Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1438
Views
0
Helpful
2
Replies

Configure PPPoE on Router Cisco 2911 with additional IP addresses have been provided by ISP

MohdAndyAbdullah43881
Level 1
Level 1

‎04-26-2020 12:21 AM

PPOE.png

 

 

Referring to the network diagram, ISP providing 5 Public and I've plan to distribute the public IP to Fortigate and Peplink as per network diagram. Therefore, kindly advise the config below is it workable based on the network diagram. 

 

Interface g0/0 -WAN(from ISP)

interface g0/1 -LAN(to switch)

 

CODE:


!
hostname IM-R-2911
!
boot-start-marker
boot-end-marker
!
!
!

 


no aaa new-model
!
!
!
!
ip dhcp excluded-address 211.27.110.78
!
ip dhcp pool LINE
network 211.27.110.0 255.255.255.255
default-router 211.27.110.73
dns-server 211.27.110.73
lease 3
!
!
!
ip name-server 1.9.1.9
ip name-server 8.8.8.8
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.21
encapsulation dot1Q 21
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
ip address 211.27.110.73 255.255.255.255
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface Dialer1
ip address negotiated
ip mtu 1440
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname <xxxx@timebb>
ppp chap password 0 <PWD TIME>
ppp pap sent-username <xxxxx@timebb> password 0 <PWD TIME>
no cdp enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 10 interface dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
access-list 10 permit 211.27.110.0 0.0.0.255
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end

Labels:
0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎04-26-2020 12:57 AM

Hello,

 

the 211.27.110.x addresses are public IP addresses? If so, you do not have to NAT these addresses. Either assign them statically to your devices, or use DHCP client reservations such as the one below marked in bold/italics.

Also, what subnet mask have you been given for your public addresses ?

 

For the rest, implement the changes marked in bold:

 

hostname IM-R-2911
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
ip dhcp excluded-address 211.27.110.78
!
ip dhcp pool LINE
--> network 211.27.110.0 255.255.255.0 <-- ?
default-router 211.27.110.73
dns-server 211.27.110.73
lease 3
!
ip dhcp pool FORTIGATE
host 211.27.110.76 255.255.255.0
hardware-address 01f0.def1.9b01.df
!
ip name-server 1.9.1.9
ip name-server 8.8.8.8
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
redundancy
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
--> no ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.21
encapsulation dot1Q 21
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
--> ip address 211.27.110.73 255.255.255.0 <-- ?
--> no ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface Dialer1
ip address negotiated
--> ip mtu 1492
--> no ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname <xxxx@timebb>
ppp chap password 0 <PWD TIME>
ppp pap sent-username <xxxxx@timebb> password 0 <PWD TIME>
no cdp enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
--> no ip nat inside source list 10 interface dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
--> no access-list 10 permit 211.27.110.0 0.0.0.255
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end

 

 

0 Helpful

paul driver
VIP
VIP

‎04-26-2020 12:58 AM

Hello

Yes it probably would however it would be a waste of those routable public addresses.

A more viable way would depend on if you wish for the fortigate and peplink devices to be reachable from the public internet if so then what you can do use private addressing on the internal network for all hosts and then perform NAT on a 1-1 basis with those 5 additional the public addresses against the fortigate and peplink.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents