Re: Connecting my 2851 to my ISP over PPPoE - Page 2

garry.mccandless · ‎01-24-2022

Hi Everyone,

As part of my homelab I purchased a number of older Cisco Routers and Switches. I've managed to learn a great deal about getting these setup and running. Now that I've finally been moved across to FTTP I want to replace my consumer router by using the C2851 instead. More of a just because you can, rather than any technical need.

Although I have managed to get the PPPoE connection in place and can route directly from the C2851 I can't route from any device connected to the router. In addition I have been allocated a small (/29) subnet of public IP's. The configuration details below get's me to the point where I can route traffic from the C2851 out to the Internet. But I'm not able to route traffic from my internal networks.

My firewall has been configured to use the IP address I've assigned below to interface GigabitEthernet0/0 as it's default gateway. Again the firewall can see this and doing basic checks it seem to be able to route out to the Internet as well. But I'm not able to see any of my additional IP's.

I've made no change to my firewall, only switching over from the consumer router to the C2851. The setup works fine with the consumer router.

interface GigabitEthernet0/0
 ip address x.x.x.x 255.255.255.248
 duplex full
 speed 1000
 pppoe enable group global
 pppoe-client dial-pool-number 10
!

interface Dialer1
 ip address negotiated
 ip mtu 1492
 encapsulation ppp
 dialer pool 10
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname username@internet.net
 ppp chap password 0 Strong_Password
 ppp ipcp route default
!
ip route 0.0.0.0 0.0.0.0 Dialer1

Interface GigabitEthernet0/1 has a number VLANS setup to cover various network configurations. I know this I need to be able to direct all of my internal traffic towards my firewall's internal IP address and this is where I think my problem lies. Without the Dialer1 configuration my default route is indeed the firewall as below.

ip route 0.0.0.0 0.0.0.0 192.168.50.1

I hope I've explained my setup well enough for someone to point me in the right direction. But if not I'm open to any questions you have.

Thanks for looking.

Regards,

Garry

Georg Pauwen · ‎01-24-2022

Hello,

what does your topology look like, is it ?

LAN --> Cisco Router --> pfSense --> ISP ?

Richard Burts · ‎01-24-2022

I agree that we need a better understanding of the topology. The config of pppoe suggests that it is ISP <-> router <-> firewall. And this statement seems to confirm that "It's connected to the Router via a VLAN connection."

I would like to understand how the consumer router was set up. In that situation for the hosts inside the network, was their default gateway an address on the firewall or an address on the consumer router?

Another aspect of providing Internet access is Network Address Translation. With the consumer router was NAT done by the firewall or by the consumer router?

Am I correct that the connection to the ISP has not changed? That with the consumer router (and the firewall) that it was the same /29 block of Public Addresses?

HTH

Rick

garry.mccandless · ‎01-24-2022

Let me answer a few of those questions.

NAT is being done by the consumer router, although I've not configured anything. The configuration is essentially adding the PPPoE details under Internet Connection Setup. For LAN Settings I add the IP address defined as my gateway.

The IP subnet hasn't changed, the only change I'm trying to make is to replace the consumer router (TP-LINK Archer VR600) with this C2851.

The subnet is allocated like this.

192.168.99.72 - Subnet ID

192.168.99.73 - Router

192.168.99.74 - Firewall

192.168.99.75 - Secondary IP

192.168.99.76 - Secondary IP

192.168.99.77 - Secondary IP

192.168.99.78 - Secondary IP

192.168.99.79 - Broadcast Address

Georg Pauwen · ‎01-24-2022

Hello,

so the topology is:

LANx --> Firewall --> Cisco Router --> TP Link Router --> ISP ?

You need to either configure NAT on the TP Link router, for the additional subnets on your LAN, or configure NAT on the Cisco router (which is usually the easier option).

Post the full running configuration of your Cisco router if you don't know how to configure NAT in this context.

garry.mccandless · ‎01-24-2022

I want to remove the TP Link Router all together. There is no NAT configuration on the C2851

Georg Pauwen · ‎01-24-2022

Hello,

what information do you need from us exactly ?

garry.mccandless · ‎01-24-2022

It looks like I need to work out what NAT rules I need to put into my configuration.

Georg Pauwen · ‎01-24-2022

Hello,

post the running configuration (sh run) in full...

garry.mccandless · ‎01-24-2022

I've tried a few times now to post my config. Each time it appears but then when I refresh it's no longer posted in a reply. Very odd.

Georg Pauwen · ‎01-24-2022

Save it in a .txt file and attach it to your post.

Richard Burts · ‎01-24-2022

Garry

There are still aspects of this that are not clear - most especially how traffic will flow from host in your network to the firewall (does it go host to router to firewall, or is there some possibility that hosts get to firewall without going through the router)? But one thing has become quite clear: you need to configure NAT on you Cisco router.

HTH

Rick

garry.mccandless · ‎01-24-2022

As I'm connecting to my ISP with Fibre it looks like this.

LANx -> pfSense -> Cisco Router -> ISP

But also have routing between networks, so like this.

LAN1 -> Cisco Router -> LAN2

I think the below section of my config will help you further.

bba-group pppoe global
!
!
interface GigabitEthernet0/0
 ip address X.X.X.X 255.255.255.248
 duplex full
 speed 1000
 pppoe enable group global
 pppoe-client dial-pool-number 10
!
interface GigabitEthernet0/1
 no ip address
 duplex full
 speed 1000
!
interface GigabitEthernet0/1.2
 encapsulation dot1Q 2
 ip address 192.168.2.30 255.255.255.224
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.3
 encapsulation dot1Q 3
 ip address 192.168.3.250 255.255.255.0
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.4
 encapsulation dot1Q 4
 ip address 192.168.4.14 255.255.255.240
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.5
 encapsulation dot1Q 5
 ip address 192.168.5.6 255.255.255.248
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.6
 encapsulation dot1Q 6
 ip address 192.168.6.6 255.255.255.248
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.10
 encapsulation dot1Q 10
 ip address 192.168.10.250 255.255.255.0
!
interface GigabitEthernet0/1.20
 encapsulation dot1Q 20
 ip address 192.168.20.254 255.255.255.0
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.50
 encapsulation dot1Q 50
 ip address 192.168.50.6 255.255.255.0
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.99
 description Build Network
 encapsulation dot1Q 99
 ip address 192.168.99.6 255.255.255.240
!
interface GigabitEthernet0/1.100
 description Storage Network
 encapsulation dot1Q 100
 ip address 192.168.100.6 255.255.255.248
 ip helper-address 192.168.10.1
!
interface FastEthernet0/0/0
 description Link to SW03
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet0/0/1
 description RackPDU02
 duplex full
 speed 100
!
interface FastEthernet0/0/2
 description iLO Host01
 duplex full
 speed 100
!
interface FastEthernet0/0/3
 shutdown
!
interface Vlan1
 ip address 192.168.1.254 255.255.255.0
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 encapsulation ppp
 dialer pool 10
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname <username here>
 ppp chap password 0 <password here>
 ppp ipcp route default
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!

garry.mccandless · ‎01-24-2022

Hi,

Here's what I have in place.

LANx -> Cisco Router -> LANx

LANx -> pfSense -> Cisco Router -> ISP

Does this help further?

bba-group pppoe global
!
!
interface GigabitEthernet0/0
 ip address X.X.X.X 255.255.255.248
 duplex full
 speed 1000
 pppoe enable group global
 pppoe-client dial-pool-number 10
!
interface GigabitEthernet0/1
 no ip address
 duplex full
 speed 1000
!
interface GigabitEthernet0/1.2
 encapsulation dot1Q 2
 ip address 192.168.2.30 255.255.255.224
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.3
 encapsulation dot1Q 3
 ip address 192.168.3.250 255.255.255.0
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.4
 encapsulation dot1Q 4
 ip address 192.168.4.14 255.255.255.240
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.5
 encapsulation dot1Q 5
 ip address 192.168.5.6 255.255.255.248
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.6
 encapsulation dot1Q 6
 ip address 192.168.6.6 255.255.255.248
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.10
 encapsulation dot1Q 10
 ip address 192.168.10.250 255.255.255.0
!
interface GigabitEthernet0/1.20
 encapsulation dot1Q 20
 ip address 192.168.20.254 255.255.255.0
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.50
 encapsulation dot1Q 50
 ip address 192.168.50.6 255.255.255.0
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.99
 description Build Network
 encapsulation dot1Q 99
 ip address 192.168.99.6 255.255.255.240
!
interface GigabitEthernet0/1.100
 description Storage Network
 encapsulation dot1Q 100
 ip address 192.168.100.6 255.255.255.248
 ip helper-address 192.168.10.1
!
interface FastEthernet0/0/0
 description Link to SW03
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet0/0/1
 description RackPDU02
 duplex full
 speed 100
!
interface FastEthernet0/0/2
 description iLO Host01
 duplex full
 speed 100
!
interface FastEthernet0/0/3
 shutdown
!
interface Vlan1
 ip address 192.168.1.254 255.255.255.0
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 encapsulation ppp
 dialer pool 10
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname <username here>
 ppp chap password 0 <password here>
 ppp ipcp route default
!
ip route 0.0.0.0 0.0.0.0 192.168.50.1
!

garry.mccandless · ‎01-24-2022

My topology goes a little like this.

LANx --> Cisco Router --> LANx

LANx --> Firewall --> Cisco Router --> ISP

Georg Pauwen · ‎01-24-2022

Hello,

if your Cisco router is connected to the ISP, you need to configure NAT. Post the full running configuration of your Cisco router. I cannot request bits and pieces, since I don't know what you are missing.