cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1983
Views
0
Helpful
7
Replies

BT VDSL Cisco 867 VAE Config

hexxcon
Level 1
Level 1

Hi everyone,

Just wondering if someone could point me in the right direction. I am new to this and have spent a few days trying to get the hang of it, but now I am at a stage where I cannot go any further.

 

I live in this UK with a BT Line which is VDSL FTTC 80/20.

 

So after a lot of research an plenty of failing, I managed to create a sub interface vlan Ethernet0.101 for my Ethernet0 interface and successfully get a WAN IP.

 

My PC is connected to the FastEthernet0 port.

I can ping the router from my PC, and I can successfully ping googles DNS server 8.8.8.8 from the router AND my PC.

But for some reason I cannot get internet web pages to load. Neither can I ping google.com from my PC.

My guess is now that either I need to create an additional Vlan instead of using Vlan1. I only suggest this as I see this on a lot of other peoples configs.

Lastly, I think it could be something to do with the ACL access-lists.

 

Any help would be appreciated. I have pasted my config below

 

Current configuration : 3188 bytes
!
version 15.5
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MN-RT01
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
wan mode dsl
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool lan-pool
 import all
 network 10.10.10.0 255.255.255.0
 default-router 10.10.10.1
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
!
flow record nbar-appmon
 match ipv4 source address
 match ipv4 destination address
 match application name
 collect interface output
 collect counter bytes
 collect counter packets
 collect timestamp absolute first
 collect timestamp absolute last
!
!
flow monitor application-mon
 cache timeout active 60
 record nbar-appmon
!
!
object-group network local_cws_net
!
object-group network local_lan_subnets
 any
!
object-group network vpn_remote_subnets
 any
!
!
controller VDSL 0
no cdp run
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
!
!
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface Ethernet0
 no ip address
!
interface Ethernet0.101
 description PrimaryWANDesc_Tagging for PPPoE (VDSL 0)
 encapsulation dot1Q 101
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface GigabitEthernet0
 no ip address
!
interface GigabitEthernet1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Vlan1
 description $ETH_LAN$
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
!
interface Dialer0
 description PrimaryWANDesc_Tagging for PPPoE (VDSL 0)_Ethernet0.101
 ip address negotiated
 ip access-group 1 in
 no ip unreachables
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname bthomehub@btbroadband.com
 ppp chap password 0 bt
 ppp pap sent-username bthomehub@btbroadband.com password 0 bt
 no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended nat-list
 permit ip object-group local_lan_subnets any
!
dialer-list 1 protocol ip permit
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit any
access-list 1 remark INTERNET-ACCESS
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 101 permit ip 0.0.0.0 255.255.255.0 any
!
banner exec ^C^C
banner login ^C^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 60000 1000
!
end

Thanks in advance.

7 Replies 7

Martin Carr
Level 4
Level 4

You don’t have DNS servers configured, which is your issue.

 

Re VLAN 1, the reason you have seen this Ian because it’s best practice to use another ID from 1 (i.e. the default) in the interests of security, but will work fine.

 

Martin

Thank you for taking the time to reply.

 

I was indeed missing the DNS Servers out of that config,

 

ip dhcp pool lan-pool
 import all
 network 10.10.10.0 255.255.255.0
 dns-server 8.8.8.8 8.8.4.4
 default-router 10.10.10.1

I have put it in and still have the same issue unfortunately.

 

Router is 10.10.10.1

My PC that is connected to FE0 is 10.10.10.2

 

Router can ping 8.8.8.8

but cannot ping my PC 10.10.10.2

 

However my PC can ping the router 10.10.10.1 and DNS 8.8.8.8.

 

Something else strange, when I start to ping 8.8.8.8 from my PC, the Network icon on my PC goes from "No internet" to "Connected" whilst I do the pings, but still dont have connectivity.

Hello,

 

make the changes marked in bold and check if that makes a difference:

 

Current configuration : 3188 bytes
!
version 15.5
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MN-RT01
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
wan mode dsl
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool lan-pool
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
--> dns-server 8.8.8.8 8.8.4.4
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
flow record nbar-appmon
match ipv4 source address
match ipv4 destination address
match application name
collect interface output
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
!
flow monitor application-mon
cache timeout active 60
record nbar-appmon
!
object-group network local_cws_net
!
object-group network local_lan_subnets
any
!
object-group network vpn_remote_subnets
any
!
controller VDSL 0
no cdp run
!
--> no zone security LAN
--> no zone security WAN
--> no zone security VPN
--> no zone security DMZ
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
!
interface Ethernet0.101
description PrimaryWANDesc_Tagging for PPPoE (VDSL 0)
encapsulation dot1Q 101
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
--> no ip tcp adjust-mss 1452
!
interface Dialer0
description PrimaryWANDesc_Tagging for PPPoE (VDSL 0)_Ethernet0.101
ip address negotiated
--> no ip access-group 1 in
--> ip mtu 1400
no ip unreachables
ip nat outside
ip virtual-reassembly in
encapsulation ppp
--> ip tcp adjust-mss 1360
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname bthomehub@btbroadband.com
ppp chap password 0 bt
ppp pap sent-username bthomehub@btbroadband.com password 0 bt
no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
--> no ip access-list extended nat-list
permit ip object-group local_lan_subnets any
!
dialer-list 1 protocol ip permit
!
access-list 1 permit 10.10.10.0 0.0.0.255
--> no access-list 1 permit any
access-list 1 remark INTERNET-ACCESS
--> no access-list 101 permit ip 10.10.10.0 0.0.0.255 any
--> no access-list 101 permit ip 0.0.0.0 255.255.255.0 any
!
banner exec ^C^C
banner login ^C^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 60000 1000
!
end

Its working! I would like to thank you so much for your assistance. This has helped me so much.

This has been an amazing learning process for me. I didnt know a thing about Cisco routers before I started messing around with my Cisco 867-VAE-K9 that had been sat in the cupboard for a year!

I have spent around 30 hours trying to get it to work by trying to configure it from the ground up as well as learning CLI and differences between interfaces etc. Struggling for 30 hours has helped me greatly in the long run.

I am going to get my head down to try and pass the CCNA. Im sure there will be many more hours of struggling :)

Hello,

 

can you post the final working configuration for reference ?

Of course. I would like to point out that before I changed the MTU in Dialer0 as per your suggestion, I was having TLS Handshake errors when trying to load web pages. On the router I was getting Fragment Overflow errors.

%IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer0: the fragment table has reached its maximum threshold 64

When I changed the config as per your suggestion, no issues at all.

 

And now no errors when I use:

debug ip virtual-reassembly

 

Heres my latest config

version 15.5
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ####
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
wan mode dsl
clock timezone GMT 0 0
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool lan-pool
 import all
 network 10.10.10.0 255.255.255.0
 dns-server 8.8.8.8 8.8.4.4
 default-router 10.10.10.1
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
!
flow record nbar-appmon
 match ipv4 source address
 match ipv4 destination address
 match application name
 collect interface output
 collect counter bytes
 collect counter packets
 collect timestamp absolute first
 collect timestamp absolute last
!
!
flow monitor application-mon
 cache timeout active 60
 record nbar-appmon
!
!
!
object-group network local_cws_net
!
object-group network local_lan_subnets
 any
!
object-group network vpn_remote_subnets
 any
!
username #### privilege 15 secret 5 ####
!
!
controller VDSL 0
no cdp run
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface Ethernet0
 no ip address
!
interface Ethernet0.101
 description PrimaryWANDesc_Tagging for PPPoE (VDSL 0)
 encapsulation dot1Q 101
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface FastEthernet0
 switchport access vlan 10
 no ip address
!
interface FastEthernet1
 switchport access vlan 10
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface GigabitEthernet0
 no ip address
!
interface GigabitEthernet1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Vlan1
 description $ETH_LAN$
 no ip address
 ip nat inside
 ip virtual-reassembly in
!
interface Vlan10
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Dialer0
 description PrimaryWANDesc_Tagging for PPPoE (VDSL 0)_Ethernet0.101
 ip address negotiated
 ip mtu 1400
 ip nat outside
 ip virtual-reassembly in max-reassemblies 64
 encapsulation ppp
 ip tcp adjust-mss 1360
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname bthomehub@btbroadband.com
 ppp chap password 0 bt
 ppp pap sent-username bthomehub@btbroadband.com password 0 bt
 no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended nat-list
 permit ip object-group local_lan_subnets any
!
dialer-list 1 protocol ip permit
!
access-list 1 permit 10.10.10.0 0.0.0.255
!
banner exec ^C^C
banner login ^C^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 60000 1000
!
end

Be aware that you will have to renew the lease on the PC to obtain then DNS servers. Execute ipconfig /all to verify this.

Re ICMP, you probably have a firewall on the PC (i.e. Windows) blocking the same.

Martin

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco