CiscoForums.it

Inviato: **gio 15 lug , 2010 9:17 pm**

Salve a tutti,

ho un problema che non riesco a risolvere,
quando scarico file di grosse dimensione (> circa 1Mb) succede che il file parte, poi si blocca lo scaricamento.
Questo non avviene su tutti i siti, ma penso sia dovuto al fatto che alcuni siti sono lenti e quindi essendo lento il download non si blocca.

Stesso problema su Youtube, il video parte per qualche secondo, poi si blocca.

Anche i test adsl si bloccano subito dopo la partenza.

Mentre la navigazione, Skype, voip, funziona perfettamente.

L'adsl è una NGI, all'inizio credevo fosse un problema di linea, ma cambiando router e mettendone una banale, il problema sparisce.

Ecco la mia configurazione (è stata fatta per mia comodità con SDM, lo so' andrebbe fatta a mano...):

Codice: Seleziona tutto

Current configuration : 11795 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname F5ADSL-Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable password 7 *****************
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.59
ip dhcp excluded-address 192.168.0.71 192.168.0.254
!
ip dhcp pool LOCAL
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 88.149.128.12 88.149.128.22
!
!
no ip bootp server
ip domain name ngi.it
ip name-server 88.149.128.22
ip name-server 88.149.128.12
ip inspect log drop-pkt
ip inspect name SDM_HIGH appfw SDM_HIGH
ip inspect name SDM_HIGH icmp
ip inspect name SDM_HIGH dns
ip inspect name SDM_HIGH esmtp
ip inspect name SDM_HIGH https
ip inspect name SDM_HIGH imap reset
ip inspect name SDM_HIGH tcp
ip inspect name SDM_HIGH udp
ip ddns update method sdm_ddns1
 HTTP
  add http://****:*****@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
  remove http://*****:*****@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
 interval maximum 28 0 0 0
!
!
appfw policy-name SDM_HIGH
  application im aol
    service default action reset alarm
    service text-chat action reset alarm
    server deny name login.oscar.aol.com
    server deny name toc.oscar.aol.com
    server deny name oam-d09a.blue.aol.com
    audit-trail on
  application http
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action reset alarm
  application im yahoo
    service default action reset alarm
    service text-chat action reset alarm
    server deny name scs.msg.yahoo.com
    server deny name scsa.msg.yahoo.com
    server deny name scsb.msg.yahoo.com
    server deny name scsc.msg.yahoo.com
    server deny name scsd.msg.yahoo.com
    server deny name cs16.msg.dcn.yahoo.com
    server deny name cs19.msg.dcn.yahoo.com
    server deny name cs42.msg.dcn.yahoo.com
    server deny name cs53.msg.dcn.yahoo.com
    server deny name cs54.msg.dcn.yahoo.com
    server deny name ads1.vip.scd.yahoo.com
    server deny name radio1.launch.vip.dal.yahoo.com
    server deny name in1.msg.vip.re2.yahoo.com
    server deny name data1.my.vip.sc5.yahoo.com
    server deny name address1.pim.vip.mud.yahoo.com
    server deny name edit.messenger.yahoo.com
    server deny name messenger.yahoo.com
    server deny name http.pager.yahoo.com
    server deny name privacy.yahoo.com
    server deny name csa.yahoo.com
    server deny name csb.yahoo.com
    server deny name csc.yahoo.com
    audit-trail on
!
!
crypto pki trustpoint DynDNS
 enrollment terminal pem
 revocation-check none
!
!
crypto pki certificate chain DynDNS
 certificate ca 01
******
******
  quit
username **** privilege 0 secret 5 *****
!
!
class-map match-any SDMVoice-Dialer0
 match protocol rtp audio
class-map match-any SDMTrans-Dialer0
 match protocol citrix
 match protocol finger
 match protocol notes
 match protocol novadigm
 match protocol pcanywhere
 match protocol secure-telnet
 match protocol sqlnet
 match protocol sqlserver
 match protocol ssh
 match protocol telnet
 match protocol xwindows
class-map match-any SDMScave-Dialer0
 match protocol napster
 match protocol fasttrack
 match protocol gnutella
class-map match-any sdm_p2p_kazaa
 match protocol fasttrack
 match protocol kazaa2
class-map match-any sdm_p2p_edonkey
 match protocol edonkey
class-map match-any SDMBulk-Dialer0
 match protocol exchange
 match protocol ftp
 match protocol irc
 match protocol nntp
 match protocol pop3
 match protocol printer
 match protocol secure-ftp
 match protocol secure-irc
 match protocol secure-nntp
 match protocol secure-pop3
 match protocol smtp
 match protocol tftp
class-map match-any sdm_p2p_gnutella
 match protocol gnutella
class-map match-any SDMRout-Dialer0
 match protocol bgp
 match protocol eigrp
 match protocol ospf
