Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1877
Views
0
Helpful
1
Replies

Cisco router as PPPOE server

Go to solution
ahmedabdelbaqi
Level 1
Level 1

‎08-17-2015 01:59 AM - edited ‎03-05-2019 02:04 AM

Hello 

 

I want to configure cisco router as pppoe server and all pppoe clients connect to internet by using NAT to public IP .. I configure the cisco router as below .. the clients connected by pppoe but when I add nat to interfaces I dont get internet service ... the NAT not translate the private IPs of pppoe clients to the public IP . 


username a password 0 a
!
redundancy
!
!
!
!
!
!
!
!
bba-group pppoe TEST
 virtual-template 1
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 pppoe enable group TEST
!
interface FastEthernet0/1
 ip address x.x.x.x x.x.x.x ( public IP )
 duplex auto
 speed auto
!
interface Virtual-Template1
 mtu 1492
 ip unnumbered Loopback0
 peer default ip address pool PPPOE
 ppp authentication chap callin
!
ip local pool PPPOE 192.168.44.2 192.168.44.100

Labels:
Preview file
47 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎08-17-2015 06:50 AM

Hello Ahmed,

There are a few things wrong with your configuration:

  1. Your interface Virtual-Template1 is not configured as ip nat inside
  2. Your interface FastEthernet0/1 is not configured as ip nat outside
  3. I do not see any ACL and no ip nat inside source commands that would start the NAT - I suppose you have configured them, just not posted them here
  4. The ppp authentication chap callin is better used simply as ppp authentication chap (the callin keyword shall be removed). This change is not strictly required but I recommend it. The callin keyword makes the authentication conditional: It will be required only if the client calls us. This notion of calling-in and calling-out was used in times of true dialable interfaces, but here, it has not meaning.
  5. Your interface Virtual-Template1 should be also configured with ppp mtu adaptive and ip tcp adjust-mss 1452. The first command is to make Windows clients happy, as they like to dictate their own MTU and will drop the PPPoE session if the other side does not comply; the ip tcp adjust-mss 1452 is there to make sure TCP segments are limited in their size so that the resulting IP packets to not need to be fragmented. Ordinarily, clients should be using this command, but it is better to be safe than sorry and do this MSS clamping yourself.

So this would be the list of changes to your configuration:

interface Fa0/1
 ip nat outside
!
interface Virtual-Template1
 ip nat inside
 ip tcp adjust-mss 1452
 ppp mtu adaptive
 no ppp authentication chap callin
 ppp authentication chap
!
end

Best regards,
Peter

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎08-17-2015 06:50 AM

Hello Ahmed,

There are a few things wrong with your configuration:

  1. Your interface Virtual-Template1 is not configured as ip nat inside
  2. Your interface FastEthernet0/1 is not configured as ip nat outside
  3. I do not see any ACL and no ip nat inside source commands that would start the NAT - I suppose you have configured them, just not posted them here
  4. The ppp authentication chap callin is better used simply as ppp authentication chap (the callin keyword shall be removed). This change is not strictly required but I recommend it. The callin keyword makes the authentication conditional: It will be required only if the client calls us. This notion of calling-in and calling-out was used in times of true dialable interfaces, but here, it has not meaning.
  5. Your interface Virtual-Template1 should be also configured with ppp mtu adaptive and ip tcp adjust-mss 1452. The first command is to make Windows clients happy, as they like to dictate their own MTU and will drop the PPPoE session if the other side does not comply; the ip tcp adjust-mss 1452 is there to make sure TCP segments are limited in their size so that the resulting IP packets to not need to be fragmented. Ordinarily, clients should be using this command, but it is better to be safe than sorry and do this MSS clamping yourself.

So this would be the list of changes to your configuration:

interface Fa0/1
 ip nat outside
!
interface Virtual-Template1
 ip nat inside
 ip tcp adjust-mss 1452
 ppp mtu adaptive
 no ppp authentication chap callin
 ppp authentication chap
!
end

Best regards,
Peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card