CiscoForums.it

Ciao raga, sono nuovo qui, complimenti al forum ed un saluto a tutti!!!
1 mese fa ho acquistato un router Cisco 857W ed avendo avuto in passato sempre dei routerini da ipermercato in questo periodo sto cercando di cimentarmi su questo prodotto veramente eccezionale
Però un piccolo dubbio o meglio un problema che non sto risolvendo, non capisco per quale motivo ho 10ms di ping in +, il mio provider è Alice Telecom 7Mb. Per es:
pingando il 192.168.100.1 ho mediamente 38ms invece provando col vecchio router ho 28ms ho cercanto anche di modificare il Mtu nel Cisco editando in ssh ma quanto pare non risponde come dovrebbe sembrerebbe un bug perchè aggiungendo un Mtu di 1000 il mio pc continua a navigare.
Vi pasto la configurazione ringraziandovi anticipatamente. Ps.Un pò incasinata putroppo per diagnosticare il caso :\


Current configuration : 9441 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
!
resource policy
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.1 10.10.10.5
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool lan
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 212.216.112.112 212.216.172.62
lease 0 12
!
!
ip cef
ip inspect log drop-pkt
ip inspect tcp synwait-time 20
ip inspect tcp max-incomplete host 50 block-time 10
ip inspect name SDM_HIGH appfw SDM_HIGH
ip inspect name SDM_HIGH esmtp
ip inspect name SDM_HIGH https
ip inspect name SDM_HIGH imap reset
ip inspect name SDM_HIGH pop3 reset
ip inspect name SDM_HIGH tcp router-traffic timeout 3600
ip inspect name SDM_HIGH udp timeout 25
ip inspect name SDM_HIGH icmp router-traffic timeout 3600
ip inspect name SDM_HIGH dns timeout 3600
ip domain name Router.com
ip name-server 212.216.112.112
ip name-server 212.216.172.62
!
appfw policy-name SDM_HIGH
application im aol
service default action reset alarm
service text-chat action reset alarm
service default action reset alarm
service text-chat action reset alarm
server deny name login.oscar.aol.com
server deny name toc.oscar.aol.com
server deny name oam-d09a.blue.aol.com
application http
port-misuse im action reset alarm
port-misuse p2p action reset alarm
application im yahoo
service default action reset alarm
service text-chat action reset alarm
server deny name scs.msg.yahoo.com
server deny name scsa.msg.yahoo.com
server deny name scsb.msg.yahoo.com
server deny name scsc.msg.yahoo.com
server deny name scsd.msg.yahoo.com
server deny name cs16.msg.dcn.yahoo.com
server deny name cs19.msg.dcn.yahoo.com
server deny name cs42.msg.dcn.yahoo.com
server deny name cs53.msg.dcn.yahoo.com
server deny name cs54.msg.dcn.yahoo.com
server deny name ads1.vip.scd.yahoo.com
server deny name radio1.launch.vip.dal.yahoo.com
server deny name in1.msg.vip.re2.yahoo.com
server deny name data1.my.vip.sc5.yahoo.com
server deny name address1.pim.vip.mud.yahoo.com
server deny name edit.messenger.yahoo.com
server deny name messenger.yahoo.com
server deny name http.pager.yahoo.com
server deny name privacy.yahoo.com
server deny name csa.yahoo.com
server deny name csb.yahoo.com
server deny name csc.yahoo.com
!
!
crypto pki trustpoint tti
revocation-check crl
rsakeypair tti
!
crypto pki trustpoint TP-self-signed-3148253242
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3148253242
revocation-check none
rsakeypair TP-self-signed-3148253242
!
!
crypto pki certificate chain tti
crypto pki certificate chain TP-self-signed-3148253242
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33313438 32353332 3432301E 170D3038 30313239 30323335
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31343832
35333234 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BC83 1EE96F3D 0C8BBA05 ACA7B651 803BDD59 C289F8E6 54B1B5B5 1B6B2B03
1C2E2DBE 9FFAC7FB A42514DE 5C1360E8 2D15A551 EBF3F13D CAA5C7A9 A0F60B4F
0F37685A 694CEE89 BAA0AAF6 B1A9E856 857665CD 9CB9D5AD B9CD6CE9 F8BC5C46
FFB041F4 DB294A51 42D8F726 D689EDB1 9331507F 4F497E2C 88FEB737 5D953A07
78E90203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
551D1104 15301382 11526F75 7465722E 526F7574 65722E63 6F6D301F 0603551D
23041830 168014C5 12AB1C90 3676CA01 478B9A34 2CE2AB01 2BB6CD30 1D060355
1D0E0416 0414C512 AB1C9036 76CA0147 8B9A342C E2AB012B B6CD300D 06092A86
4886F70D 01010405 00038181 00A0AA17 459B7C0A F1AB30C2 36449A94 9B0F8E2B
A7D69419 0B6B2B51 BA2B5661 B0BD05E8 EB165454 8443EE43 C76F901B C6B9CEB6
EED6451B 167ED782 5D87F788 EB0D0119 07D1739B 5C465A4C D508D0AC 3A05946C
4D7D4026 95E189A7 0A5EDDF5 C150AEC6 6D6B10AE 0C8328B4 0BA2A85A 14B435E8
2F40CA09 6EBDC119 4C8FDFF0 D9
quit
username xxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxx.
!
!
!
!
!
interface ATM0
mtu 1492
no ip address
no ip redirects
no ip unreachables
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.3 point-to-point
description $ES_WAN$
no ip redirects
no ip unreachables
ip accounting output-packets
ip accounting access-violations
no snmp trap link-status
pvc 8/35
oam-pvc manage
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.248
ip access-group 100 in
no ip redirects
no ip unreachables
ip nat inside
ip virtual-reassembly
!
interface Dialer2
description $FW_OUTSIDE$
ip address negotiated
ip access-group 102 in
no ip redirects
no ip unreachables
ip mtu 1492
ip inspect SDM_HIGH out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname aliceadsl
ppp chap password 0 aliceadsl
ppp pap sent-username aliceadsl password 0 aliceadsl
!
interface Dialer0
no ip address
no cdp enable
!
interface Dialer0.2
no cdp enable
!
ip route 0.0.0.0 0.0.0.0 Dialer2
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat translation tcp-timeout 120
ip nat translation udp-timeout 120
ip nat inside source list 1 interface Dialer2 overload
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.2
access-list 2 remark SDM_ACL Category=2
access-list 2 remark SDM_ACL Category=2
access-list 2 remark SDM_ACL Category=2
access-list 2 remark SDM_ACL Category=2
access-list 2 remark SDM_ACL Category=2
access-list 2 remark SDM_ACL Category=2
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny icmp any any echo
access-list 101 permit icmp any any traceroute
access-list 101 permit tcp any any eq ftp-data
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq 4901
access-list 101 permit tcp any any eq 4900
access-list 101 permit tcp any any eq 4269
access-list 101 deny tcp any any eq 139
access-list 101 deny tcp any any eq 135
access-list 101 permit udp host 212.216.172.62 eq domain any
access-list 101 permit udp host 212.216.112.112 eq domain any
access-list 101 deny ip 10.10.10.0 0.0.0.7 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip host 212.216.112.112 any
access-list 102 deny ip 10.10.10.0 0.0.0.7 any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 102 remark auto generated by SDM firewall configuration
access-list 131 permit icmp any any echo
access-list 131 permit icmp any any
access-list 199 remark SDM_ACL Category=2
access-list 199 deny ip any any
access-list 199 remark SDM_ACL Category=2
access-list 199 remark SDM_ACL Category=2
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

