ā08-24-2016 07:39 PM - edited ā03-05-2019 07:03 AM
Hi All,
Just want to know if anyone can help with the configuration of a Cisco 2901 with a GigabitEthernet configuration of Australia NBN network.
Our current configuration is as below, and we can access internet through dhcp with this configuration, but the case is, if I directly use the static IP address from our ISP, we cannot connect to internet, it seems there is an authentication which is established through dhcp configuration automatically, but not apply to a static IP configuration. So can anyone please help with this? or is there something I'm missing to configure to get the static IP way to be working?
### The NBN is coming from an RJ45 cable being plugged to an GigabitEthernet interface, in my case I'm using GigabitEthernet0/2/0
### Here is the configuration of GigabitEthernet0/2/0
interface GigabitEthernet0/2/0
ip address dhcp
no ip redirects
no ip unreachables
ip mtu 1460
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1420
duplex auto
speed auto
media-type rj45
!
### default outbound connection is setup as this(for which I know there might be performance issue in this way, but none of other settings can work):
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2/0
### A route map applied for outgoing traffic:
route-map PRIVATE_TRAFFIC_ROUTE permit 10
match ip address PRIVATE_TRAFFIC
set interface GigabitEthernet0/2/0
!
ā08-24-2016 10:44 PM
Hi,
Sorry to be blunt. But why don't you ask your ISP for a static ip instead of negotiating DHCP.
Like you said, this a security mechanism from your ISP to prevent customers to configure static IP address.
HTH.
Regards,
Terence
ā08-24-2016 10:56 PM
Hi Terence,
We did have the static IP, it came with the internet plan; but if I put it as static and configure it on the cisco 2901, the internet can not be established; the new NBN/Fiber is different from the previous ADSL which was configured using dialer, dialer group and atm, seems it is using another protocol. I'm not sure how to make it static and at the same time get the internet up.
ā08-24-2016 11:39 PM
just to clarify, with the new NBN plan you were given a new static Public IP address or are you trying to use the old Static from the ADSL connection?
Is there any particular reason you need a static IP?
ā08-25-2016 12:02 AM
Hi Richard,
Yes we were given a new static IP, and the old ADSL connection is unavailable now, and I've also remove its settings from the cisco router; the cisco router is now running well with NBN with the above configuration, the dhcp way.
I'd like to configure it with the static IP(we own the IP) aiming to make sure if in future we order new block of IPs from the same ISP, they can be routed through and I can configure the new IPs and its subnet in the same router as well.
I just want to ask if anyone know how to configure the static IP from NBN into the cisco router, or if there is no way of achieving this.
ā08-25-2016 12:23 AM
I think this is a question for iiNET
have you checked this link
https://iihelp.iinet.net.au/iiNet_Broadband_Settings
also saw this in another document
Note: Some special cases of fibre connections such as Internode services, South Brisbane Fibre and select locations do require a PPPoEconfiguration. If IPoE doesn't work for you, try selecting PPPoE instead. When using this connection type, you'll also need your broadband username and password which can be found on the email we sent you when your service activated. If you have forgotten these details, please call us on 13 22 58 for assistance.
ā08-25-2016 04:39 AM
Hi Richard,
I think the section marked as "VDSL2" on the page you recon is helpful, I'm looking forward to dig more and try them out this weekend, will update then. Thanks.
ā08-25-2016 02:11 AM
I am on the NBN with Internode. Internode, iiNET, TPG, they're all the same company now.
I find it difficult to swallow that iiNET didn't provide any configuration assistance.
If I enter the Google search field of "internode configuration cisco", the first hit is Internode's configuration site for Cisco routers. Have you looked at THIS?
ā08-25-2016 04:36 AM
Hi Leo,
The site you recon is for ADSL configurations, we previously used them, they were working; but I'm not looking for ADSL configurations for cisco router, I'm looking for the NBN configurations. Thanks.
ā08-25-2016 04:32 PM
The site you recon is for ADSL configurations, we previously used them, they were working; but I'm not looking for ADSL configurations for cisco router, I'm looking for the NBN configurations.
There is NO DIFFERENCE with the configuration between DSL & NBN connection. The only difference is the physical interface port of the router. With DSL, you'll need a dedicated DSL port. When transitioning to NBN all you need is a Layer 3 port. Try it. It won't hurt.
How do you think I was able to transition from DSL to NBN?
ā11-10-2016 08:31 PM
This works for Telsra NBN FTTN (VDSL)
Building configuration...
Current configuration : 12208 bytes
!
! Last configuration change at 14:27:10 PCTime Fri Nov 11 2016 by Shawn
!
version 15.5
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
!
!
!
aaa session-id common
ethernet lmi ce
clock timezone PCTime 10 0
!
!
!
!
!
!
no ip source-route
!
!
!
!
!
!
!
!
!
!
ip port-map user-protocol--2 port udp 3391
ip port-map user-protocol--3 port tcp 3478
ip port-map user-protocol--1 port tcp 3391
ip port-map user-protocol--6 port udp 5062
ip port-map user-protocol--4 port udp 3478
ip port-map user-protocol--5 port tcp 5062
!
ip dhcp excluded-address 192.168.1.1 192.168.1.49
!
ip dhcp pool DHCP_POOL
import all
network 192.168.1.0 255.255.255.0
dns-server 139.130.4.4 203.50.2.71
default-router 192.168.1.1
!
