Hallo, ik heb hier bij een klant een Cisco staan (1,5 uur rijden) waarop sommige websites traag laden. Soms traag, dan weer snel. Ik heb de MTU al naar 1400 gezet, maar geen resultaat. Voordat ik de provider bel, is er iets duidelijk mis met deze configuratie?
SR520 Base Config - MFG 1.0
User Access Verification
Username: networkadmin
Password:
SR520#sh run
Building configuration...
Current configuration : 7476 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SR520
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-443078087
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-443078087
revocation-check none
rsakeypair TP-self-signed-443078087
!
!
crypto pki certificate chain TP-self-signed-443078087
certificate self-signed 01
3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34343330 37383038 37301E17 0D303230 33303130 30333333
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3434 33303738
30383730 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
BA1F956A 4D221681 E214FD48 B7F39275 5CB5C921 833D256E 391264C2 63EE42B1
71B5F63F 3E2CF3EF E2614F94 9E7C83EA D1011021 26B9A15E D6BA80A5 5322E48D
2AC28971 066A747E FB0C8AF7 72BCB694 498B9082 114D21D0 7D8F3E7C F2A5A0A5
C7FC4801 76D2D21A 43ED7E25 142B56B9 890161BF 1625CA78 67504397 11429DF5
02030100 01A36530 63300F06 03551D13 0101FF04 05300301 01FF3010 0603551D
11040930 07820553 52353230 301F0603 551D2304 18301680 14C3B2A6 3D1E647D
2F25F03B 62766EB5 9B7F084B 6E301D06 03551D0E 04160414 C3B2A63D 1E647D2F
25F03B62 766EB59B 7F084B6E 300D0609 2A864886 F70D0101 04050003 81810045
274AF050 885FC647 5A1679BE 1940DC00 154ACD3A 71F141F5 0D841663 B0D124D3
BBA64C54 37585519 5E53E9BE 59239D9F B9F22955 1E904765 F78EB6A6 E69462A7
19C95EF2 C9F0DDA2 7C271611 B8269F74 E7CA643D 33211F56 0E2075D0 5DD3D2D1
C687A435 C48B43AD 01B0AEF5 BD75A857 A8DAE419 65ED088A E27F4AA7 D0AD96
quit
dot11 syslog
!
dot11 ssid XXXXXXXX
vlan 75
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 xxxxxxxxxxxxx
!
ip source-route
!
!
!
!
ip cef
!
no ipv6 cef
multilink bundle-name authenticated
!
!
username networkadmin privilege 15 secret 5 xxxxxxxxxxxxxxxxxx
!
!
!
archive
log config
hidekeys
!
!
!
class-map type inspect match-any cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-any cls-voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-all cls-port-forwards
match access-group 101
class-map type inspect match-any cls-icmp-access
match protocol icmp
class-map type inspect match-all cls-invalid-src
match access-group 100
class-map type inspect match-all cls-protocol-http
match protocol http
!
!
policy-map type inspect pm-self-out
class type inspect cls-icmp-access
inspect
class class-default
pass
policy-map type inspect pm-out-self
class type inspect cls-icmp-access
inspect
class class-default
drop
policy-map type inspect pm-in-out
class type inspect cls-invalid-src
drop log
class type inspect cls-insp-traffic
inspect
class type inspect cls-protocol-http
inspect
class type inspect cls-voice-permit
pass
class class-default
pass
policy-map type inspect pm-out-in
class type inspect cls-voice-permit
pass
class type inspect cls-port-forwards
pass
class class-default
drop
!
zone security out-zone
zone security in-zone
zone-pair security zp-self-out source self destination out-zone
service-policy type inspect pm-self-out
zone-pair security zp-out-self source out-zone destination self
service-policy type inspect pm-out-self
zone-pair security zp-in-out source in-zone destination out-zone
service-policy type inspect pm-in-out
zone-pair security zp-out-in source out-zone destination in-zone
service-policy type inspect pm-out-in
!
bridge irb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description WAN via ADSL
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
switchport access vlan 75
!