Ma tu questo router lo hai configurato a mano o via sdm?
Perchè sta' configurazione è una roba allucinante, ti consiglierei vivamente di rifarla da zero a mano!

A mano non sono molto pratico aggiungo solo qualke stringa :\
Spero sia + chiara questa conf


Router#sh run
Building configuration...

Current configuration : 5617 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$rfe1$duOJM.U1RGjvoDJVX/p/G/
!
no aaa new-model
!
resource policy
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
dns-server 212.216.112.112 212.216.172.62
lease 0 2
!
!
ip cef
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip domain name Router.com
ip name-server 212.216.112.112
ip name-server 212.216.172.62
!
!
crypto pki trustpoint TP-self-signed-3148253242
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3148253242
revocation-check none
rsakeypair TP-self-signed-3148253242
!
crypto pki trustpoint tti
revocation-check crl
rsakeypair tti
!
!
crypto pki certificate chain TP-self-signed-3148253242
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33313438 32353332 3432301E 170D3038 30313331 30363235
34315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31343832
35333234 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A820 97781145 DB876612 41F90E8D 5A7B4E21 64379846 F8933CE4 3FD24AC7
5E16F588 24DC92F5 644A4809 19D00B5B C8F92FB0 09385CA0 CC4B98E7 BE35F459
2B4CCA90 7C6EB88C F60D4CB8 7C45A3C4 EEC9D1BB 5AFD1EB8 0A80BD87 E10307EC
40BFE09A 32ED4456 1151EF76 369C17D8 E6FC9C7D 3A6FE022 CC324C5B 5F858B83
D0B10203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14162A80 01648734 6F3D01A8 BC74012B 57DCF198
72301D06 03551D0E 04160414 162A8001 6487346F 3D01A8BC 74012B57 DCF19872
300D0609 2A864886 F70D0101 04050003 81810027 29157C8F 4A4BAD3D BCBBA02A
990D2A7B 09BD0743 34BEB610 72AB8149 6065CD66 C076658A 83E608F5 7DD4B396
9B05F1DB 89527FE8 B46E12FB F5A8A7C9 D0D26672 FA0A7F6D 64F17D78 6C03FB63
A6EF25AC 70E1D3B6 37E2A791 F41E50D2 0E228F82 2386EFD5 F378097E D787D5AA
7E154CA2 DECA7293 757A9AD1 2F43625C 4569F4
quit
crypto pki certificate chain tti
username admin privilege 15 secret 5 $1$GdmW$D2X/X0DUm7dU4BNR7V6KU/
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
no snmp trap link-status
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.248
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 101 in
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname **********
ppp chap password 0 ********
ppp pap sent-username ************* password 0 ***********
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 212.216.172.62 eq domain any
access-list 101 permit udp host 212.216.112.112 eq domain any
access-list 101 deny ip 10.10.10.0 0.0.0.7 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

La config è stata fatta al 100% via sdm!
Hai problemi con i giochi on-line?

Beh si ho cercato di usare un modo + veloce, attualmente è al 100% sdm anche se la
mia situazione del ping alla centrale rimane tale pur avendo cambiato una miriade di configurazioni e tanti comandi presi dal vs forum, non ho problemi coi game, la connessione è sempre up con delle discrete prestazioni direi, solo che mi turba il fatto che un router di 30 euro debba pingare 28ms e appena cambio col cisco il ping medio all'ip 192.168.100.1 muta 38ms chiedendomi il perchè i valori si incrementino di 10ms, inoltre ho cercato di ridurlo modificando il Mtu ma non risponde come dovrebbe lo Ios quanto pare accetta 2 tipi di sintassi ip mtu 1500 e mtu 1500 e dai test effettuati anche se volessi portarlo a 1300 la dimensione di ogni pakketto rimane sempre di default a 1500, allora mi permetto di dire: sono dei problemi che cisco si porta da sempre? correggetemi se sbaglio, grazie.

che versione hai di IOS e di firmware adsl?

magari sbaglio, ma dubito che modificare la mtu cambi la latenza dei pacchetti... casomai cambia il valore massimo del download reale...



Ciao

Certo MarcoT , la latenza e la dimensione di ogni pakketto sono differenti però qualche volta per scoprire un eventuale bug o problema cerchiamo di provarle un po' tutte

lo Ios è Version 12.4(6)T9 - FW Version: 3.0.33

proton ha scritto:...

lo Ios è Version 12.4(6)T9 - FW Version: 3.0.33

Io ho un 877W, ma forse vale anche per l'857W: quando son passato dallo ios 12.4.4 allo 12.4.15, a parità di configurazione, il ping al primo hop è calato proprio di 10ms...
ma magari è stata una coincidenza...

se hai la smartnet metti il 12.4.15.T3.

il FW 3.0.33 è embedded? non credo...
quando cambi ios provalo prima con il fw embedded, poi casomai metti anche l'aggiornamento del fw adsl.

Ciauzzz!

Uhm mi scoccia un po' sinceramente scaricare uno IoS nuovo...è un casino quel sito ufficiale...

il FW lho preso da qui ftp://ftp.cisco.com/pub/access/800/

Farò un pò di prove coi FW magari con le vecchie versioni..cercando di ridurre questa strana latenza...

scaricare lo ios nuovo ci vogliono 2 minuti e altrettanti per aggiornare il router...
non vedo il problema se hai la smartnet.

Confermo, aggiorna ios e firmware che non fa mai male!

Non ho la smartnet e sinceramente non so cosa sia asd, sò entrato qui: http://tools.cisco.com/support/download ... me=Routers
Mi da il lukketto e non riesco a scaricarlo e nemmeno a registrarmi. Ma IoS se lo pagano praticamente? gh
Se potete aiutarmi indicandomi la via migliore ^^ Grazie

smartnet è un contratto di assistenza che, tra l'altro, ti permette di scaricare gli ios nuovi.
per l'877w costa circa 80€. per l'857 il costo sarà simile.

prendi la smartnet semplice, così puoi scaricarti gli ios ed avere anche un livello di assistenza superiore, come il cambio hadrware entro 24 ore lavorative in caso di guasto.

il lucchetto di cui scrivi si aprirà non appena avrai registrato una smartnet per il tuo apparato.


Ciauzz!

Grazie MircoT sei molto gentile, 80 euro all'anno? vorrei sapere siccome il sito www.cisco.com è un pò confuso ^^ posso rivolgermi a qualche italiano? posso andare qui? www.ciscoshop.it boh helpme plz ^^

si, circa 80€ all'anno.
Non conosco il sito che hai scritto, ma puoi prendere la smartnet da qualsiasi rivenditore autorizzato Cisco.


Ciauzz!