 match protocol rip
 match protocol rsvp
class-map match-any SDMSignal-Dialer0
 match protocol h323
 match protocol rtcp
class-map match-any SDMManage-Dialer0
 match protocol dhcp
 match protocol dns
 match protocol imap
 match protocol kerberos
 match protocol ldap
 match protocol secure-imap
 match protocol secure-ldap
 match protocol snmp
 match protocol socks
 match protocol syslog
class-map match-any sdm_p2p_bittorrent
 match protocol bittorrent
class-map match-any SDMIVideo-Dialer0
 match protocol rtp video
class-map match-any SDMSVideo-Dialer0
 match protocol cuseeme
 match protocol netshow
 match protocol rtsp
 match protocol streamwork
 match protocol vdolive
!
!
policy-map SDM-Pol-Dialer0
 class SDMSignal-Dialer0
  bandwidth remaining percent 40
  set dscp cs3
   compress header ip tcp
 class sdm_p2p_edonkey
   drop
 class SDMRout-Dialer0
  bandwidth remaining percent 3
  set dscp cs6
 class SDMManage-Dialer0
  bandwidth remaining percent 3
  set dscp cs2
 class SDMVoice-Dialer0
  priority percent 70
  set dscp ef
   compress header ip
 class sdm_p2p_kazaa
   drop
 class sdm_p2p_bittorrent
   drop
 class sdm_p2p_gnutella
   drop
 class SDMTrans-Dialer0
  bandwidth remaining percent 33
  set dscp af21
policy-map sdmappfwp2p_SDM_HIGH
 class sdm_p2p_gnutella
   drop
 class sdm_p2p_bittorrent
   drop
 class sdm_p2p_edonkey
   drop
 class sdm_p2p_kazaa
   drop
!
!
!
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 no snmp trap link-status
 pvc 8/35
  encapsulation aal5snap
  protocol ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $FW_INSIDE$
 ip address 192.168.0.1 255.255.255.0
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1412
!
interface Dialer0
 description $FW_OUTSIDE$
 ip ddns update hostname ****.dyndns.org
 ip ddns update sdm_ddns1
 ip address negotiated
 ip access-group 101 in
 ip mtu 1452
 ip nbar protocol-discovery
 ip nat outside
 ip inspect SDM_HIGH out
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp pap sent-username **** password 7 *****
 service-policy input sdmappfwp2p_SDM_HIGH
 service-policy output SDM-Pol-Dialer0
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip dns server
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 192.168.0.17 9000 interface Dialer0 9000
ip nat inside source static tcp 192.168.0.17 9000 interface Dialer0 9000
ip nat inside source static tcp 192.168.0.17 8081 interface Dialer0 8081
ip nat inside source static udp 192.168.0.49 10001 interface Dialer0 10001
ip nat inside source static udp 192.168.0.49 20000 interface Dialer0 20000
ip nat inside source static udp 192.168.0.49 10000 interface Dialer0 10000
ip nat inside source static udp 192.168.0.49 5060 interface Dialer0 5060
ip nat inside source static tcp 192.168.0.252 21 interface Dialer0 21
ip nat inside source static udp 192.168.0.49 5062 interface Dialer0 5062
ip nat inside source static udp 192.168.0.49 5004 interface Dialer0 5004
ip nat inside source static tcp 192.168.0.49 5060 interface Dialer0 5060
ip nat inside source static tcp 192.168.0.252 8080 interface Dialer0 8080
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 remark Ddns
access-list 100 permit tcp host 204.13.248.112 any
access-list 100 remark Ddns
access-list 100 permit tcp host 88.149.128.12 any
access-list 100 remark Auto generated by SDM for NTP (123) 193.204.114.105
access-list 100 permit udp host 193.204.114.105 eq ntp host 192.168.0.1 eq ntp
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp any any eq 8080
access-list 101 remark ddns
access-list 101 permit tcp host 204.13.248.112 any
access-list 101 remark ddns
access-list 101 permit tcp host 88.149.128.12 any
access-list 101 permit tcp any any eq 5060
access-list 101 permit udp any any eq 5004
access-list 101 permit udp any any eq 5062
access-list 101 permit tcp any any eq ftp
access-list 101 permit udp any any eq 5060
access-list 101 permit udp any any eq 10000
access-list 101 permit udp any any eq 20000
access-list 101 permit udp any any eq 10001
access-list 101 permit tcp any any eq 8081
access-list 101 permit tcp any any eq 9000
access-list 101 permit udp any any eq 9000
access-list 101 permit udp host 88.149.128.22 eq domain any
access-list 101 permit udp host 88.149.128.12 eq domain any
access-list 101 remark Auto generated by SDM for NTP (123) 193.204.114.105
access-list 101 permit udp host 193.204.114.105 eq ntp any eq ntp
access-list 101 deny   ip 192.168.0.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
ntp server 193.204.114.105 source ATM0.1 prefer
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

Ringrazio anticipatamente

Inviato: **mar 20 lug , 2010 3:37 pm**

Forse è un problema di QoS o MTU?

Inviato: **sab 02 ott , 2010 11:00 am**

Ho avuto lo stesso problema un po' di tempo fa...
Avevo risolto togliendo la qos e ripristinando la coda hardware...
Spero di esserti stato d'aiuto!

Inviato: **sab 02 ott , 2010 2:53 pm**

Si, ti ringrazio,
avevo risolto anch'io togliendo il QoS.
(Mi sono poi dimenticato di scriverlo qui nel forum).

Inviato: **sab 04 dic , 2010 1:52 pm**

Ciao, scusate se riprendo questo topic datato.
Io ho esattamente lo stesso problema ed ho anche io NGI.

Tutto funziona regolarmente solo che alcuni download, e sottolineo alcuni, si bloccano; anche il test di velocità verso NGI si blocca.

Però non ho impostato alcun QoS. La configurazione del router è sotto.
Il router è un 1751 con modem Alcatel, piuttosto datato.

EDIT:
Ho risolto il problema eliminando la linea

Codice: Seleziona tutto

ip inspect name LAN http

Evidentemente al crescere della velocità (sono passato dai 300kbps dell'attivazione ai 7Mbps attuali) il processore del router, che è piuttosto vecchiotto, non riusciva più ad analizzare il traffico in tempo utile.

Inviato: **sab 02 apr , 2011 1:10 pm**

Salve ragazzi,

ho anche io lo stesso problema con il mio cisco 877w, ho un'alice adsl 7 mega e quando inizio a scaricare o vedere un video dopo un pò di tempo si ferma il download, vi allego la configurazione che ho creato con cisco cp sperando in un vostro aiuto.

Mario Fiorentino

Building configuration...

