Announcement

Collapse
No announcement yet.

weird quirk with working 877 configuration

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • weird quirk with working 877 configuration

    I have a fully working config for a cisco 877w. both wired and wireless work exactly the same and browse just fine to 95% of web sites with expected responsiveness. but a few websites, usually video streaming sites, seem to hang up after an initial load (netflix and metacafe being two main ones) however other sites work fine (like hulu and youtube). The videos never get loaded to play, seems like they freeze at the point when you would expect them to start buffering. I'm positive dns is working fine and can't for the life of me determine what is going on. I don't think its the ACLs since i've tried replacing them with permit all statements but still get the issue cropping up. can anyone see a problem with this config (99% from the excellent template from George:


    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname router
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    no logging console
    !
    no aaa new-model
    !
    resource policy
    !
    clock timezone PST -8
    clock summer-time PST recurring 1 Sun Apr 2:00 last Sun Oct 2:00
    ip subnet-zero
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 10.10.10.1 10.10.10.99
    ip dhcp excluded-address 10.10.20.1 10.10.20.99
    !
    ip dhcp pool Vlan1
    import all
    network 10.10.10.0 255.255.255.0
    default-router 10.10.10.1
    dns-server 68.94.156.1 68.94.157.1
    lease 4
    !
    ip dhcp pool Vlan2
    import all
    network 10.10.20.0 255.255.255.0
    dns-server 68.94.156.1 68.94.157.1
    default-router 10.10.20.1
    lease 4
    !
    !
    ip name-server 68.94.156.1
    ip name-server 68.94.157.1
    ip name-server 4.2.2.2
    ip name-server 4.2.2.3
    ip inspect name DEFAULT100 cuseeme
    ip inspect name DEFAULT100 ftp
    ip inspect name DEFAULT100 h323
    ip inspect name DEFAULT100 icmp
    ip inspect name DEFAULT100 netshow
    ip inspect name DEFAULT100 rcmd
    ip inspect name DEFAULT100 realaudio
    ip inspect name DEFAULT100 rtsp
    ip inspect name DEFAULT100 esmtp
    ip inspect name DEFAULT100 sqlnet
    ip inspect name DEFAULT100 streamworks
    ip inspect name DEFAULT100 tftp
    ip inspect name DEFAULT100 tcp
    ip inspect name DEFAULT100 udp
    ip inspect name DEFAULT100 vdolive
    no ip ips deny-action ips-interface
    !
    !
    quit
    username xxxxxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxx
    !
    !
    !
    bridge irb
    !
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    bundle-enable
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    description $ES_WAN$
    pvc 0/35
    oam-pvc manage
    pppoe-client dial-pool-number 1
    !
    !
    interface FastEthernet0
    spanning-tree portfast
    !
    interface FastEthernet1
    spanning-tree portfast
    !
    interface FastEthernet2
    spanning-tree portfast
    !
    interface FastEthernet3
    spanning-tree portfast
    !
    interface Dot11Radio0
    no ip address
    !
    encryption vlan 1 mode ciphers tkip
    !
    encryption vlan 2 mode ciphers tkip
    !
    ssid bbbbbbbbb
    vlan 2
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 0 xxxxxxxxxxxxxxxxx
    !
    ssid aaaaaaaaa
    vlan 1
    authentication open
    authentication key-management wpa
    wpa-psk ascii 7 xxxxxxxxxxxxxxxxxx
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
    54.0
    station-role root
    no dot11 extension aironet
    no cdp enable
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    !
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no snmp trap link-status
    no cdp enable
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    !
    interface Dot11Radio0.2
    encapsulation dot1Q 2
    shutdown
    no snmp trap link-status
    no cdp enable
    bridge-group 2
    bridge-group 2 subscriber-loop-control
    bridge-group 2 spanning-disabled
    bridge-group 2 block-unknown-source
    no bridge-group 2 source-learning
    no bridge-group 2 unicast-flooding
    !
    interface Vlan1
    description Internet Network
    no ip address
    ip access-group 100 in
    ip nat inside
    ip virtual-reassembly
    bridge-group 1
    bridge-group 1 spanning-disabled
    !
    interface Vlan2
    description Guest Network
    no ip address
    ip nat inside
    ip virtual-reassembly
    bridge-group 2
    bridge-group 2 spanning-disabled
    !
    interface Dialer1
    description $FW_OUTSIDE$
    ip address negotiated
    ip access-group 101 in
    ip mtu 1452
    ip nat outside
    ip inspect DEFAULT100 out
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname xxxxxxxxxxxxxx
    ppp chap password 7 xxxxxxxxxxxx
    ppp pap sent-username xxxxxxxxxxx password 7 xxxxxxxxxxxxx
    !
    interface BVI1
    description Bridge to Internal Network
    ip address 10.10.10.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    interface BVI2
    description Bridge to Guest Network
    ip address 10.10.20.1 255.255.255.0
    ip access-group Guest-ACL in
    ip nat inside
    ip virtual-reassembly
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    !
    ip dns server
    !
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface Dialer1 overload
    !
    ip access-list extended Guest-ACL
    deny ip any 10.10.10.0 0.0.0.255
    permit ip any any
    !
    access-list 1 permit 10.10.10.0 0.0.0.255
    access-list 1 permit 10.10.20.0 0.0.0.255
    access-list 23 permit 10.10.10.0 0.0.0.7
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 101 permit udp host 4.2.2.3 eq domain any
    access-list 101 permit udp host 4.2.2.2 eq domain any
    access-list 101 permit udp any eq bootps any eq bootpc
    access-list 101 deny ip 10.10.10.0 0.0.0.255 any
    access-list 101 deny ip 10.10.20.0 0.0.0.255 any
    access-list 101 permit icmp any any echo-reply
    access-list 101 permit icmp any any time-exceeded
    access-list 101 permit icmp any any unreachable
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 permit udp host 129.6.15.28 eq ntp any eq ntp
    access-list 101 permit udp any any eq domain
    access-list 101 permit udp any eq domain any
    access-list 101 deny ip any any
    dialer-list 1 protocol ip permit
    no cdp run
    !
    !
    control-plane
    !
    bridge 1 route ip
    bridge 2 route ip

    !
    line con 0
    login local
    no modem enable
    line aux 0
    line vty 0 4
    access-class 23 in
    privilege level 15
    login local
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    ntp clock-period 17175029
    ntp server 129.6.15.28 source Dialer1 prefer
    end

  • #2
    Re: weird quirk with working 877 configuration

    fixed it .... needed 'ip tcp adjust-mss 1412' under the BVI1 interface

    Comment

    Working...
    X