how-to block ads
»Cisco Forum FAQ »Things to expect when setup network for home or small business
For a quick guide and some network topology, check out the following FAQ
»Cisco Forum FAQ »Quick Guide of Configuring Cisco router for PPPoE using external modem
This FAQ serves as a basic walk through of the above FAQ in order to provide deeper descriptions in configuring any Cisco routers running IOS with two Ethernet interfaces for ADSL. For more info, check out the above FAQ.
1. VPDN Group
First we will need to build the VPDN group so we will be able to add our dialer after we configure the Ethernet interface we will use for the WAN connection.
2. WAN interface
Now we configure one Ethernet interface for use as our WAN interface.
Now to add your Dialer interface
3. PPP Authentication
At this point you will need to find out what type of authentication your ISP requires. When you run into problems with this (ISP says one thing, it's actually something else...), you are suggested to turn on the debug ppp packet option to view low level packet output. Generally you will need to either use CHAP or PAP authentication. In some cases ISP requires both type of authentication. Following is how to set both up.
router(config-if)#ppp authentication chap pap callin
You want to make sure that username is whatever your ISP requires. Some ISP like the full e-mail address and some just need the username. You may receive a letter or email regarding this info. Consult your ISP if you are unsure. Following is the setup.
router(config-if)#ppp chap password [ENTER ISP PASSWORD HERE]
As you can see, with PAP as opposed to chap you input your username and password all at once in one command.
In some routers running newer IOS image, you may need to enter the password as it is (clear text) or encrypted. When you need to enter them as clear text, then you need to type in 0 (zero) then the password to indicate the password you are about to enter is in clear-text format. Similarly, you need to type in 7 (seven) followed by the password to indicate the password you are about to enter is in encrypted format.
4. Dialer interface IP traffic flow permission
You may notice that the Ethernet1 and Dialer1 interfaces are part of dialer group 1. This is an essential part so that the Dialer1 as logical interface knows that Dialer Group 1 physical interface is the Ethernet1.
In addition, the dialer group controls the Layer-3 protocol traffic that go over the Layer-2 PPP encapsulation. For this dialer group control, you need to specify which Layer-3 protocols the Dialer1 interface is allowed to pass through over the Layer-2 PPP. In this case, you want to pass IP protocols. Following is the setup.
5. PPPoE MTU Size
One problem you may experience with many providers making constant changes to their network is with packet fragmentation from PCs with MTU Maximum Segment Size (MTU MSS) set too high with total of over the maximum/default Ethernet MTU size of 1500 bytes. Since PPPoE process adds an 8 byte encapsulation header, the MTU on the dialer interface should be 1492. The key is setting ip tcp adjust-mss 1440 command on the inside ethernet interface.
In regards of setting either MTU size of 1492, 1440, or else; you will find many different suggestions and recommendations out there. Some will say 1492 or 1460 MTU size instead of 1440. Some will even say 1452. A 1452 MSS is pretty much the standard for DSL with a PPPoE transport. Normal MSS (on Ethernet interfaces) is 1500 bytes. But you have to account for the 40 byte IP header and the 8 byte PPPoe header. That gets you to 1452.
Following is from the mouth of Cisco, "If you have ADSL running PPPoE and run into problems resolving DNS, adjust your MTU on your ethernet interface using the command ip tcp adjust-mss 1452. This is because PPPoE requires more bits in the header packet than any other type of circuit."
6. PPPoE over ATM cells as part of DSL physical connectivity
The last bit of optimization is a little more subtle and is a debatable topic. As the PPPoE traffic is carried over ATM cells, it has to be chopped up before it can be transmitted. ATM cells are 53 bytes long and have a 5 byte header, which make a total of 48 bytes of payload. If you were to take 1452 bytes of data and split it up across 48 byte payloads; then you would come up with 30.25 cells. The .25 is a 12 byte remainder that would have to be sent in a separate ATM cell. Since ATM cells are always 53 bytes, the payload would have to be stuffed with an additional 36 bytes of null data for that last chunk. With that in mind, to be completely optimized you would set the MSS to 1440 to eliminate those wasted 36 bytes.
Adjusting MTU size may be news to you, but the minute you do it all network-related problems might be fixed. With this in mind, note that MTU size should not be too big in order to avoid general connectivity issue. Similarly MTU size should not be too small in order to avoid ineffective traffic flow. Feel free to experiment to set MTU size to either 1452 or 1440 to see which size brings you the most suitable result.
Check out the following Cisco link
Troubleshooting MTU Size in PPPoE Dialin Connectivity
for additional information about adjusting Maximum Segment (MSS) sizes on your equipment.
»Odd slowdowns with C1841 and Actiontec Q1000 bridge
Following is an example of MTU Size Implementation on PPPoE
7. LAN interface
Now you configure the other Ethernet interface for use as the LAN interface.
When adding the IP address you can pretty much put whatever on there as long as the rest of the NAT setup matches. Format is ip address and the subnet mask.
router(config-if)#ip address 10.10.10.1 255.255.255.0
At this point you're done with the actual LAN/WAN setup. The next steps are just to add a few more parts to get everything working.
8. NAT, CDP, and IP Routing
We add our access-list for NAT:
router(config)#access-list 10 permit 10.10.10.0 0.0.0.255
router(config)#no cdp run
and add our NAT source list.
router(config)#ip nat inside source list 10 interface Dialer1 overload
Turn on CIDR routing
9. Default Gateway and DNS
The final step is to add our default route to the internet, which there are two ways of doing so. One (the correct way) is to let PPP negotiation process determine the default gateway IP address. To do so, enter the following commands.
On some IOS images, the ppp ipcp command is not supported unfortunately. When this applies to you, then you have no choice to either upgrade the IOS image that support the command or to use the following command.
router(config)#ip route 0.0.0.0 0.0.0.0 Dialer1
When your router IOS image does support ppp ipcp command, then following commands are suggested to be entered under the Dialer1 interface in addition to the ppp ipcp route default command.
ppp ipcp dns request accept
to have the router receives ISP DNS IP addresses and WAN IP address through the PPP process. Note that these two commands are not requirements since the router can still do network functionality even without these two commands present.
More info regarding IPCP and Dialer interface
»[Config] Configuring an 877W for use on BT Broadband help please
10. Last Touches and Improvements
After setting the default route, you should have a basic connection built and running. You will probably want to add a little more in the way of security such as setting vty, console, and enable passwords, as well as disabling any unnecessary services on the router and adding name servers, time servers, etc.
Feedback received on this FAQ entry: