cisco 871 games keep dropping or lagging out

tonyyy · Jan 28, 2011

Hi I have a problem with my cisco router and I have no clue what is causing it. I tried using QoS and the problem still occurs. Any time during a game or streaming video I would lose connection for example in wow I will be able frozen can't cast or do anything. If I'm watching a streaming video it would lose connection.

I had a linksys WRT54G and it would work fine. No disconnects or freezing during gameplay.

Also if i'm using pandora it works fine. When I get a DC or frozen game I can still surf the internet. This happens on all my PC's/MAC's/WLAN or LAN

here is my config.

!
darkorb#show run
Building configuration...

Current configuration : 7387 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname darkorb
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5
enable password 7
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
!

dot11 syslog
!
dot11 ssid GuestWLAN
vlan 20
authentication open
authentication key-management wpa
wpa-psk ascii 7
!
dot11 ssid MyWIFI
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7
!
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.2.1 192.168.2.99
!
ip dhcp pool Internal-net
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name darkorb.local
lease 4
!
ip dhcp pool VLAN20
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
domain-name darkorb.local
lease 4
!
!
ip cef
no ip domain lookup
ip domain name darkorb.local
ip inspect name MYFW appfw MYFW
ip inspect name MYFW tcp
ip inspect name MYFW udp
no ipv6 cef
!
appfw policy-name MYFW
application http
strict-http action allow
port-misuse tunneling action allow
port-misuse p2p action reset alarm
audit-trail on
!
multilink bundle-name authenticated
!
!
!
username admin privilege 15 password 7
!
!
!
archive
log config
hidekeys
!
!
!
class-map match-any WebEmail
match protocol http
match protocol secure-http
match protocol ftp
match protocol smtp
match protocol pop3
class-map match-any VoIP
match protocol skype
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
class-map match-any counterstrike
match access-group name counterstrike
!
!
policy-map sdmappfwp2p_MYFW
class sdm_p2p_edonkey
drop
class sdm_p2p_gnutella
drop
class sdm_p2p_kazaa
drop
class sdm_p2p_bittorrent
drop
policy-map MyQoSPolicy
class sdm_p2p_bittorrent
drop
class VoIP
set dscp ef
priority percent 25
class counterstrike
bandwidth remaining percent 40
class WebEmail
bandwidth remaining percent 35
class sdm_p2p_edonkey
drop
class sdm_p2p_gnutella
drop
class sdm_p2p_kazaa
drop
class class-default
fair-queue
!
!
bridge irb
!
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface FastEthernet4
description Your WAN Interface to the Internet running at 1000
bandwidth 1000
ip address dhcp
ip access-group Internet-inbound-ACL in
ip access-group Internet-outbound-ACL out
ip nbar protocol-discovery
ip nat outside
ip inspect MYFW out
ip virtual-reassembly
ip tcp adjust-mss 1460
load-interval 30
duplex auto
speed auto
no cdp enable
service-policy input sdmappfwp2p_MYFW
!
interface Dot11Radio0
no ip address
no dot11 extension aironet
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid WTF321
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.20
description Guest wireless LAN - routed WLAN
encapsulation dot1Q 20
ip address 192.168.2.1 255.255.255.0
ip access-group Guest-ACL in
ip nat inside
ip inspect MYFW out
ip virtual-reassembly
shutdown
service-policy input sdmappfwp2p_MYFW
service-policy output sdmappfwp2p_MYFW
!
interface Vlan1
description Internal Network
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
description Bridge to Internal Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
ip http server
ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended Guest-ACL
deny ip any 192.168.1.0 0.0.0.255
permit ip any any
ip access-list extended Internet-inbound-ACL
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
ip access-list extended Internet-outbound-ACL
permit ip any any
permit ip 192.168.1.0 0.0.0.55 host 192.168.1.50
ip access-list extended counterstrike
permit tcp any any range 27030 27039
permit tcp any any range 27015 27020
permit udp any any range 27000 27015
permit udp any any range 1119 1120
permit tcp any any range 1119 1120
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
!
!
!
!
!
control-plane
!
bridge 1 route ip
!
line con 0
password 7
no modem enable
line aux 0
line vty 0 4
password 7
!
scheduler max-task-time 5000
end

darkorb#

Vito_Corleone · Jan 28, 2011

Your QoS policy is terrible.

bandwidth 1000

Post "sh proc cpu sort" during a time when you're seeing issues. Most likely, you're overloading the 871.

tonyyy · Jan 29, 2011

Hmmm

I have 11Mbps down and 1Mbps up so shouldn't the bandwidth be set to 1000 for 1Mbps?

Here is my proc cpu

CPU utilization for five seconds: 53%/45%; one minute: 66%; five minutes: 67%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
4 14941552 749753 19928 5.91% 1.10% 0.94% 0 Check heaps
49 15001900 5929897 2529 2.07% 1.01% 0.98% 0 COLLECT STAT CO U
85 28 44 636 0.07% 0.02% 0.00% 2 Virtual Exec
1 2156 698 3088 0.00% 0.00% 0.00% 0 Chunk Manager
2 605364 240909 2512 0.00% 0.01% 0.00% 0 Load Meter
3 0 3 0 0.00% 0.00% 0.00% 0 Collection proc e
5 1792 760 2357 0.00% 0.00% 0.00% 0 Pool Manager
6 0 2 0 0.00% 0.00% 0.00% 0 Timers
7 0 1 0 0.00% 0.00% 0.00% 0 Crash writer
8 261420 276963 943 0.00% 0.01% 0.00% 0 ARP Input
9 120008 1248900 96 0.00% 0.00% 0.00% 0 ARP Background
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
10 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle Timer
11 46968 400683 117 0.00% 0.00% 0.00% 0 AAA high-capacit
12 0 1 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
13 0 1 0 0.00% 0.00% 0.00% 0 Policy Manager
14 0 2 0 0.00% 0.00% 0.00% 0 DDR Timers
15 0 2 0 0.00% 0.00% 0.00% 0 Entity MIB API
16 77804 257729 301 0.00% 0.00% 0.00% 0 EEM ED Syslog
17 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun
18 0 1 0 0.00% 0.00% 0.00% 0 RO Notify Timers
19 0 1 0 0.00% 0.00% 0.00% 0 RMI RM Notify Wa
20 0 2 0 0.00% 0.00% 0.00% 0 SMART
21 66344 1202978 55 0.00% 0.00% 0.00% 0 GraphIt
22 0 2 0 0.00% 0.00% 0.00% 0 Dialer event
23 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect
24 0 2 0 0.00% 0.00% 0.00% 0 XML Proxy Client
25 0 1 0 0.00% 0.00% 0.00% 0 Critical Bkgnd
26 252596 332993 758 0.00% 0.00% 0.00% 0 Net Background
27 0 2 0 0.00% 0.00% 0.00% 0 IDB Work
28 91708 275251 333 0.00% 0.00% 0.00% 0 Logger
29 629832 1197537 525 0.00% 0.04% 0.02% 0 TTY Background
30 639688 1203033 531 0.00% 0.00% 0.00% 0 Per-Second Jobs
31 8 9 888 0.00% 0.00% 0.00% 0 IF-MGR control p
32 4 12 333 0.00% 0.00% 0.00% 0 IF-MGR event pro
34 0 1 0 0.00% 0.00% 0.00% 0 Inode Table Dest
35 0 2 0 0.00% 0.00% 0.00% 0 AggMgr Process
36 0 1 0 0.00% 0.00% 0.00% 0 Token Daemon
37 0 2 0 0.00% 0.00% 0.00% 0 Transport Port A
38 87996 359925 244 0.00% 0.00% 0.00% 0 HC Counter Timer
39 991252 18667046 53 0.00% 0.01% 0.00% 0 LED Timers
40 300632 7928608 37 0.00% 0.00% 0.00% 0 WLAN LED Timers
41 0 2 0 0.00% 0.00% 0.00% 0 AUX
42 36 3 12000 0.00% 0.00% 0.00% 0 ESWPPM
43 0 2 0 0.00% 0.00% 0.00% 0 Eswilp Storm Con
44 8 11 727 0.00% 0.00% 0.00% 0 USB Startup
45 80 1016 78 0.00% 0.00% 0.00% 0 Net Input
46 143012 240912 593 0.00% 0.00% 0.00% 0 Compute load avg
47 625704 20362 30729 0.00% 0.01% 0.00% 0 Per-minute Jobs
48 4 4 1000 0.00% 0.00% 0.00% 0 Switch Link Moni
50 0 1 0 0.00% 0.00% 0.00% 0 IGMP Snooping Pr
51 168 1025 163 0.00% 0.00% 0.00% 0 IGMP Snooping Re
52 2090340 30517433 68 0.00% 0.17% 0.52% 0 Dot11 driver
53 0 2 0 0.00% 0.00% 0.00% 0 Dot11 driver log
54 45600 1203028 37 0.00% 0.00% 0.00% 0 Crypto Device Up
55 0 1 0 0.00% 0.00% 0.00% 0 Multi-ISA Event
56 0 1 0 0.00% 0.00% 0.00% 0 Multi-ISA Cleanu
57 296 27 10962 0.00% 0.00% 0.00% 0 crypto engine pr
58 0 2 0 0.00% 0.00% 0.00% 0 SEC BATCH
59 39292 1197542 32 0.00% 0.00% 0.00% 0 PI MATM Aging Pr
60 0 2 0 0.00% 0.00% 0.00% 0 DTP Protocol
61 704 5207 135 0.00% 0.00% 0.00% 0 Dot1x Mgr Proces
62 0 1 0 0.00% 0.00% 0.00% 0 MAB Framework
63 0 1 0 0.00% 0.00% 0.00% 0 EAP Framework
64 49492 1197592 41 0.00% 0.00% 0.00% 0 linktest
65 10188 5618 1813 0.00% 0.00% 0.00% 0 Dot11 Mgmt & Ass
66 89580 1199206 74 0.00% 0.00% 0.00% 0 AiroIAPP Protoco
67 0 2 0 0.00% 0.00% 0.00% 0 Triggered events
68 7860 5520 1423 0.00% 0.00% 0.00% 0 Dot11 aaa proces
69 2484 20075 123 0.00% 0.00% 0.00% 0 pmkid
70 0 2 0 0.00% 0.00% 0.00% 0 Dot11 auth Dot1x
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
71 0 1 0 0.00% 0.00% 0.00% 0 Dot11 Mac Auth
72 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R
73 16 15 1066 0.00% 0.01% 0.00% 0 AAA Server
74 0 1 0 0.00% 0.00% 0.00% 0 AAA ACCT Proc
75 4 1 4000 0.00% 0.00% 0.00% 0 ACCT Periodic Pr
76 63544 133344 476 0.00% 0.00% 0.00% 0 CDP Protocol
77 0 2 0 0.00% 0.00% 0.00% 0 CEF switching ba
78 0 3 0 0.00% 0.00% 0.00% 0 ADJ resolve proc
79 76 216 351 0.00% 0.00% 0.00% 0 IP ARP Adjacency
80 0 1 0 0.00% 0.00% 0.00% 0 IP ARP Retry Age
81 2344108 740709 3164 0.00% 0.16% 0.14% 0 IP Input
82 0 1 0 0.00% 0.00% 0.00% 0 ICMP event handl
83 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Echo event
84 0 3 0 0.00% 0.00% 0.00% 0 PPP Hooks
86 0 1 0 0.00% 0.00% 0.00% 0 SSS Manager
87 0 1 0 0.00% 0.00% 0.00% 0 SSS Feature Mana
88 0 1 0 0.00% 0.00% 0.00% 0 SSS Feature Time
89 285064 1200378 237 0.00% 0.00% 0.00% 0 Spanning Tree
90 4 12 333 0.00% 0.00% 0.00% 0 SSM connection m
91 0 1 0 0.00% 0.00% 0.00% 0 AC Switch
92 148 4016 36 0.00% 0.00% 0.00% 0 Authentication P
93 0 1 0 0.00% 0.00% 0.00% 0 Auth-proxy AAA B
94 28 4 7000 0.00% 0.00% 0.00% 0 EAPoUDP Process
95 0 2 0 0.00% 0.00% 0.00% 0 IP Host Track Pr
96 58488 40111 1458 0.00% 0.00% 0.00% 0 IP Background
97 12852 20078 640 0.00% 0.00% 0.00% 0 IP RIB Update
98 0 1 0 0.00% 0.00% 0.00% 0 L2X Data Daemon
99 4 2 2000 0.00% 0.00% 0.00% 0 PPP IP Route
100 0 2 0 0.00% 0.00% 0.00% 0 PPP IPCP
101 0 2 0 0.00% 0.00% 0.00% 0 Dot1x Supplicant
102 0 2 0 0.00% 0.00% 0.00% 0 Dot1x Supplicant
103 0 2 0 0.00% 0.00% 0.00% 0 Dot1x Supplicant
104 4 4 1000 0.00% 0.00% 0.00% 0 L2MM