interface FastEthernet1
switchport access vlan 75
!
interface FastEthernet2
switchport access vlan 75
!
interface FastEthernet3
switchport access vlan 75
!
interface Dot11Radio0
no ip address
!
encryption vlan 75 mode ciphers tkip
!
ssid GRLLEN
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Dot11Radio0.75
encapsulation dot1Q 75 native
bridge-group 75
bridge-group 75 subscriber-loop-control
bridge-group 75 spanning-disabled
bridge-group 75 block-unknown-source
no bridge-group 75 source-learning
no bridge-group 75 unicast-flooding
!
interface Vlan1
no ip address
shutdown
!
interface Vlan75
no ip address
bridge-group 75
bridge-group 75 spanning-disabled
!
interface Dialer0
description $FW_OUTSIDE$
mtu 1400
ip address negotiated
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxx password 0 xxxxxxxxxxxxxx
!
interface BVI75
description $FW_INSIDE$
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security in-zone
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.75.2 5060 interface Dialer0 5060
ip nat inside source static udp 192.168.75.2 5060 interface Dialer0 5060
ip nat inside source static tcp 192.168.75.2 1720 interface Dialer0 1720
ip nat inside source static tcp 192.168.0.2 25 interface Dialer0 25
ip nat inside source static tcp 192.168.0.2 443 interface Dialer0 443
ip nat inside source static tcp 192.168.0.2 5722 interface Dialer0 5722
ip nat inside source static udp 192.168.0.2 5722 interface Dialer0 5722
ip nat inside source static tcp 192.168.0.2 3390 interface Dialer0 3390
ip nat inside source static tcp 192.168.0.2 3389 interface Dialer0 13389
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark Port Forward Access
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq 3389
access-list 101 permit tcp any any eq 13389
access-list 101 permit tcp any any eq 3390
access-list 101 permit udp any any eq 5722
!
!
!
!
!
control-plane
!
bridge 75 route ip
banner login ^CSR520 Base Config - MFG 1.0 ^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
SR520#
SR520 Base Config - MFG 1.0
User Access Verification
Username: networkadmin
Password:
SR520#sh run
Building configuration...
Current configuration : 7476 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SR520
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-443078087
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-443078087
revocation-check none
rsakeypair TP-self-signed-443078087
!
!
crypto pki certificate chain TP-self-signed-443078087
certificate self-signed 01
3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34343330 37383038 37301E17 0D303230 33303130 30333333
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3434 33303738
30383730 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
BA1F956A 4D221681 E214FD48 B7F39275 5CB5C921 833D256E 391264C2 63EE42B1
71B5F63F 3E2CF3EF E2614F94 9E7C83EA D1011021 26B9A15E D6BA80A5 5322E48D
2AC28971 066A747E FB0C8AF7 72BCB694 498B9082 114D21D0 7D8F3E7C F2A5A0A5
C7FC4801 76D2D21A 43ED7E25 142B56B9 890161BF 1625CA78 67504397 11429DF5
02030100 01A36530 63300F06 03551D13 0101FF04 05300301 01FF3010 0603551D
11040930 07820553 52353230 301F0603 551D2304 18301680 14C3B2A6 3D1E647D
2F25F03B 62766EB5 9B7F084B 6E301D06 03551D0E 04160414 C3B2A63D 1E647D2F
25F03B62 766EB59B 7F084B6E 300D0609 2A864886 F70D0101 04050003 81810045
274AF050 885FC647 5A1679BE 1940DC00 154ACD3A 71F141F5 0D841663 B0D124D3
BBA64C54 37585519 5E53E9BE 59239D9F B9F22955 1E904765 F78EB6A6 E69462A7
19C95EF2 C9F0DDA2 7C271611 B8269F74 E7CA643D 33211F56 0E2075D0 5DD3D2D1
C687A435 C48B43AD 01B0AEF5 BD75A857 A8DAE419 65ED088A E27F4AA7 D0AD96
quit
dot11 syslog
!
dot11 ssid XXXXXXXX
vlan 75
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 xxxxxxxxxxxxx
!
ip source-route
!
