Suggested prerequisite reading:
»Cisco Forum FAQ »Things to expect when setup network for home or small business

For a quick guide and some network topology, check out the following FAQ

»Cisco Forum FAQ »Quick Guide of Configuring Cisco router for PPPoE using external modem

This FAQ serves as a basic walk through of the above FAQ in order to provide deeper descriptions in configuring any Cisco routers running IOS with two ethernet interfaces for ADSL. For more info, check out the above FAQ.

First we will need to build the VPDN group so we will be able to add our dialer after we configure the Ethernet interface we will use for the WAN connection.

router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#vpdn enable
router(config)#vpdn-group 1
router(config-vpdn)#request-dialin
router(config-vpdn)#protocol pppoe
router(config-vpdn)#exit

Now we configure one Ethernet interface for use as our WAN interface.

router(config)#interface Ethernet1
router(config-if)#description ADSL WAN Interface
router(config-if)#no ip address
router(config-if)#no ip redirects
router(config-if)#no ip unreachables
router(config-if)#no ip proxy-arp
router(config-if)#no ip mroute-cache
router(config-if)#pppoe enable
router(config-if)#no cdp enable
router(config-if)#exit

Now to add your Dialer interface:

router(config)#interface Dialer1
router(config-if)#description ADSL WAN Dialer
router(config-if)#ip address negotiated
router(config-if)#no ip unreachables
router(config-if)#ip nat outside
router(config-if)#encapsulation ppp
router(config-if)#no ip mroute-cache
router(config-if)#dialer pool 1
router(config-if)#dialer-group 1
router(config-if)#no cdp enable

At this point you will need to find out what type of authentication your ISP requires. When you run into problems with this (ISP says one thing, it's actually something else...), you are suggested to turn on the debug ppp packet option to view low level packet output. Generally you will need to either use CHAP or PAP authentication. In some cases ISP requires both type of authentication. Following is how to set both up.

router(config-if)#ppp authentication chap pap callin
router(config-if)#ppp chap hostname ispusername

You want to make sure that username is whatever your ISP requires. Some ISP like the full e-mail address and some just need the username. You may receive a letter or email regarding this info. Consult your ISP if you are unsure. Following is the setup.

router(config-if)#ppp chap password isppassword
router(config-if)#ppp pap sent-username ispusername password isppassword

As you can see, with PAP as opposed to chap you input your username and password all at once in one command.

In some routers running newer IOS image, you may need to enter the password as it is (clear text) or encrypted. When you need to enter them as clear text, then you need to type in 0 (zero) then the password to indicate the password you are about to enter is in clear-text format. Similarly, you need to type in 7 (seven) followed by the password to indicate the password you are about to enter is in encrypted format.

You may notice that the Dialer1 interface is part of dialer group 1. This dialer group controls the Layer-3 protocol traffic that go over the Layer-2 PPP encapsulation. For this dialer group control, you need to specify which Layer-3 protocols the Dialer1 interface is allowed to pass through over the Layer-2 PPP. In this case, you want to pass IP protocols. Following is the setup.

router(config-if)#exit
router(config)#dialer-list 1 protocol ip permit

Another problem you may experience with many providers making constant changes to their network is with packet fragmentation from PCs with MTU Maximum Segment Size (MTU MSS) set too high. The MTU on the dialer interface should be 1492 as PPPoE adds an 8 byte encapsulation header. The key is setting ip tcp adjust-mss 1440 on the inside ethernet interface. You will find many different suggestions and recommendations out there. Some will say 1492 or 1460 MTU size instead of 1440. Some will even say 1452. 1452 MSS is pretty much the standard for DSL with a PPPoE transport. Normal MSS is 1500 bytes. But you have to account for the 40 byte IP header and the 8 byte PPPoe header. That gets you to 1452.

Following is from the mouth of Cisco, "If you have ADSL running PPPoE and run into problems resolving DNS, adjust your MTU on your ethernet interface using the command ip tcp adjust-mss 1452. This is because PPPoE requires more bits in the header packet than any other type of circuit."

The last bit of optimization is a little more subtle and is a debatable topic. As the PPPoE traffic is carried over ATM cells, it has to be chopped up before it can be transmitted. ATM cells are 53 bytes long and have a 5 byte header. So a total of 48 bytes of payload. If you were to take 1452 bytes of data and split it up across 48 byte payloads. You would come up with 30.25 cells. The .25 is a 12 byte remainder that would have to be sent in a separate ATM cell. ATM cells are always 53 bytes. So the payload would have to be stuffed with an additional 36 bytes of null data for that last chunk. So to be completely optimized you would set the MSS to 1440 to eliminate those wasted 36 bytes.

Adjusting MTU size may be news to you, but the minute you do it all network-related problems might be fixed. With this in mind, note that MTU size should not be too big in order to avoid general connectivity issue. Similarly MTU size should not be too small in order to avoid ineffective traffic flow. Feel free to experiment to set MTU size to either 1452 or 1440 to see which size brings you the most suitable result.

Feel free to read the following

Troubleshooting MTU Size in PPPoE Dialin Connectivity

for additional information about adjusting Maximum Segment (MSS) sizes on your equipment.

Some discussions:
»Odd slowdowns with C1841 and Actiontec Q1000 bridge

Following is an example of MTU Size Implementation on PPPoE

router(config)#interface Dialer1
router(config-if)#ip mtu 1492
router(config-if)#ip tcp adjust-mss 1452
router(config-if)#exit

Now you configure the other Ethernet interface for use as the LAN interface:

router(config)#interface Ethernet0
router(config-if)#description ADSL LAN Interface

When adding the IP address you can pretty much put whatever on there as long as the rest of the NAT setup matches. Format is ip address and the subnet mask.

router(config-if)#ip address 10.10.10.1 255.255.255.0
router(config-if)#no ip redirects
router(config-if)#no ip unreachables
router(config-if)#no ip proxy-arp
router(config-if)#ip nat inside
router(config-if)#no ip mroute-cache
router(config-if)#no cdp enable
router(config-if)#exit

Now you're done with the actual LAN/WAN setup. The next steps are just to add a few more parts to get everything working.

We add our access-list for NAT:

router(config)#access-list 10 permit 10.10.10.0 0.0.0.255

And disable CDP:

router(config)#no cdp run

And add our NAT source list:

router(config)#ip nat inside source list 10 interface Dialer1 overload

Turn on CIDR routing:

router(config)#ip classless

And finally add our default route to the internet. There are two ways of doing so. One (the correct way) is to let PPP negotiation process determine the default gateway IP address. To do so, enter the following commands.

router(config)#interface Dialer1
router(config-if)#shutdown
router(config-if)#ppp ipcp route default
router(config-if)#no shutdown
router(config-if)#exit

On some IOS images, the ppp ipcp command is not supported unfortunately. When this applies to you, then you have no choice to either upgrade the IOS image that support the command or to use the following command.

router(config)#ip route 0.0.0.0 0.0.0.0 Dialer1

When your router IOS image does support ppp ipcp command, then following commands are suggested to be entered under the Dialer1 interface in addition to the ppp ipcp route default command.

ppp ipcp dns request accept
ppp ipcp address accept

to have the router receives ISP DNS IP addresses and WAN IP address through the PPP process. Note that these two commands are not requirements since the router can still do network functionality even without these two commands present.

Side note:
More info regarding IPCP and Dialer interface
»[Config] Configuring an 877W for use on BT Broadband help please

After setting the default route, you should have a basic connection built and running. You will probably want to add a little more in the way of security such as setting vty, console, and enable passwords, as well as disabling any unnecessary services on the router and adding name servers, time servers, etc.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by amethyst1x edited by aryoba
last modified: 2013-03-11 09:27:34