Probleme de debit avec Cisco 1721

Probleme de debit avec Cisco 1721 - Windows & Software

Marsh Posté le 24-05-2006 à 00:01:16    

Bonjour
 
j'ai un petit soucis avec mon routeur cisco 1721 connecté derriere une freebox V5. il fonctionne parfaitement bien mais le debit est plus que limité.
je plafonne a 20-30Ko/s sur http://test-debit.free.fr alors qu'en branchant mon portable en direct sur la freebox je flirt avec les 500Ko/s.
J'ai un serveur web qui bouffe pas mal de bande passante en upload, mais j'ai egalement fait le test en le debranchant et je ne recupere que qq Ko/s en download.
J'ai jeté un oeil sur toute la config, je ne vois rien de special.
 
SI quelqu'un a une idée je suis preneur, voici ma config (sans les infos sensibles evidement):
 


!Ceci est la configuration du routeur : 192.168.99.1  
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname mvk_gw
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 500000 warnings
enable secret 5 *********
enable password 7 ***********
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local  
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.99.1 192.168.99.124
ip dhcp excluded-address 192.168.99.221 192.168.99.254
!
ip dhcp pool pool_local
   import all
   network 192.168.99.0 255.255.255.0
   domain-name m4vrick.com
   dns-server 212.27.54.252 212.27.53.252  
   default-router 192.168.99.1  
   lease 7
!
!
ip tcp synwait-time 10
ip cef
ip domain name m4vrick.com
ip name-server 212.27.54.252
no ip bootp server
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW ssh
ip inspect name SDM_LOW telnet
ip inspect name sdm_ins_in_100 dns
ip inspect name sdm_ins_in_100 h323
ip inspect name sdm_ins_in_100 https
ip inspect name sdm_ins_in_100 icmp
ip inspect name sdm_ins_in_100 imap
ip inspect name sdm_ins_in_100 pop3
ip inspect name sdm_ins_in_100 netshow
ip inspect name sdm_ins_in_100 rcmd
ip inspect name sdm_ins_in_100 realaudio
ip inspect name sdm_ins_in_100 rtsp
ip inspect name sdm_ins_in_100 sqlnet
ip inspect name sdm_ins_in_100 streamworks
ip inspect name sdm_ins_in_100 tftp
ip inspect name sdm_ins_in_100 tcp
ip inspect name sdm_ins_in_100 udp
ip inspect name sdm_ins_in_100 vdolive
ip inspect name sdm_ins_in_100 telnet
ip inspect name sdm_ins_in_100 smtp alert on
ip inspect name sdm_ins_in_100 ftp alert on
ip inspect name sdm_ins_in_100 ssh alert on
no ip ips deny-action ips-interface
ip ips notify SDEE
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
username admin privilege 15 password 7 ***************
 
!
!  
!
!
!
interface Null0
 no ip unreachables
!
interface Ethernet0
 description Wan$ETH-WAN$$FW_OUTSIDE$
 ip address 82.67.165.152 255.255.255.0
 ip access-group 102 in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect sdm_ins_in_100 in
 ip inspect SDM_LOW out
 ip virtual-reassembly
 ip route-cache flow
 full-duplex
!
interface FastEthernet0
 description lan$ETH-LAN$$FW_INSIDE$
 ip address 192.168.99.1 255.255.255.0
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 82.67.165.254
ip http server
ip http access-class 1
no ip http secure-server
!
ip nat pool interpool 82.67.165.152 82.67.165.152 netmask 255.255.255.252
ip nat inside source list 100 interface Ethernet0 overload
ip nat inside source static tcp 192.168.99.5 21 interface Ethernet0 21
ip nat inside source static tcp 192.168.99.6 80 interface Ethernet0 80
ip nat inside source static tcp 192.168.99.5 25 interface Ethernet0 25
ip nat inside source static tcp 192.168.99.5 110 interface Ethernet0 110
!
!
access-list 1 remark HTTP Access-class list
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 192.168.99.0 0.0.0.255
access-list 1 deny   any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 82.67.165.0 0.0.0.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark http
access-list 101 permit tcp any eq www host 192.168.99.6 eq www
access-list 101 deny   ip 192.168.99.0 0.0.0.255 any
access-list 101 permit icmp any host 82.67.165.152 echo-reply
access-list 101 permit icmp any host 82.67.165.152 time-exceeded
access-list 101 permit icmp any host 82.67.165.152 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit tcp any host 82.67.165.152 eq smtp log
access-list 102 permit tcp any host 82.67.165.152 eq ftp log
access-list 102 permit tcp any host 82.67.165.152 eq www log
access-list 102 permit tcp any host 82.67.165.152 eq telnet log
access-list 102 deny   ip 192.168.99.0 0.0.0.255 any
access-list 102 permit icmp any host 82.67.165.152 echo-reply
access-list 102 permit icmp any host 82.67.165.152 time-exceeded
access-list 102 permit icmp any host 82.67.165.152 unreachable
access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip host 0.0.0.0 any
access-list 102 deny   ip any any log
access-list 103 remark VTY Access-class list
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.99.0 0.0.0.255 any
access-list 103 deny   ip any any
no cdp run
!
!
control-plane
!
banner login ^CBienvenue sur la passerelle d'acces MvK^C
!
line con 0
 transport output telnet
line aux 0
 transport output telnet
line vty 0 4
 access-class 103 in
 transport input telnet ssh
 transport output telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
end


 


---------------
--== M4vr|ck ==--
Reply

Marsh Posté le 24-05-2006 à 00:01:16   

Reply

Marsh Posté le 24-05-2006 à 10:25:22    

need help please !


Message édité par M4vrick le 24-05-2006 à 10:25:32

---------------
--== M4vr|ck ==--
Reply

Marsh Posté le 24-05-2006 à 14:17:04    

up


---------------
--== M4vr|ck ==--
Reply

Marsh Posté le 25-05-2006 à 15:48:41    

personne n'as la moindre idée?


---------------
--== M4vr|ck ==--
Reply

Marsh Posté le 26-05-2006 à 11:07:24    

help!


---------------
--== M4vr|ck ==--
Reply

Marsh Posté le 29-05-2006 à 09:40:56    

up!


---------------
--== M4vr|ck ==--
Reply

Marsh Posté le 29-05-2006 à 10:16:39    

fais nous des show interface et show version.


Message édité par dreamer18 le 29-05-2006 à 10:16:50
Reply

Marsh Posté le 29-05-2006 à 17:09:09    


mvk_gw#sh version
Cisco IOS Software, C1700 Software (C1700-K9O3SY7-M), Version 12.4(1a), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Fri 27-May-05 21:31 by hqluong
 
ROM: System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1)
 
mvk_gw uptime is 5 days, 17 hours, 29 minutes
System returned to ROM by reload
System image file is "flash:c1700-k9o3sy7-mz.124-1a.bin"
 
 
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
 
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
 
If you require further assistance please contact us by sending email to
export@cisco.com.
 
Cisco 1721 (MPC860P) processor (revision 0x500) with 61788K/3748K bytes of memory.
Processor board ID FOC09260268 (2129900652), with hardware revision 0000
MPC860P processor: part number 5, mask 2
1 Ethernet interface
1 FastEthernet interface
32K bytes of NVRAM.
32768K bytes of processor board System flash (Read/Write)
 
Configuration register is 0x2102


 


mvk_gw#sh interface
Ethernet0 is up, line protocol is up  
  Hardware is PQUICC Ethernet, address is 0004.dc0d.59bb (bia 0004.dc0d.59bb)
  Description: Wan$ETH-WAN$$FW_OUTSIDE$
  Internet address is 82.67.165.152/24
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,  
     reliability 255/255, txload 20/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 10BaseT
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 1/75/14/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 78000 bits/sec, 70 packets/sec
  5 minute output rate 819000 bits/sec, 87 packets/sec
     15397970 packets input, 1696102066 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 7 giants, 0 throttles
     27812 input errors, 12758 CRC, 15043 frame, 3 overrun, 1 ignored
     0 input packets with dribble condition detected
     21505629 packets output, 3165406140 bytes, 1 underruns
     1 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
FastEthernet0 is up, line protocol is up  
  Hardware is PQUICC_FEC, address is 0014.a875.a2b1 (bia 0014.a875.a2b1)
  Description: lan$ETH-LAN$$FW_INSIDE$
  Internet address is 192.168.99.1/24
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,  
     reliability 248/255, txload 2/255, rxload 20/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 10Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 818000 bits/sec, 88 packets/sec
  5 minute output rate 88000 bits/sec, 70 packets/sec
     21463725 packets input, 3175404974 bytes
     Received 15217 broadcasts, 0 runts, 0 giants, 0 throttles
     770832 input errors, 382246 CRC, 0 frame, 9 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     15361193 packets output, 1681029363 bytes, 0 underruns
     0 output errors, 0 collisions, 3 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
NVI0 is up, line protocol is up  
  Hardware is NVI
  MTU 1514 bytes, BW 10000000 Kbit, DLY 0 usec,  
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation UNKNOWN, loopback not set
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out


 
je vais surement tenter de le reconfigurer sans le firewall pour voir si c'est lui qui pose probleme comme je le suppose


---------------
--== M4vr|ck ==--
Reply

Marsh Posté le 29-05-2006 à 17:21:28    

As-tu pensé à verifier/changer tes câbles ?
Tu as pas mal d'erreur sur tes 2 interfaces.

Reply

Marsh Posté le 29-05-2006 à 17:26:51    

les erreurs en input sur l'ethernet viennent de la freebox qui est posée sous le routeur, le cable fait 1m.
Pour la fastethernet il faut que je la repasse en auto, je l'avais forcée en 10mbits pour verifier si c'etait pas un probleme de negociation avec le switch. en auto j'avais tres tres peu d'erreurs.
 
Je vais changer le cable entre la freebox et le routeur pour voir. j'y avais pas pensé, j'espere que ca n'est que ca (meme si c'est tres con de ne pas y avoir pensé dans ce cas la)
 
EDIT:
 
bon alors... quasi plus d'erreurs avec la Fa0 en speed auto. sur l'eth0 j'ai toujours qq erreurs qui arrivent.
Si vous avez une commande poru remettre a zero les compteurs pour que je puisse verifier serieusement, j'aimerais eviter de rebooter le routeur en pleine journée, je suis en plein pic d'utilisation.
 
Et encore merci d'essayer de m'aider :jap:


Message édité par M4vrick le 29-05-2006 à 17:38:55

---------------
--== M4vr|ck ==--
Reply

Marsh Posté le 29-05-2006 à 17:26:51   

Reply

Marsh Posté le 29-05-2006 à 17:53:11    

clear counter int fa 0/0
clear counter int e 0/0


Message édité par kill9 le 29-05-2006 à 18:11:45
Reply

Marsh Posté le 29-05-2006 à 19:01:09    

ok merci :)
 
Bon donc j'ai toujours des erreurs sur l'interface publique (0.7% d'erreurs et 0.3% de CRC en moyenne), quasi plus aucune sur l'interface privée.
 
si vous ne voyez rien de louche dans la config je pense que je vais la refaire sans le firewall...


Message édité par M4vrick le 29-05-2006 à 19:02:27

---------------
--== M4vr|ck ==--
Reply

Marsh Posté le 30-05-2006 à 22:55:12    

j'ai tenté une config sans le firewall avec juste le nat, pb idem.
J'ai testé avec une downgrade vers un IOS en version 12.3, pb idem.
 
Je commence a me demander si c'est pas le routeur qui est defectueux. je vais tester avec un autre 1721


---------------
--== M4vr|ck ==--
Reply

Marsh Posté le 31-05-2006 à 07:07:06    

tu as viré tous les "ip inspect" et les access list ?

Reply

Marsh Posté le 31-05-2006 à 08:40:48    

j'ai refait une config neuve avec juste le minimum pour avoir le nat.
 
J'ai testé egalement avec un autre 1721, le probleme est identique :(
La derniere chose que je n'ai pas testé c'est ma carte WIC, mais j'en ai qu'une.


---------------
--== M4vr|ck ==--
Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed