cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1129
Views
0
Helpful
3
Replies

5505 PPPOE access via VDSL bridge modem

Paul_Cisco_75
Level 1
Level 1

Hi

I'm new to cisco, I just bought a 5505 to learn from and am trying to attach my VDSL modem as a transparent bridge.

It goes....

Laptop   >>> (VLAN1) Cisco 5505 (VLAN2)  >>> VDSL modem >>> internet

X.X.X.10 >>> (X.X.X.254) ------ (Y.Y.Y.254)    >>> Y.Y.Y.10        >>> A.B.C.D.

I'm using the ASDM, if I configure VLAN2 with the IP address of the VDSL interface I can ping the modem from the console session via Putty. If I take that off and configure up the PPPOE client I can't ping the VDSL modem, I'd expect that. If I then add in an IP address to the PPPOE client config like I assigned to VLAN2 it doesn't ping either.

If I can't ping the VDSL modem I don't expect it would work but it seems I can only either give it a static address which pings but has no pppoe or give it a PPPOE config which means I can't ping the VDSL.

Does anyone have any suggestions as to why I can't ping the VDSL modem when the interface is set as PPPOE with an IP address?

Presumably if I'm on the ASA console doing pings from there to the modem then I'm ruling out problems with the routing from the laptop (trying to isolate where the issue is)

Thanks

Paul

3 Replies 3

Paul_Cisco_75
Level 1
Level 1

Bump... Not sure if it helps any but a bit of debugging shows that the PADI Discovery Initialisation packets are being sent out but it appears no PADO Offers are being returned, any idea what I can do to progress this?

Does the 5505 successfully negotiate an IP when using PPPoE?

Here's some ASA config that has worked in the past, although it was connected to a 877VA router (configured as a bridge), not DSL modem: -

interface Ethernet0/0

switchport access vlan 2

!

!

interface Vlan2

nameif outside

security-level 0   

pppoe client vpdn group VPDN1

ip address pppoe setroute

!

!

vpdn group VPDN1 request dialout pppoe

vpdn group VPDN1 localname xxxx@yyyy

vpdn group VPDN1 ppp authentication chap

vpdn username xxxx@yyyy password ***** store-local

If the modem is setup correctly, then you should be able to enter  show interface vlan2  and see the negotiated IP address.

Speaking of modem setup, I would have thought that if you're bridging PPP over to the ASA, then you can't simaultaneously have an IP address on the modem as well. Therefore, you'll lose management access to the modem, via IP.

If you do need to manage the modem through IP, then I suspect you'll have to terminate PPP on the modem itself and then bridge the IP across to the modem's LAN interface. The ASA would then be configured with an IP in the same subnet. In this scenario, the ASA wouldn't be configured with PPPoE.

Also note that you might need a statically configure the modem's IP for this to work, because I'm not sure it will successfully bridge a negotiated IP. If you find it does work, then please let us know.

Sorry it's a bit vague, but might be enough to get you started.

Hi Shillings

No, I don't get an IP, the debug shows that the modem isn't acknowledging the PADI packet, the modem is literally ingoring the request or just plain old not getting it. The modem has a transparent bridge profile config loaded onto it that the ISP gave me and they assure me that the config works with other firewalls. My ASA config however is the same as yours except for the store-local switch on the username but it doesn't get as far as asking for that info.

The bridge mode creates a virtual interface for management and gives it an IP, to access it you just config a spare NIC on a PC to access the management interface. Other than that it should pass it's public IP to the ASA.

I think the Cisco config is actually ok, I've compared it to a number of working configs, the ISP say the router is ok... unless it's the MTU size or something but I've tried everything else

Maybe I need to port mirror the port the modem is on and see if it's doing anything at all :s

It does work just as a normal modem, it just means there is another network on the outside interface, I wanted the public IP on the interface rather than further out, maybe I just don't need to, I just don't like it that way... I'm not sure if I can perform any NAT'ing etc as the putside interface has a private IP.

Review Cisco Networking for a $25 gift card