Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1382
Views
0
Helpful
8
Replies

Cisco 2911 ADSL NAT configuration - LoopBack/SVI question

Go to solution
whickwire
Level 1
Level 1

‎08-16-2018 06:31 AM - edited ‎03-05-2019 10:51 AM

I am running into a problem with my NAT configuration on this router. I have successfully leased a connection from my ISP but am wondering about what the setup would look like if the ip address is negotiated. It's my understand and possibly the wrong one that I will need to possibly duo a policy map or create a loopback interface and reference the leased IP to make things work with my switching equipment. (This 2911 has old fw and doesn't support SVI's unfortunately)

 

Previously when I hooked up my router to a generic Cable connection that seemed relatively easy because the interface was actually receiving an address and then I just had to make a simple acl and overload.

 

Building configuration...


Current configuration : 1770 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CoreRouter
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
dot11 syslog
!
!
ip cef
!
!
!
multilink bundle-name authenticated
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$M6fZ$TDpU3j4kbBqI9ZE1Nrv9e0
archive
log config
hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description UPLINK to TEKSAVY
no ip address
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0/1
ip address 10.79.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/2/0
no ip address
shutdown
no fair-queue
clock rate 125000
!
interface Serial0/2/1
no ip address
shutdown
clock rate 125000
!
interface Dialer1
ip address negotiated
no ip proxy-arp
ip mtu 1492
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
delay 50000
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname ymca79james@teksavvy.com
ppp chap password 0 ymca79Jame5
ppp pap sent-username ymca79james@teksavvy.com password 0 ymca79Jame5
ppp ipcp dns request accept
ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer1 overload
!
access-list 100 permit ip 10.0.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
!
end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to whickwire

‎08-16-2018 10:17 AM

Hello,

 

below is a way to do it (changes marked in bold). Make sure the uplink port on the switch is reverted back to a switchport.

 

Current configuration : 1770 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CoreRouter
!
boot-start-marker
boot-end-marker
!
no aaa new-model
dot11 syslog
!
ip cef
!
multilink bundle-name authenticated
!
voice-card 0
no dspfarm
!
username admin privilege 15 secret 5 $1$M6fZ$TDpU3j4kbBqI9ZE1Nrv9e0
archive
log config
hidekeys
!
bridge irb
!
interface FastEthernet0/0
description UPLINK to TEKSAVY
no ip address
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0/1
no ip address
bridge-group 1
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/2/0
no ip address
shutdown
no fair-queue
clock rate 125000
!
interface Serial0/2/1
no ip address
shutdown
clock rate 125000
!
interface BVI1
ip address 10.79.0.1 255.255.255.0
ip nat inside
!
interface Dialer1
ip address negotiated
no ip proxy-arp
ip mtu 1492
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
delay 50000
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname ymca79james@teksavvy.com
ppp chap password 0 ymca79Jame5
ppp pap sent-username ymca79james@teksavvy.com password 0 ymca79Jame5
ppp ipcp dns request accept
ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer1 overload
!
access-list 100 permit ip 10.0.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
control-plane
!

bridge 1 protocol ieee
bridge 1 route ip
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
!
end

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Georg Pauwen
VIP
VIP

‎08-16-2018 08:08 AM

Hello,

 

I am not clear on what you are asking. Has your ISP given you a subnet mask to go with the IP address ?

0 Helpful

Go to solution
whickwire
Level 1
Level 1
In response to Georg Pauwen

‎08-16-2018 08:19 AM

Your probably getting sick of me Georg but I appreciate you help :)

My ISP has told me and I'm quoting "There isn’t a subnet mask for this static IP, its pulled from a PPPOE session and assigned." I can purchase a /30 Subnet (2 usable IP addresses) and he has stated I would assign the /30 to one of the ports and setup static routes. Is this what I am after?
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to whickwire

‎08-16-2018 08:48 AM

Hello,

 

what do you want to do, connect a switch to the router ? There really is no advantage to purchasing a /30 subnet, as all you need for external connecivity is the address assigned to the dialer...

 

Not sure if I understand what you are asking...:|

0 Helpful

Go to solution
whickwire
Level 1
Level 1
In response to Georg Pauwen

‎08-16-2018 08:56 AM

Sorry, yes a switch is connected to the router but I get no connectivity from it.

 

FA 0/0 is the internet uplink from the DSL modem

FA 0/1 is the uplink that is connected to the switch IP 10.79.0.1

SW 0/23 I have issued no switchport and assigned IP 10.79.0.2

 

The default route on the switch points to the internal router interface in my case 0.0.0.0 0.0.0.0 10.79.0.1

The default route on the router points to the dialer 0.0.0.0 0.0.0.0 dialer1

 

The NAT statement doesn't appear to be translating the internal to the external. Does that make sense?

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to whickwire

‎08-16-2018 10:17 AM

Hello,

 

below is a way to do it (changes marked in bold). Make sure the uplink port on the switch is reverted back to a switchport.

 

Current configuration : 1770 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CoreRouter
!
boot-start-marker
boot-end-marker
!
no aaa new-model
dot11 syslog
!
ip cef
!
multilink bundle-name authenticated
!
voice-card 0
no dspfarm
!
username admin privilege 15 secret 5 $1$M6fZ$TDpU3j4kbBqI9ZE1Nrv9e0
archive
log config
hidekeys
!
bridge irb
!
interface FastEthernet0/0
description UPLINK to TEKSAVY
no ip address
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0/1
no ip address
bridge-group 1
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/2/0
no ip address
shutdown
no fair-queue
clock rate 125000
!
interface Serial0/2/1
no ip address
shutdown
clock rate 125000
!
interface BVI1
ip address 10.79.0.1 255.255.255.0
ip nat inside
!
interface Dialer1
ip address negotiated
no ip proxy-arp
ip mtu 1492
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
delay 50000
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname ymca79james@teksavvy.com
ppp chap password 0 ymca79Jame5
ppp pap sent-username ymca79james@teksavvy.com password 0 ymca79Jame5
ppp ipcp dns request accept
ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer1 overload
!
access-list 100 permit ip 10.0.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
control-plane
!

bridge 1 protocol ieee
bridge 1 route ip
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
!
end

0 Helpful

Go to solution
whickwire
Level 1
Level 1
In response to Georg Pauwen

‎08-16-2018 10:32 AM

That is so cool. I had no idea about Bridge Groups.

I'm probably out of my depth here as I take my ICND1 in the fall but this certainly beats the help desk!

Thanks Again!
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to whickwire

‎08-17-2018 01:50 PM

Hello,

 

when you have different Vlans and want them all to connect to the Internet, a pretty common configuratiois what is called 'router-on-a-stick', which basically means that you create dot1q subinterfaces for each Vlan on the router.

 

Check the document below:

 

https://community.spiceworks.com/how_to/55605-how-to-configure-router-on-a-stick

0 Helpful

Go to solution
whickwire
Level 1
Level 1
In response to Georg Pauwen

‎08-17-2018 02:22 PM

Unable to go to VLAN route as my 2911 does not support dot1q. The BVI was very cool, I had no idea it existed.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card