- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM

321

322

323

324

325

326

327

328

329

330

Configuration Examples

XSR User’s Guide 13-9

VCI values to those requested by the DSL provider. Notice that the Maximum Segment Size (MSS)

is set to 1400 bytes for TCP SYN (synchronize) packets. Because a PC connected to a Fast/

GigabitEthernet port may be unable to access Web sites if its MSS setting is too high, subtracting

for the PPPoE, IP, TCP, and GRE headers (6, 20, 20, and 24 bytes, respectively) and the PPP

Protocol ID should avoid that problem.

XSR(config)#interface ATM 1/0

XSR(config-if<ATM1/0>)#no shutdown

XSR(config-if<ATM1/0>)#interface ATM 1/0.1

XSR(config-if<ATM0/1/0.1>)#no shutdown

XSR(config-if<ATM0/1/0.1>)#encapsulation mux pppoe

XSR(config-if<ATM0/1/0.1>)#ip address negotiated

XSR(config-if<ATM0/1/0.1>)#ip mtu 1492

XSR(config-if<ATM0/1/0.1>)#ip tcp adjust-mss 1400

XSR(config-if<ATM0/1/0.1>)#ppp pap sent-username user@net password letmein

XSR(config-if<ATM0/1/0.1>)#no ppp keepalive

XSR(config-if<ATM0/1/0.1>)#pvc 0/100

The following optional commands configure two default routes:

XSR(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.10

XSR(config)#ip route 30.0.0.10 255.255.255.255 ATM 1/0.1

The following optional commands configure NAT:

XSR(config)#access-list 99 permit 192.168.1.0 0.0.0.255

XSR(config)#interface FastEthernet1

XSR(config-if<F1>)#ip nat source list 99 assigned overload

PPPoA

Enter the following commands to configure PPPoA. The first set configures the LAN interface

with directed broadcasts prohibited.

XSR(config)#interface FastEthernet1

XSR(config-if<F1>)#ip address 192.168.1.1 255.255.255.0

XSR(config-if<F1>)#no ip directed-broadcast

XSR(config-if<F1>)#no shutdown

The commands below configure the ATM interface and sub-interface with a negotiated IP

address, CHAP username and password, and bans keepalives.

XSR(config)#interface ATM 1/0

XSR(config-if<ATM1/0>)#no shutdown

XSR(config-if<ATM0/1/0.1>)#interface ATM 1/0.1

XSR(config-if<ATM0/1/0.1>)#no shutdown

XSR(config-if<ATM0/1/0.1>)#encapsulation snap pppoa

XSR(config-if<ATM0/1/0.1>)#ip address negotiated

XSR(config-if<ATM0/1/0.1>)#ip mtu 1492

XSR(config-if<ATM0/1/0.1>)#ip tcp adjust-mss 1400

XSR(config-if<ATM0/1/0.1>)#ppp chap hostname red password sox

XSR(config-if<ATM0/1/0.1>)#no ppp keepalive

Note: If you have configured a VPN tunnel and wish to avoid intermittent Web browser

problems, add the

crypto ipsec df-bit clear command to your configuration.