Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 588
  • Last Modified:

Optimize WAN built with Cisco 1700 series routers

We have a 2mb private line between our two offices and a Cisco 1700 series router at either end.   It's a little slow these days and was looking for some advice as to how to minimise unncessary network traffic such as broadcasts from passing other the WAN link.

Can anyone offer any suggestions?

0
tini1709
Asked:
tini1709
  • 3
  • 2
2 Solutions
 
BobintheNocCommented:
Are the two sites on separate subnets?  That'd be the quick way to keep broadcasts from propagating.  
0
 
tini1709Author Commented:
Well, the HQ is on 172.16.16.0 and the Branch office is 172.16.32.0 both with subnet mask of 255.255.255.0

0
 
BobintheNocCommented:
That'd put you on separate subnets then, and a broadcast from either side, to 172.16.32.255 or to 172.16.16.255, by default, shouldn't travel across the router.  Are the 1700s the actual gateways  or are they used only to terminate the private circuit?  Whereever your actual router(s) are, you'll want to make sure someone hasn't turned on a 'Helper' rule that enables propagation of broadcasts.  Again, by default, most routers won't pass broadcasts.

Out of curiosity, how have you determined that traffic going across is broadcast based?

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
tini1709Author Commented:
The 1700s are the gateways for each office and were installed by BT some years ago.

I haven't really determined that it's broadcast based.

The other possibility was Internet traffic as the branch office use the proxy server in the HQ for their internet access.
0
 
fileinsterCommented:
You could enable QoS to prioritise traffic, if bandwidth is the issue. However, it's a complex configuration for someone not familiar with it. To black particular traffic apply an access-list to the interface with the interface lavel command "ip access-group 100 out" and configure ACL 100 to block whatever traffic and put a "permit ip any any" statement at the end.

Does that help any?
0
 
BobintheNocCommented:
I'm not much of an IOS person, and don't know if the 1700 allows you to dump packets--but perhaps it does have something along the lines of sho conn, to show the established connections?  Based on the destination and port, you might get a good idea of what the traffic is.

If you have the ability to get a packet capture running on either interface, it'd be pretty simple to identify the bandwidth hogs.  Dropping a hub inline, and then another PC on that same hub, with Wireshark or Netmon (or your favorite packet capture tool) running, you can capture every bit of traffic.  At 2mb, you won't be too worried about not being fast enough to capture, nor should you impact the existing traffic.  Putting a hub inline though, you might have to drop the 1700 interface to half duplex.  Again, not knowing much about the 1700, there may be a capture function built right in.  My PIX does, a simple CAPTURE command with some additional parameters, and I can get the pix to 'record' for a limited time, all traffic through.  Taking that capture and then loading it into WIreshark makes for an easy analysis without having to unplug and insert addtional hardware.  

The packet doesn't lie.  If you get accurate captures, you'll be able to see what's chewing up the bandwidth.  Packet capturing and analysis isn't exactly the simplest thing to do, especially if you've not done it before.  But, if you get the captures, we can help make the analysis.

Just one more note, 2mb is easy to consume nowadays.  A single user can eat that much up without blinking an eye.  What type of traffic are you EXPECTING to pass over the link?  Is it also the 'internet' connection for one of the offices?  

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now