Solved: Ok got it. but to bad my asa

Mohd Khairul Nizam · ‎03-11-2016

Hi

I have asa5505 ver 7.2

I'm trying to create pppoe session to my isp but failed.

the special requirement of this isp is that it need to tag vlan 500 to the device before asa.

but the pppoe session is not connected.

any idea why?

============

ASA Version 7.2(3)
!
hostname ciscoasa
enable password KAzFcfZGIkPXujis encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan500
nameif outside
security-level 0
pppoe client vpdn group unifi
ip address pppoe setroute
!
interface Ethernet0/0
switchport access vlan 500
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
passwd KAzFcfZGIkPXujis encrypted
boot system disk0:/asa723-k8.bin
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1492
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-751.bin
no asdm history enable
arp timeout 14400
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group unifi request dialout pppoe
vpdn group unifi localname fbet@uni
vpdn group unifi ppp authentication pap
vpdn username fbet@uni password *********
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd enable inside
ciscoasa#

Akshay Rastogi · ‎03-13-2016

Hi,

If your ISP requirement is to receive the pppoe packet with tagged vlan of 500, then the current configuration would not work.

The current configuration on eth0/1 makes it an access-port and access port doesn't tag the packet.

Therefore you need to configure the port eth0/1 as Trunk. Use the link below to configure the same:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/int5505.html#wp1057200

I am not sure, how the pppoe device would be untagging the packet.

Hope it helps.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

View solution in original post

Akshay Rastogi · ‎03-13-2016

Hi,

If your ISP requirement is to receive the pppoe packet with tagged vlan of 500, then the current configuration would not work.

The current configuration on eth0/1 makes it an access-port and access port doesn't tag the packet.

Therefore you need to configure the port eth0/1 as Trunk. Use the link below to configure the same:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/int5505.html#wp1057200

I am not sure, how the pppoe device would be untagging the packet.

Hope it helps.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

Mohd Khairul Nizam · ‎03-13-2016

Ok got it. but to bad my asa is only base license. I can't configure it as a trunk port.

I'm sure it will be connected if it is trunk port.

Thanks.

ASA 5505 PPPoE not connect