Current configuration : 8022 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 $1$AhMq$tELdb9E8rDEgNVjWp.t2K1
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-362349542
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-362349542
revocation-check none
rsakeypair TP-self-signed-362349542
!
!
crypto pki certificate chain TP-self-signed-362349542
certificate self-signed 01
3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363233 34393534 32301E17 0D303230 33303131 35303034
395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3336 32333439
35343230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
BA6AB4D8 E54556EC 0EA9DC97 9E24D52F 5DF70F8D 2C2FD552 F73F5DE2 B7457504
9140BFCD DD23C050 99D44A8F 6AFDD8BD 41283C84 54DD0DA1 0AB269DD E22186BF
E15E4DD7 B3F71272 6C8A1D0E D05AAA94 EB45779F 04311A96 B9A7DC63 7EAF42D7
F16AF9A4 9A8A77F5 182C56AA F1B865AD EC94EA2C 7B91944F 9B3B757E 148242BD
02030100 01A36630 64300F06 03551D13 0101FF04 05300301 01FF3011 0603551D
11040A30 08820672 6F757465 72301F06 03551D23 04183016 80144427 B4C1B3DE
C1060C60 28757423 8AA4E8B0 F1C4301D 0603551D 0E041604 144427B4 C1B3DEC1
060C6028 7574238A A4E8B0F1 C4300D06 092A8648 86F70D01 01040500 03818100
7146C924 5373E72F 5529B921 5CCF6117 79EA9CAC 813FA003 2BBB559E 0AD37BA6
8984F405 3A29FC35 CA231B0D 780198D7 BD5D42AE 956AAC10 27242164 4373C2F4
74FBD462 0847D727 B8F78E69 6F41395E 72FCEA60 F6C74874 A66023C7 43C34370
CF01E67C C68DC7C3 D0FFF01E 4EC1DDA0 65B82CE1 9092E611 9BAE3627 6265EC05
quit
dot11 syslog
!
dot11 ssid batman
vlan 1
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 7 000912140D541B575D2A5B
!
no ip source-route
!
ip dhcp pool ccp-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 212.216.112.112 212.216.172.62
default-router 192.168.0.1
!
!
ip cef
no ip bootp server
ip name-server 212.216.112.112
ip name-server 212.216.172.62
!
!
!
!
username admin privilege 15 secret 5 $1$aClm$tFuQRVuORFwEsmNCQW1m7.
!
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-protocol-http
match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
drop
policy-map type inspect ccp-permit
class class-default
drop
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
!
bridge irb
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no dot11 extension aironet
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
broadcast-key vlan 1 change 30
!
!
ssid batman
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root access-point
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username ivsfiore password 7 105A0C1500141D0503
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1412
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip permit
no cdp run

!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

[/size]

Inviato: **lun 04 apr , 2011 7:44 am**

Ma io mi chiedo perchè in una adsl di casa vi complicate inutilmente la vita con il qos ????
Chi ve lo fà fare ??? Non è che la linea va meglio eh se c'è il qos o i vari match protocol !
Usate le cose di cui avete bisogno e soprattutto quelle che sapete gestire !

Partite sempre da una configurazione base (sul sito NGI c'è una configurazione di'esempio per un cisco), provatela così ed eventualmente, visto che siamo tutti "esperienziali" provate ad aggiungere un pezzo alla volta e vedete come si comporta, magari prima leggendo che "pezzo" volete aggiungere !
Solo perchè usare l'asdm è facile non vuole dire che vada usato per forza !! Documentatevi prima se volete provare nuove features anche se asdm vi fà fare tutto quello che volete.

Alla fine, afaik, togliete tutto in superfluo e lasciate solo la configurazione della atm0.1, poi provate la situazione per una settimana e da lì crescete aggiungendo un pezzo alla volta dopo aver almeno capito cosa potrebbe fare !!!

Rizio

CiscoForums.it

Cisco 877 strano problema su download file grossi

Cisco 877 strano problema su download file grossi

Re: Cisco 877 strano problema su download file grossi

Re: Cisco 877 strano problema su download file grossi