ip dhcp excluded-address 192.168.188.1 192.168.188.149

ip dhcp excluded-address 192.168.188.201 192.168.188.255

!

ip dhcp pool abc-126

network 192.168.186.0 255.255.255.0

update dns both

default-router 192.168.186.1

dns-server 192.168.186.1

lease 8

!

ip dhcp pool abc-192

network 192.168.188.0 255.255.255.0

update dns both

default-router 192.168.188.1

dns-server 192.168.186..1

lease 8

!

!

!


ip name-server 208.67.222.222

ip name-server 208.67.220.220

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

!

cts logging verbose

!

crypto pki trustpoint TP-self-signed-3153235583

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3153235583

revocation-check none

rsakeypair TP-self-signed-3153235583

!

!

crypto pki certificate chain TP-self-signed-3153235583

certificate self-signed 01

3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 33313533 32333535 3833301E 170D3135 31313232 30383238

33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31353332

33353538 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100D59B A0CE5405 A29F58F1 84BEA716 04FB6C18 290C4628 1D7D3243 95ACAB6D

FD433F83 8089F490 4E829A86 ECF6EB2B D4D7C980 3FEB03F3 FBF7AB81 80DE6048

E53C3754 4E8AA88B DE1B4632 21125C2D 3FC8D85D 8CC4986D 355329D9 FF671B5B

21B761D2 A23E12C5 08A273EF FF81C794 8CFD7C28 64BEAF3B 1F56F698 E17E43A2

45A70203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

551D2304 18301680 14BB36E7 333230D0 03FE9978 FC2D84A2 72540CC6 D7301D06

03551D0E 04160414 BB36E733 3230D003 FE9978FC 2D84A272 540CC6D7 300D0609

2A864886 F70D0101 05050003 8181002B 02AF96F4 D76243DC 825DB324 6A29D2F9

20862E69 B50994F8 C8A4C5B5 922658E0 8F915534 6532B0D0 BA49987D 542ADDE9

FC1FA960 0F78BC48 1080CE93 D2C64FB8 92D0BB56 49ACBC52 082E1341 D6479CCC

0868528F A18481C7 84EC0C0E 582BEBE8 A10BDB92 D2017032 CE80D2EC 7557C2B4

9EE260E8 ACC455B8 F934D89B 9475E8

quit

license udi pid CISCO1941/K9 sn

license boot module c1900 technology-package securityk9

!

!

!

redundancy

!

!

!

!

!

!


!

!

!

!

!

!

!

!

!

!

interface Loopback0

ip address 192.1.1.1 255.255.255.0

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

no cdp enable

!

interface GigabitEthernet0/1

no ip address

ip tcp adjust-mss 1412

duplex auto

speed auto

!

interface GigabitEthernet0/0/0

switchport access Vlan 126

no ip address

!

interface GigabitEthernet0/0/1

switchport access Vlan 126

no ip address

!

interface GigabitEthernet0/0/2

switchport access Vlan 126

no ip address

!

interface GigabitEthernet0/0/3

switchport access Vlan 126

no ip address

!

interface GigabitEthernet0/1/0

switchport access Vlan 126

no ip address

!

interface GigabitEthernet0/1/1

switchport access Vlan 126

no ip address

!

interface GigabitEthernet0/1/2

switchport access Vlan 126

no ip address

!

interface GigabitEthernet0/1/3

switchport access Vlan 126

no ip address

!

interface GigabitEthernet0/1/4

switchport access vlan 192

no ip address

!

interface GigabitEthernet0/1/5

switchport access vlan 192

no ip address

!

interface GigabitEthernet0/1/6

switchport access vlan 192

no ip address

!

interface GigabitEthernet0/1/7

switchport access vlan 192

no ip address

!

interface Vlan1

no ip address

!

interface Vlan126

ip address 192.168.186.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Vlan192

ip address 192.168.188.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Dialer1

ip address negotiated


ip nat outside

ip virtual-reassembly in max-reassemblies 1024

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname

ppp chap password 0

no cdp enable

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

!

ip dns server

ip nat inside source list DSL_ACCESSLIST interface Dialer1 overload

ip route 0.0.0.0 0.0.0.0 Dialer1

ip ssh version 2

!

ip access-list extended DSL_ACCESSLIST

permit ip 172.16.1.0 0.0.0.255 any

permit ip 192.168.188.0 0.0.0.255 any


permit ip any any

!

dialer-list 1 protocol ip permit

!

!

access-list 1 permit 172.16.1.0 0.0.0.255

access-list 1 permit 192.168.188.0 0.0.0.255

access-list 1 deny any

!

control-plane

!

!

!

line con 0


line aux 0

line 2

no activation-character

no exec

transport preferred none

transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4


!

scheduler allocate 20000 1000

!

end

0 Helpful

Georg Pauwen
VIP
VIP
In response to ciscoreg2

‎03-29-2017 12:02 AM

Hello,

I have made a few adjustments to your configuration (marked in bold), check if those make a difference:

version 15.4
!
service timestamps debug datetime localtime year
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip dhcp excluded-address 192.168.186.1 192.168.186.49
ip dhcp excluded-address 192.168.186.102 192.168.186.255
ip dhcp excluded-address 192.168.188.1 192.168.188.149
ip dhcp excluded-address 192.168.188.201 192.168.188.255
!
ip dhcp pool abc-126
network 192.168.186.0 255.255.255.0
update dns both
default-router 192.168.186.1
dns-server 8.8.8.8 8.8.8.4
lease 8
!
ip dhcp pool abc-192
network 192.168.188.0 255.255.255.0
update dns both
default-router 192.168.188.1
dns-server 8.8.8.8 8.8.8.4
lease 8
!
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
crypto pki trustpoint TP-self-signed-3153235583
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3153235583
revocation-check none
rsakeypair TP-self-signed-3153235583
!
crypto pki certificate chain TP-self-signed-3153235583
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33313533 32333535 3833301E 170D3135 31313232 30383238
33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31353332
33353538 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D59B A0CE5405 A29F58F1 84BEA716 04FB6C18 290C4628 1D7D3243 95ACAB6D
FD433F83 8089F490 4E829A86 ECF6EB2B D4D7C980 3FEB03F3 FBF7AB81 80DE6048
E53C3754 4E8AA88B DE1B4632 21125C2D 3FC8D85D 8CC4986D 355329D9 FF671B5B
21B761D2 A23E12C5 08A273EF FF81C794 8CFD7C28 64BEAF3B 1F56F698 E17E43A2
45A70203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14BB36E7 333230D0 03FE9978 FC2D84A2 72540CC6 D7301D06
03551D0E 04160414 BB36E733 3230D003 FE9978FC 2D84A272 540CC6D7 300D0609
2A864886 F70D0101 05050003 8181002B 02AF96F4 D76243DC 825DB324 6A29D2F9
20862E69 B50994F8 C8A4C5B5 922658E0 8F915534 6532B0D0 BA49987D 542ADDE9
FC1FA960 0F78BC48 1080CE93 D2C64FB8 92D0BB56 49ACBC52 082E1341 D6479CCC
0868528F A18481C7 84EC0C0E 582BEBE8 A10BDB92 D2017032 CE80D2EC 7557C2B4
9EE260E8 ACC455B8 F934D89B 9475E8
quit
license udi pid CISCO1941/K9 sn
!
license boot module c1900 technology-package securityk9
!
redundancy
!
interface Loopback0
ip address 192.1.1.1 255.255.255.0
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface GigabitEthernet0/1
no ip address

--> removed ' ip tcp adjust-mss 1412


duplex auto
speed auto

!
interface GigabitEthernet0/0/0
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/0/1
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/0/2
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/0/3
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/0
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/1
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/2
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/3
switchport access Vlan 126
no ip address
!
interface GigabitEthernet0/1/4
switchport access vlan 192
no ip address
!
interface GigabitEthernet0/1/5
switchport access vlan 192
no ip address
!
interface GigabitEthernet0/1/6
switchport access vlan 192
no ip address
!
interface GigabitEthernet0/1/7
switchport access vlan 192
no ip address
!
interface Vlan1
no ip address
!
interface Vlan126
ip address 192.168.186.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1420
!
interface Vlan192
ip address 192.168.188.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1420
!
interface Dialer1
ip address negotiated
ip nat outside
ip mtu 1460
ip virtual-reassembly in max-reassemblies 1024
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
ppp authentication chap callin
ppp chap hostname
ppp chap password 0
no cdp enable
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source route-map ISP_ACCESS interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip ssh version 2
!
route-map ISP_ACCESS permit 10
match ip address DSL_ACCESSLIST
match interface Dialer1
!
ip access-list extended DSL_ACCESSLIST
permit ip 172.16.1.0 0.0.0.255 any
permit 192.168.186.0 0.0.0.0.255 any
permit ip 192.168.188.0 0.0.0.255 any
permit ip any any
!
dialer-list 1 protocol ip permit
!
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 1 permit 192.168.186.0 0.0.0.255
access-list 1 permit 192.168.188.0 0.0.0.255
access-list 1 deny any
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
!
scheduler allocate 20000 1000

