i replaced my BEFSR41 with an 831 running 12.3.
i've noticed a serious speed issue overall - especially with my torrent downloads. with the linksys router i was able to pull 250K+ but now i'm limited around 60K.
i ran a few speed tests, and i've noticed upload speeds are extremely slow, which would explain the slow torrents. out of the 384kbps allocated, i'm getting about 100kpbs.
when i pulled the router, and went directly to my machine, the speeds shot right back up again.
i've also disabled both ACL's and the policies, but the speeds are still 6-8% of what they normally are.
here's my config.
--------
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname pluto
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging console critical
enable secret 5 xxx
enable password 7 xxx
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
no ip source-route
no ip gratuitous-arps
!
!
no ip dhcp use vrf connected
!
!
ip cef
no ip domain lookup
ip domain name sol.home
no ip bootp server
ip inspect name CBAC icmp
ip inspect name CBAC fragment maximum 256 timeout 1
ip inspect name CBAC tcp
ip inspect name CBAC udp
ip inspect name CBAC sip
ip inspect name CBAC https
ip inspect name CBAC nntp
ip inspect name CBAC smtp
ip inspect name CBAC pop3
ip inspect name CBAC dns
ip inspect name CBAC telnet
ip inspect name CBAC ssh
ip inspect name CBAC ntp
ip inspect name CBAC realaudio
ip inspect name CBAC appleqtc
no ip ips deny-action ips-interface
ip ssh time-out 60
ip ssh authentication-retries 2
login block-for 5 attempts 3 within 5
!
no ftp-server write-enable
!
!
class-map match-any warcraft
match access-group name warcraft
class-map match-any VoIP
match access-group name lingo
match protocol rtp audio
match protocol sip
class-map match-any normal_traffic
match protocol http
match protocol secure-http
match protocol smtp
match protocol pop3
match protocol ssh
match protocol icmp
match protocol ntp
!
!
policy-map MyQoSPolicy
class VoIP
priority 100
set dscp ef
class warcraft
priority 20
class normal_traffic
priority 20
class class-default
fair-queue
!
!
no crypto isakmp ccm
!
!
!
interface Ethernet0
description INTERNAL_NETWORK
ip address 10.10.100.1 255.255.255.248
ip nat inside
ip virtual-reassembly
no cdp enable
hold-queue 100 out
!
interface Ethernet1
description INTERNET
bandwidth 384
ip address dhcp
ip access-group allowed_inbound_traffic in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat outside
ip inspect CBAC out
ip virtual-reassembly
no ip mroute-cache
duplex full
no cdp enable
service-policy output MyQoSPolicy
!
interface Ethernet2
no ip address
shutdown
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 dhcp
!
no ip http server
no ip http secure-server
!
ip nat inside source list OUTBOUND_ADDRESSES interface Ethernet1 overload
ip nat inside source static udp 10.10.100.5 12365 interface Ethernet1 12365
ip nat inside source static tcp 10.10.100.5 12365 interface Ethernet1 12365
ip nat inside source static tcp 10.10.100.5 6112 interface Ethernet1 6112
ip nat inside source static udp 10.10.100.5 6112 interface Ethernet1 6112
!
!
ip access-list standard OUTBOUND_ADDRESSES
permit 10.10.100.4
permit 10.10.100.5
permit 10.10.100.2
permit 10.10.100.3
!
ip access-list extended allowed_inbound_traffic
permit udp any any eq bootpc
permit icmp any host 10.10.100.1 administratively-prohibited
permit icmp any host 10.10.100.1 echo
permit icmp any host 10.10.100.1 echo-reply
permit icmp any host 10.10.100.1 packet-too-big
permit icmp any host 10.10.100.1 time-exceeded
permit icmp any host 10.10.100.1 traceroute
permit icmp any host 10.10.100.1 unreachable
permit udp any any eq 6112
permit tcp any any eq 6112
permit udp any any eq 12365
permit tcp any any eq 12365
permit tcp any any range 1020 1032
permit udp any any range 1020 1032
permit tcp any any range 5060 5065
permit udp any any range 5060 5065
permit tcp any any range 10000 20000
permit udp any any range 10000 20000
ip access-list extended dhcp
permit udp any any eq bootpc
ip access-list extended lingo
permit tcp any any range 1020 1032
permit udp any any range 1020 1032
permit tcp any any range 5060 5065
permit udp any any range 5060 5065
permit tcp any any range 10000 20000
permit udp any any range 10000 20000
ip access-list extended normal_traffic
permit tcp any any eq www
permit tcp any any eq 443
permit udp any any eq 443
permit udp any any eq 80
permit tcp any any eq smtp
permit udp any any eq 25
permit udp any any eq 110
ip access-list extended utorrent
permit tcp any any eq 12365
permit udp any any eq 12365
ip access-list extended warcraft
permit udp any any eq 6112
permit tcp any any eq 6112
no cdp run
!
!
control-plane
!
banner motd ^CCC
You are connected to $(hostname) on a private network.
Use of this system may be logged or monitored without further notice.
Unauthorized access is prohibited.
Violators will be prosecuted.
^C
privilege exec level 15 connect
privilege exec level 15 telnet
privilege exec level 15 show ip access-lists
privilege exec level 1 show ip
privilege exec level 15 show access-lists
privilege exec level 15 show logging
privilege exec level 15 show
!
line con 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 xxx
logging synchronous level all
transport input ssh
!
scheduler max-task-time 5000
end
----------
