Solved: Anthony,Glad to have helped!

Anthony Willison · ‎08-02-2015

Hello everyone,

I've adopted a Cisco 2800 series router as part of a change of IT contract, and I'm trying to reconfigure for LAN to WAN access.

I've come up with the following configuration, but I'm a little uneasy as I've never really worked with one of these before, especially one with an ADSL HWIC as opposed to the ISR's which I usually use.


Current configuration : 4594 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gateway
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 encryptedsecret
!
no aaa new-model
!
dot11 syslog
no ip source-route
!
!
ip cef
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
vtp version 2
username administrator privilege 15 secret 5 encryptedsecret
archive
 log config
  hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.0.1 255.255.240.0
 duplex full
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface ATM0/0/0
 no ip address
 no ip unreachables
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Dialer0
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap calling
 ppp chap hostname username@isp.net
 ppp chap password 0 IspPassword
 ppp pap sent-username username@isp.net password 0 IspPassword
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http authentication local
no ip http secure-server
!
!
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.15.255
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
 transport output telnet ssh
!
scheduler allocate 20000 1000
end

It would be fantastic if someone could please check the above me and let me know of any issues, I'm especially worried about the dialers, ATM, dialer-group etc.

Cheers,

Anthony

Peter Paluch · ‎08-03-2015

Hi Anthony,

A couple of comments:

You are missing the ip nat inside on your Fa0/0 interface. Without it, the NAT won't work.
There are basically two different modes of running PPP over DSL access, named PPP over ATM (PPPoA), and PPP over Ethernet (PPPoE). They differ in encapsulation and in the procedures required to bring the connection up. Your current configuration is correct for PPPoA and that is what puzzles me: PPPoA is used relatively infrequently. PPPoE is much more popular. So I suggest double-checking with your ISP whether this access is really PPPoA and not PPPoE. In the case the access is PPPoA then the ATM/DSL interface is fine, however, you shoudl remove the ip mtu 1452 command from your Dialer0 interface as PPPoA does not require the MTU to be modified.

If, however, the access is PPPoE then both ATM0/0/0 and Dialer0 will need to be slightly updated: the following commands are the ones that should be entered to have the interfaces modified to the intended state:

interface ATM0/0/0
pvc 8/35
no dialer pool-member 1
no encapsulation aal5mux ppp dialer
pppoe-client dial-pool-number 1
exit
exit
!
interface Dialer0
no ip mtu
mtu 1492
ip tcp adjust-mss 1452
Remove the dialer-group 1 and ppp authentication chap pap callin commands from the Dialer0 interface as they are inappropriate for your deployment.

Of course please feel welcome to ask further!

Best regards,
Peter

View solution in original post

Peter Paluch · ‎08-03-2015

Hi Anthony,

A couple of comments:

You are missing the ip nat inside on your Fa0/0 interface. Without it, the NAT won't work.
There are basically two different modes of running PPP over DSL access, named PPP over ATM (PPPoA), and PPP over Ethernet (PPPoE). They differ in encapsulation and in the procedures required to bring the connection up. Your current configuration is correct for PPPoA and that is what puzzles me: PPPoA is used relatively infrequently. PPPoE is much more popular. So I suggest double-checking with your ISP whether this access is really PPPoA and not PPPoE. In the case the access is PPPoA then the ATM/DSL interface is fine, however, you shoudl remove the ip mtu 1452 command from your Dialer0 interface as PPPoA does not require the MTU to be modified.

If, however, the access is PPPoE then both ATM0/0/0 and Dialer0 will need to be slightly updated: the following commands are the ones that should be entered to have the interfaces modified to the intended state:

interface ATM0/0/0
pvc 8/35
no dialer pool-member 1
no encapsulation aal5mux ppp dialer
pppoe-client dial-pool-number 1
exit
exit
!
interface Dialer0
no ip mtu
mtu 1492
ip tcp adjust-mss 1452
Remove the dialer-group 1 and ppp authentication chap pap callin commands from the Dialer0 interface as they are inappropriate for your deployment.

