Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2327
Views
0
Helpful
3
Replies

Cisco 877 Router with ADSL - pseudowire command errors. Help needed

Go to solution
pjbasson1
Level 1
Level 1

‎01-03-2015 03:33 AM - edited ‎03-05-2019 12:29 AM

Hi, 
I need help please.
 
I'm using a Cisco 877 Router with ADSL to connect to my ISP with a static global IP. I managed to configure the router with -(PPPoE + L2TP),
using examples I got from the internet. 
 
My configuration seems to work fine. I can connect to the internet and my small web server is reachable from the internet port80.
The connection looks stable, but some parts of the config file where I used the pseudowire command gives me errors.
 
I'm still new to Cisco networking.
Would someone please be so kind to guide me with the correct configuration. 
 
I got the following errors:
 
pseudowire-class L2TPVPN-PW
     ! Incomplete config [Unconfigured ip local interface]
 
pseudowire 196.30.121.50 1 pw-class L2TPVPN-PW
      ! Incomplete or Invalid Xconnect config
 
 
General router Configuration Settings supplied by ISP
 
Connection Type:             Remote Access
Type:                                 Dial Out
Sever IP:                          196.30.121.50
Username:                        YourDSLUsername
Password:                         YourDSLPassword
Authentication Type:         PAP
Tunnel Authentication:      Yes
Secret:                                h3lp
Active as Default Route:   YES
IPSec:                                  NO
 
 
Cisco 877 - configuration
 
!
version 15.1
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber
service sequence-numbers
!
hostname Cisco-R1
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret <PASSWORD>
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
clock timezone C-Town 2
!
!
!
dot11 syslog
no ip source-route
no ip gratuitous-arps
!
!
ip cef
no ip bootp server
ip domain lookup source-interface Loopback0
ip domain name MyCompany.com
ip name-server 196.7.7.7
ip name-server 196.7.8.9
l2tp-class L2TPVPN
 hidden
 authentication
 password h3lp
!
!
!
!
!
username <USERNAME> privilege 15 secret <PASSWORD>
!
!
pseudowire-class L2TPVPN-PW
 ! Incomplete config [Unconfigured ip local interface]
 encapsulation l2tpv2
 protocol l2tpv2 L2TPVPN
 ip local interface ATM0.1
!
!
!
no crypto isakmp enable
!
!
!
!
!
interface Loopback0
 ip address <MyGlobalIP> 255.255.255.240
!
interface ATM0
 no ip address
 load-interval 30
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-PPP1
 ip address negotiated
 ip mtu 1460
 ip nat outside
 ip virtual-reassembly
 ip tcp adjust-mss 1420
 ppp pap sent-username <YourDSLUsername> password <YourDSLPassword>
 no cdp enable
 pseudowire 196.30.121.50 1 pw-class L2TPVPN-PW
  ! Incomplete or Invalid Xconnect config
!
interface Vlan1
 ip address 192.168.1.254 255.255.255.0
 ip mtu 1460
 ip dns view-group dns
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1420
 hold-queue 100 out
!
interface Dialer0
 ip address negotiated
 no ip redirects
 ip mtu 1460
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1420
 load-interval 30
 dialer pool 1
 dialer-group 1
 ppp pap sent-username <YourDSLUsername> password <YourDSLPassword>
 no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip dns view dnsfwd
 dns forwarder 196.7.7.7
 dns forwarder 196.7.8.9
 dns forwarding source-interface Loopback0
ip dns view-list dns
 view dnsfwd 10
ip dns server
ip nat inside source list 100 interface Loopback0 overload
ip nat inside source static tcp 192.168.1.253 80 <MyGlobalIP> 80 extendable
ip nat inside source static udp 192.168.1.254 80 <MyGlobalIP> 80 extendable
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
ip route 196.30.121.50 255.255.255.255 Dialer0
!
ip access-list standard VTY
 permit 196.30.121.0 0.0.0.63
ip access-list standard access
!
access-list 8 permit 196.30.121.50
access-list 8 permit 196.2.45.66
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
 
!
!
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
ntp server 196.2.45.66 prefer source Loopback0
end
 
 
--------
 
Thanks,
 
Philip
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎01-03-2015 11:16 AM

Hi Philip,

In your pseudowire-class L2TPVPN-PW, replace the ip local interface ATM0.1 line with ip local interface Dialer0 line. This line refers to the name of an interface whose IP address should be used as the source IP address of the L2TP session. The ATM0.1 interface is not an IP interface, however, as it does not have any IP address assigned. Instead, the PPPoE client is run over the ATM0.1 interface and this client provides its communication services to the Dialer0 interface. The Dialer0 interface is the actual interface that is assigned an IP address from your ISP, thanks to the ip address negotiated command. Therefore, the L2TP session should use the IP address of the Dialer0 interface.

