Cisco Router running very very slow

Posted on 2006-04-28
Last Modified: 2010-05-18
Hey there experts,

     Got a question for yall.  I am rolling out a server in a network which until now has been peer to peer.  Everything internally is working great, no complaints at all.  The problem is that the WAN connection is running very slow, I mean slower than dialup, averaging 0.4B/s.  I am stumped as I don't know that much about cisco equipment, I thought the web interface would be pretty much the same as your standard netgears/linksys routers.  After I got it setup initially I can no longer even access the web interface.  It is a cisco 831 soho router, below I have included the config file.  I'm hoping yall could look at it and point me in the right direction.  Thanks

Username: CiscoRouter                    
URC_RIV01_RTR#show running-config                                
Building configuration...                        
Current configuration : 5331 bytes                                  
version 12.4            
no service pad              
service tcp-keepalives-in                        
service tcp-keepalives-out                          
service timestamps debug datetime msec localtime show-timezone                                                              
service timestamps log datetime msec localtime show-timezone                                                            
service password-encryption                          
service sequence-numbers                        
hostname URC_RIV01_RTR                      
security authentication failure rate 3 log                                          
security passwords min-length 6                              
logging buffered 51200 debugging                                
logging console critical                        
enable secret 5 $1$1SWM$UI4jK1YMLWpVwBhfrbOp..                                              
no aaa new-model                
resource policy              
clock timezone PCTime -8                        
ip subnet-zero              
no ip source-route                  
no ip dhcp use vrf connected                            
ip dhcp excluded-address                                  
ip dhcp pool sdm-pool1                      
   import all            
ip tcp synwait-time 10                      
ip cef      
no ip domain lookup                  
ip name-server                          
ip name-server                          
no ip bootp server                  
ip inspect name DEFAULT100 cuseeme                                  
ip inspect name DEFAULT100 ftp                              
ip inspect name DEFAULT100 h323                              
ip inspect name DEFAULT100 icmp                              
ip inspect name DEFAULT100 netshow                                  
ip inspect name DEFAULT100 rcmd                              
ip inspect name DEFAULT100 realaudio                                    
ip inspect name DEFAULT100 rtsp                              
ip inspect name DEFAULT100 esmtp                                
ip inspect name DEFAULT100 sqlnet                                
ip inspect name DEFAULT100 streamworks                                      
ip inspect name DEFAULT100                        
ip inspect name DEFAULT100 tcp                              
ip inspect name DEFAULT100 udp                              
ip inspect name DEFAULT100 vdolive                                  
ip ssh time-out 60                  
ip ssh authentication-retries 2                              
crypto pki trustpoint TP-self-signed-3885198115                                              
 enrollment selfsigned                      
 subject-name cn=IOS-Self-Signed-Certificate-3885198115                                                      
 revocation-check none                      
 rsakeypair TP-self-signed-3885198115                                    
crypto pki certificate chain TP-self-signed-3885198115                                                      
 certificate self-signed 01                          
  30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030                                                                        
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274                                                                        
  69666963 6174652D 33383835 31393831 3135301E 170D3036 30343133 32303531                                                                        
  31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649                                                                        
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38383531                                                                        
  39383131 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281                                                                        
  8100BC8E B99CF481 88F8DF41 76052218 F7AC46D8 80DEAD05 6ADCCB8A 1630D9EF                                                                        
  ADEB9E82 D3BADF17 DDE8D832 C1873BB0 DE79487F B66144DC 233D4C91 DFD7B4                                                                      
  D3B8B945 BC32590D D8AF3D31 CF8C4EB1 33F668BF B519948A 0DB4EC57 9290255E                                                                        
  8B691793 9D4A844D 457630D6 AC686509 3692473E F7DB8545 88122491 BC00268A                                                                        
  4B8F0203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603                                                                        
  551D1104 12301082 0E555243 5F524956 30315F52 54522E30 1F060355 1D230418                                                                        
  30168014 FC84EE64 82075611 B7BCAA3B A669FBDF 79F57357 301D0603 551D0E04                                                                        
  160414FC 84EE6482 075611B7 BCAA3BA6 69FBDF79 F5735730 0D06092A 864886F7                                                                        
  0D010104 05000381 81008902 DD8A4EA9 31354885 AF00E930 74310506 AC9A4E                                                                      
  B1B03C96 EB31FA9A 19024D5B 01F9F0A4 0B98AE52 872B16B4 44326C11 F743341A                                                                        
  33C855DE FF62AD2C 9645D216 3C68CD52 23AC3712 54B01492 7B6BDFA9 6413E46C                                                                        
  8CEB5F50 C6A2F6D5 638091AB 807DAD2B 1A6D1649 BF6834A3 1BDD44F7 79AD414B                                                                        
  EDEFEB18 F1A336F2 A2C8                        
username CiscoRouter privilege 15 secret 5 $1$3N9I$eHgOW3btp50s6oAULjFmL/                                                                        
interface Ethernet0                  
 description Internal LAN$ETH-LAN$                                  
 ip address                                
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip nat inside              
 ip virtual-reassembly                      
 ip route-cache flow                    
 no cdp enable              
interface Ethernet1                  
 description Internet$ETH-WAN$                              
 ip address x.x.x.x                                        
 ip verify unicast reverse-path                              
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip nat outside              
 ip inspect DEFAULT100 out                          
 ip virtual-reassembly                      
 ip route-cache flow                    
 duplex auto            
 no cdp enable              
interface Ethernet2                  
 no ip address              
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip route-cache flow                    
interface FastEthernet1                      
 duplex auto            
 speed auto          
interface FastEthernet2                      
 duplex auto            
 speed auto          
interface FastEthernet3                      
 duplex auto            
 speed auto          
interface FastEthernet4                      
 duplex auto            
 speed auto          
ip classless            
ip route Ethernet1                                  
ip route x.x.x.x
no ip http server                
ip http authentication local                            
no ip http secure-server                        
ip http timeout-policy idle 5 life 86400 requests 10000                                                      
ip nat pool StaticIP_Pool netmask                                                                          
ip nat inside source list NAT_List interface Ethernet1 overload                                                              
ip nat inside source static tcp 10.10                                  
ip nat inside source static tcp 25 x.x.x.x 25 extendable                                                                        
ip nat inside source static tcp 80 x.x.x.x 80 extendable                                                                        
ip nat inside source static tcp 221 x.x.x.x 221 extendable                                                                          
ip nat inside source static x.x.x.x
ip access-list standard NAT_List                                
logging trap debugging                      
access-list 102 remark SDM_ACL Category=16                                          
access-list 102 permit ip any                                                  
no cdp run          
banner login ^CAuthorized access                              
 Disconnect IMMEDIATELY if you are not an authorized user!^C                                                            
line con 0          
 login local            
 no modem enable                
 transport output telnet                        
line aux 0          
 login local            
 transport output telnet                        
line vty 0 4            
 privilege level 15                  
 login local            
 transport input telnet ssh                          
scheduler max-task-time 5000                            
scheduler interval 500                      
Question by:VonCooke
    LVL 57