Of course please feel welcome to ask further!

Best regards,
Peter

Anthony Willison · ‎08-03-2015

You are missing the ip nat inside on your Fa0/0 interface. Without it, the NAT won't work.

I completely missed that, thanks!

In regards to PPPoE v PPPoA, I think the service supports both. As we've run both PPPoA and PPPoE on the same service line. I've done some research and PPPoA looks to be slightly quicker so I might stick with that. ISP is Telstra Business in Australia, so we're a little behind the rest of the world.

Remove the dialer-group 1 and ppp authentication chap pap callin

How is the ppp authentication not required? Doesn't that state the type of authentication to the ISP?

Also how does the Cisco know that dialer0 maps to the ADSL HWIC?

Here's the new config after making the changes you suggested:

interface FastEthernet0/0
 description LAN Network
 ip address 192.168.0.1 255.255.240.0
 ip nat inside
 ip virtual-reassembly
 duplex full
 speed auto
 no mop enabled
!
interface ATM0/0/0
 no ip address
 no ip unreachables
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Dialer0
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 ppp chap hostname username@isp.net
 ppp chap password 0 IspPassword
 ppp pap sent-username username@isp.net password 0 IspPassword
!

Thanks for your in depth reply, I'm sure your assistance is going to make things much smoother on deployment day!

Cheers,

Anthony

Peter Paluch · ‎08-03-2015

Hi Anthony,

In regards to PPPoE v PPPoA, I think the service supports both. As we've run both PPPoA and PPPoE on the same service line. I've done some research and PPPoA looks to be slightly quicker so I might stick with that.

It is indeed possible that the service provider supports both PPPoA and PPPoE. However, I doubt that they support in on the same ATM PVC, that is, both over PVC 8/35. You may want to double-check this with your provider. In any case, yes, the PPPoA carries significantly less overhead (no SNAP headers, no PPPoE headers) and has no MTU issues, so if you can deploy a PPPoA solution, go for it.

ISP is Telstra Business in Australia, so we're a little behind the rest of the world

Aaah, don't get me started on some backwardisms my country :-P

How is the ppp authentication not required? Doesn't that state the type of authentication to the ISP?

Not at all. First, you cannot force your ISP to authenticate you using a particular method. It is the ISP who will request your router to authenticate using a specific method, and your router can either comply or refuse, but it cannot tell the ISP beforehand what method it wants to be authenticated with.

Second, the ppp authentication ... callin command is actually totally the opposite of what you expect: It tells your router to authenticate the ISP if it calls you! This fact appears to confuse many people and there have been several threads here already where we went into depth about the unnecessity of this command. I suggest you read the following thread:

https://supportforums.cisco.com/discussion/11285241/how-do-i-setup-ppp-dialer-present-empty-credentials

Also how does the Cisco know that dialer0 maps to the ADSL HWIC?

This is because either with PPPoA or PPPoE, the PVC 8/35 on ATM0/0/0 is acting as a "dialable" interface in dialer pool 1, and the Dialer0 is configured to use any interface from the dialer pool 1 to make the actual call - hence the association.

Here's the new config after making the changes you suggested:

Looks good to me.

Best regards,
Peter

Anthony Willison · ‎08-04-2015

It is indeed possible that the service provider supports both PPPoA and PPPoE. However, I doubt that they support in on the same ATM PVC, that is, both over PVC 8/35.

Turns out that they do in fact support PPPoA and PPPoE on 8/35.

Aaah, don't get me started on some backwardisms my country :-P

20/4 is a good speed here, we'll get away from copper one day!

Second, the ppp authentication ... callin command is actually totally the opposite of what you expect

Did some research as you suggested, and you're right; completely opposite of what I expected.

This is because either with PPPoA or PPPoE...

Perfect, thanks for explaining :)

Looks good to me.

It worked! Thanks for all your help!

Peter Paluch · ‎08-05-2015

Anthony,

Glad to have helped! Thanks for letting me know :)

Best regards,
Peter

Cisco 2800 Config