Annotated edit history of
CiscoWiredCountryNotes version 7, including all changes.
View license author blame.
Rev |
Author |
# |
Line |
1 |
LindsayDruett |
1 |
Notes for using a Cisco router to connect to WiredCountry. |
|
|
2 |
---- |
2 |
LindsayDruett |
3 |
With connecting up a customer to [WiredCountry], some hosts, irrespective of what Operating System they are running, will not load most web pages, send/recieve email, yet the sites are reachable when pinging them. |
1 |
LindsayDruett |
4 |
|
3 |
LindsayDruett |
5 |
This is because the [MTU] sizes are reduced and depending on the route path will depend on the [MTU]. For example www.wired.net.nz maximum reachable frame size is 996 bytes. |
1 |
LindsayDruett |
6 |
|
|
|
7 |
Some network cards will automatically work around the problem, others won't. |
|
|
8 |
|
3 |
LindsayDruett |
9 |
The workaround solution on a Cisco router is to change the TCP [MSS] option value on SYN packets that traverse through the router (available in IOS 12.2(4)T and higher). This reduces the [MSS] option value in the TCP SYN packet so that it's smaller than the value in the ip tcp adjust-mss value command, in this case 990 ([MTU] minus the size of the IP, TCP, and GRE headers). The end hosts now send TCP/IP packets no larger than this value. |
1 |
LindsayDruett |
10 |
|
|
|
11 |
<pre> |
|
|
12 |
interface Dialer0 |
|
|
13 |
ip tcp adjust-mss 990 |
|
|
14 |
</pre> |
|
|
15 |
---- |
2 |
LindsayDruett |
16 |
Sample Cisco Config to connect a Cisco router to WiredCountry. This only includes to the external interface connection to WiredCountry. |
1 |
LindsayDruett |
17 |
|
|
|
18 |
<pre> |
|
|
19 |
interface Ethernet1 |
|
|
20 |
description Wired Country Broadband Network |
|
|
21 |
no ip address |
|
|
22 |
! Set the load-interval at 30 Secs so that usage graphing is more accurate |
|
|
23 |
load-interval 30 |
|
|
24 |
pppoe enable |
|
|
25 |
pppoe-client dial-pool-number 1 |
|
|
26 |
hold-queue 100 out |
2 |
LindsayDruett |
27 |
! |
1 |
LindsayDruett |
28 |
! |
|
|
29 |
interface Dialer0 |
|
|
30 |
description Internet Connection to Wired Country |
|
|
31 |
ip address negotiated |
|
|
32 |
! Entries for the FW/ACLs/IDS/IPS |
|
|
33 |
ip access-group Internet in |
|
|
34 |
ip inspect Internet in |
|
|
35 |
ip ips Internet in |
|
|
36 |
! Security Essentials |
|
|
37 |
ip verify unicast reverse-path |
|
|
38 |
ip virtual-reassembly |
|
|
39 |
no ip redirects |
|
|
40 |
no ip unreachables |
|
|
41 |
no ip proxy-arp |
|
|
42 |
no cdp enable |
|
|
43 |
! Frame size adjustments |
|
|
44 |
ip mtu 1492 |
|
|
45 |
ip tcp adjust-mss 996 |
|
|
46 |
! Assuming that you're running NAT |
|
|
47 |
ip nat outside |
|
|
48 |
! Set the load-interval at 30 Secs so that usage graphing is more accurate |
|
|
49 |
load-interval 30 |
|
|
50 |
! And your PPP encapsualtion/authenication |
|
|
51 |
encapsulation ppp |
|
|
52 |
dialer pool 1 |
|
|
53 |
dialer-group 1 |
|
|
54 |
ppp chap hostname <<username>>@wiredcountry.net.nz |
|
|
55 |
ppp chap password <<password>> |
|
|
56 |
ppp pap sent-username <<username>>@wiredcountry.net.nz password <<password>> |
|
|
57 |
! Plus extras |
|
|
58 |
hold-queue 100 out |
2 |
LindsayDruett |
59 |
! |
1 |
LindsayDruett |
60 |
! |
|
|
61 |
dialer-list 1 protocol ip permit |
4 |
LindsayDruett |
62 |
</pre> |
|
|
63 |
|
5 |
LindsayDruett |
64 |
For routers that use an IOS image older than 12.2(13)T image will also need the following configuration commands added in the configuration. |
4 |
LindsayDruett |
65 |
|
|
|
66 |
<pre> |
|
|
67 |
vpdn enable |
|
|
68 |
no vpdn logging |
|
|
69 |
! |
|
|
70 |
vpdn-group pppoe |
|
|
71 |
request-dialin |
7 |
LindsayDruett |
72 |
protocol pppoe |
1 |
LindsayDruett |
73 |
</pre> |