Penguin

Notes for using a Cisco router to connect to WiredCountry.


With connecting up a customer to WiredCountry, some hosts, irrespective of what Operating System they are running, will not load most web pages, send/recieve email, yet the sites are reachable when pinging them.

This is because the MTU sizes are reduced and depending on the route path will depend on the MTU. For example www.wired.net.nz maximum reachable frame size is 996 bytes.

Some network cards will automatically work around the problem, others won't.

The workaround solution on a Cisco router is to change the TCP MSS option value on SYN packets that traverse through the router (available in IOS 12.2(4)T and higher). This reduces the MSS option value in the TCP SYN packet so that it's smaller than the value in the ip tcp adjust-mss value command, in this case 990 (MTU minus the size of the IP, TCP, and GRE headers). The end hosts now send TCP/IP packets no larger than this value.

interface Dialer0
 ip tcp adjust-mss 990

Sample Cisco Config to connect a Cisco router to WiredCountry. This only includes to the external interface connection to WiredCountry.

interface Ethernet1
 description Wired Country Broadband Network
 no ip address
 ! Set the load-interval at 30 Secs so that usage graphing is more accurate
 load-interval 30
 pppoe enable
 pppoe-client dial-pool-number 1
 hold-queue 100 out
!
!
interface Dialer0
 description Internet Connection to Wired Country
 ip address negotiated
 ! Entries for the FW/ACLs/IDS/IPS
 ip access-group Internet in
 ip inspect Internet in
 ip ips Internet in
 ! Security Essentials
 ip verify unicast reverse-path
 ip virtual-reassembly
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no cdp enable
 ! Frame size adjustments
 ip mtu 1492
 ip tcp adjust-mss 996
 ! Assuming that you're running NAT
 ip nat outside
 ! Set the load-interval at 30 Secs so that usage graphing is more accurate
 load-interval 30
 ! And your PPP encapsualtion/authenication
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp chap hostname <<username>>@wiredcountry.net.nz
 ppp chap password <<password>>
 ppp pap sent-username <<username>>@wiredcountry.net.nz password <<password>>
 ! Plus extras
 hold-queue 100 out
!
!
dialer-list 1 protocol ip permit

For routers that use an IOS image older than 12.2(13)T image will also need the following configuration commands added in the configuration.

vpdn enable
no vpdn logging
!
vpdn-group pppoe
  request-dialin
   protocol pppoe