SPA-2102 Hung with NO status Light

lowbee888 · ‎10-19-2009

Hi,

Question Part 1:

I am running the newest firmware v5.2.10 on my SPA-2102 and it hung twice during a one week period. I noticed it hung after my firewall logged either a TCP SYN FLOOD attempt or a Smurf Attack attempt, I caught this happenning just after a completed P2P sessions but not sure if they are related. Any ideas ?

All the LED on the SPA-2102 are off when it hangs, I have the following network topology:

Internet <- Cable Modem <- [internet port] spa2102 [Ethernet port] <- [internet port] Wireless Router w/ Firewall, SPI & DoS enabled

Question Part 2:

Topology #1
Internet <- Cable Modem <- [internet port] Cisco spa2102 ATA [Ethernet port] <- [internet port] wireless router

I use this topology thinking that I can make use of the QoS feature of the spa2102 (since the wireless router don't have QoS feature) and still be protected by SPI & DoS features of the wireless router (since all my PC's are connected to the wireless router). Is this understanding correct ?

The above setup robbed my downlink speed from 10Mbps (at the cable modem) to 6Mbps. It is 8Mbps after the spa2102, and 6Mbps after the wireless router.

I have been thinking about changing the network topology to the following to achieve the following 3 objectives (in order of priority):

1. Reliable ATA service (i.e. No hanging of the SPA-2102)

2. Maximum protection from hackers

3. Maximum my downlink speed.

Can you suggest a topology that meet my requirement without buying new equipment ?

Topology #2
Internet <- Cable Modem <- [internet port] spa2102 [Ethernet port] <- [Ethernet port] wireless router

My understand of topology #2 is I can still enjoy the QoS feature on the SPA2102 but my PC's are NOT longer protected by the SPI & DoS features of the wireless router (due to the fact that the upstream [Internet port] is not used on the wireless router). Is this understanding correct ?

My guess on the downlink throughput is 8Mbps for this setup

Topology #3
Internet <- Cable Modem <- [Internet port] wireless router [Ethernet port] <- [Ethernet port] spa2102

My understand of topology #3 is I NO Longer can take advantage of the QoS feature of the Cisco spa2102 to prioritize voice over my other network traffic to the internet but I am protected by the wireless router SPI & DoS. Is this understanding correct ?

My guess on the downlink throughput is 8Mbps for this setup

So which topology will help me achieve following 3 objectives (in order of priority) without the need to buy new equipment ?

1. Reliable ATA service (i.e. No hanging of the SPA-2102)

2. Maximum protection from hackers

3. Maximum my downlink speed.

Thanks in advance for your help.

Alberto Montilla · ‎10-20-2009

Dear Sir;

I suggest you use topology 3.

You will loose QoS priorization (provided your wireless router does not support it), however this will make your total throughput higher and also SPA2102 will not be overloaded.

Regards;
Alberto

lowbee888 · ‎10-20-2009

Thanks Alberto.

What is the reason that the Admin manual recommends disabling the SPI feature of my firewall ? Does it matter ?

I suppose I need to port forward 5060, 5061, 16384-16482 if the SPA-2102 is behind my firewall, correct ?

.

Alberto Montilla · ‎10-26-2009

Dear Sir;

SPI deactivation is not always required. There are some SPI which blocks SIP and/or RTP packets. So keep it enabled, disabled it if you have issues with ports/packets being blocked or dropped.

Port forwarding, yes, that ease things.

Regards
Alberto