da tin.it (PPPoE) a tiscali (PPPoA) [cisco 837]

[zed]

salve a tutti,

e' tanto che non scrivo (anche se a volte sbircio volentieri) ritorno al modo write ponendo una domanda riguardo la configurazione.
sono passato da TIN.IT (PPPoE) a tiscali (PPPoA) e volevo sapere se la configurazione da me modificata era ottimale o se poteva essere migliorata (esempio MTU e/o MSS).

sotto posto parte della configurazione (dovrebbe essere quella significativa, ma se serve altro basta chiedere)

grazie && saluti a tutti,
in particolare a simone pezzano.

Codice: Seleziona tutto

====CUT====
!
interface Ethernet0
 description CRWS Generated text. 
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 hold-queue 100 out
!
interface ATM0
 no ip address
 atm vc-per-vp 64
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
====CUT====
!
interface Dialer1
 ip address negotiated
 ip access-group 111 in
 ip mtu 1492
 ip nat outside
 ip inspect myfw in
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer remote-name redback
 dialer-group 1
 ppp authentication pap chap callin
 ppp chap hostname XXXXXXXXXXXXX
 ppp chap password 7 XXXXXXXXXXX
 ppp pap sent-username XXXXXXXXXXXX password 7 XXXXXXXXXX
 ppp ipcp dns request
 ppp ipcp wins request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
====CUT====

[TheIrish]

Che velocità ha la linea?
Possiamo vedere le ACL?

[zed]

ciao,
e' una 4Mb, 512kb.

ecco le ACL:

Codice: Seleziona tutto

access-list 23 permit 192.168.1.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 111 permit tcp any any eq ftp
access-list 111 permit tcp any any eq 22
access-list 111 permit tcp any any eq smtp
access-list 111 permit tcp any any eq www
access-list 111 permit udp any any eq 4672
access-list 111 permit tcp any any eq 4662
access-list 111 permit udp any any eq 4665
access-list 111 permit udp any any eq 4685
access-list 111 permit udp any any eq 4692
access-list 111 permit tcp any any eq 4682
access-list 111 permit tcp any any range 6881 6889
access-list 111 permit tcp any any eq 25555
access-list 111 permit tcp any any eq 25556
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit gre any any
access-list 111 permit udp host 193.204.114.105 eq ntp any
access-list 111 permit udp host 193.204.114.231 eq ntp any
access-list 111 permit udp host 193.204.114.232 eq ntp any
access-list 111 permit udp host 193.204.114.233 eq ntp any
access-list 111 permit udp host 193.204.114.234 eq ntp any
access-list 111 permit udp host 192.53.103.103 eq ntp any
access-list 111 permit udp host 130.149.17.8 eq ntp any
access-list 111 permit udp host 193.67.79.202 eq ntp any
access-list 111 permit udp host 192.53.103.104 eq ntp any
access-list 111 permit tcp any any established
access-list 111 deny   ip any any log

[TheIrish]

Mi sembra a posto. A parte il fatto che se non sbaglio l'mtu potrebbe essere settato a 1500.

[zed]

Codice: Seleziona tutto

 ip tcp adjust-mss 1452 
 ==CUT==
interface Dialer1 
 ip mtu 1492 
 ip tcp adjust-mss 1452

ho eliminato le tre righe sopra evidenziate (quindi tengo il default '1500' e pare che non ci siano problemi).

grazie Irish,
ciao