VonCooke
asked on
Cisco Router running very very slow
Hey there experts,
Got a question for yall. I am rolling out a server in a network which until now has been peer to peer. Everything internally is working great, no complaints at all. The problem is that the WAN connection is running very slow, I mean slower than dialup, averaging 0.4B/s. I am stumped as I don't know that much about cisco equipment, I thought the web interface would be pretty much the same as your standard netgears/linksys routers. After I got it setup initially I can no longer even access the web interface. It is a cisco 831 soho router, below I have included the config file. I'm hoping yall could look at it and point me in the right direction. Thanks
Username: CiscoRouter
Password:
URC_RIV01_RTR#show running-config
Building configuration...
Current configuration : 5331 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname URC_RIV01_RTR
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$1SWM$UI4jK1YMLWpVwBhfrb Op..
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -8
ip subnet-zero
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.1.1
!
ip dhcp pool sdm-pool1
import all
network 10.10.1.0 255.255.255.0
dns-server 68.94.156.1 68.94.157.1
default-router 10.10.1.1
!
!
ip tcp synwait-time 10
ip cef
no ip domain lookup
ip name-server 68.94.156.1
ip name-server 68.94.157.1
no ip bootp server
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-3885198115
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-38851 98115
revocation-check none
rsakeypair TP-self-signed-3885198115
!
!
crypto pki certificate chain TP-self-signed-3885198115
certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383835 31393831 3135301E 170D3036 30343133 32303531
31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38383531
39383131 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BC8E B99CF481 88F8DF41 76052218 F7AC46D8 80DEAD05 6ADCCB8A 1630D9EF
ADEB9E82 D3BADF17 DDE8D832 C1873BB0 DE79487F B66144DC 233D4C91 DFD7B4
D3B8B945 BC32590D D8AF3D31 CF8C4EB1 33F668BF B519948A 0DB4EC57 9290255E
8B691793 9D4A844D 457630D6 AC686509 3692473E F7DB8545 88122491 BC00268A
4B8F0203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603
551D1104 12301082 0E555243 5F524956 30315F52 54522E30 1F060355 1D230418
30168014 FC84EE64 82075611 B7BCAA3B A669FBDF 79F57357 301D0603 551D0E04
160414FC 84EE6482 075611B7 BCAA3BA6 69FBDF79 F5735730 0D06092A 864886F7
0D010104 05000381 81008902 DD8A4EA9 31354885 AF00E930 74310506 AC9A4E
B1B03C96 EB31FA9A 19024D5B 01F9F0A4 0B98AE52 872B16B4 44326C11 F743341A
33C855DE FF62AD2C 9645D216 3C68CD52 23AC3712 54B01492 7B6BDFA9 6413E46C
8CEB5F50 C6A2F6D5 638091AB 807DAD2B 1A6D1649 BF6834A3 1BDD44F7 79AD414B
EDEFEB18 F1A336F2 A2C8
quit
username CiscoRouter privilege 15 secret 5 $1$3N9I$eHgOW3btp50s6oAULj FmL/
!
!
!
!
!
!
interface Ethernet0
description Internal LAN$ETH-LAN$
ip address 10.10.1.1 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
no cdp enable
!
interface Ethernet1
description Internet$ETH-WAN$
ip address x.x.x.x 255.255.255.252
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
ip route-cache flow
duplex auto
no cdp enable
!
interface Ethernet2
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
ip route 0.0.0.0 0.0.0.0 x.x.x.x
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
ip nat pool StaticIP_Pool 67.120.78.114 67.120.78.114 netmask 255.255.255.0
ip nat inside source list NAT_List interface Ethernet1 overload
ip nat inside source static tcp 10.10
ip nat inside source static tcp 10.10.1.2 25 x.x.x.x 25 extendable
ip nat inside source static tcp 10.10.1.2 80 x.x.x.x 80 extendable
ip nat inside source static tcp 10.10.1.2 221 x.x.x.x 221 extendable
ip nat inside source static 10.10.1.0 x.x.x.x
!
!
ip access-list standard NAT_List
permit 10.10.0.0 0.0.255.255
logging trap debugging
access-list 102 remark SDM_ACL Category=16
access-list 102 permit ip 10.10.0.0 0.0.255.255 any
no cdp run
!
control-plane
!
banner login ^CAuthorized access
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler interval 500
end
Got a question for yall. I am rolling out a server in a network which until now has been peer to peer. Everything internally is working great, no complaints at all. The problem is that the WAN connection is running very slow, I mean slower than dialup, averaging 0.4B/s. I am stumped as I don't know that much about cisco equipment, I thought the web interface would be pretty much the same as your standard netgears/linksys routers. After I got it setup initially I can no longer even access the web interface. It is a cisco 831 soho router, below I have included the config file. I'm hoping yall could look at it and point me in the right direction. Thanks
Username: CiscoRouter
Password:
URC_RIV01_RTR#show running-config
Building configuration...
Current configuration : 5331 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname URC_RIV01_RTR
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$1SWM$UI4jK1YMLWpVwBhfrb
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -8
ip subnet-zero
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.1.1
!
ip dhcp pool sdm-pool1
import all
network 10.10.1.0 255.255.255.0
dns-server 68.94.156.1 68.94.157.1
default-router 10.10.1.1
!
!
ip tcp synwait-time 10
ip cef
no ip domain lookup
ip name-server 68.94.156.1
ip name-server 68.94.157.1
no ip bootp server
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-3885198115
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-3885198115
!
!
crypto pki certificate chain TP-self-signed-3885198115
certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383835 31393831 3135301E 170D3036 30343133 32303531
31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38383531
39383131 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BC8E B99CF481 88F8DF41 76052218 F7AC46D8 80DEAD05 6ADCCB8A 1630D9EF
ADEB9E82 D3BADF17 DDE8D832 C1873BB0 DE79487F B66144DC 233D4C91 DFD7B4
D3B8B945 BC32590D D8AF3D31 CF8C4EB1 33F668BF B519948A 0DB4EC57 9290255E
8B691793 9D4A844D 457630D6 AC686509 3692473E F7DB8545 88122491 BC00268A
4B8F0203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603
551D1104 12301082 0E555243 5F524956 30315F52 54522E30 1F060355 1D230418
30168014 FC84EE64 82075611 B7BCAA3B A669FBDF 79F57357 301D0603 551D0E04
160414FC 84EE6482 075611B7 BCAA3BA6 69FBDF79 F5735730 0D06092A 864886F7
0D010104 05000381 81008902 DD8A4EA9 31354885 AF00E930 74310506 AC9A4E
B1B03C96 EB31FA9A 19024D5B 01F9F0A4 0B98AE52 872B16B4 44326C11 F743341A
33C855DE FF62AD2C 9645D216 3C68CD52 23AC3712 54B01492 7B6BDFA9 6413E46C
8CEB5F50 C6A2F6D5 638091AB 807DAD2B 1A6D1649 BF6834A3 1BDD44F7 79AD414B
EDEFEB18 F1A336F2 A2C8
quit
username CiscoRouter privilege 15 secret 5 $1$3N9I$eHgOW3btp50s6oAULj
!
!
!
!
!
!
interface Ethernet0
description Internal LAN$ETH-LAN$
ip address 10.10.1.1 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
no cdp enable
!
interface Ethernet1
description Internet$ETH-WAN$
ip address x.x.x.x 255.255.255.252
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
ip route-cache flow
duplex auto
no cdp enable
!
interface Ethernet2
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
ip route 0.0.0.0 0.0.0.0 x.x.x.x
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
ip nat pool StaticIP_Pool 67.120.78.114 67.120.78.114 netmask 255.255.255.0
ip nat inside source list NAT_List interface Ethernet1 overload
ip nat inside source static tcp 10.10
ip nat inside source static tcp 10.10.1.2 25 x.x.x.x 25 extendable
ip nat inside source static tcp 10.10.1.2 80 x.x.x.x 80 extendable
ip nat inside source static tcp 10.10.1.2 221 x.x.x.x 221 extendable
ip nat inside source static 10.10.1.0 x.x.x.x
!
!
ip access-list standard NAT_List
permit 10.10.0.0 0.0.255.255
logging trap debugging
access-list 102 remark SDM_ACL Category=16
access-list 102 permit ip 10.10.0.0 0.0.255.255 any
no cdp run
!
control-plane
!
banner login ^CAuthorized access
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler interval 500
end
It looks like your "WAN" port is really a Ethernet port. What is it connected to? Has that piece of equipment been replaced recently. My initial thought is that there is a duplex mis-match.
ASKER
It is connected to a t1 interface and a 24-port switch. Both of those devices have not been replaced, duplex mis-match?
I don't see where you have a serial port on this router. Is the T1 directly connected to this? Or is it connected to something else that is connected to this.
To me it looks like you have two interfaces configured. ETH0 and ETH1. ETH0 is connected to your LAN and ETH1 is connected to something that is your "WAN".
Both are setup to do duplex auto. There are many issues with this and it is generally better to hard code everything you can to full if it can handled it or half if it can. Now both sides must be able to handle full if you code that.
So if what is connected to ETH0 can handle full duplex, then configure ETH0 to duplex full and whatever it is connected to to duplex full.
If whatever ETH1 is connected to can handle full duplex then configure ETH1 to duplex full and whatever it is connected to do duplex full.
To me it looks like you have two interfaces configured. ETH0 and ETH1. ETH0 is connected to your LAN and ETH1 is connected to something that is your "WAN".
Both are setup to do duplex auto. There are many issues with this and it is generally better to hard code everything you can to full if it can handled it or half if it can. Now both sides must be able to handle full if you code that.
So if what is connected to ETH0 can handle full duplex, then configure ETH0 to duplex full and whatever it is connected to to duplex full.
If whatever ETH1 is connected to can handle full duplex then configure ETH1 to duplex full and whatever it is connected to do duplex full.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>ip route 0.0.0.0 0.0.0.0 Ethernet1
>ip route 0.0.0.0 0.0.0.0 x.x.x.x
It is never a good idea to point a default out a broadcast interface. If x.x.x.x is a next hop off this interface, then drop the first entry. Else you are load-balancing accross these two gateways
>It is connected to a t1 interface and a 24-port switch.
Actually, it is not connected directly to a T1 interface unless you did not post the information for the serial 0 interface
So the questions are:
What device is x.x.x.x that your 2nd default gatway is pointing to?
What is your T1 connected to?
What does output of "show interface eth0" show in the way of error counters? Pay particular attention to CRC/frame errors and collisions/late collisions and input errors
>ip nat inside source static 10.10.1.0 x.x.x.x
This is a 1-1 static nat map, but you do not have another IP address other than the one assigned to your Eth0 interface. If x.x.x.x in this line = same IP as your outside interface, then you have a problem and need to remove this line
>ip route 0.0.0.0 0.0.0.0 x.x.x.x
It is never a good idea to point a default out a broadcast interface. If x.x.x.x is a next hop off this interface, then drop the first entry. Else you are load-balancing accross these two gateways
>It is connected to a t1 interface and a 24-port switch.
Actually, it is not connected directly to a T1 interface unless you did not post the information for the serial 0 interface
So the questions are:
What device is x.x.x.x that your 2nd default gatway is pointing to?
What is your T1 connected to?
What does output of "show interface eth0" show in the way of error counters? Pay particular attention to CRC/frame errors and collisions/late collisions and input errors
>ip nat inside source static 10.10.1.0 x.x.x.x
This is a 1-1 static nat map, but you do not have another IP address other than the one assigned to your Eth0 interface. If x.x.x.x in this line = same IP as your outside interface, then you have a problem and need to remove this line