Έχω εντοπίσει τα παρακάτω που ωφείλονται σε απειρία στην παραμετροποίηση,

1. υψηλά ping replies στο bvi4 interface από τους clients που συνδέονται στον 877w ενώ με ένα speedtouch 716wl που έχω είναι σταθερά <1ms
2. όταν κάνω μεταφορά δεδομένων από έναν υπολογιστή που είναι πχ στο vlan1 προς ένα φορητό (bvi4/vlan4) τότε σηκώνει CPU utilization ~100%
3. όταν στο configuration του dot11radio0 υπάρχει το παρακάτω
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
τότε οι clients συνδέονται στα 18mbps ακόμα και δίπλα στον 877
με speed basic-1.0 48.0 54.0 συνδέονται στα 54mbps

παραθέτω configuration



!
! Last configuration change at 22:02:22 GREECE Thu Jul 16 2009 by xxx
! NVRAM config last updated at 22:02:23 GREECE Thu Jul 16 2009 by xxx
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone year
service password-encryption
!
hostname xxx
!
boot-start-marker
boot system flash c870-advipservicesk9-mz.124-15.T9.bin
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 11111
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone GREECE 2
clock summer-time GREECE recurring last Sun Mar 3:00 last Sun Oct 4:00
clock save interval 8
!
crypto pki trustpoint TP-self-signed-1557423304
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1557423304
revocation-check none
rsakeypair TP-self-signed-1557423304
!
!
crypto pki certificate chain TP-self-signed-1557423304
certificate self-signed 01 nvram:IOS-Self-Sig#1F.cer
dot11 syslog
dot11 vlan-name xxx vlan 4
!
dot11 ssid xxx
vlan 4
max-associations 5
authentication open
authentication key-management wpa
guest-mode
infrastructure-ssid
mobility network-id 4
wpa-psk ascii 7 11111
information-element ssidl advertisement
!
ip cef
!
!
ip nbar port-map custom-05 udp 5402
ip nbar port-map custom-04 udp 37150
ip nbar port-map custom-03 tcp 37150
ip nbar port-map custom-02 tcp 5402
ip nbar port-map custom-01 tcp 20
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.10
ip dhcp excluded-address 192.168.2.21 192.168.2.254
ip dhcp excluded-address 192.168.4.1 192.168.4.10
ip dhcp excluded-address 192.168.4.21 192.168.4.254
!
ip dhcp pool Servers
import all
network 192.168.2.0 255.255.255.0
dns-server 192.168.2.1
default-router 192.168.2.1
lease infinite
!
ip dhcp pool xxx
import all
network 192.168.4.0 255.255.255.0
dns-server 192.168.4.1
default-router 192.168.4.1
lease infinite
!
!
ip domain name xxx
ip name-server 194.219.227.1
ip ddns update method sdm_ddns1
HTTP
add http://xxx:xxx@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://xxx:xxx@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
!
no ip igmp snooping
!
multilink bundle-name authenticated
!
!
username xxx privilege 15 view root secret 5 11111
!
!
archive
log config
hidekeys
!
!
ip ssh maxstartups 2
ip ssh time-out 10
ip ssh authentication-retries 1
ip ssh version 2
!
class-map match-any utorrent
match protocol custom-03
match protocol custom-04
match protocol bittorrent
match protocol edonkey
match protocol gnutella
match protocol kazaa2
match protocol winmx
match protocol cuseeme
match protocol custom-02
match protocol custom-05
class-map match-any WebEmail
match protocol http
match protocol secure-http
match protocol ftp
match protocol smtp
match protocol pop3
match protocol custom-01
match protocol dns
match protocol ntp
match protocol custom-02
match protocol custom-05
match protocol secure-pop3
match protocol secure-telnet
match protocol ssh
match protocol telnet
match protocol icmp
class-map match-any VoIP
match protocol sip
match protocol rtp
match protocol skype
!
!
policy-map MyQoSPolicy
class VoIP
priority percent 40
set dscp ef
class WebEmail
priority percent 35
class utorrent
bandwidth remaining percent 50
class class-default
bandwidth remaining percent 25
!
!
bridge irb
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
no atm ilmi-keepalive
dsl operating-mode adsl2+
!
interface ATM0.1 point-to-point
ip virtual-reassembly
pvc 8/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
description P2P Server
no cdp enable
spanning-tree portfast
!
interface FastEthernet1
description 3Com Gigabit Switch
switchport access vlan 2
no cdp enable
spanning-tree portfast
!
interface FastEthernet2
switchport access vlan 4
shutdown
no cdp enable
spanning-tree portfast
!
interface FastEthernet3
description Gigaset C455 IP
switchport access vlan 3
switchport voice vlan 3
duplex half
speed 10
no cdp enable
spanning-tree portfast
!
interface Dot11Radio0
no ip address
ip nbar protocol-discovery
ip virtual-reassembly
!
encryption vlan 4 mode ciphers aes-ccm tkip
!
ssid xxx
!
speed basic-1.0 48.0 54.0
channel 2457
station-role root
antenna receive left
antenna transmit right
world-mode dot11d country GR both
l2-filter bridge-group-acl
no cdp enable
!
interface Dot11Radio0.1
ip nbar protocol-discovery
ip virtual-reassembly
no cdp enable
!
interface Dot11Radio0.4
encapsulation dot1Q 4 native
ip virtual-reassembly
no cdp enable
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 input-address-list 700
bridge-group 4 spanning-disabled
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
!
interface Vlan1
description P2P LAN
ip address 192.168.1.1 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
!
interface Vlan2
description SERVERS LAN
ip address 192.168.2.1 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
!
interface Vlan3
description VOIP LAN
ip address 192.168.3.1 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
!
interface Vlan4
description C877W
no ip address
ip nat inside
ip virtual-reassembly
shutdown
bridge-group 4
!
interface Dialer0
description Your WAN Interface to the Internet running at 1024
mtu 1492
bandwidth 1024
ip ddns update hostname xxx
ip ddns update sdm_ddns1
ip address negotiated
ip access-group 111 in
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxx
ppp chap password 7 062E1D7068700D5D2B
ppp pap sent-username xxx password 7 11111
service-policy output MyQoSPolicy
!
interface BVI4
description Bridge to xxx
ip address 192.168.4.1 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 2 interface Dialer0 overload
ip nat inside source list 3 interface Dialer0 overload
ip nat inside source list 4 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.11 5402 interface Dialer0 5402
ip nat inside source static udp 192.168.1.11 5402 interface Dialer0 5402
ip nat inside source static udp 192.168.1.11 6346 interface Dialer0 6346
ip nat inside source static tcp 192.168.1.11 6346 interface Dialer0 6346
ip nat inside source static tcp 192.168.1.11 80 interface Dialer0 80
ip nat inside source static udp 192.168.1.11 80 interface Dialer0 80
ip nat inside source static tcp 192.168.1.11 5403 interface Dialer0 5403
ip nat inside source static udp 192.168.1.11 5403 interface Dialer0 5403
ip nat inside source static tcp 192.168.1.11 20 interface Dialer0 20
ip nat inside source static tcp 192.168.1.11 21 interface Dialer0 21
ip nat inside source static tcp 192.168.3.11 5004 interface Dialer0 5004
ip nat inside source static udp 192.168.3.11 5004 interface Dialer0 5004
ip nat inside source static udp 192.168.3.11 5060 interface Dialer0 5060
ip nat inside source static tcp 192.168.3.11 5060 interface Dialer0 5060
ip nat inside source static udp 192.168.3.11 3478 interface Dialer0 3478
ip nat inside source static tcp 192.168.3.11 3478 interface Dialer0 3478
ip nat inside source static udp 192.168.3.11 3479 interface Dialer0 3479
ip nat inside source static tcp 192.168.3.11 3479 interface Dialer0 3479
ip nat inside source static tcp 192.168.4.9 51147 interface Dialer0 51147
ip nat inside source static udp 192.168.4.9 51147 interface Dialer0 51147
ip nat inside source static tcp 192.168.4.9 51148 interface Dialer0 51148
ip nat inside source static udp 192.168.4.9 51148 interface Dialer0 51148
ip nat inside source static tcp 192.168.4.11 37150 interface Dialer0 37150
ip nat inside source static udp 192.168.4.11 37150 interface Dialer0 37150
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 3 remark SDM_ACL Category=2
access-list 3 permit 192.168.3.0 0.0.0.255
access-list 4 remark SDM_ACL Category=2
access-list 4 permit 192.168.4.0 0.0.0.255
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any source-quench
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit udp host 193.92.30.19 eq domain any gt 1023
access-list 111 permit udp host 194.219.227.2 eq domain any gt 1023
access-list 111 permit udp host 193.92.150.3 eq domain any gt 1023
access-list 111 permit udp host 193.92.110.1 eq domain any gt 1023
access-list 111 permit udp host 194.219.227.1 eq domain any gt 1023
access-list 111 permit udp host 192.43.244.18 eq ntp any eq ntp
access-list 111 permit udp host 193.92.150.3 eq ntp any eq ntp
access-list 111 permit udp host 147.52.3.15 eq ntp any eq ntp
access-list 111 permit udp any eq ntp any
access-list 111 permit tcp any any eq 5402
access-list 111 permit udp any any eq 5402
access-list 111 permit tcp any any eq 5403
access-list 111 permit udp any any eq 5403
access-list 111 permit tcp any any eq 5060
access-list 111 permit udp any any eq 5060
access-list 111 permit tcp any any eq 5004
access-list 111 permit udp any any eq 5004
access-list 111 permit tcp any any eq 3478
access-list 111 permit udp any any eq 3478
access-list 111 permit tcp any any eq 3479
access-list 111 permit udp any any eq 3479
access-list 111 permit tcp any any eq 7001
access-list 111 permit udp any any eq 7001
access-list 111 permit tcp any eq 7001 any
access-list 111 permit udp any eq 7001 any
access-list 111 permit tcp any eq 5060 any
access-list 111 permit udp any eq 5060 any
access-list 111 permit tcp any eq 3478 any
access-list 111 permit udp any eq 3478 any
access-list 111 permit tcp any eq 3479 any
access-list 111 permit udp any eq 3479 any
access-list 111 permit tcp any any eq 6346
access-list 111 permit udp any any eq 6346
access-list 111 permit tcp any any eq 37150
access-list 111 permit udp any any eq 37150
access-list 111 permit tcp any any eq 51147
access-list 111 permit udp any any eq 51147
access-list 111 permit tcp any any eq 51148
access-list 111 permit udp any any eq 51148
access-list 111 deny ip 202.97.238.0 0.0.0.255 any log
access-list 111 deny ip 221.209.110.0 0.0.0.255 any log
access-list 111 deny ip 60.15.177.0 0.0.0.255 any log
access-list 111 deny ip 66.150.223.0 0.0.0.255 any log
access-list 111 deny icmp any any
access-list 111 deny tcp any any eq 22
access-list 111 deny tcp any any eq ftp
access-list 111 deny tcp any any eq ftp-data
access-list 111 deny tcp any any eq telnet
access-list 111 deny tcp any any eq www
access-list 111 deny tcp any any eq smtp
access-list 111 deny tcp any any eq pop3
access-list 111 deny tcp any any eq 135
access-list 111 deny udp any any eq 135
access-list 111 deny tcp any any eq 136
access-list 111 deny udp any any eq 136
access-list 111 deny tcp any any eq 137
access-list 111 deny udp any any eq netbios-ns
access-list 111 deny tcp any any eq 138
access-list 111 deny udp any any eq netbios-dgm
access-list 111 deny tcp any any eq 139
access-list 111 deny udp any any eq netbios-ss
access-list 111 deny tcp any any eq 443
access-list 111 deny udp any any eq 443
access-list 111 deny tcp any any eq 445
access-list 111 deny udp any any eq 445
access-list 111 deny udp any any gt 1023 log
access-list 111 permit ip any any
access-list 700 permit 11111 0000.0000.0000
access-list 700 permit 11111 0000.0000.0000
access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
bridge 4 protocol ieee
bridge 4 route ip
banner motd 
　
************************************
* Unauthorized access prohibited *
************************************

