|
Posted by on September 2, 2006, 1:59 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Walter Roberson wrote:
>
> >I have a question about network speed that I was hoping someone would
> >be able to help me with. I have a home lab set up as follows -
>
> >My ADSL internet connection is max 8Mbs.
>
> >Between my ADSL router and my LAN is a Cisco PIX 506 firewall with two
> >interfaces, inside and outside, set at 10Mbs.
>
> >This is then connected to a Wireless Access Point, max speed 54Mbs.
>
> >I also have various switches that I'd like to practice on who's port
> >speeds are either 10 or 100 Mbs.
>
> >Am I correct in assuming that the fact that my firewall is limited to
> >speeds of max 10Mbs is irrelevant since the internet connection will
> >never be faster than 8Mbs? So, there is no point in upgrading to a PIX
> >506e with FastEthernet interfaces as there will never be a need for a
> >100Mbs connection?
>
> The PIX 506 and PIX 506E are identical in supported interface line
> rates. They both support 10 and 100, full and half duplex, and both
> support autonegotiation.
>
> The documentation does indicate that autonegotation is only supported
> on units with the intel ethernet interface, but indicates that all units
> from november 1996 had that interface -- and the 506 was released after that.
>
> The datasheets for the 506 are hard (or impossible) to find on cisco.com
> as it is End of Sale, but the Syngress "Managing Cisco Network Security"
> book does indicate "two Fast Ethernet 10/100 ports" for it
> (chapter 4, page 133, in the first edition).
>
> There is the 6.3(1) release note that is not well explained, about
> the interface speeds for the 501 and 506E, and I do recall that
> before that point the 501 only supported 10 Mbs on its outside
> interface, with the 6.3(1) allowing it to go to 100 Mbps. I know
> this from practical experience; it is not documented anywhere I
> can find. The release note does not mention the 506, just the 506E,
> so there is a -possibility- of an undocumented restriction on the
> 506 that prevents it from using 100 Mbps on the outside interface
> even though the hardware supports it -- but there is also a possibility
> that 100 Mbps is unlocked by 6.3(1) on the 506 as well. Hard to say
> without access to the devices and releases.
>
>
> But getting back to your question: the 8 Mbps ADSL limit is not
> necessarily the limiting factor. You need to look at the maximum
> aggregate cleartext throughput on the PIX 506, which happens to be
> 20 Mbps -- i.e., 10 Mbps in both directions. So that's okay.
> But if you want to start running a VPN then you need to look
> at the VPN speeds on the 506 and 506E. The 506 supports 20 Mbps DES,
> 10 Mbps 3DES -- so if you were trying to run a 3DES VPN at full
> speed at full duplex, the 506 would be the limiting factor, as
> it would only be doing 5 Mbps in that case. But there is an
> odd note in the PIX 506E/515E Q&Q, in the 6.1(2) timeframe, that
> indicates that the maximum VPN throughput for the 506 is 10 Mbps,
> which is kind of an odd thing to say about a device documented to
> be able to move 20 Mbps DES; there is no documentation indicating
> whether it was improved later (e.g., does AES give better throughput?)
> According to the same Q&A, the maximum VPN throughput for the 506E is
> 16 Mbps (again, odd on a device documented to move 20 Mbps DES,
> 17 Mbps 3DES, and 30 Mbps AES-128)
>
>
> >I sometimes check my internet speed online, and it seems to be about 1
> >Mbs. Is this because of the contention on the line?
>
> Insufficient information. If you aren't checking on a speed test
> from a local node of the same ISP, then the limit might be somewhere
> else in the network. Or the limit might be in your equipment.
> Also, check in case you have a unit mismatch: 8 megabits per second
> is 1 megabyte per second: perhaps the test is reporting in megabytes per
> second instead of megabits per second?
>
>
> >The switch port speeds *are* relevant, since if I was transferring
> >files from one internal PC to another, I'd like to be able to use
> >100Mbs?
>
> Yes. I suggest you look on dslreports.com for their TCP tweaking
> utility; you might be able to improve your transfer speeds noticably
> over the default configuration.
Thanks Walter.
The PIX 506 I have at home is running 6.3(4) but the message I receive
when trying to change any of the interface speeds to 100 is:
pixfirewall(config)# interface ethernet1 100full
ethernet1 can only be set to 10baseT, 10full or auto.
I changed the settings of both interfaces from autonegotiation to
10BaseT and the internet is now running at an average of 1 Mbs up from
200Kbs when I tested a few times using auto. I've used the same testing
website throughout and the units have always been megabits per second.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map