dslreports logo
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads



Some references
Cisco DSL Router Configuration and Troubleshooting Guide - PPPoE Online Form
Cisco DSL Router Configuration and Troubleshooting Guide - PPPoE: DSL Router as a PPPoE Client Troubleshooting

Suggested pre-reading:
»Cisco Forum FAQ »Things to expect when setup network for home or small business

For many cable and DSL internet connections, the ISPs inform their customers (subscribers) to set their router to receive IP address from them using username and password. This means that the ISPs treat their subscriber's router as PPP client.

When this is your case, then the following sample configuration is a good starting point to help you configure the router. If your ISP requires you to use PPPoE for Internet access, the general idea is that you configure the router as PPPoE client to the ISP.

You may note that integrated ADSL modem/router utilizes ATM interface as the DSL (WAN) interface to connect to the ISP. Therefore there will be ATM frame specification consideration in DSL modem/router configuration, specially with MTU size which will be discussed later on.

Following is the sample configuration using Cisco 827 with IOS image version of 12.1. Note that even though the example uses 827 router, the configuration applies to any router that utilizes ATM/DSL interface to ISP connection and Ethernet interface for LAN connection; including 877 router and 1841 router with WIC-1ADSL card; though in some instances you may need to adjust the configuration when your router is running IOS image version different than 12.1 one.

Typical network environment that might utilize following sample router configuration is as follows

* There is a no modem in front of the router
* The router has integrated DSL/ATM modem, which would connect to the ISP
* ISP acknowledges the router Public IP address via PPPoE
* There is NAT/PAT in place on the router to translate internal IP addresses to the ISP-provided Public IP address

This sample configuration applies to a modem/router combo setup as you may notice. If your setup is having an external modem that your router connects to, then following FAQ is suggested.
»Cisco Forum FAQ »Quick Guide of Configuring Cisco router for PPPoE using external modem

This sample router configuration assumes the followings

* The Ameritech (SBC/AT&T) as the ISP uses 0/35 as the VPI/VCI which may not reflect your ISP VPI/VCI value. Confirm with your ISP regarding the value.
* Internal private IP subnet (for hosts behind the router): 10.10.10.0/24
* All of the hosts' gateway would be the router inside interface IP address: 10.10.10.1
* The IP address range of 10.10.10.2-10.10.10.254 would be available for hosts within your LAN
* When all hosts behind the router go out to the Internet, the hosts would be using the router outside interface IP address (which is the ISP-assigned Public IP address)
* The router does not act as DHCP server; hence it is either static IP address assignment is required to all hosts, or there is a separate DHCP server dynamically assign IP addresses to all hosts
* The outside interface IP address is statically assigned in addition of PPP configuration. If your ISP requires you to have dynamically-assigned IP address, then you can simply issue ip address negotiated command instead. Check out following notes for this specific issue.

Notes:

* This sample configuration assumes that you have a Static Public IP address services from the ISP. This static Public IP address is noted on the ip address 69.33.10.11 255.255.255.0 command under the interface Dialer1 configuration
* When you have Dynamic Public IP address services from your ISP, then you should not have ip address 69.33.10.11 255.255.255.0 command under the interface Dialer1 configuration and ip route 0.0.0.0 0.0.0.0 [ISP DEFAULT GATEWAY IP ADDRESS] command under the global configuration. Instead you implement ip address negotiated and ppp ipcp route default commands under the interface Dialer1 configuration

The sample configuration then should look like the following from the interface Dialer1 down to the end

interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
ip nat outside
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname ppp-username@megapathdsl.net
ppp chap password 7 Encrypted password
ppp pap sent-username ppp-username@megapathdsl.net password 7 encrypted password
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
!
ip classless
no ip http server
ip nat inside source list 10 interface Dialer1 overload
!
dialer-list 1 protocol ip permit
!
access-list 10 permit 10.10.10.0 0.0.0.255
line con 0
password 7 XXXXXXXXX
transport input none
stopbits 1
line vty 0 4
exec-timeout 30 0
password 7 XXXXXXXXX
login
length 0
!
scheduler max-task-time 5000
end
 

* Note that the ppp ipcp route default command might not be supported on some IOS images. When this is your case, then you either upgrade the router IOS image or implement ip route 0.0.0.0 0.0.0.0 Dialer1 command under the global configuration as a replacement

More info about IPCP and Dialer interface
»[Config] Configuring an 877W for use on BT Broadband help please

Without upgrading the IOS image, the sample configuration then should look like the following from the interface Dialer1 down to the end

interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
ip nat outside
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname ppp-username@megapathdsl.net
ppp chap password 7 Encrypted password
ppp pap sent-username ppp-username@megapathdsl.net password 7 encrypted password
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
ip nat inside source list 10 interface Dialer1 overload
!
dialer-list 1 protocol ip permit
!
access-list 10 permit 10.10.10.0 0.0.0.255
line con 0
password 7 XXXXXXXXX
transport input none
stopbits 1
line vty 0 4
exec-timeout 30 0
password 7 XXXXXXXXX
login
length 0
!
scheduler max-task-time 5000
end
 

* Some Static Public IP address services do require ip address negotiated command under the interface Dialer1 configuration and ip route 0.0.0.0 0.0.0.0 Dialer1 command under the global configuration to make it work. Check out the following FAQ for details

»Cisco Forum FAQ »Between DHCP, PPP, Dynamic, and Static IP Address

MTU Size regarding PPPoE over ATM/DSL

This FAQ provides a guaranteed working config for anyone using any ADSL PPPoE connectivity types such as Ameritech ADSL for their circuit provider and Megapath.net for ISP. It took two calls to Cisco and weeks of fighting with ISP tech support, but there was a valuable lesson learned about ADSL PPPoE specifically.

In case you are unaware, the maximum/default Ethernet MTU size is 1500 bytes. The Dialer interface uses PPPoE (PPP over Ethernet) which then has comply with such MTU size specification. Since PPPoE process adds an 8 byte encapsulation header, the Dialer interface should be 1492 as PPPoE adds an 8 byte encapsulation header. The key is setting ip tcp adjust-mss 1440 on the inside Ethernet interface.

You will find many different suggestions and recommendations out there. Some will say 1492 or 1460 to set the Dialer interface MTU size. Some will even say 1452. A 1452 MSS value is pretty much the standard for DSL with a PPPoE transport. Normal MSS is 1500 bytes. But you have to account for the 40 byte IP header and the 8 byte PPPoe header. That gets you to 1452.

Following is from the mouth of Cisco, "If you have ADSL running PPPoE and run into problems resolving DNS, adjust your MTU on your ethernet interface using the ip tcp adjust-mss 1452 command. This is because PPPoE requires more bits in the header packet than any other type of circuit."

The last bit of optimization is a little more subtle and is a debatable topic. As the PPPoE traffic is carried over ATM cells, it has to be chopped up before it can be transmitted. ATM cells are 53 bytes long and have a 5 byte header. So a total of 48 bytes of payload. If you were to take 1452 bytes of data and split it up across 48 byte payloads. You would come up with 30.25 cells. The .25 is a 12 byte remainder that would have to be sent in a separate ATM cell. ATM cells are always 53 bytes. So the payload would have to be stuffed with an additional 36 bytes of null data for that last chunk. So to be completely optimized you would set the MSS to 1440 to eliminate those wasted 36 bytes.

Adjusting MTU size was news to a lot of people, but the minute we did it all general connectivity problems were fixed. With this in mind, note that MTU size should not be too big in order to avoid general connectivity issue. Similarly MTU size should not be too small in order to avoid ineffective traffic flow. Feel free to experiment to set MTU size to either 1452 or 1440 to see which size brings you the most suitable result.

MTU Discussion
»Best IOS for 1801W

So with that in mind, here is a 100% working config from my 827 ADSL router. Hope this lesson I learned helps someone out in the future!!!!

SAMPLE CONFIGURATION

1. Earlier IOS Version

Router#sh run
Building configuration...
 
Current configuration : 2593 bytes
!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
ip subnet-zero
no ip finger
ip name-server 66.80.130.23
ip name-server 66.80.131.5
!
no ip dhcp-client network-discovery
vpdn enable
no vpdn logging
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452 
no ip mroute-cache
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.35 point-to-point
pvc 0/35
protocol pppoe
pppoe-client dial-pool-number 1
!
!
!
interface Dialer1
ip address 69.33.10.11 255.255.255.0
ip mtu 1492
encapsulation ppp
ip nat outside
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname ppp-username@megapathdsl.net
ppp chap password 7 Encrypted password
ppp pap sent-username ppp-username@megapathdsl.net password 7 encrypted password
!
ip classless
ip route 0.0.0.0 0.0.0.0 69.33.10.1
no ip http server
ip nat inside source list 10 interface Dialer1 overload
!
dialer-list 1 protocol ip permit
!
access-list 10 permit 10.10.10.0 0.0.0.255
line con 0
password 7 XXXXXXXXX
transport input none
stopbits 1
line vty 0 4
exec-timeout 30 0
password 7 XXXXXXXXX
login
length 0
!
scheduler max-task-time 5000
end
 


Thanks to sanchito75 See Profile for this post leading to this FAQ.

2. IOS Version 12.4

Note:
All PPPoE-related commands on earlier IOS version apply to the IOS version 12.4. However only some of those commands may show during the show running-config command deployment since in IOS version 12.4, some PPPoE commands are no longer needed. Following is the final result of entering earlier IOS version PPPoE commands on routers running IOS version 12.4 image.

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime year
service timestamps log datetime msec localtime year
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 *******
!
no aaa new-model
!
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
vpdn enable
!
!
interface FastEthernet0/0
 description To Layer-2 Switch
 ip address 10.10.10.1 255.255.255.240
 ip nat inside
 duplex auto
 speed auto
 no cdp enable
 hold-queue 32 in
 hold-queue 100 out
!
interface ATM0/0
 description ADSL To SBC
 no ip address
 ip route-cache flow
 no atm ilmi-keepalive
 bundle-enable
 dsl operating-mode auto
 hold-queue 224 in
!
interface ATM0/0.35 point-to-point
 description SBC VPI/VCI = 0/35
 no snmp trap link-status
 pvc 0/35
  pppoe-client dial-pool-number 1
 !
!
interface Dialer1
 description To SBC
 ip address negotiated
 no ip redirects
 no ip proxy-arp
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 2
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname *******
 ppp chap password 7 *******
 ppp pap sent-username ****** password 7 ******
 ppp ipcp dns request accept
 ppp ipcp route default
 ppp ipcp address accept
!
ip nat inside source list 10 interface Dialer1 overload
!
access-list 10 permit 10.0.0.0 0.255.255.255
dialer-list 2 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
 access-class 10 in
!
scheduler max-task-time 5000
ntp clock-period 17208407
ntp source Dialer1
ntp server 192.5.41.41 prefer
ntp server 192.5.41.209
!
end
 

Tips:
To find out the DNS IP addresses from your ISP for you to use through the ppp ipcp dns request accept, run debug ppp packet and terminal monitor commands. Watch the scrolling lines during this debug, especially regarding the IP address for the router and the DNS IP addresses. Once you see the DNS IP addresses from one of the scrolling lines, you can stop the debug and monitoring by issuing undebug ppp packet and terminal no monitor commands.



Expand got feedback?

by nozero See Profile edited by aryoba See Profile
last modified: 2014-04-08 10:35:53