!
line con 0
exec-timeout 0 0
privilege level 15
no modem enable
transport preferred none
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 0 0
transport preferred none
transport input ssh
!
scheduler max-task-time 5000
ntp clock-period 17175141
ntp server 147.52.3.15 prefer
end



Κάθε βοήθεια είναι καλοδεχούμενη,

σάς ευχαριστώ

Μήπως τον έχεις παραφορτώσει;

Βλέπω του έχεις κάνει πολύπλοκο config με QOS, Ν-bar κλτ..

Πόση μνήμη έχει; Τι ios έχει;

Καλή σου μέρα taxiarxos,

σου στέλνω αυτά που ζήτησες

c870-advipservicesk9-mz.124-15.T9.bin

Cisco 877W (MPC8272) processor (revision 0x300) with 236544K/25600K bytes of memory.
128K bytes of non-volatile configuration memory.
53248K bytes of processor board System flash (Intel Strataflash)

Ευχαριστώ

Μήπως το nbar είναι λίγο βαρύ για αυτό το μηχάνημα;

Sorry για την καθυστερημένη απάντηση αλλά βρήσκομαι σε διακοπές....:)


Δοκίμασε να βγάλεις το nbar από τον dialer κ βάλτο στα εσωταιρικά interfaces που χρειάζετε μόνο γιατί θα συμφωνήσω ότι είναι λίγο βαρύ το nbar για το συγκεκριμένο cisco.

Φρόντησε το nbar να το βάλεις στο out επάνω στα interfaces...

Δεν θυμάμαι πως γίνετε αλλά γίνετε σίγουρα...αν ψάξεις λιγάκι στο google θα βρείς αρκετά παραδείγματα...