Best regards,
Peter

 

View solution in original post

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to pjbasson1

‎01-03-2015 02:52 PM

Hi Philip,

I am glad it worked!

Regarding the MTU, it is kind of complicated. Your basic connection type is PPPoE that incurs 8 bytes of overhead, causing the MTU of the DSL/PPPoE to be 1500-8=1492 bytes. However, the L2TP/PPP tunnel incurs another 20 (IP) + 8 (UDP) + 8 (L2TP) + 4 (PPP) = 40 bytes. The MTU therefore drops to 1492-40=1452 bytes.

I would need to know more about the way you have determined that the fragmentation occurs beyond 1460 bytes. The outputs do not provide any hints about the occurrence of fragmentation. You also have to be aware that this test is unable to detect whether the resulting L2TP+PPP-encapsulated packets get fragmented, as they are defragmented on the L2TP access concentrator.

It is, in general, suggested that in these scenarios with more complex tunneling and encapsulation, an MTU of 1400 and TCP MSS of 1360 bytes is used, to provide for a certain reserve in maximum packet sizes.

Therefore, what I suggest is this:

  • On your Dialer0 interface, use ip mtu 1492 and ip tcp adjust-mss 1452 commands.
  • On your Virtual-PPP1 interface, use ip mtu 1400 and ip tcp adjust-mss 1360 commands.

Best regards,
Peter

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎01-03-2015 11:16 AM

Hi Philip,

In your pseudowire-class L2TPVPN-PW, replace the ip local interface ATM0.1 line with ip local interface Dialer0 line. This line refers to the name of an interface whose IP address should be used as the source IP address of the L2TP session. The ATM0.1 interface is not an IP interface, however, as it does not have any IP address assigned. Instead, the PPPoE client is run over the ATM0.1 interface and this client provides its communication services to the Dialer0 interface. The Dialer0 interface is the actual interface that is assigned an IP address from your ISP, thanks to the ip address negotiated command. Therefore, the L2TP session should use the IP address of the Dialer0 interface.

Best regards,
Peter

 

0 Helpful

Go to solution
pjbasson1
Level 1
Level 1
In response to Peter Paluch

‎01-03-2015 01:35 PM

Hi Peter,

Thanks for your reply. Your solution works 100%!!!


Another question, if I may

What should the correct MTU and MSS settings be for my connection type, in my routers configuration file?

This is what I tried with the following test. (Not sure if this is the correct approach).

I made sure that my PC (Win Xp) MTU is set to 1500. I also reconfigured all the routers MTU and MSS settings with the following command MTU:ip mtu 1500 , and MSS: ip tcp adjust-mss 1460.

I did a ping test from the Cisco console to a public Ip address with the following command:
  ping 197.149.145.113 repeat 1 size 1500

,and from Windows command:
   ping 197.149.145.113 -l 1500 -n 1
   
The highest I could go with the Cisco command without getting fragmentation is:
    ping 197.149.145.113 repeat 1 size 1460

,and on Windows: ping 197.149.145.113 -l 1432 -n 1

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to pjbasson1

‎01-03-2015 02:52 PM

Hi Philip,

I am glad it worked!

Regarding the MTU, it is kind of complicated. Your basic connection type is PPPoE that incurs 8 bytes of overhead, causing the MTU of the DSL/PPPoE to be 1500-8=1492 bytes. However, the L2TP/PPP tunnel incurs another 20 (IP) + 8 (UDP) + 8 (L2TP) + 4 (PPP) = 40 bytes. The MTU therefore drops to 1492-40=1452 bytes.

I would need to know more about the way you have determined that the fragmentation occurs beyond 1460 bytes. The outputs do not provide any hints about the occurrence of fragmentation. You also have to be aware that this test is unable to detect whether the resulting L2TP+PPP-encapsulated packets get fragmented, as they are defragmented on the L2TP access concentrator.

It is, in general, suggested that in these scenarios with more complex tunneling and encapsulation, an MTU of 1400 and TCP MSS of 1360 bytes is used, to provide for a certain reserve in maximum packet sizes.

Therefore, what I suggest is this:

  • On your Dialer0 interface, use ip mtu 1492 and ip tcp adjust-mss 1452 commands.
  • On your Virtual-PPP1 interface, use ip mtu 1400 and ip tcp adjust-mss 1360 commands.

Best regards,
Peter

0 Helpful
Customers Also Viewed These Support Documents
Top