Re: Cisco 867VAE –k-w-9 and FTTC WAN configuration

zeroasylum · ‎06-27-2018

Hi All. I was wondering if someone could assist me with the following.

I have a cisco 867 which I configured to work with ADSL and have had running for the last 12 months. On Tuesday I am getting my NCD for my new FIbre to the Curb FTTC connection and I have tried to modified the configuration to the use of the gigabit WAN port interface GigabitEthernet 2. Now I began and used CCP to do this (and then over the console cable just for testing different running setting) shutting down the dialer and ATMO connection which then brought up the wan (it is set to get an IP via DHCP). I then gave this a nat outside which the dialer interface previously had and then modified the rooting so that all traffic was natted through the new interface.

I have been tenting the config as follows. I have another modem connected to my current ADSL connection and I am then plugging that into the wan on the cisco. The adsl moden has full internet access and if plugged directly into a laptop works fine. When I plug in the Cisco the Cisco pickups an IP on the wan interface gigabitinterface2 (I have set the adsl modem to give out ip’s in the 10.10.10. 2 up to 10.10.10.50 range) but no traffic to outside is being routed to it.
I want to keep the config as it has other static routes etc in it. I can see what’s wrong with it. I have been working on it late in the evening after work so tiredness has probably been my enemy.

If someone could have a look and maybe help I would be grateful. Maybe I need to set the GE2 interface to no ip or maybe ip negotiated as well for FTTC.
Below is the config

Thanks

Zeroasylum

Building configuration...

Current configuration : 4939 bytes
!

! Last configuration change at 12:19:56 UTC Wed Jun 27 2018 by admin
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!

hostname Cisco867
!

boot-start-marker
boot-end-marker
!

aqm-register-fnf
!

logging buffered 51200 warnings
!

no aaa new-model
wan mode ethernet
!

!
!

ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.2
ip dhcp excluded-address 192.168.1.221 192.168.1.254
!

ip dhcp pool ccp-pool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 203.12.160.35 203.12.160.36
lease 0 2
!

ip dhcp pool Foscam_camera
hardware-address 00a8.f900.5b94
!

ip dhcp pool HIKvision_DVR
host 192.168.1.230 255.255.255.0
hardware-address 1868.cb8e.8112
!

ip dhcp pool Alarm
host 192.168.1.250 255.255.255.0
hardware-address d880.391b.9313
!

ip dhcp pool Server1
host 192.168.1.240 255.255.255.0
client-identifier 0150.465d.65fa.b6
!

!
!

no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!

!
!

!
crypto pki trustpoint TP-self-signed-3884120332
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3884120332
revocation-check none
rsakeypair TP-self-signed-3884120332
!

!
crypto pki certificate chain TP-self-signed-3884120332
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383834 31323033 3332301E 170D3138 30333032 31313031
31355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38383431
32303333 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
810098F8 53DC07E3 237F112D A6FF7973 DBE25845 E8A07F75 3956B02A 7466B171
756B8795 FCCB9113 225DE957 0C52647F 7F020A12 4750D8B7 0BD58272 38DC3352
53162CFD 54DFC067 AE4E9925 50F41A94 153EFCAB 35F2DEDE 84DD4A90 73E813E4
BC9900E4 10871B8B 3A0A046E 646BB78B 3DC25D70 06BEE642 8C399DDA C51206A2
F0B10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 149A2C88 EFFD3C99 0E6A6BC4 50D072CF 7599E45B 15301D06
03551D0E 04160414 9A2C88EF FD3C990E 6A6BC450 D072CF75 99E45B15 300D0609
2A864886 F70D0101 05050003 8181007C F0D7C65A 0A4066F6 0C766950 3F89ABED
3376F44E D9F2FC73 D0C2210A A7921979 909DCD9B 115D63E5 FD97E5F9 9B9DE390
322E797C 0289BCDF 79B2A8B5 ED321CE6 F2B01F7E 82836603 9E04E794 B999D4C0
675EEF54 C31AB4E7 DC27BE7B 7FFCF5AF 58BAB869 E82457E9 9DEA04F0 D5363D35
0125E87A C3DE37AD 78E383D2 29F60F
quit
!

!
username XXXXX privilege 15 secret 5 XXXXXXXXX
!

!
controller VDSL 0
shutdown
!

no ip ftp passive
!
!

!
!

interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!

interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!

interface Ethernet0
no ip address
shutdown
!

interface FastEthernet0
no ip address
!

interface FastEthernet1
no ip address
!

interface FastEthernet2
no ip address
!

interface GigabitEthernet0
no ip address
!

interface GigabitEthernet1
no ip address
!

interface GigabitEthernet2
description $ETH-WAN$
ip address dhcp client-id GigabitEthernet2
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!

interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!

interface Vlan1
description $ETH-SW-LAUNCH$
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
!

interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
shutdown
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username XXXXXX password 0 XXXXX
no cdp enable
!

ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!

!
ip nat inside source list 1 interface GigabitEthernet2 overload
ip nat inside source static tcp 192.168.1.230 80 203.219.245.98 80 extendable
ip nat inside source static tcp 192.168.1.205 81 203.219.245.98 81 extendable
ip nat inside source static tcp 192.168.1.230 8000 203.219.245.98 8000 extendable
ip nat inside source static tcp 192.168.1.230 10554 203.219.245.98 10554 extendable
ip route 0.0.0.0 0.0.0.0 GigabitEthernet2
!

dialer-list 1 protocol ip permit
no cdp run
!

access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
!

!
line con 0
login local
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!

scheduler allocate 60000 1000
!

end

Terence Payet · ‎06-27-2018

Hi,

DO you have two vlan's on your LAN meaning is the LAN subnet (192.168.1.0/24) configured on the other working router same as the new router? If so this might be the issue.

Can you post the config of the other working router?

Can you share a brief diagram of your topology?

Regards,

Terence

Georg Pauwen · ‎06-28-2018

Hello,

so the modem dishes out 10.10.10.1 or 10.10.10.2. Is this range being NATted on your ADSL modem (which type/brand modem is that ?

You might want to change your NAT configuration on the Cisco as below:

ip nat inside source list 1 interface GigabitEthernet2 overload
--> no ip nat inside source static tcp 192.168.1.230 80 203.219.245.98 80 extendable
--> no ip nat inside source static tcp 192.168.1.205 81 203.219.245.98 81 extendable
--> no ip nat inside source static tcp 192.168.1.230 8000 203.219.245.98 8000 extendable
--> no ip nat inside source static tcp 192.168.1.230 10554 203.219.245.98 10554 extendable
ip route 0.0.0.0 0.0.0.0 GigabitEthernet2 dhcp

zeroasylum · ‎06-28-2018

Hello,

Thank you all for the reply's.Not to worry. I have it all working. I deleted the settings on the GE2 WAN interface and re did them and the NATS and all good now. I am only using a standard billion adsl modem. I was just using it to emulate the new connection device/modem

I assuming with this config on the wan

interface GigabitEthernet2
 description $ETH-WAN$
 ip address dhcp client-id GigabitEthernet2
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto

that it should pick up a 1:1 nat from the new FTTC modem

many thanks

Zeroasylum