cancel
Showing results for 
Search instead for 
Did you mean: 

MTU 1500 working :-)

thermionic
Member

This was done on a Cisco 1812 running 15.1(4)M2

 

interface FastEthernet0
description BT FTTC PPPoE
mtu 1508
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
pppoe-client ppp-max-payload 1500
no cdp enable

 

Note the MTU on the interface and the ppp-max-payload in the PPPoE client.

 

With this in place, you don't need to set MTU 1492 any more 🙂

 

Many thanks to A&A for letting me know it was possible, and to a variety of sites that had useful information, amongst which were

 

http://tools.ietf.org/html/rfc4638

http://www.trejan.com/projects/fttc/

http://www.cisco.com/en/US/docs/ios-xml/ios/bbdsl/configuration/12-4t/bba-ppoe-client.html

 

 

2 REPLIES 2

gugaguga
Power User

Nice. I believe 1496 is the default. So your goal is to have 1508 MTU to work?

thermionic
Member

By setting the MTU on the physical interface that the PPPoE "dialler" uses to 1508 with the line

 

mtu 1508

 

You have the "headroom" on the ethernet port to do

 

pppoe-client ppp-max-payload 1500

 

The max-payload 1500 instructs the PPPoE client to negotiate a connection with a MTU 1500. This then provides an Internet connection with an MTU that matches Ethernet.

 

If the physical interface has an MTU of 1500 (The Ethernet default), then as you lose 8 to PPPoE encapsulation, you end up with an MTU of 1492.

 

Having an MTU that is smaller than 1500 can cause some applications to exhibit "interesting" behavior, especially if the application needs to run through a VPN client that itself encapsulates other packets with further overhead.

 

I have the 1812 router connected to the VDSL modem so the PPPoE side gets a dynamic address and then what would usually be the LAN side I have the /29 static block which connects to my ASA 5505 firewall.

 

Prior to the change, if I used the Cisco Anyconnect client to connect to a Cisco SSL VPN "server" (such an ASA), then it would frequently reconnect during the initial connection and drop out when in use, now it works perfectly 🙂