Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
707
Views
5
Helpful
8
Replies

Cisco 881W PPPOE Setup (have internet in some places but not others)

Go to solution
MrCRJ
Level 1
Level 1

‎12-27-2019 08:51 AM

Hey everyone, 

 

We recently moved and I brought my Cisco 881W with me. The new ISP requires PPPOE, so I stumbled through setup as I have never done it before. 

My situation is this. Some of my devices work great, others are slow, some don't work at all. My smart TV wont connect to netflix for example. Some sites need to be refreshed multiple times to load on a phone or laptop. Some smart home devices and their apps wont work with the wifi. Some things work great and have no issue. 

I have something wrong, but have no idea what. Im sure I also have extras in my config that aren't needed. I am using the router for standard wifi in the house, with FE4 as my WAN port to my home wired network. Im not running a vpn or anything special. 

Any help would be great!

 

Heres my config file. 


Building configuration...

Current configuration : 8266 bytes
!
version 15.2
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
service compress-config
service sequence-numbers
!
hostname Cisco-881W
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
!
aaa new-model
!
!
aaa authentication login VPN_CLIENT_LOGIN local
aaa authorization network VPN_CLIENT_GROUP local
!
!
!
!
!
aaa session-id common
clock timezone EST -5 0
clock summer-time EDT recurring
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint TP-self-signed-1556633198
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1556633198
revocation-check none
rsakeypair TP-self-signed-1556633198
!
!
crypto pki certificate chain TP-self-signed-1556633198
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353536 36333331 3938301E 170D3138 30353331 30343232
34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35353636
33333139 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A114 EE06BA3F C50F2FE1 5E34CBB9 84533685 CD1709A3 EF1174AA 65E90C3A
B2B5AA78 88E27660 52175A97 4491CFF8 3BC1F2B0 80E16F63 AF6991FD EA92C5E6
B5964A8D 14844119 1E810A79 20C0D526 97928E8B D3FC5B2B CE40D02E BB081116
A8D81EF6 0B62D789 B6A14EE2 A5E3E2F4 ECEFC155 50D7DBDA 94049B6E 32AA3C0C
ACDB0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14728F5D 90854AA3 F9B8778B 65027814 86C79E0A 89301D06
03551D0E 04160414 728F5D90 854AA3F9 B8778B65 02781486 C79E0A89 300D0609
2A864886 F70D0101 05050003 81810088 B180198C 6679C7E1 24D4C3BD 10D45B07
3B783727 EF08C1DB 3F01DA5F 60E5D1B6 32E1253B B82960C5 2FB1426C FE826B3E
DB39450A 3F6EFF38 E30DF00F B22A4C9D 9C8CC38E 23C81687 A13996A2 868E235F
D455ECDF 4DA17245 3915E096 DB095596 5642A90A 9E35A960 8EB6CFD0 B0F26660
68275275 FF2F8DFD 97605B2E 2EB74D
quit
no ip source-route
ip cef
!
!
!
!
!
!
!
!


!
ip dhcp excluded-address 10.11.12.1
!
ip dhcp pool ccp-pool
network 10.11.12.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.11.12.1
lease 0 2
!
!
!
ip name-server (Given by ISP)
ip name-server (Given by ISP)
ip inspect WAAS flush-timeout 10
ip inspect name INTERNET dns
ip inspect name INTERNET ftp
ip inspect name INTERNET h323
ip inspect name INTERNET https
ip inspect name INTERNET icmp
ip inspect name INTERNET imap
ip inspect name INTERNET pop3
ip inspect name INTERNET netshow
ip inspect name INTERNET rcmd
ip inspect name INTERNET realaudio
ip inspect name INTERNET rtsp
ip inspect name INTERNET sqlnet
ip inspect name INTERNET streamworks
ip inspect name INTERNET tftp
ip inspect name INTERNET tcp
ip inspect name INTERNET udp
ip inspect name INTERNET vdolive
ip inspect name INTERNET ftps
ip inspect name INTERNET http java-list 1
ipv6 unicast-routing
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid C881W-A-K9 sn (HIDDEN)
license accept end user agreement
license boot module c800 level advipservices
!
!
username (HIDDEN)
!
!
!
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp client configuration group VPN_CLIENTS
key ClientVpnKey
dns 192.168.2.4
domain test.local
pool VPN_CLIENT_POOL
!
!
crypto ipsec transform-set TRANS_3DES_SHA esp-3des esp-sha-hmac
mode tunnel
!
!
!
crypto dynamic-map EXT_DYNAMIC_MAP 10
set transform-set TRANS_3DES_SHA
!
!
crypto map EXT_MAP client authentication list VPN_CLIENT_LOGIN
crypto map EXT_MAP isakmp authorization list VPN_CLIENT_GROUP
crypto map EXT_MAP client configuration address respond
crypto map EXT_MAP 10 ipsec-isakmp dynamic EXT_DYNAMIC_MAP
!
!
!
!
!
interface FastEthernet0
no ip address
crypto map EXT_MAP
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description Physical ADSL
no ip address
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
!
interface Vlan1
ip address 10.11.12.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username (Given by ISP) password (Given by ISP)
ppp ipcp route default
no cdp enable
!
ip local pool VPN_CLIENT_POOL 192.168.20.200 192.168.20.210
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source list 199 interface FastEthernet4 overload
ip nat inside source static tcp 10.11.12.52 20 interface FastEthernet4 20
ip nat inside source static tcp 10.11.12.52 21 interface FastEthernet4 21
ip route 192.168.0.0 255.255.255.0 10.11.12.52
!
ip access-list extended NAT
deny ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
ip access-list extended OUTSIDE-->IN
permit tcp any any eq ftp
permit tcp any any eq ftp-data
deny ip any any log
!
access-list 1 permit any
access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 199 permit ip any any
no cdp run
!
!
!
!
control-plane
!
!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MrCRJ
Level 1
Level 1
In response to Georg Pauwen

‎12-27-2019 05:14 PM - edited ‎12-28-2019 05:06 AM

Alright, so after those changes I was still experiencing problems getting to certain websites and specific services like netflix.com and netflix on my Sharp Smart TV. I did a bit of digging and here is what has fixed things for me, in bold. Thank you for your help, I am all back online and everything seems to be working great now! I'll revisit if I find any other problems regarding this topic. 

 

MrCRJ


interface FastEthernet0
no ip address
crypto map EXT_MAP
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description WAN Port
no ip address
ip nat outside
no ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
!
interface Vlan1
ip address 10.11.12.1 255.255.255.0
ip nat inside
no ip virtual-reassembly in
!
interface Dialer1
mtu 1490
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication pap callin
ppp pap sent-username password 
ppp ipcp route default
no cdp enable
!
ip local pool VPN_CLIENT_POOL 192.168.20.200 192.168.20.210
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 10.11.12.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Georg Pauwen
VIP
VIP

‎12-27-2019 09:49 AM

Hello,

 

I have simplified the configuration and made some changes (marked in bold):

 

Current configuration : 8266 bytes
!
version 15.2
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
service compress-config
service sequence-numbers
!
hostname Cisco-881W
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
!
aaa new-model
!
aaa authentication login VPN_CLIENT_LOGIN local
aaa authorization network VPN_CLIENT_GROUP local
!
aaa session-id common
clock timezone EST -5 0
clock summer-time EDT recurring
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint TP-self-signed-1556633198
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1556633198
revocation-check none
rsakeypair TP-self-signed-1556633198
!
crypto pki certificate chain TP-self-signed-1556633198
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353536 36333331 3938301E 170D3138 30353331 30343232
34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35353636
33333139 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A114 EE06BA3F C50F2FE1 5E34CBB9 84533685 CD1709A3 EF1174AA 65E90C3A
B2B5AA78 88E27660 52175A97 4491CFF8 3BC1F2B0 80E16F63 AF6991FD EA92C5E6
B5964A8D 14844119 1E810A79 20C0D526 97928E8B D3FC5B2B CE40D02E BB081116
A8D81EF6 0B62D789 B6A14EE2 A5E3E2F4 ECEFC155 50D7DBDA 94049B6E 32AA3C0C
ACDB0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14728F5D 90854AA3 F9B8778B 65027814 86C79E0A 89301D06
03551D0E 04160414 728F5D90 854AA3F9 B8778B65 02781486 C79E0A89 300D0609
2A864886 F70D0101 05050003 81810088 B180198C 6679C7E1 24D4C3BD 10D45B07
3B783727 EF08C1DB 3F01DA5F 60E5D1B6 32E1253B B82960C5 2FB1426C FE826B3E
DB39450A 3F6EFF38 E30DF00F B22A4C9D 9C8CC38E 23C81687 A13996A2 868E235F
D455ECDF 4DA17245 3915E096 DB095596 5642A90A 9E35A960 8EB6CFD0 B0F26660
68275275 FF2F8DFD 97605B2E 2EB74D
quit
no ip source-route
ip cef
!
ip dhcp excluded-address 10.11.12.1
!
ip dhcp pool ccp-pool
network 10.11.12.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.11.12.1
lease 0 2
!
ip name-server (Given by ISP)
ip name-server (Given by ISP)
ip inspect WAAS flush-timeout 10
ip inspect name INTERNET dns
ip inspect name INTERNET ftp
ip inspect name INTERNET h323
ip inspect name INTERNET https
ip inspect name INTERNET icmp
ip inspect name INTERNET imap
ip inspect name INTERNET pop3
ip inspect name INTERNET netshow
ip inspect name INTERNET rcmd
ip inspect name INTERNET realaudio
ip inspect name INTERNET rtsp
ip inspect name INTERNET sqlnet
ip inspect name INTERNET streamworks
ip inspect name INTERNET tftp
ip inspect name INTERNET tcp
ip inspect name INTERNET udp
ip inspect name INTERNET vdolive
ip inspect name INTERNET ftps
ip inspect name INTERNET http java-list 1
ipv6 unicast-routing
no ipv6 cef
!
multilink bundle-name authenticated
license udi pid C881W-A-K9 sn (HIDDEN)
license accept end user agreement
license boot module c800 level advipservices
!
username (HIDDEN)
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp client configuration group VPN_CLIENTS
key ClientVpnKey
dns 192.168.2.4
domain test.local
pool VPN_CLIENT_POOL
!
crypto ipsec transform-set TRANS_3DES_SHA esp-3des esp-sha-hmac
mode tunnel
!
crypto dynamic-map EXT_DYNAMIC_MAP 10
set transform-set TRANS_3DES_SHA
!
crypto map EXT_MAP client authentication list VPN_CLIENT_LOGIN
crypto map EXT_MAP isakmp authorization list VPN_CLIENT_GROUP
crypto map EXT_MAP client configuration address respond
crypto map EXT_MAP 10 ipsec-isakmp dynamic EXT_DYNAMIC_MAP
!
interface FastEthernet0
no ip address
crypto map EXT_MAP
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description Physical ADSL
no ip address
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
!
interface Vlan1
ip address 10.11.12.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username (Given by ISP) password (Given by ISP)
ppp ipcp route default
no cdp enable
!
ip local pool VPN_CLIENT_POOL 192.168.20.200 192.168.20.210
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 10.11.12.52 20 interface Dialer1 20
ip nat inside source static tcp 10.11.12.52 21 interface Dialer1 21
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 10.11.12.0 0.0.0.255
!
dialer-list 1 protocol ip permit
!
no cdp run
!
control-plane

0 Helpful

Go to solution
MrCRJ
Level 1
Level 1
In response to Georg Pauwen

‎12-27-2019 10:34 AM - edited ‎12-28-2019 05:07 AM

I've made the following changes, but am still having trouble. Am I missing something? 
interface FastEthernet0
no ip address
crypto map EXT_MAP
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description Physical ADSL
no ip address
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
!
interface Vlan1
ip address 10.11.12.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username password
ppp ipcp route default
no cdp enable
!
ip local pool VPN_CLIENT_POOL 192.168.20.200 192.168.20.210
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.20.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to MrCRJ

‎12-27-2019 11:22 AM

Hello,

 

you are missing access list 1, add this to your configuration:

 

access-list 1 permit 10.11.12.0 0.0.0.255

0 Helpful

Go to solution
MrCRJ
Level 1
Level 1
In response to Georg Pauwen

‎12-27-2019 12:09 PM

Thanks for the quick reply. 

Here is what I have ended up with, as well as a very helpful link I found. 

 

https://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/pppoenat.html

!
!
interface FastEthernet0
no ip address
crypto map EXT_MAP
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description WAN Port
no ip address
ip nat outside
no ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
!
interface Vlan1
ip address 10.11.12.1 255.255.255.0
ip nat inside
no ip virtual-reassembly in
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username clarke-n password 7 1441445A3F102F3C253A27
ppp ipcp route default
no cdp enable
!
ip local pool VPN_CLIENT_POOL 192.168.20.200 192.168.20.210
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 10.11.12.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to MrCRJ

‎12-27-2019 12:49 PM

Hello,

 

that looks fine to me. Do you have full Internet connectivity now ?

0 Helpful

Go to solution
MrCRJ
Level 1
Level 1
In response to Georg Pauwen

‎12-27-2019 05:14 PM - edited ‎12-28-2019 05:06 AM

Alright, so after those changes I was still experiencing problems getting to certain websites and specific services like netflix.com and netflix on my Sharp Smart TV. I did a bit of digging and here is what has fixed things for me, in bold. Thank you for your help, I am all back online and everything seems to be working great now! I'll revisit if I find any other problems regarding this topic. 

 

MrCRJ


interface FastEthernet0
no ip address
crypto map EXT_MAP
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description WAN Port
no ip address
ip nat outside
no ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
!
interface Vlan1
ip address 10.11.12.1 255.255.255.0
ip nat inside
no ip virtual-reassembly in
!
interface Dialer1
mtu 1490
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication pap callin
ppp pap sent-username password 
ppp ipcp route default
no cdp enable
!
ip local pool VPN_CLIENT_POOL 192.168.20.200 192.168.20.210
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 10.11.12.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to MrCRJ

‎12-28-2019 12:27 AM

Hello,

 

good work ! Actually, an MTU of 1400 and tcp adjust-mss of 1360 usually covers everything, so in case you still run into trouble, you might want to use those...

Go to solution
MrCRJ
Level 1
Level 1
In response to Georg Pauwen

‎01-02-2020 05:15 AM

Thanks for that info, I actually moved my config over to this as my TV was still having some trouble from time to time. The issues I was having have been a mix of DNS address and MTU related, but I'm happy to report everything is working great now across all devices. 

Thanks for the help Georg!

 

MrCRJ

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card