08-02-2015 07:40 PM - edited 03-05-2019 01:59 AM
Hello everyone,
I've adopted a Cisco 2800 series router as part of a change of IT contract, and I'm trying to reconfigure for LAN to WAN access.
I've come up with the following configuration, but I'm a little uneasy as I've never really worked with one of these before, especially one with an ADSL HWIC as opposed to the ISR's which I usually use.
Current configuration : 4594 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname gateway ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 encryptedsecret ! no aaa new-model ! dot11 syslog no ip source-route ! ! ip cef ! ! ! multilink bundle-name authenticated ! ! ! ! ! ! vtp version 2 username administrator privilege 15 secret 5 encryptedsecret archive log config hidekeys ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.0.1 255.255.240.0 duplex full speed auto no mop enabled ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface ATM0/0/0 no ip address no ip unreachables no atm ilmi-keepalive pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface Dialer0 ip address negotiated ip mtu 1452 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap calling ppp chap hostname username@isp.net ppp chap password 0 IspPassword ppp pap sent-username username@isp.net password 0 IspPassword ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ip http server ip http authentication local no ip http secure-server ! ! ip nat inside source list 1 interface Dialer0 overload ! access-list 1 permit 192.168.0.0 0.0.15.255 ! ! ! ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 privilege level 15 login local transport input telnet ssh transport output telnet ssh ! scheduler allocate 20000 1000 end
It would be fantastic if someone could please check the above me and let me know of any issues, I'm especially worried about the dialers, ATM, dialer-group etc.
Cheers,
Anthony
Solved! Go to Solution.
08-03-2015 04:51 AM
Hi Anthony,
A couple of comments:
Of course please feel welcome to ask further!
Best regards,
Peter
08-03-2015 04:51 AM
Hi Anthony,
A couple of comments:
Of course please feel welcome to ask further!
Best regards,
Peter
08-03-2015 03:40 PM
You are missing the ip nat inside on your Fa0/0 interface. Without it, the NAT won't work.
I completely missed that, thanks!
In regards to PPPoE v PPPoA, I think the service supports both. As we've run both PPPoA and PPPoE on the same service line. I've done some research and PPPoA looks to be slightly quicker so I might stick with that. ISP is Telstra Business in Australia, so we're a little behind the rest of the world.
Remove the dialer-group 1 and ppp authentication chap pap callin
How is the ppp authentication not required? Doesn't that state the type of authentication to the ISP?
Also how does the Cisco know that dialer0 maps to the ADSL HWIC?
Here's the new config after making the changes you suggested:
interface FastEthernet0/0 description LAN Network ip address 192.168.0.1 255.255.240.0 ip nat inside ip virtual-reassembly duplex full speed auto no mop enabled ! interface ATM0/0/0 no ip address no ip unreachables no atm ilmi-keepalive pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface Dialer0 ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 ppp chap hostname username@isp.net ppp chap password 0 IspPassword ppp pap sent-username username@isp.net password 0 IspPassword !
Thanks for your in depth reply, I'm sure your assistance is going to make things much smoother on deployment day!
Cheers,
Anthony
08-03-2015 04:05 PM
Hi Anthony,
In regards to PPPoE v PPPoA, I think the service supports both. As we've run both PPPoA and PPPoE on the same service line. I've done some research and PPPoA looks to be slightly quicker so I might stick with that.
It is indeed possible that the service provider supports both PPPoA and PPPoE. However, I doubt that they support in on the same ATM PVC, that is, both over PVC 8/35. You may want to double-check this with your provider. In any case, yes, the PPPoA carries significantly less overhead (no SNAP headers, no PPPoE headers) and has no MTU issues, so if you can deploy a PPPoA solution, go for it.
ISP is Telstra Business in Australia, so we're a little behind the rest of the world
Aaah, don't get me started on some backwardisms my country :-P
How is the ppp authentication not required? Doesn't that state the type of authentication to the ISP?
Not at all. First, you cannot force your ISP to authenticate you using a particular method. It is the ISP who will request your router to authenticate using a specific method, and your router can either comply or refuse, but it cannot tell the ISP beforehand what method it wants to be authenticated with.
Second, the ppp authentication ... callin command is actually totally the opposite of what you expect: It tells your router to authenticate the ISP if it calls you! This fact appears to confuse many people and there have been several threads here already where we went into depth about the unnecessity of this command. I suggest you read the following thread:
Also how does the Cisco know that dialer0 maps to the ADSL HWIC?
This is because either with PPPoA or PPPoE, the PVC 8/35 on ATM0/0/0 is acting as a "dialable" interface in dialer pool 1, and the Dialer0 is configured to use any interface from the dialer pool 1 to make the actual call - hence the association.
Here's the new config after making the changes you suggested:
Looks good to me.
Best regards,
Peter
08-04-2015 11:58 PM
It is indeed possible that the service provider supports both PPPoA and PPPoE. However, I doubt that they support in on the same ATM PVC, that is, both over PVC 8/35.
Turns out that they do in fact support PPPoA and PPPoE on 8/35.
Aaah, don't get me started on some backwardisms my country :-P
20/4 is a good speed here, we'll get away from copper one day!
Second, the ppp authentication ... callin command is actually totally the opposite of what you expect
Did some research as you suggested, and you're right; completely opposite of what I expected.
This is because either with PPPoA or PPPoE...
Perfect, thanks for explaining :)
Looks good to me.
It worked! Thanks for all your help!
08-05-2015 12:07 AM
Anthony,
Glad to have helped! Thanks for letting me know :)
Best regards,
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide