[c-nsp] Bellsouth DSL / PPPoE config

Cheung, Rick Rick.Cheung at nextelpartners.com
Thu Mar 3 19:19:37 EST 2005


     Actually, you may want to consider adding to the default route:
 
ip route 0.0.0.0 0.0.0.0 di1 dhcp
 
     This should avoid arping over the dialer interface.
 
     Also, you may want to match the ip mtu value to the ip tcp adjust-mss;
it works well for us in a dmvpn network with eigrp.
 
 
Rick

  _____  

From: cisco-nsp-bounces at puck.nether.net on behalf of Joe Maimon
Sent: Thu 3/3/2005 5:57 PM
To: Brian Feeny
Cc: cisco-nsp
Subject: Re: [c-nsp] Bellsouth DSL / PPPoE config





Brian Feeny wrote:
> I am going to be configuring a PPPoE circuit for someone, just ethernet
> talking to a DSL bridge.  I have heard that Bellsouth requires both PAP
> and chap simultaneous authentication for their BBG,
Does not sound right. Perhaps they support both?


>
Your setup is fine, except for "ip tcp adjust-mss 542"

Make it 1452. Check icmp unreachable/ df -unreachable rate limiting.

In practice I have never needed the dialer list. I just

ip route 0.0.0.0 0.0.0.0 Di1

> I am not sure if it really does pap and chap both, was hoping someone
> here who has setup bellsouth DSL could tell me.
>
> Normally I run my GRE tunnels at 1440, I think with the above using
> PPPoE I should drop it 8 more to 1432 to be safe, anyone know what has
> worked?  I have heard knocking down the mss is a good idea too from
> cisco.com.

GRE is 24 overhead. If you run at 1440 ip mtu you are well under PPPoE
mtu. If you mean tcp adjust on that, just take 40 off mtu.

I have previously argued to cisco that the gre tunnel pmtud feature will
not work well with tcp adjust mss on a tunnel interface because they
would not keep in sync. Really the tcp adjust mss should simply specify
an offset to be applied to whatever the current ip mtu is (its not as if
the number specified is always the number used -- tcp options change the
calculation). IIRC there was a ddts filed.

If you want ipsec on gre tunnel, you might wish to use the tunnel
protection ipsec profile  xxxx method rather than crypto map.
>
> Brian
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
<https://puck.nether.net/mailman/listinfo/cisco-nsp> 
> archive at http://puck.nether.net/pipermail/cisco-nsp/
<http://puck.nether.net/pipermail/cisco-nsp/> 
>
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
<https://puck.nether.net/mailman/listinfo/cisco-nsp> 
archive at http://puck.nether.net/pipermail/cisco-nsp/
<http://puck.nether.net/pipermail/cisco-nsp/> 




This message, including any attachments, contains confidential information intended for a specific
individual and purpose and is protected by law. If you are not the intended recipient, please contact
sender immediately by reply e-mail and destroy all copies. 
You are hereby notified that any disclosure, copying, or distribution of this message, or the taking 
of any action based on it, is strictly prohibited.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email
and any attachments for the presence of viruses. The sender accepts no liability for any damage 
caused by any virus transmitted by this email. E-mail transmission cannot be guaranteed 
to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive 
late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors 
or omissions in the contents of this message, which arise as a result of e-mail transmission.


More information about the cisco-nsp mailing list