ccie blog

Configuring DSL (ISP & Customer Side)

I’m going to show you how to setup DSL (PPPoE) on the customer router, and service provider network.

Note: For those that are more competent in DSL, this is designed so that you can see a basic setup of DSL & doesn’t include radius servers

LAB

Let’s start on the CPE router.

CPE#

interface Loopback0
 description emulating lan side interface
 ip address 23.23.23.1 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface Dialer0
 ip address negotiated
 ip mtu 1452
 encapsulation ppp
 dialer pool 1
 ppp authentication chap callin
 ppp chap hostname router1@cisco.com
 ppp chap password 0 cisco
!
ip route 0.0.0.0 0.0.0.0 Dialer0

The loopback interface was created to emulate the LAN side.  This will usually be a FastEthernet interface or something similar connecting to their LAN.  However, for the sake of  simplicity/testing, I’ve just put the IP on the loopback.

This customer has been assigned a public subnet of 23.23.23.0/24.   He will then need a WAN IP address. To get it, we enabled pppoe on their WAN interface (fa0/0), and attached a dialer pool number.  This number allows us to assign our virtual interface, Dialer0, to the WAN interface.

On our Dialer, we specified the hostname & password.  This is the username and password we will authenticate on our Layer 2 Network Access Server (LNS).   The last part of the config adds a default route pointing out our WAN interface.  This is pretty standard for most CPE routers (unless the customer wants a partial or full internet BGP table).

The config for our Layer 2 Access Concentrator (LAC) is shown below:

LAC#

vpdn enable
!
vpdn-group PPPoEUsers
 request-dialin
  protocol l2tp
  domain cisco.com
 initiate-to ip 30.10.20.43
 local name LAC
 l2tp tunnel password 0 test
!
bba-group pppoe steve
 virtual-template 1
!
!
interface Loopback0
 ip address 172.16.16.16 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 pppoe enable group steve
!
interface FastEthernet0/1
 ip address 30.10.20.42 255.255.255.0
!
interface Virtual-Template1
 ip unnumbered Loopback0
 ppp authentication chap

When our CPE’s DSL session hits our LAC, it sees we have a pppoe profile enabled on our fa0/0 interface. The profile binds incoming sessions to our virtual-template 1.  Users assigned to this profile will then use loopback0 to source their l2tp tunnel to the LNS.  As our CPE router is using a domain of cisco.com, their session will hit the vpdn-group PPPoEUsers.  The LAC then builds a L2TP tunnel to our LNS (30.10.20.43), specifying the credentials in our local name & password.

The LNS config is supplied below:

LNS#
aaa new-model
!
aaa authentication ppp default local
!
vpdn enable
!
vpdn-group 1
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname LAC
 local name LNS
 l2tp tunnel password 0 test
!
username router1@cisco.com password 0 cisco
!
interface Loopback0
 ip address 172.17.17.17 255.255.255.255
!
interface FastEthernet0/1
 ip address 30.10.20.43 255.255.255.0
!
interface Virtual-Template1
 ip unnumbered Loopback0
 peer default ip address pool default
 ppp authentication chap
!
!
ip local pool default 10.1.1.1 10.1.1.16
ip route 23.23.23.0 255.255.255.0 10.1.1.1

 

LNS Config Explination

  • The authentication commands at the top allow the customers username/password credentials to be authenticated on this local router.
  •  The vdpn-group configuration is used to build the lt2p tunnel to our LAC.
  • The virtual template allows us to bind a terminating IP for the customers session & dynamically assign a frame IP (WAN IP for their dialer 0 interface on their local router) from a pool of IP addresses specified in the pool named “default”.
  • The route statement was just enables internet users to route to the LAN side IP address.

5 Comments

JakeJuly 9th, 2014 at 7:54 pm

Nice explanation, I’ve been looking for something like this for a while.

ConorSeptember 24th, 2014 at 4:35 pm

Hi, I could be wrong but on dialer interface 0 on CPE shouldn’t the config read –>
mtu 1492
ip tcp-adjust-mss 1452

ip mtu 1452 – does this not mean that if the router receives a packet greater than 1452 that needs to be sent out dialer 0 it will fragment the packet? With the above commands we could avoid fragmentation?

Dr. Oz Garcinia CambogiaSeptember 27th, 2014 at 12:01 am

CCIE Blog

[…]I am now not sure where you are getting your info, however good topic.[…]

StephenGarbettOctober 6th, 2014 at 2:28 pm

Hey,

I just had years of experience really. That’s all it is.

StephenGarbettOctober 6th, 2014 at 2:39 pm

Hi Conor,

This topic is very debatable. In the UK, I use BT infinity, and I initially got my internet connection up and running using the MTU and TCP Maximum Segment Size (MSS) you stated. However, some parts of the internet would not work. The problem was related down to the MSS. The MSS had to be reduced all the way down to 1360 before the rest of the internet would work properly through my Cisco 887VA (for reference I kept the 1492 MTU, even though it’s better practice to just use 40 bytes more than the MSS, so I should have used a 1400 MTU). For anyone who is interested, the 887VA is capable of the full BT Infinity speeds. I got 74Mb/s on a speedtest. The Cisco documentation shows the throughput of 887’s is ridiculously low. I actually remember reading that the 1921 is supposed to be specc’d for just 15Mbit/s on the WAN interface, which is really low. However, Cisco’s specifications are based on QoS, NAT, ACL’s being enabled and processor being something like 75% utilized. In general, if your using a Cisco router for your home, you use a tonne less resources, which is why you get more throughput, especially if your using CEF (which modern Cisco routers are).

Leave a comment

Your comment