dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads



Suggested pre-reading:
»Cisco Forum FAQ »Things to expect when setup network for home or small business

For a quick guide and some network topology, check out the following FAQ
»Cisco Forum FAQ »Quick Guide of Configuring Cisco router for PPPoE using external modem

This FAQ serves as a basic walk through of the above FAQ in order to provide deeper descriptions in configuring any Cisco routers running IOS with two Ethernet interfaces for ADSL. For more info, check out the above FAQ.

1. VPDN Group

First we will need to build the VPDN group so we will be able to add our dialer after we configure the Ethernet interface we will use for the WAN connection.
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#vpdn enable
router(config)#vpdn-group 1
router(config-vpdn)#request-dialin
router(config-vpdn)#protocol pppoe
router(config-vpdn)#exit


2. WAN interface

Now we configure one Ethernet interface for use as our WAN interface.
router(config)#interface Ethernet1
router(config-if)#description ADSL WAN Interface
router(config-if)#no ip address
router(config-if)#no ip redirects
router(config-if)#no ip unreachables
router(config-if)#no ip proxy-arp
router(config-if)#no ip mroute-cache
router(config-if)#pppoe enable
router(config-if)#pppoe-client dial-pool-number 1
router(config-if)#no cdp enable
router(config-if)#exit

Now to add your Dialer interface
router(config)#interface Dialer1
router(config-if)#description ADSL WAN Dialer
router(config-if)#ip address negotiated
router(config-if)#no ip unreachables
router(config-if)#ip nat outside
router(config-if)#encapsulation ppp
router(config-if)#no ip mroute-cache
router(config-if)#dialer pool 1
router(config-if)#dialer-group 1
router(config-if)#no cdp enable


3. PPP Authentication

At this point you will need to find out what type of authentication your ISP requires. When you run into problems with this (ISP says one thing, it's actually something else...), you are suggested to turn on the debug ppp packet option to view low level packet output. Generally you will need to either use CHAP or PAP authentication. In some cases ISP requires both type of authentication. Following is how to set both up.
router(config-if)#ppp authentication chap pap callin
router(config-if)#ppp chap hostname [ENTER ISP USERNAME HERE]

You want to make sure that username is whatever your ISP requires. Some ISP like the full e-mail address and some just need the username. You may receive a letter or email regarding this info. Consult your ISP if you are unsure. Following is the setup.
router(config-if)#ppp chap password [ENTER ISP PASSWORD HERE]
router(config-if)#ppp pap sent-username [ENTER ISP USERNAME HERE] password [ENTER ISP PASS WORD HERE]

As you can see, with PAP as opposed to chap you input your username and password all at once in one command.

In some routers running newer IOS image, you may need to enter the password as it is (clear text) or encrypted. When you need to enter them as clear text, then you need to type in 0 (zero) then the password to indicate the password you are about to enter is in clear-text format. Similarly, you need to type in 7 (seven) followed by the password to indicate the password you are about to enter is in encrypted format.

4. Dialer interface IP traffic flow permission

You may notice that the Ethernet1 and Dialer1 interfaces are part of dialer group 1. This is an essential part so that the Dialer1 as logical interface knows that Dialer Group 1 physical interface is the Ethernet1.

In addition, the dialer group controls the Layer-3 protocol traffic that go over the Layer-2 PPP encapsulation. For this dialer group control, you need to specify which Layer-3 protocols the Dialer1 interface is allowed to pass through over the Layer-2 PPP. In this case, you want to pass IP protocols. Following is the setup.
router(config-if)#exit
router(config)#dialer-list 1 protocol ip permit


5. PPPoE MTU Size

One problem you may experience with many providers making constant changes to their network is with packet fragmentation from PCs with MTU Maximum Segment Size (MTU MSS) set too high with total of over the maximum/default Ethernet MTU size of 1500 bytes. Since PPPoE process adds an 8 byte encapsulation header, the MTU on the dialer interface should be 1492. The key is setting ip tcp adjust-mss 1440 command on the inside ethernet interface.

In regards of setting either MTU size of 1492, 1440, or else; you will find many different suggestions and recommendations out there. Some will say 1492 or 1460 MTU size instead of 1440. Some will even say 1452. A 1452 MSS is pretty much the standard for DSL with a PPPoE transport. Normal MSS (on Ethernet interfaces) is 1500 bytes. But you have to account for the 40 byte IP header and the 8 byte PPPoe header. That gets you to 1452.

Following is from the mouth of Cisco, "If you have ADSL running PPPoE and run into problems resolving DNS, adjust your MTU on your ethernet interface using the command ip tcp adjust-mss 1452. This is because PPPoE requires more bits in the header packet than any other type of circuit."

6. PPPoE over ATM cells as part of DSL physical connectivity

The last bit of optimization is a little more subtle and is a debatable topic. As the PPPoE traffic is carried over ATM cells, it has to be chopped up before it can be transmitted. ATM cells are 53 bytes long and have a 5 byte header, which make a total of 48 bytes of payload. If you were to take 1452 bytes of data and split it up across 48 byte payloads; then you would come up with 30.25 cells. The .25 is a 12 byte remainder that would have to be sent in a separate ATM cell. Since ATM cells are always 53 bytes, the payload would have to be stuffed with an additional 36 bytes of null data for that last chunk. With that in mind, to be completely optimized you would set the MSS to 1440 to eliminate those wasted 36 bytes.

Adjusting MTU size may be news to you, but the minute you do it all network-related problems might be fixed. With this in mind, note that MTU size should not be too big in order to avoid general connectivity issue. Similarly MTU size should not be too small in order to avoid ineffective traffic flow. Feel free to experiment to set MTU size to either 1452 or 1440 to see which size brings you the most suitable result.

Check out the following Cisco link
Troubleshooting MTU Size in PPPoE Dialin Connectivity
for additional information about adjusting Maximum Segment (MSS) sizes on your equipment.

Some discussions:
»Odd slowdowns with C1841 and Actiontec Q1000 bridge

Following is an example of MTU Size Implementation on PPPoE
router(config)#interface Dialer1
router(config-if)#ip mtu 1492
router(config-if)#ip tcp adjust-mss 1452
router(config-if)#exit


7. LAN interface

Now you configure the other Ethernet interface for use as the LAN interface.
router(config)#interface Ethernet0
router(config-if)#description ADSL LAN Interface

When adding the IP address you can pretty much put whatever on there as long as the rest of the NAT setup matches. Format is ip address and the subnet mask.
router(config-if)#ip address 10.10.10.1 255.255.255.0
router(config-if)#no ip redirects
router(config-if)#no ip unreachables
router(config-if)#no ip proxy-arp
router(config-if)#ip nat inside
router(config-if)#no ip mroute-cache
router(config-if)#no cdp enable
router(config-if)#exit

At this point you're done with the actual LAN/WAN setup. The next steps are just to add a few more parts to get everything working.

8. NAT, CDP, and IP Routing

We add our access-list for NAT:
router(config)#access-list 10 permit 10.10.10.0 0.0.0.255

disable CDP:
router(config)#no cdp run

and add our NAT source list.
router(config)#ip nat inside source list 10 interface Dialer1 overload

Turn on CIDR routing
router(config)#ip classless


9. Default Gateway and DNS

The final step is to add our default route to the internet, which there are two ways of doing so. One (the correct way) is to let PPP negotiation process determine the default gateway IP address. To do so, enter the following commands.
router(config)#interface Dialer1
router(config-if)#shutdown
router(config-if)#ppp ipcp route default
router(config-if)#no shutdown
router(config-if)#exit

On some IOS images, the ppp ipcp command is not supported unfortunately. When this applies to you, then you have no choice to either upgrade the IOS image that support the command or to use the following command.
router(config)#ip route 0.0.0.0 0.0.0.0 Dialer1

When your router IOS image does support ppp ipcp command, then following commands are suggested to be entered under the Dialer1 interface in addition to the ppp ipcp route default command.
ppp ipcp dns request accept
ppp ipcp address accept

to have the router receives ISP DNS IP addresses and WAN IP address through the PPP process. Note that these two commands are not requirements since the router can still do network functionality even without these two commands present.

Side note:
More info regarding IPCP and Dialer interface
»[Config] Configuring an 877W for use on BT Broadband help please

10. Last Touches and Improvements

After setting the default route, you should have a basic connection built and running. You will probably want to add a little more in the way of security such as setting vty, console, and enable passwords, as well as disabling any unnecessary services on the router and adding name servers, time servers, etc.

Feedback received on this FAQ entry:
  • This has finally sorted my issue with the SP. ip tcp adjust-mss 1452 was the missing link.

    2014-10-03 08:02:48

  • excellent , i nee sme clarification in cisco 877.. 1.can we configure adsl without vpn ?

    2014-06-14 08:32:17

  • great article..thanx a lot :)

    2012-10-31 08:00:06

  • hi it was a wonderful knowledge that u shared...... keep it up ..... may god bless you and keep you always successful...

    2011-11-13 10:11:39

  • Very thorough! Much appreciated!!

    2011-09-21 17:20:44

  • Very very nice!thank you Mohamad farangisi from iran

    2011-07-30 18:09:59

  • Thanks for that. It got me out of a fix......

    2011-07-27 09:13:57

  • Excellent guide!!! Thanks a lot mate, I really appreciate it. Cheers

    2011-03-09 23:36:41

  • Very nice information regarding WAN ADSL Configuration.

    2010-05-27 01:42:57

  • Thanyou very very much. This document is greate and helped me configuring my Cisco 1841 with external modem. Many thanks Salman

    2010-05-21 17:01:45

  • Thanks, for a very very userfull, document

    2009-08-28 06:09:52



Expand got feedback?

by amethyst1x See Profile edited by aryoba See Profile
last modified: 2014-11-18 08:52:55