网络工程 - Cisco 2960L 和 ISR 4331 限制 WAN 速度 - 吾爱随笔录

我已尝试找到此问题的解决方案，并且可以在此处找到迄今为止我找到的最接近的解决方案。https://www.reddit.com/r/networking/comments/8f2sn0/throughput_limited_by_cisco_2960_switch/ 我的网络知识有限，我不太了解正在讨论的内容或如何进行测试。

任何帮助将不胜感激，这让我发疯！明天我回到办公室时会发布一些配置片段。

问题：

我们有来自 ISP 的 72Mb 下载和 20Mb 上传包。这连接到安装了 100Mb 许可证的 gig 0/0/1 上的 Cisco ISR 4331。在 gig 0/0/1 上将计算机直接连接到 ISR 4331 时，可以在 speedtest.net 上始终如一地实现 ISP 吞吐量

我们有一个带有 Vlan 的 Cisco 2960L 交换机。连接到两个不同 Vlan 的两台计算机之间的 JPERF 测试为我们提供了 940Mb 的速度，因此本地 Vlan 间路由运行良好。

我们在 gig0/1 上的 2960L 上创建了一个路由端口，该端口连接到自己 VLAN 上的 ISR 4331 gig 0/0/0。在这些端口上自动协商且无需额外配置。相同的计算机连接在交换机端口上，一切都按预期工作，但是在同一台计算机上再次在 speedtest.net 上运行速度测试时，吞吐量始终被限制在 35-50 Mb 下载和 3-6Mb 上传之间。

所有 Vlan 上的所有计算机都会遇到这种限制。speedtest 上的下载速度可能不稳定，有时最高可达 55Mb 或 60Mb，网络上所有计算机的上传速度始终在 3-6Mb 范围内。

连接到 2960L 的各种计算机之间的 JPERF 显示速度高达 900Mb。

最可能的原因是什么？

编辑：

2960L Gig 0/47 现在使用 Gig 0/0/0 使用新的跳线连接到 4331

编辑：2960L 开关配置：

! Last configuration change at 18:54:01 GMT Tue Apr 9 2019
! NVRAM config last updated at 19:10:56 GMT Tue Apr 9 2019 by 
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname DXBSWBHMAINRACK
!
boot-start-marker
boot-end-marker
!
enable secret 5 
!
username secret 5 
no aaa new-model
clock timezone GMT 4 0
ip routing
ip dhcp excluded-address 172.17.2.17
ip dhcp excluded-address 172.17.2.1
ip dhcp excluded-address 172.17.2.33
ip dhcp excluded-address 172.17.0.1
ip dhcp excluded-address 172.17.1.1
ip dhcp excluded-address 172.17.9.1
ip dhcp excluded-address 172.17.2.65
ip dhcp excluded-address 172.17.2.70
ip dhcp excluded-address 172.17.8.1 172.17.8.2
ip dhcp excluded-address 172.17.8.33 172.17.8.34
ip dhcp excluded-address 172.17.8.97 172.17.8.98
ip dhcp excluded-address 172.17.8.66
ip dhcp excluded-address 172.17.8.65
ip dhcp excluded-address 172.17.2.73 172.17.2.74
ip dhcp excluded-address 172.17.1.65 172.17.1.66
ip dhcp excluded-address 172.17.1.2
ip dhcp excluded-address 172.17.0.2
ip dhcp excluded-address 172.17.2.38
!
ip dhcp pool ICH-HR
 network 172.17.2.32 255.255.255.240
 domain-name 
 dns-server 172.17.1.195 172.17.1.196
 default-router 172.17.2.33
!
ip dhcp pool ICH-ACC-DHCP-POOL
 network 172.17.2.16 255.255.255.240
 domain-name 
 dns-server 172.17.1.195 172.17.1.196
 default-router 172.17.2.17
!
ip dhcp pool STAFF-GUEST-MOBILE
 network 172.17.0.0 255.255.255.0
 dns-server 4.2.2.2 8.8.8.8
 domain-name 
 default-router 172.17.0.1
!
ip dhcp pool STAFF-WIFI-DHCP-POOL
 network 172.17.1.0 255.255.255.192
 dns-server 172.17.1.195 172.17.1.196
 default-router 172.17.1.1
 domain-name 
!
ip dhcp pool ICH-PRINTERS-DHCP-POOL
 network 172.17.2.64 255.255.255.248
 dns-server 172.17.1.195 172.17.1.196
 domain-name 
 default-router 172.17.2.65
!
ip dhcp pool ICH-COMMERCONTRACTING-DHCP-POOL
 network 172.17.8.0 255.255.255.224
 default-router 172.17.8.1
 domain-name 
 dns-server 172.17.1.195 172.17.1.196
!
ip dhcp pool ICC-DESIGN-DHCP-POOL
 network 172.17.8.32 255.255.255.224
 dns-server 172.17.1.195 172.17.1.196
 default-router 172.17.8.33
 domain-name 
!
ip dhcp pool ICC-PROJECTS-DHCP-POOL
 network 172.17.8.64 255.255.255.224
 dns-server 172.17.1.195 172.17.1.196
 default-router 172.17.8.65
 domain-name 
!
ip dhcp pool ICC-ADMINISTRATION-DHCP-POOL
 network 172.17.8.96 255.255.255.224
 default-router 172.17.8.97
 domain-name 
 dns-server 172.17.1.195 172.17.1.196
!
ip dhcp pool ICH-RECEPTION-DHCP-POOL
 network 172.17.2.72 255.255.255.248
 default-router 172.17.2.73
 domain-name
 dns-server 172.17.1.195 172.17.1.196
!
ip dhcp pool ICH-EXEC-DHCP-POOL
 network 172.17.1.64 255.255.255.192
 dns-server 172.17.1.195 172.17.1.196
 domain-name
 default-router 172.17.1.65
!
!
ip domain-name 
ip name-server 172.17.1.195
ip name-server 172.17.1.196
vtp mode off
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
no spanning-tree vlan 20,30,50,70,80,90,100,120,130,140,150,160,170,180
spanning-tree vlan 1,10,20,30,40,50,60,70,80,90,100,110,120,130 priority 24576
spanning-tree vlan 140-180 priority 24576
!
!
vlan 20
 name HR
!
vlan 30
 name ICH-ACCOUNTS
!
vlan 50
 name SERVERS
!
vlan 60
 name STAFF-WIFI
!
vlan 70
 name EXECUTIVES
!
vlan 80
 name PRINTERS
!
vlan 90
 name DMZ
!
vlan 100
 name OPENVPN-POOL
!
vlan 110
 name STAFF-GUEST-MOBILE
!
vlan 120
 name MANAGERS-WIFI
!
vlan 130
 name RECEPTION
!
vlan 140
 name ICH-ADMINISTRATION
!
vlan 150
 name ICC-ADMINISTRATION
!
vlan 160
 name ICC-COMMERCONTRA
!
vlan 170
 name ICC-DESIGN
!
vlan 180
 name ICC-PROJECTS
!
!
!
!
!
!
interface Port-channel1
 description ETHERCHANNEL-TO-SERVERDXBDN2
 switchport mode trunk
!
interface GigabitEthernet0/1
 switchport mode trunk
!
interface GigabitEthernet0/2
 switchport mode trunk
 speed 1000
 duplex full
!
interface GigabitEthernet0/3
 switchport mode trunk
 channel-group 1 mode active
!
interface GigabitEthernet0/4
 switchport mode trunk
 channel-group 1 mode active
!
interface GigabitEthernet0/5
 switchport mode trunk
 channel-group 1 mode active
!
interface GigabitEthernet0/6
 switchport mode trunk
 channel-group 1 mode active
!
interface GigabitEthernet0/7
 switchport access vlan 20
 switchport mode access
 switchport nonegotiate
 speed 1000
 duplex full
!
interface GigabitEthernet0/8
 switchport mode trunk
!
interface GigabitEthernet0/9
 switchport mode trunk
!
interface GigabitEthernet0/10
 switchport mode trunk
!
interface GigabitEthernet0/11
 switchport mode trunk
!
interface GigabitEthernet0/12
 switchport mode trunk
!
interface GigabitEthernet0/13
 switchport mode trunk
!
interface GigabitEthernet0/14
 switchport mode trunk
!
interface GigabitEthernet0/15
 switchport access vlan 90
 switchport mode access
!
interface GigabitEthernet0/16
 switchport access vlan 50
 switchport mode access
!
interface GigabitEthernet0/17
 switchport access vlan 60
 switchport mode access
!
interface GigabitEthernet0/18
 switchport mode trunk
!
interface GigabitEthernet0/19
 switchport access vlan 60
 switchport mode access
!
interface GigabitEthernet0/20
 switchport access vlan 50
 switchport mode access
 !
interface GigabitEthernet0/25
 switchport access vlan 80
 switchport mode access
!
interface GigabitEthernet0/26
 switchport access vlan 80
 switchport mode access
!
interface GigabitEthernet0/27
 switchport access vlan 80
 switchport mode access
!
interface GigabitEthernet0/35
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet0/36
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet0/37
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet0/47
 no switchport
 ip address 172.17.2.82 255.255.255.240
!

interface Vlan1
 description NETWORKING-EQUIPMENT
 ip address 172.17.1.225 255.255.255.224
!
interface Vlan20
 description ICH-HR
 ip address 172.17.2.33 255.255.255.240
!
interface Vlan30
 ip address 172.17.2.17 255.255.255.240
!
interface Vlan50
 description SERVERS-VLAN
 ip address 172.17.1.193 255.255.255.224
!
interface Vlan60
 description STAFF-WIFI-VLAN
 ip address 172.17.1.1 255.255.255.192
!
interface Vlan70
 ip address 172.17.1.65 255.255.255.192
!
interface Vlan80
 ip address 172.17.2.65 255.255.255.248
!
interface Vlan90
 ip address 172.17.2.49 255.255.255.240
!
interface Vlan110
 ip address 172.17.0.1 255.255.255.0
!
interface Vlan130
 ip address 172.17.2.73 255.255.255.248
!
interface Vlan150
 ip address 172.17.8.97 255.255.255.224
!
interface Vlan160
 description ICC-COMMERCONTRA
 ip address 172.17.8.1 255.255.255.224
!
interface Vlan170
 ip address 172.17.8.33 255.255.255.224
!
interface Vlan180
 ip address 172.17.8.65 255.255.255.224
!
ip default-gateway 172.17.2.81
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.17.2.81 name DXBRTBHMAINRACK
ip route 172.17.1.128 255.255.255.192 172.17.2.50
ip ssh version 2
!

line con 0
 exec-timeout 20 0
 password 7 
 logging synchronous
 login local
line vty 0 4
 exec-timeout 0 0
 password 7 
 logging synchronous
 login local
 transport input ssh
line vty 5 15
 exec-timeout 0 0
 password 7 
 logging synchronous
 login local
 transport input ssh
!
end

4331 配置：

Current configuration : 19299 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 100000
!
hostname DXBRTBHMAINRACK
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable secret 5 
!
no aaa new-model
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
  no destination transport-method email
!
!
!
!
!
!
!
!
!
!
!


ip name-server xxxxxxx

!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint SLA-TrustPoint
 enrollment terminal
 revocation-check crl
!
license udi pid ISR4331/K9 sn xxxxxxxx
license smart enable
!
spanning-tree extend system-id
!
username xxxxx secret 5 xxxxx
!
redundancy
 mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 ip address 172.17.2.81 255.255.255.240
 ip nat inside
 negotiation auto
!
interface GigabitEthernet0/0/1
 bandwidth 1000000
 ip address xxxxxxxx 255.255.255.252
 ip mtu 1492
 ip nat outside
 ip access-group vpn in
 ip tcp adjust-mss 1452
 negotiation auto
!
interface GigabitEthernet0/0/2
 no ip address
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 negotiation auto
!
interface Vlan1
 no ip address
 shutdown
!
ip default-gateway xxxxx
ip nat inside source static udp 172.17.2.52 1723 interface GigabitEthernet0/0/1 1723
ip nat inside source static tcp 172.17.2.52 1723 interface GigabitEthernet0/0/1 1723
ip nat inside source static tcp 172.17.2.52 5000 interface GigabitEthernet0/0/1 34768
ip nat inside source static udp 172.17.2.50 443 interface GigabitEthernet0/0/1 443
ip nat inside source list NAT-ALL-VLANS interface GigabitEthernet0/0/1 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 xxxxxx
ip route 172.17.0.0 255.255.255.0 172.17.2.82
ip route 172.17.1.0 255.255.255.192 172.17.2.82
ip route 172.17.1.64 255.255.255.192 172.17.2.82
ip route 172.17.1.128 255.255.255.192 172.17.2.82
ip route 172.17.1.192 255.255.255.224 172.17.2.82
ip route 172.17.1.224 255.255.255.224 172.17.2.82
ip route 172.17.2.0 255.255.255.240 172.17.2.82
ip route 172.17.2.16 255.255.255.240 172.17.2.82
ip route 172.17.2.32 255.255.255.240 172.17.2.82
ip route 172.17.2.48 255.255.255.240 172.17.2.82
ip route 172.17.2.64 255.255.255.248 172.17.2.82
ip route 172.17.2.72 255.255.255.248 172.17.2.82
ip route 172.17.8.0 255.255.255.224 172.17.2.82
ip route 172.17.8.32 255.255.255.224 172.17.2.82
ip route 172.17.9.0 255.255.255.0 172.17.2.82
!
!
ip access-list standard NAT-ALL-VLANS
 permit any
!
ip access-list extended vpn
 permit ip any any
ip access-list extended vpntest
 permit udp any any eq 443
 deny   ip any any
!
!
!
!
control-plane
!
!
line con 0
 logging synchronous
 login local
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 login local
 transport input ssh
line vty 5 97
 exec-timeout 0 0
 login local
 transport input ssh
!
!
end