Mailing List Archive

did you run a sniffer/debug and compare the win2k against a working one?
sorry i have no windows clue...but you might want to have a look at this
link:
http://www.cisco.com/warp/public/105/38.shtml

anyway...

config t
multilink virtual-template x
end

the 64k people, i assume, are not negotiating multilink, but the 128k people
are...so they (should) get bound to vtempX if you add the above command.

all,
joshd.

----- Original Message -----
From: "Brandon" <dejavu@hivemind.net>
To: <cisco-nsp@puck.nether.net>
Sent: Tuesday, August 27, 2002 1:13 PM
Subject: [nsp] Virtual templates for ISDN users


Hi guys,

I have a situation as follows, which I just can't seem to iron out:

- I have two groups of users, some using analogue dial-ups, some using 64K
ISDN dial ups and some using 128K ISDN dial ups. The analogue dial ups does
not conern
me that much at this moment, but I'm running into problems with the 64K
and 128K dial ups.

- Users using 128K dial ups are having difficulty connecting to secure
sites. Most straightforward pages, work, but portals and secure sites only
seem to load partly and
then seems to 'freeze'.

I initially thought this to be a problem with the MTU sizes, but this does
not seem to be the case.

Now, I have managed to get around this somehow, by disabling 'ip cef' on my
AS5300's, however, the moment I do this, the 128K users are able to connect
to secure sites but to my dismay the 64K dial up users now are unable to
connect to the secure sites.

Now, I currently have 1 virtual template set up as follows:

interface Virtual-Template1
ip unnumbered FastEthernet0
no ip proxy-arp
no logging event link-status
no keepalive
peer default ip address pool default
fair-queue
ppp max-bad-auth 3
ppp authentication pap
ppp multilink
multilink max-links 2
multilink min-links 1
!

This handles my 64K dial ups and 128K dial ups... the only solution I can
think of is to create another Virtual Template, one for 64K and one for
128K, and somehow enable/disable ip cef on only the one interface.

Will this work or are there any other suggestions? Has anyone ever
experienced this problem? It seems mainly related to the Windows 2000/XP OS.

Thanking you in advance,
Regards
Brandon

On Tue, 27 Aug 2002, Brandon wrote:

> Hi guys,
>
> I have a situation as follows, which I just can't seem to iron out:
>
> - I have two groups of users, some using analogue dial-ups, some using 64K ISDN dial ups and some using 128K ISDN dial ups. The analogue dial ups does not conern
> me that much at this moment, but I'm running into problems with the 64K and 128K dial ups.
>
> - Users using 128K dial ups are having difficulty connecting to secure sites. Most straightforward pages, work, but portals and secure sites only seem to load partly and
> then seems to 'freeze'.
> I initially thought this to be a problem with the MTU sizes, but this does not seem to be the case.

sounds to me like you might have 'ip mtu' set on the vi temp. i suggest
you disable it, and then try again. (when connected up, do a 'sh int vi
xxx conf')


j.


#include <std-disclaimer.h> - 'save the trees, send an email'

Here's the fix:

interface Virtual-Template x
mtu 1501
ip mtu 1500


HTH,
Scott



----- Original Message -----
From: "jc" <jc@isnet.net>
To: "Brandon" <dejavu@hivemind.net>
Cc: <cisco-nsp@puck.nether.net>
Sent: Sunday, September 01, 2002 11:53 AM
Subject: Re: [nsp] Virtual templates for ISDN users


> On Tue, 27 Aug 2002, Brandon wrote:
>
> > Hi guys,
> >
> > I have a situation as follows, which I just can't seem to iron out:
> >
> > - I have two groups of users, some using analogue dial-ups, some using
64K ISDN dial ups and some using 128K ISDN dial ups. The analogue dial ups
does not conern
> > me that much at this moment, but I'm running into problems with the
64K and 128K dial ups.
> >
> > - Users using 128K dial ups are having difficulty connecting to secure
sites. Most straightforward pages, work, but portals and secure sites only
seem to load partly and
> > then seems to 'freeze'.
> > I initially thought this to be a problem with the MTU sizes, but this
does not seem to be the case.
>
> sounds to me like you might have 'ip mtu' set on the vi temp. i suggest
> you disable it, and then try again. (when connected up, do a 'sh int vi
> xxx conf')
>
>
> j.
>
>
> #include <std-disclaimer.h> - 'save the trees, send an email'
>
>
>
> _______________________________________________
> cisco-nsp mailing list real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

On Sun, 1 Sep 2002, Scott wrote:

> Here's the fix:
>
> interface Virtual-Template x
> mtu 1501
> ip mtu 1500


:-)

thanks, ive made a note in our kbase about that ...

disabled it and setting global mtu worked for me ...


while we on that subject ... could somebody explain the difference to me
when it comes to those two commands ... should/should not be enabled...

pointer to any urls for rtfm would also be appreciated :)

thanks

j.

> > interface Virtual-Template x
> > mtu 1501
> > ip mtu 1500
>
>
> :-)
>
> thanks, ive made a note in our kbase about that ...
>
> disabled it and setting global mtu worked for me ...
>
>
> while we on that subject ... could somebody explain the difference to me
> when it comes to those two commands ... should/should not be enabled...

well I'm no expert on it, but it's a bug in several IOS's. The default is
1500 so you can't set "ip mtu 1500". BUT if you set mtu 1501, then override
it with "ip mtu 1500" then the 1500 will stick and show in sh run. It's a
workaround I came up more or less accidentally and with a Cisco technical
friend's help. It's now part of a documented workaround in one of (or the
main) related bug.

Here'a a quote from with some of the technical explanations I had on file:
"mtu" is supposed to be the underlying layer 2 (interface) MTU
(net of layer 2 headers.) "ip mtu" is the layer 3 MTU. "ip mtu"
can't be larger than "mtu" but it can be smaller.
In looking at CSCdt91142 (which is the problem were a vaccess
can get a too-small MTU value), it seems that "ip mtu 1500" is
the reliable workaround (we hope).

HTH,
Scott

On Sun, 1 Sep 2002, Scott wrote:

> well I'm no expert on it, but it's a bug in several IOS's. The default is
> 1500 so you can't set "ip mtu 1500". BUT if you set mtu 1501, then override

ah yes, had that problem earlier on, i sticked with 1514 :)

> it with "ip mtu 1500" then the 1500 will stick and show in sh run. It's a
> workaround I came up more or less accidentally and with a Cisco technical
> friend's help. It's now part of a documented workaround in one of (or the
> main) related bug.

:)

> Here'a a quote from with some of the technical explanations I had on file:
> "mtu" is supposed to be the underlying layer 2 (interface) MTU
> (net of layer 2 headers.) "ip mtu" is the layer 3 MTU. "ip mtu"
> can't be larger than "mtu" but it can be smaller.
> In looking at CSCdt91142 (which is the problem were a vaccess
> can get a too-small MTU value), it seems that "ip mtu 1500" is
> the reliable workaround (we hope).
>
> HTH,

indeed.

thanks for the explanation


-*-
j.

chief janitor (Tree d'P)

#include <std-disclaimer.h> - 'save the trees, send an email'