!
!
!
ip cef
!
no ipv6 cef
multilink bundle-name authenticated
!
!
username networkadmin privilege 15 secret 5 xxxxxxxxxxxxxxxxxx
!
!
!
archive
log config
hidekeys
!
!
!
class-map type inspect match-any cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-any cls-voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-all cls-port-forwards
match access-group 101
class-map type inspect match-any cls-icmp-access
match protocol icmp
class-map type inspect match-all cls-invalid-src
match access-group 100
class-map type inspect match-all cls-protocol-http
match protocol http
!
!
policy-map type inspect pm-self-out
class type inspect cls-icmp-access
inspect
class class-default
pass
policy-map type inspect pm-out-self
class type inspect cls-icmp-access
inspect
class class-default
drop
policy-map type inspect pm-in-out
class type inspect cls-invalid-src
drop log
class type inspect cls-insp-traffic
inspect
class type inspect cls-protocol-http
inspect
class type inspect cls-voice-permit
pass
class class-default
pass
policy-map type inspect pm-out-in
class type inspect cls-voice-permit
pass
class type inspect cls-port-forwards
pass
class class-default
drop
!
zone security out-zone
zone security in-zone
zone-pair security zp-self-out source self destination out-zone
service-policy type inspect pm-self-out
zone-pair security zp-out-self source out-zone destination self
service-policy type inspect pm-out-self
zone-pair security zp-in-out source in-zone destination out-zone
service-policy type inspect pm-in-out
zone-pair security zp-out-in source out-zone destination in-zone
service-policy type inspect pm-out-in
!
bridge irb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description WAN via ADSL
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
switchport access vlan 75
!
interface FastEthernet1
switchport access vlan 75
!
interface FastEthernet2
switchport access vlan 75
!
interface FastEthernet3
switchport access vlan 75
!
interface Dot11Radio0
no ip address
!
encryption vlan 75 mode ciphers tkip
!
ssid GRLLEN
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Dot11Radio0.75
encapsulation dot1Q 75 native
bridge-group 75
bridge-group 75 subscriber-loop-control
bridge-group 75 spanning-disabled
bridge-group 75 block-unknown-source
no bridge-group 75 source-learning
no bridge-group 75 unicast-flooding
!
interface Vlan1
no ip address
shutdown
!
interface Vlan75
no ip address
bridge-group 75
bridge-group 75 spanning-disabled
!
interface Dialer0
description $FW_OUTSIDE$
mtu 1400
ip address negotiated
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxx password 0 xxxxxxxxxxxxxx
!
interface BVI75
description $FW_INSIDE$
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security in-zone
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.75.2 5060 interface Dialer0 5060
ip nat inside source static udp 192.168.75.2 5060 interface Dialer0 5060
ip nat inside source static tcp 192.168.75.2 1720 interface Dialer0 1720
ip nat inside source static tcp 192.168.0.2 25 interface Dialer0 25
ip nat inside source static tcp 192.168.0.2 443 interface Dialer0 443
ip nat inside source static tcp 192.168.0.2 5722 interface Dialer0 5722
ip nat inside source static udp 192.168.0.2 5722 interface Dialer0 5722
ip nat inside source static tcp 192.168.0.2 3390 interface Dialer0 3390
ip nat inside source static tcp 192.168.0.2 3389 interface Dialer0 13389
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark Port Forward Access
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq 3389
access-list 101 permit tcp any any eq 13389
access-list 101 permit tcp any any eq 3390
access-list 101 permit udp any any eq 5722
!
!
!
!
!
control-plane
!
bridge 75 route ip
banner login ^CSR520 Base Config - MFG 1.0 ^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
SR520#
:strip_icc():strip_exif()/u/1604/60x60.jpg?f=community)
:strip_icc():strip_exif()/u/305009/crop5e0903781ce49_cropped.jpeg?f=community)
/u/97665/Opera1_t.png?f=community)