Cisco 892 PPPoE configuration with multiple static public IP from ISP

mirei daigatsu · ‎08-20-2014

Hi all,

My company bought a cisco router and I am new with these things. I hope someone can help me.

My details are as follows:

1. I have a block of 5 Public IP addresses from the ISP.

2. The router needs to connect using PPPoE to the ISP through a modem.

3. Behind the router, there are 2 Firewalls who uses static Public IP.

4. I also need to configure the WLAN on this router.

I do not know what I am doing wrong but I can't make it work though I tried to follow the steps from the configugation manual

can someone take a look and correct the configuartion that I did:

Building configuration...

Current configuration : 5768 bytes
!
! Last configuration change at 06:18:01 UTC Tue Aug 19 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
!
ip cef
!
!
!
!
!
no ip domain lookup
ip name-server <from ISP DNS1>
ip name-server <from ISP DNS2>
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
license udi pid CISCO892-K9
!
!
username admin privilege 15 secret 5 xxxxx
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
!
interface FastEthernet5
no ip address
!
interface FastEthernet6
no ip address
no shutdown
duplex auto
speed auto
!
interface FastEthernet7
no ip address
no shutdown
duplex auto
speed auto
!
interface FastEthernet8
description DSL interface
no ip address
no shutdown
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
description FW1
ip address x.x.x.x y.y.y.y <static public ip2>
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
description FW2
ip address x.x.x.x y.y.y.y <static public ip3>
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Dialer1
ip address x.x.x.x y.y.y.y <static public ip1>
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password 0 XXXXX
no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 10 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
!
end

Thanks in advance

SANTHOSHKUMAR SARAVANAN · ‎08-20-2014

Hi ,

Though you have got only additional 5 IP address or x.x.x.x/29 from your service provider , How you have subneted it on your router ??

Have you checked your PPOE connectvity reachability towards internet from your router ??

Simialry on your NAT command , access-list 10 is missing on your configuration

ip nat inside source list 10 interface Dialer1 overload

interface Vlan1
description FW1
ip address x.x.x.x y.y.y.y <static public ip2>
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
description FW2
ip address x.x.x.x y.y.y.y <static public ip3>
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452

As you have got additional Public IP address for firewall , why you want to PAT for those Public segment ?? .

let me know if you need support on this .

HTH

Sandy

mirei daigatsu · ‎08-20-2014

Hi Sandy,

I have to admit that I have no idea what I was doing.

Please help me fix it.

Thanks.

SANTHOSHKUMAR SARAVANAN · ‎08-20-2014

Hi ,

Open webex session and share me meeting invite to my contact id given in my profile

HTH

Sandy

mirei daigatsu · ‎08-20-2014

Hi,

I do not have a webex account to be able to invite you. I remove the following

interface Vlan1
description FW1
ip address x.x.x.x y.y.y.y <static public ip2>
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
description FW2
ip address x.x.x.x y.y.y.y <static public ip3>
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452

Then I try to assign the Public IP Ethernet interface but I get this error:

% IP addresses may not be configured on L2 links

mirei daigatsu · ‎08-21-2014

Hi,

Just to let you know I was able to make the PPPoE work.

Now I am trying to assign IP address on the interface when I bumped into this error

"IP addresses may not be configured on L2 links."

Can you suggest on how I should work this out??

Thanks

SANTHOSHKUMAR SARAVANAN · ‎08-21-2014

Hi ,

Can you let me know , what is additional Public IP address subnet , which you have got from your service provider ??

HTH

Sandy

mirei daigatsu · ‎08-21-2014

Hi,

Thank you so much for the attention. I was able to figure it out.

All is working now :)

SANTHOSHKUMAR SARAVANAN · ‎08-21-2014

Hi ,

What is the issue ?? . How it was rectified .Kindly update other may get benefited

HTH

Sandy

Kindly rate for the post if its helpful