    Expert Comment

    It looks like your "WAN" port is really a Ethernet port.  What is it connected to?  Has that piece of equipment been replaced recently.  My initial thought is that there is a duplex mis-match.  

    Author Comment

    It is connected to a t1 interface and a 24-port switch.  Both of those devices have not been replaced, duplex mis-match?
    LVL 57

    Expert Comment

    I don't see where you have a serial port on this router.  Is the T1 directly connected to this?  Or is it connected to something else that is connected to this.

    To me it looks like you have two interfaces configured.  ETH0 and ETH1.  ETH0 is connected to your LAN and ETH1 is connected to something that is your "WAN".

    Both are setup to do duplex auto.  There are many issues with this and it is generally better to hard code everything you can to full if it can handled it or half if it can.  Now both sides must be able to handle full if you code that.

    So if what is connected to ETH0 can handle full duplex, then configure ETH0 to duplex full and whatever it is connected to to duplex full.

    If whatever ETH1 is connected to can handle full duplex then configure ETH1 to duplex full and whatever it is connected to do duplex full.

    LVL 9

    Accepted Solution

    I have used the Cisco 831 in about 10 installations and have never ran into this problem.  I would try a couple of things.

    1.  Verify that the T1 CSU/DSU is working good by plugging a device directly into it.

    2.  Remove yoru static nat rules and see if those are slowing things down. I do ny NAT like this.

    access-list 150 permit ip any
    ip nat inside source list 150 interface Ethernet1 overload

    and then the static NATs are done like so

    ip nat inside source static [public Ip]

    I then use an access list to limit port access on each machine

    Let me know if you need more details, or if you want to see one of my full configs.

    LVL 79

    Expert Comment

    >ip route Ethernet1                                  
    >ip route x.x.x.x

    It is never a good idea to point a default out a broadcast interface. If x.x.x.x is a next hop off this interface, then drop the first entry. Else you are load-balancing accross these two gateways

    >It is connected to a t1 interface and a 24-port switch.
    Actually, it is not connected directly to a T1 interface unless you did not post the information for the serial 0 interface

    So the questions are:
     What device is x.x.x.x that your 2nd default gatway is pointing to?
     What is your T1 connected to?
     What does output of "show interface eth0" show in the way of error counters? Pay particular attention to CRC/frame errors and collisions/late collisions and input errors
    >ip nat inside source static x.x.x.x
    This is a 1-1 static nat map, but you do not have another IP address other than the one assigned to your Eth0 interface. If x.x.x.x in this line = same IP as your outside interface, then you have a problem and need to remove this line


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
    Let’s list some of the technologies that enable smooth teleworking. 
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now