105 0 1 0 0.00% 0.00% 0.00% 0 MRD
106 564 2004 281 0.00% 0.00% 0.00% 0 IGMPSN
107 0 1 0 0.00% 0.00% 0.00% 0 tHUB
108 0 2 0 0.00% 0.00% 0.00% 0 DDP
109 24 264 90 0.00% 0.00% 0.00% 0 TCP Timer
110 4 8 500 0.00% 0.00% 0.00% 0 TCP Protocols
111 0 1 0 0.00% 0.00% 0.00% 0 Socket Timers
112 688 4188 164 0.00% 0.00% 0.00% 0 HTTP CORE
113 5180 34978 148 0.00% 0.00% 0.00% 0 CEF background p
114 0 1 0 0.00% 0.00% 0.00% 0 SNMP Timers
115 0 1 0 0.00% 0.00% 0.00% 0 COPS
116 0 2 0 0.00% 0.00% 0.00% 0 Dialer Forwarder
117 292288 1849748 158 0.00% 0.00% 0.00% 0 CEF: IPv4 proces
118 0 1 0 0.00% 0.00% 0.00% 0 ADJ background
119 0 3 0 0.00% 0.00% 0.00% 0 Flow Exporter Ti
120 0 1 0 0.00% 0.00% 0.00% 0 IP Traceroute
121 0 1 0 0.00% 0.00% 0.00% 0 RARP Input
122 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Inspect Tim
123 0 2 0 0.00% 0.00% 0.00% 0 PPP Bind
124 0 2 0 0.00% 0.00% 0.00% 0 PPP SSS
125 0 1 0 0.00% 0.00% 0.00% 0 MQC Flow Event B
126 861452 41788829 20 0.00% 0.02% 0.00% 0 HQF Shaper Backg
127 393292 11822886 33 0.00% 0.00% 0.00% 0 RBSCP Background
128 4 3 1333 0.00% 0.00% 0.00% 0 SCTP Main Proces
129 0 1 0 0.00% 0.00% 0.00% 0 VPDN call manage
130 0 1 0 0.00% 0.00% 0.00% 0 IPS Process
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
131 0 2 0 0.00% 0.00% 0.00% 0 IPS Auto Update
132 0 2 0 0.00% 0.00% 0.00% 0 SDEE Management
133 510032 2333978 218 0.00% 0.03% 0.00% 0 Inspect process
134 2160 10038 215 0.00% 0.00% 0.00% 0 DHCPD Timer
135 89140 2331540 38 0.00% 0.00% 0.00% 0 FW DP Inspect pr
136 88524 2331536 37 0.00% 0.00% 0.00% 0 CCE DP URLF cach
137 0 2 0 0.00% 0.00% 0.00% 0 URL filter proc
138 0 1 0 0.00% 0.00% 0.00% 0 Select Timers
139 28 2 14000 0.00% 0.00% 0.00% 0 HTTP Process
140 4 2 2000 0.00% 0.00% 0.00% 0 CIFS API Process
141 0 2 0 0.00% 0.00% 0.00% 0 CIFS Proxy Proce
142 0 1 0 0.00% 0.00% 0.00% 0 Crypto HW Proc
144 0 2 0 0.00% 0.00% 0.00% 0 AAA Cached Serve
145 0 2 0 0.00% 0.00% 0.00% 0 ENABLE AAA
146 0 1 0 0.00% 0.00% 0.00% 0 EM Background Pr
147 0 1 0 0.00% 0.00% 0.00% 0 Key chain liveke
148 0 2 0 0.00% 0.00% 0.00% 0 LINE AAA
149 4 15 266 0.00% 0.00% 0.00% 0 LOCAL AAA
150 0 2 0 0.00% 0.00% 0.00% 0 TPLUS
151 0 1 0 0.00% 0.00% 0.00% 0 FW_TEST_TRP
152 0 1 0 0.00% 0.00% 0.00% 0 EPM MAIN PROCESS
153 0 3 0 0.00% 0.00% 0.00% 0 Crypto WUI
154 0 2 0 0.00% 0.00% 0.00% 0 Crypto Support
155 0 1 0 0.00% 0.00% 0.00% 0 IPSECv6 PS Proc
156 0 4 0 0.00% 0.00% 0.00% 0 Crypto CA
157 0 1 0 0.00% 0.00% 0.00% 0 Crypto PKI-CRL
158 0 1 0 0.00% 0.00% 0.00% 0 Key Proc
159 0 1 0 0.00% 0.00% 0.00% 0 encrypt proc
160 640952 44004 14565 0.00% 0.00% 0.00% 0 crypto sw pk pro
161 0 1 0 0.00% 0.00% 0.00% 0 Crypto INT
162 0 3 0 0.00% 0.00% 0.00% 0 Crypto IKE Dispa
163 0 3 0 0.00% 0.00% 0.00% 0 Crypto IKMP
164 0 1 0 0.00% 0.00% 0.00% 0 IPSEC manual key
165 4720 60211 78 0.00% 0.00% 0.00% 0 IPSEC key engine
166 0 1 0 0.00% 0.00% 0.00% 0 CRYPTO QoS proce
167 8 9 888 0.00% 0.00% 0.00% 0 Crypto ACL
168 0 1 0 0.00% 0.00% 0.00% 0 Crypto PAS Proc
169 0 1 0 0.00% 0.00% 0.00% 0 GDOI GM Process
170 0 1 0 0.00% 0.00% 0.00% 0 UNICAST REKEY
171 0 1 0 0.00% 0.00% 0.00% 0 UNICAST REKEY AC
172 47544 561927 84 0.00% 0.00% 0.00% 0 PM Callback
173 0 2 0 0.00% 0.00% 0.00% 0 Control-plane ho
174 2224 3608 616 0.00% 0.00% 0.00% 0 AAA SEND STOP EV
175 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Resource
176 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Routing
177 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Track
178 4712 120377 39 0.00% 0.00% 0.00% 0 RMON Recycle Pro
179 0 2 0 0.00% 0.00% 0.00% 0 RMON Deferred Se
180 0 1 0 0.00% 0.00% 0.00% 0 Syslog Traps
181 13188 37635 350 0.00% 0.00% 0.00% 0 Crypto cTCP proc
182 12 2 6000 0.00% 0.00% 0.00% 0 VLAN Manager
183 620 20074 30 0.00% 0.00% 0.00% 0 DHCPD Database
184 8 66 121 0.00% 0.00% 0.00% 0 EEM Server
185 0 2 0 0.00% 0.00% 0.00% 0 EEM Policy Direc
186 0 3 0 0.00% 0.00% 0.00% 0 EEM ED CLI
187 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Counter
188 0 3 0 0.00% 0.00% 0.00% 0 EM ED GOLD
189 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Interface
190 0 3 0 0.00% 0.00% 0.00% 0 EEM ED IOSWD
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
191 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Ipsla
192 0 3 0 0.00% 0.00% 0.00% 0 EEM ED None
193 4 2 2000 0.00% 0.00% 0.00% 0 EEM ED Nf
194 4 3 1333 0.00% 0.00% 0.00% 0 EEM ED OIR
195 0 1 0 0.00% 0.00% 0.00% 0 VPDN Test
196 0 3 0 0.00% 0.00% 0.00% 0 EEM ED SNMP
197 0 2 0 0.00% 0.00% 0.00% 0 EEM ED SNMP Noti
198 4216 30336 138 0.00% 0.00% 0.00% 0 EEM ED Timer
199 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Test
200 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Config
201 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Env
202 120664 166425 725 0.00% 0.02% 0.00% 0 Syslog
203 0 2 0 0.00% 0.00% 0.00% 0 EEM ED RPC
206 332 671 494 0.00% 0.00% 0.00% 0 SSH Event handle
207 5504 6111 900 0.00% 0.00% 0.00% 0 DHCPD Receive
208 63904 1197575 53 0.00% 0.00% 0.00% 0 DHCP Client
210 213372 2332216 91 0.00% 0.00% 0.00% 0 IP NAT Ager
211 0 1 0 0.00% 0.00% 0.00% 0 IP NAT WLAN
212 0 1 0 0.00% 0.00% 0.00% 0 IP VFR proc
213 396136 958576 413 0.00% 0.01% 0.00% 0 HyBridge Input P
214 140632 1317670 106 0.00% 0.00% 0.00% 0 Tbridge Monitor
215 0 1 0 0.00% 0.00% 0.00% 0 ATM Tbridge

mattjw916 · Jan 29, 2011

You are overwhelming your router.

#sh proc cpu hist will display a graph of your usage over time. I'm willing to bet it's high consistently. Shut off QoS and NBAR, disable the strict HTTP inspect as it is fussy, and performance should improve. Your internet facing interface ACLs are wonky too and that interface is not secured properly. "ip tcp adjust-mss 1460" will cause fragmentation if your inside hosts don't have their MTU reduced from the default of 1500 as well consuming more CPU...

You can gradually reenable features until you achieve the desired result but those tiny routers really don't have the CPU to run all those features at load.

Arch · Jan 29, 2011

There's a number of problems with your configuration. I've had an 871 here at the house for several years now. These are the changes I would recommend based on the config you pasted above:

interface FastEthernet4
no ip access-group Internet-outbound-ACL out
no ip nbar protocol-discovery
no ip inspect MYFW out
no ip tcp adjust-mss 1460
no service-policy input sdmappfwp2p_MYFW
!
no ip access-list extended Internet-outbound-ACL
!
no ip inspect name MYFW appfw MYFW
no ip inspect name MYFW tcp
no ip inspect name MYFW udp
!
no appfw policy-name MYFW
!
no ip route 0.0.0.0 0.0.0.0 dhcp
!
ip inspect name firewall tcp router-traffic
ip inspect name firewall udp router-traffic
ip inspect name firewall icmp router-traffic
!
interface FastEthernet4
ip inspect firewall out
!

This will do the following:

1. It will remove the outbound ACL from interface FastEthernet4. This ACL wasn't actually doing anything (it had permit ip any any). That is just wasted processing.

2. It removes nbar protocol discovery. This is CPU intensive.

3. It removes the firewall configuration. You have the application firewall. This is good in theory, but on an 871 it doesn't have the CPU power to handle that.

4. It removes the input QoS. This is just blocking a few things for old-ass p2p programs. Any modern p2p program will be using encryption so this policy doesn't do you much good. Its CPU intensive also.

5. It removes the default route from pointing at DHCP. IOS will set the default route learned from DHCP automatically, you need not do it yourself also.

6. It configures a new firewall that allows tcp/udp/icmp flows out of the router and attached it to the interface

I recommend copying / pasting what I've posted above into "config t" mode on your 871 and then seeing how things fair. It should be significantly improved.

tonyyy · Jan 29, 2011

Thank you for the help. I really appreciate it and let you know in a few days if I see any improvements!

Thanks again!

cisco 871 games keep dropping or lagging out

tonyyy

Limp Gawd

Vito_Corleone

[H]ard|Gawd

tonyyy

Limp Gawd

mattjw916

[H]ard|Gawd

Arch

Gawd

tonyyy

Limp Gawd