0 Helpful

Palani Mohan
Cisco Employee
Cisco Employee

‎10-24-2016 09:41 AM

Hi there

PC-A——Vlan126/Gig0/1/1
PC-B——Vlan192/Gig0/1/7
File is transferred from PC-A to PC-B. It is *essential* to understand where the limitation is. What do I mean by this?

When PC-A sends a file to PC-B, this traffic leaves PC-A/NIC and enters Vlan126/Gig0/0/1. What is the rate at which the traffic is entering the router/ingress interface? If it is not at the desired rate, then please consider investigating why the PC-A is sending traffic at a rate below your expectation.

Kind regards …. Palani

0 Helpful

ecsstatic
Level 1
Level 1
In response to Palani Mohan

‎12-18-2016 11:34 AM

With all due respect Palani, that is just not accurate for the Cisco 1941. When you go from Vlan126 to Vlan192, that is no longer a L2 connection. The router is now doing L3 routing between the VLANs. This has 2 issues on the 1941:

1) Any traffic that is routed (e.g., between VLANS) goes across the MGF. The aggregate throughput of all the ehwic ports TO the MGF is only ~1Gb/sec (~125MB/sec).

2) Any traffic routed (again, between VLANs) is going to consume CPU. 

The combination of #1 and #2 are both contributing to your less than stellar performance. You really need to add a L3 switch and do your L3/routing between VLANs on the switch that is purpose built for that use case.

I own the 1941w with the 8 port EHWIC switch btw.

Regards,

0 Helpful

Palani Mohan
Cisco Employee
Cisco Employee
In response to ecsstatic

‎12-19-2016 07:05 AM

Hi there

I 100% agree with your comments #1 and #2. Having said that, I did not see any hard data  that established the bottleneck to be the router/CPU. My intent was to define the problem as accurately as possible. 

My belief is that we do not have enough to say that the low-throughput seen in inter-VLAN traffic is caused by the router/CPU limitation. It could be and on other hand, it may not be. Anytime a performance issue is encountered, it is essential to identify where the bottleneck is, for the given deployment. When we deal with precise data, often it helps to resolve with the least amount of time/resources.

I hope it clarifies.

Kind regards .... Palani

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎10-24-2016 10:09 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Cisco recommends a 1941 for up to 25 Mbps.

When PCs transfer data within the same VLAN, that's a L2 transfer and 1941 probably needs to little use its CPU.

When PCs transfer data between different VLANs, the 1941 must now route, and then you're much more likely to bump up against its performance limitations.

To speed up the latter, have a routed configuration that does as little as possible.

0 Helpful

ciscoreg2
Level 1
Level 1
In response to Joseph W. Doherty

‎10-24-2016 05:44 PM

Hi;

Thanks a lot for your information.

So are there any way to speed up for performance limitations?

what's it effect to?

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to ciscoreg2

‎10-24-2016 06:10 PM

Then how the configuration of new switch? only for the VLAN switchport ?

"It depends" kind of answers, and no, not only for VLANs switchports.

what's it effect to?

Less work the CPU does, the more CPU available for forwarding traffic.

For example, you have an ingress ACL.  99% of your packets match your 10th ACE.  If there no logical reason to have that ACL as number 10, i.e. if logically you get the same results if it were the first ACE, then make it the first ACE.

Variation of foregoing, NetFlow might forward packets with less work rather than checking every packet against ACL.

Variation of foregoing, you really, really don't need the ACL, so remove it.

0 Helpful

ciscoreg2
Level 1
Level 1
In response to Joseph W. Doherty

‎10-24-2016 09:46 PM

I checked on internet, it said WAN speed was 25mb/s, does VLAN also has this limit?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card