reply to stoz
Re: [Config] Setup Cisco 877 to work with Bt InfinityYou should just need to set them on Dialer1 as that's where the limitation is. Other traffic can use a higher MTU and anything going over the Dialer1 interface should automatically get it's MSS lowered to the correct value in the SYN packet.
Given that your downloads work with the firewall off, it's pointing to a problem with the firewall inspection. My guess is you need to add
match protocol http to the sdm-cls-insp-traffic class-map.. Make sure you add it before the
match protocol tcp
Ok great I'll give that a go. Many thanks again Paul.
reply to phardacre
Right well I got somewhere by moving the match http rule above the sdm-class-inspect-traffic rule in the SDM - speedtest got a bit further, but slower than normal, before eventually erroring out. Back to the drawing board I guess.
Just out of curiosity, what speedtest are you using? I've just started using »www.measurementlab.net/run-ndt which seems to be quite good, can give you some useful info. What errors are you getting? Does anything pop up in the console logs on the router?
You're doing a lot with that router so it could be that it's CPU is maxed. As I said, ours will top out at ~30Mbps downstream just doing NAT - no ZBF at the moment. If it's gotta inspect all the packets coming in as well, I'd expect that to add more load. Try a
sh proc cpu history and see what the cpu loads are like. Though, saying that, I'd expect it to just get slower rather than cause a connection to drop if the cpu load was causing the problem..
I normally just use speedtest.net (37.99 down / 9.00 up)
I had a go with the site you linked and got 37 down / 9 up. I can post the details too but they dont seem amiss.
If you're just using NAT on the router what're you using for the ZBF? Another Cisco or proxy server? NAT on our router is working fine, although non-used ports are closed rather than stealthed. The speed is absolutely fine too, it's only when we enable basic FW that we run into problems.