!
!
no ip bootp server
ip name-server 139.130.4.4
ip name-server 203.50.2.71
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
crypto pki trustpoint TP-self-signed-1982477479
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1982477479
revocation-check none
rsakeypair TP-self-signed-1982477479
!
!
!
!
redundancy
!
!
!
!
!
controller VDSL 0/0/0
operating mode vdsl2
firmware filename flash:VA_A_39m_B_38h3_24h_o.bin
no cdp run
!
ip tcp synwait-time 10
!
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-all sdm-nat-user-protocol--6-1
match access-group 102
match protocol user-protocol--6
class-map type inspect match-all sdm-nat-user-protocol--5-1
match access-group 102
match protocol user-protocol--5
class-map type inspect match-all sdm-nat-user-protocol--4-1
match access-group 102
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--3-1
match access-group 102
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--2-1
match access-group 101
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 101
match protocol user-protocol--1
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-all sdm-nat-sip-tls-1
match access-group 102
match protocol sip-tls
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all sdm-nat-sip-1
match access-group 102
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-any CCP_PPTP
match class-map SDM_GRE
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
!
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-user-protocol--2-1
inspect
class type inspect CCP_PPTP
pass
class type inspect sdm-nat-sip-1
inspect
class type inspect sdm-nat-user-protocol--3-1
inspect
class type inspect sdm-nat-user-protocol--4-1
inspect
class type inspect sdm-nat-sip-tls-1
inspect
class type inspect sdm-nat-user-protocol--5-1
inspect
class type inspect sdm-nat-user-protocol--6-1
inspect
class class-default
drop log
policy-map type inspect ccp-permit
class type inspect SDM_DHCP_CLIENT_PT
pass
class class-default
drop
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-icmp-access
inspect
class class-default
pass
!
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
!
!
!
!
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface Embedded-Service-Engine0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
!
interface GigabitEthernet0/0
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
no mop enabled
!
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no atm ilmi-keepalive
!
interface Ethernet0/0/0
description $ETH-WAN$$FW_OUTSIDE$
ip address dhcp client-id Ethernet0/0/0 hostname test.telstra.net
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
no mop enabled
!
interface GigabitEthernet0/3/0
no ip address
!
interface GigabitEthernet0/3/1
no ip address
!
interface GigabitEthernet0/3/2
no ip address
!
interface GigabitEthernet0/3/3
no ip address
!
interface GigabitEthernet0/3/4
no ip address
!
interface GigabitEthernet0/3/5
no ip address
!
interface GigabitEthernet0/3/6
no ip address
!
interface GigabitEthernet0/3/7
no ip address
!
interface Vlan1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
!
ip forward-protocol nd
!
ip http server
ip http access-class 3
ip http authentication local
ip http secure-server
!
ip nat portmap VOICE
cisco-rtp-sip-low
cisco-rtp-skinny-low
ip nat inside source list 1 interface Ethernet0/0/0 overload
ip nat inside source static tcp 192.168.1.35 3391 interface Ethernet0/0/0 3391
ip nat inside source static udp 192.168.1.35 3391 interface Ethernet0/0/0 3391
ip nat inside source static tcp 192.168.1.29 5060 interface Ethernet0/0/0 5060
ip nat inside source static udp 192.168.1.29 5060 interface Ethernet0/0/0 5060
ip nat inside source static tcp 192.168.1.29 3478 interface Ethernet0/0/0 3478
ip nat inside source static udp 192.168.1.29 3478 interface Ethernet0/0/0 3478
ip nat inside source static tcp 192.168.1.29 5061 interface Ethernet0/0/0 5061
ip nat inside source static udp 192.168.1.29 5061 interface Ethernet0/0/0 5061
ip nat inside source list 110 interface Ethernet0/0/0 overload portmap VOICE
ip nat inside source static tcp 192.168.1.29 5062 interface Ethernet0/0/0 5062
ip nat inside source static udp 192.168.1.29 5062 interface Ethernet0/0/0 5062
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
ip access-list extended SDM_GRE
remark CCP_ACL Category=1
permit gre any any
!
logging trap debugging
!
!
access-list 1 remark INSIDE_IF=lan
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny any
access-list 3 remark HTTP Access-class list
access-list 3 remark CCP_ACL Category=1
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 3 deny any
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.35
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.29
access-list 110 permit udp any any range 16384 16482
access-list 110 permit tcp any any range 16384 16482
access-list 110 permit udp any any range 35000 45000
access-list 110 permit tcp any any range 35000 45000
!
!
!
control-plane
!
!
banner login ^CE-Rescue Systems^C
!
line con 0
transport output telnet
line aux 0
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
authorization exec local_author
login authentication local_authen
transport input telnet ssh
line vty 5 15
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
ā02-22-2017 10:03 PM
Give this link a go
https://www.skycomm.com.au/how-to-setup-nbn-fttn-on-a-cisco-router-2900-series/
Its what i did to get the FTTN working with the 2921 route :) on IINET
hope it helps leave a comment if it did on the site love to know if its work my time making this content...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide