Trying to figure out why my connection from the ISR4321 is sooo slow. I tested first with plugging my laptop directly into the modem. From the modem directly, I'm hitting speed of up to mid to high 90's. When I plug my 4321 into the modem and use the 2nd interface to the laptop, I go down to mid or high 18's. How can I go from 90's to 18's? I posted my config. License should push 50 in and 50 out. No idea what is causing this. My g0/0/0 is inside and g0/0/1 outside. Any help?
__-_________________
version 16.6 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime service timestamps log datetime msec localtime show-timezone year service password-encryption service sequence-numbers platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core ! hostname RTE ! boot-start-marker boot system flash bootflash:isr4300-universalk9.16.06.02.SPA.bin boot-end-marker ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! logging buffered warnings no logging console no logging monitor enable secret 5 $1$7vG5$PIahg9O40FxoTHfozgtXW/ ! aaa new-model ! ! aaa group server tacacs+ ISETACACS server name alcise01 server name alcise02 ! aaa authentication password-prompt "Password: " aaa authentication username-prompt "Username_: " aaa authentication login default group tacacs+ local aaa authentication login VTY group ISE_TACACS local aaa authentication enable default group tacacs+ enable aaa authorization config-commands aaa authorization exec VTY group ISE_TACACS local if-authenticated aaa authorization commands 1 VTY group ISE_TACACS local if-authenticated aaa authorization commands 15 VTY group ISE_TACACS local if-authenticated aaa accounting update periodic 15 aaa accounting exec default start-stop group ISE_TACACS aaa accounting commands 1 default start-stop group ISE_TACACS aaa accounting commands 15 default start-stop group ISE_TACACS ! ! ! ! ! ! aaa session-id common process cpu threshold type total rising 80 interval 60 falling 40 interval 60 clock timezone CDT -5 0 clock summer-time CDT recurring no ip source-route ip options drop ! ip name-server 10.255.0.190 10.255.0.191 ip domain list ***** ip domain lookup source-interface GigabitEthernet0/0/0 ip domain name ***** no ip dhcp use vrf connected ip dhcp excluded-address 10.50.10.1 10.50.10.70 ip dhcp excluded-address 10.50.10.100 10.50.10.254 ! ip dhcp pool CLIENT network 10.50.10.0 255.255.255.0 default-router 10.50.10.254 dns-server 10.255.0.190 10.255.0.191 netbios-name-server 10.255.0.190 10.255.0.191 domain-name ***** lease 2 ! ip dhcp pool Pinicon-1 host 10.50.10.101 255.255.255.0 client-identifier 0180.9b20.b576.b8 dns-server 10.255.0.190 10.255.0.191 default-router 10.50.10.254 domain-name ***** netbios-name-server 10.255.0.190 10.255.0.191 lease 2 ! ip dhcp pool Pinicon-2 host 10.50.10.102 255.255.255.0 client-identifier 0180.9b20.b848.54 dns-server 10.255.0.190 10.255.0.191 default-router 10.50.10.254 domain-name ***** netbios-name-server 10.255.0.190 10.255.0.191 lease 2 ! ip dhcp pool Pinicon-3 host 10.50.10.103 255.255.255.0 client-identifier 0144.8a5b.e917.45 dns-server 10.255.0.190 10.255.0.191 default-router 10.50.10.254 domain-name ***** netbios-name-server 10.255.0.190 10.255.0.191 lease 2 ! ip dhcp pool Pinicon-4 host 10.50.10.104 255.255.255.0 client-identifier 01b8.8a60.3e6d.9c dns-server 10.255.0.190 10.255.0.191 default-router 10.50.10.254 domain-name ***** lease 2 ! ! license udi pid ISR4321/K9 sn FDO19490H76 license boot level securityk9 diagnostic bootup level minimal spanning-tree extend system-id ! ! ! username ***** privilege 15 password 7 ***** ! redundancy mode none ! ! ! ! ! ! ! crypto keyring keyring pre-shared-key address 0.0.0.0 0.0.0.0 key ***** ! ! ! ! ! ! crypto isakmp policy 10 encr aes authentication pre-share crypto isakmp keepalive 10 periodic crypto isakmp nat keepalive 20 ! ! crypto ipsec transform-set ***** mode transport ! crypto ipsec profile AES-SHA set transform-set AES-SHA ! ! ! ! ! ! ! ! ! ! interface Tunnel0 description DMVPN ip address 10.255.14.60 255.255.254.0 no ip redirects ip mtu 1400 ip nhrp authentication enlivant ip nhrp map 10.255.14.1 38.69.52.4 ip nhrp map multicast 38.69.52.4 ip nhrp network-id 1 ip nhrp holdtime 300 ip nhrp nhs 10.255.14.1 ip nhrp redirect ip tcp adjust-mss 1360 keepalive 5 3 tunnel source GigabitEthernet0/0/1 tunnel mode gre multipoint tunnel key 1 tunnel protection ipsec profile AES-SHA shared ip virtual-reassembly ! interface GigabitEthernet0/0/0 description LAN-INSIDE ip address 10.50.10.254 255.255.255.0 ip mtu 1460 ip nat inside ip tcp adjust-mss 1350 ip policy route-map PBR negotiation auto hold-queue 32 in hold-queue 100 out ip virtual-reassembly ! interface GigabitEthernet0/0/1 description INTERNET-OUTSIDE ip address dhcp ip nat outside negotiation auto no cdp enable ip virtual-reassembly ! interface GigabitEthernet0 vrf forwarding Mgmt-intf no ip address shutdown negotiation auto ! ! router eigrp 2 distribute-list prefix BLOCK-EIGRP-DEFAULT in network 10.0.0.0 passive-interface default no passive-interface Tunnel0 eigrp stub connected ! ip nat inside source list NAT interface GigabitEthernet0/0/1 overload ip forward-protocol nd no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip http server no ip http secure-server ip http secure-trustpoint TP-self-signed-3430957644 ip http client secure-trustpoint TP-self-signed-3430957644 ip tftp source-interface GigabitEthernet0/0/0 ip tacacs source-interface GigabitEthernet0/0/0 ! ip ssh version 2 ! ! ip prefix-list BLOCK-EIGRP-DEFAULT seq 5 deny 0.0.0.0/0 ip prefix-list BLOCK-EIGRP-DEFAULT seq 10 permit 0.0.0.0/0 le 32 ! ip access-list extended NAT permit ip 10.50.10.224 0.0.0.15 any ip access-list extended PBR deny ip 10.50.10.224 0.0.0.15 any deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 permit ip 10.0.0.0 0.255.255.255 any ! ! logging trap warnings logging host 10.255.0.150 access-list 2 permit 10.6.0.0 0.0.255.255 access-list 2 permit 10.20.0.0 0.0.255.255 access-list 2 permit 10.40.0.0 0.0.255.255 access-list 2 permit 10.50.0.0 0.0.255.255 access-list 2 permit 10.90.0.0 0.0.255.255 access-list 2 permit 10.255.0.0 0.0.255.255 access-list 2 permit ***** 0.0.0.63 access-list 2 permit ***** 0.0.0.7 access-list 2 deny any ! ! route-map PBR permit 10 match ip address PBR set ip next-hop 10.255.14.1 ! snmp-server community ALCpub RO snmp-server community 177h@ouses RW snmp-server enable traps snmp coldstart snmp-server enable traps tty snmp-server enable traps memory bufferpeak snmp-server enable traps cpu threshold snmp-server host 10.255.8.158 ALCpub tacacs-server timeout 10 tacacs-server directed-request tacacs server alcise01 address ipv4 10.255.0.30 key 7 ***** tacacs server alcise02 address ipv4 10.255.0.31 key 7 ***** ! ! ! ! control-plane ! banner motd CCC ********************* ATTENTION!! *********************** * * * STATE AND FEDERAL STATUTES MAKE IT A CRIME TO * * GAIN UNAUTHORIZED ACCESS INTO THIS SYSTEM.VIOLATORS * * WILL BE PROSECUTED TO THE FULLEST EXTENT OF THE LAW.c * * * *********************************************************** Your session is being monitored by Enlivant network admins. C ! line con 0 session-timeout 40 exec-timeout 120 0 logging synchronous transport input none stopbits 1 line aux 0 modem InOut no exec stopbits 1 speed 115200 flowcontrol hardware line vty 0 4 session-timeout 40 access-class 2 in exec-timeout 120 0 authorization commands 1 VTY authorization commands 15 VTY authorization exec VTY logging synchronous login authentication VTY length 0 transport input ssh line vty 5 15 session-timeout 40 access-class 2 in exec-timeout 120 0 authorization commands 1 VTY authorization commands 15 VTY authorization exec VTY logging synchronous login authentication VTY transport input ssh ! scheduler max-task-time 5000 ntp source Tunnel0 ntp server 10.255.0.1 wsma agent exec ! wsma agent config ! wsma agent filesys ! wsma agent notify ! ! end
RTE#sh ip int g0/0/0 GigabitEthernet0/0/0 is up, line protocol is up Internet address is 10.50.10.254/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1460 bytes Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined: 224.0.0.10 Outgoing Common access list is not set Outgoing access list is not set Inbound Common access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP Flow switching is disabled IP CEF switching is enabled IP CEF switching turbo vector IP Null turbo vector Associated unicast routing topologies: Topology "base", operation state is UP IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is enabled, using route map PBR Network address translation is enabled, interface in domain inside BGP Policy Mapping is disabled Input features: Virtual Fragment Reassembly, Policy Routing, MCI Check, TCP Adjust MSS Output features: NAT Inside, TCP Adjust MSS IPv4 WCCP Redirect outbound is disabled IPv4 WCCP Redirect inbound is disabled IPv4 WCCP Redirect exclude is disabled
RTE#sh int g0/0/0 GigabitEthernet0/0/0 is up, line protocol is up Hardware is ISR4321-2x1GE, address is 00f2.8b29.2400 (bia 00f2.8b29.2400) Description: LAN-INSIDE Internet address is 10.50.10.254/24 MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not supported Full Duplex, 1000Mbps, link type is auto, media type is RJ45 output flow-control is off, input flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:00:03, output hang never Last clearing of "show interface" counters 00:18:46 Input queue: 0/32/0/0 (size/max/drops/flushes); Total output drops: 175 Queueing strategy: fifo Output queue: 0/100 (size/max) 5 minute input rate 28000 bits/sec, 14 packets/sec 5 minute output rate 135000 bits/sec, 9 packets/sec 40418 packets input, 9560526 bytes, 0 no buffer Received 2108 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 4419 multicast, 0 pause input 43948 packets output, 31662276 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 38 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out -----------------
=_______________-
------------------------------------------------------------- RTE#sh ip int g0/0/1 GigabitEthernet0/0/1 is up, line protocol is up Internet address is *******/23 Broadcast address is 255.255.255.255 Address determined by DHCP MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing Common access list is not set Outgoing access list is not set Inbound Common access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP Flow switching is disabled IP CEF switching is enabled IP CEF switching turbo vector IP Null turbo vector Associated unicast routing topologies: Topology "base", operation state is UP IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is enabled, interface in domain outside BGP Policy Mapping is disabled Input features: Virtual Fragment Reassembly, NAT Outside, MCI Check Output features: Post-routing NAT Outside IPv4 WCCP Redirect outbound is disabled IPv4 WCCP Redirect inbound is disabled IPv4 WCCP Redirect exclude is disabled
_____________-_
RTE#sh int g0/0/1 GigabitEthernet0/0/1 is up, line protocol is up Hardware is ISR4321-2x1GE, address is 00f2.8b29.2401 (bia 00f2.8b29.2401) Description: INTERNET-OUTSIDE Internet address is *******/23 MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not supported Full Duplex, 1000Mbps, link type is auto, media type is RJ45 output flow-control is off, input flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:37:59, output hang never Last clearing of "show interface" counters 00:19:48 Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 145000 bits/sec, 61 packets/sec 5 minute output rate 35000 bits/sec, 12 packets/sec 99094 packets input, 36172421 bytes, 0 no buffer Received 52087 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 129 multicast, 0 pause input 36886 packets output, 9840593 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out
RTE#sh ver Cisco IOS XE Software, Version 16.06.02 Cisco IOS Software [Everest], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.6.2, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2017 by Cisco Systems, Inc. Compiled Wed 01-Nov-17 07:09 by mcpre
ROM: IOS-XE ROMMON
Pinicon_Place uptime is 6 hours, 23 minutes Uptime for this control processor is 6 hours, 26 minutes System returned to ROM by PowerOn at 23:59:00 CDT Sat Mar 24 2018 System restarted at 10:10:32 CDT Tue Apr 10 2018 System image file is "bootflash:isr4300-universalk9.16.06.02.SPA.bin" Last reload reason: PowerOn
Suite License Information for Module:'esg'
Suite Suite Current Type Suite Next reboot
FoundationSuiteK9 None None None securityk9 appxk9
AdvUCSuiteK9 None None None uck9 cme-srst cube
Technology Package License Information:
Technology Technology-package Technology-package
Current Type Next reboot
appxk9 None None None uck9 None None None securityk9 securityk9 EvalRightToUse securityk9 ipbase ipbasek9 Permanent ipbasek9
cisco ISR4321/K9 (1RU) processor with 1796760K/6147K bytes of memory. Processor board ID FLM1951W070 2 Gigabit Ethernet interfaces 32768K bytes of non-volatile configuration memory. 4194304K bytes of physical memory. 3223551K bytes of flash memory at bootflash:. 0K bytes of WebUI ODM Files at webui:.
Configuration register is 0x2102
No comments:
Post a Comment