10-19-2009 01:18 PM - edited 03-21-2019 09:20 AM
Hi,
Question Part 1:
I am running the newest firmware v5.2.10 on my SPA-2102 and it hung twice during a one week period. I noticed it hung after my firewall logged either a TCP SYN FLOOD attempt or a Smurf Attack attempt, I caught this happenning just after a completed P2P sessions but not sure if they are related. Any ideas ?
All the LED on the SPA-2102 are off when it hangs, I have the following network topology:
Internet <- Cable Modem <- [internet port] spa2102 [Ethernet port] <- [internet port] Wireless Router w/ Firewall, SPI & DoS enabled
Question Part 2:
Topology #1
Internet <- Cable Modem <- [internet port] Cisco spa2102 ATA [Ethernet port] <- [internet port] wireless router
I use this topology thinking that I can make use of the QoS feature of the spa2102 (since the wireless router don't have QoS feature) and still be protected by SPI & DoS features of the wireless router (since all my PC's are connected to the wireless router). Is this understanding correct ?
The above setup robbed my downlink speed from 10Mbps (at the cable modem) to 6Mbps. It is 8Mbps after the spa2102, and 6Mbps after the wireless router.
I have been thinking about changing the network topology to the following to achieve the following 3 objectives (in order of priority):
1. Reliable ATA service (i.e. No hanging of the SPA-2102)
2. Maximum protection from hackers
3. Maximum my downlink speed.
Can you suggest a topology that meet my requirement without buying new equipment ?
Topology #2
Internet <- Cable Modem <- [internet port] spa2102 [Ethernet port] <- [Ethernet port] wireless router
My understand of topology #2 is I can still enjoy the QoS feature on the SPA2102 but my PC's are NOT longer protected by the SPI & DoS features of the wireless router (due to the fact that the upstream [Internet port] is not used on the wireless router). Is this understanding correct ?
My guess on the downlink throughput is 8Mbps for this setup
Topology #3
Internet <- Cable Modem <- [Internet port] wireless router [Ethernet port] <- [Ethernet port] spa2102
My understand of topology #3 is I NO Longer can take advantage of the QoS feature of the Cisco spa2102 to prioritize voice over my other network traffic to the internet but I am protected by the wireless router SPI & DoS. Is this understanding correct ?
My guess on the downlink throughput is 8Mbps for this setup
So which topology will help me achieve following 3 objectives (in order of priority) without the need to buy new equipment ?
1. Reliable ATA service (i.e. No hanging of the SPA-2102)
2. Maximum protection from hackers
3. Maximum my downlink speed.
Thanks in advance for your help.
10-20-2009 10:05 AM
Dear Sir;
I suggest you use topology 3.
You will loose QoS priorization (provided your wireless router does not support it), however this will make your total throughput higher and also SPA2102 will not be overloaded.
Regards;
Alberto
10-20-2009 11:41 AM
Thanks Alberto.
What is the reason that the Admin manual recommends disabling the SPI feature of my firewall ? Does it matter ?
I suppose I need to port forward 5060, 5061, 16384-16482 if the SPA-2102 is behind my firewall, correct ?
.
10-26-2009 04:48 AM
Dear Sir;
SPI deactivation is not always required. There are some SPI which blocks SIP and/or RTP packets. So keep it enabled, disabled it if you have issues with ports/packets being blocked or dropped.
Port forwarding, yes, that ease things.
Regards
Alberto
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: