Re: Connecting my 2851 to my ISP over PPPoE - Page 3

garry.mccandless · ‎01-24-2022

Hi Everyone,

As part of my homelab I purchased a number of older Cisco Routers and Switches. I've managed to learn a great deal about getting these setup and running. Now that I've finally been moved across to FTTP I want to replace my consumer router by using the C2851 instead. More of a just because you can, rather than any technical need.

Although I have managed to get the PPPoE connection in place and can route directly from the C2851 I can't route from any device connected to the router. In addition I have been allocated a small (/29) subnet of public IP's. The configuration details below get's me to the point where I can route traffic from the C2851 out to the Internet. But I'm not able to route traffic from my internal networks.

My firewall has been configured to use the IP address I've assigned below to interface GigabitEthernet0/0 as it's default gateway. Again the firewall can see this and doing basic checks it seem to be able to route out to the Internet as well. But I'm not able to see any of my additional IP's.

I've made no change to my firewall, only switching over from the consumer router to the C2851. The setup works fine with the consumer router.

interface GigabitEthernet0/0
 ip address x.x.x.x 255.255.255.248
 duplex full
 speed 1000
 pppoe enable group global
 pppoe-client dial-pool-number 10
!

interface Dialer1
 ip address negotiated
 ip mtu 1492
 encapsulation ppp
 dialer pool 10
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname username@internet.net
 ppp chap password 0 Strong_Password
 ppp ipcp route default
!
ip route 0.0.0.0 0.0.0.0 Dialer1

Interface GigabitEthernet0/1 has a number VLANS setup to cover various network configurations. I know this I need to be able to direct all of my internal traffic towards my firewall's internal IP address and this is where I think my problem lies. Without the Dialer1 configuration my default route is indeed the firewall as below.

ip route 0.0.0.0 0.0.0.0 192.168.50.1

I hope I've explained my setup well enough for someone to point me in the right direction. But if not I'm open to any questions you have.

Thanks for looking.

Regards,

Garry

garry.mccandless · ‎01-24-2022

Thanks,

Here you go, I've changed my router IP for reference

bba-group pppoe global
!
!
interface GigabitEthernet0/0
 ip address 192.168.99.73 255.255.255.248 <IP Changed>
 duplex full
 speed 1000
 pppoe enable group global
 pppoe-client dial-pool-number 10
!
interface GigabitEthernet0/1
 no ip address
 duplex full
 speed 1000
!
interface GigabitEthernet0/1.2
 encapsulation dot1Q 2
 ip address 192.168.2.30 255.255.255.224
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.3
 encapsulation dot1Q 3
 ip address 192.168.3.250 255.255.255.0
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.4
 encapsulation dot1Q 4
 ip address 192.168.4.14 255.255.255.240
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.5
 encapsulation dot1Q 5
 ip address 192.168.5.6 255.255.255.248
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.6
 encapsulation dot1Q 6
 ip address 192.168.6.6 255.255.255.248
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.10
 encapsulation dot1Q 10
 ip address 192.168.10.250 255.255.255.0
!
interface GigabitEthernet0/1.20
 encapsulation dot1Q 20
 ip address 192.168.20.254 255.255.255.0
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.50
 encapsulation dot1Q 50
 ip address 192.168.50.6 255.255.255.0
 ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.99
 description Build Network
 encapsulation dot1Q 99
 ip address 192.168.99.6 255.255.255.240
!
interface GigabitEthernet0/1.100
 description Storage Network
 encapsulation dot1Q 100
 ip address 192.168.100.6 255.255.255.248
 ip helper-address 192.168.10.1
!
interface FastEthernet0/0/0
 description Link to SW03
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet0/0/1
 description RackPDU02
 duplex full
 speed 100
!
interface FastEthernet0/0/2
 description iLO Host01
 duplex full
 speed 100
!
interface FastEthernet0/0/3
 shutdown
!
interface Vlan1
 ip address 192.168.1.254 255.255.255.0
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 encapsulation ppp
 dialer pool 10
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname <username here>
 ppp chap password 0 <password here>
 ppp ipcp dns request
 ppp ipcp route default
 ppp ipcp address accept
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
no ip http server
no ip http secure-server

garry.mccandless · ‎01-24-2022

Building configuration...

Current configuration : 4162 bytes
!
! Last configuration change at 17:51:14 GMT Mon Jan 24 2022
! NVRAM config last updated at 17:51:15 GMT Mon Jan 24 2022
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gw01
!
boot-start-marker
boot-end-marker
!
no logging console
enable password <password here>
!
no aaa new-model
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
ip cef
!
!
ip ftp username <username here>
ip ftp password <password here>
ip name-server 192.168.10.1
vpdn enable
!
!
voice-card 0
no dspfarm
!
!
!
!
bba-group pppoe global
!
!
interface GigabitEthernet0/0
ip address 192.168.99.73 255.255.255.248
duplex full
speed 1000
pppoe enable
pppoe-client dial-pool-number 10
!
interface GigabitEthernet0/1
no ip address
duplex full
speed 1000
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 192.168.2.30 255.255.255.224
ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 3
ip address 192.168.3.250 255.255.255.0
ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.4
encapsulation dot1Q 4
ip address 192.168.4.14 255.255.255.240
ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.5
encapsulation dot1Q 5
ip address 192.168.5.6 255.255.255.248
ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.6
encapsulation dot1Q 6
ip address 192.168.6.6 255.255.255.248
ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.250 255.255.255.0
!
interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.50
encapsulation dot1Q 50
ip address 192.168.50.6 255.255.255.0
ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.99
description Build Network
encapsulation dot1Q 99
ip address 192.168.99.6 255.255.255.240
!
interface GigabitEthernet0/1.100
description Storage Network
encapsulation dot1Q 100
ip address 192.168.100.6 255.255.255.248
ip helper-address 192.168.10.1
!
interface FastEthernet0/0/0
description Link to SW03
switchport mode trunk
duplex full
speed 100
!
interface FastEthernet0/0/1
description RackPDU02
duplex full
speed 100
!
interface FastEthernet0/0/2
description iLO Host01
duplex full
speed 100
!
interface FastEthernet0/0/3
shutdown
!
interface Vlan1
ip address 192.168.1.254 255.255.255.0
!
interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 10
no cdp enable
ppp authentication chap callin
ppp chap hostname <username here>
ppp chap password 0 <password here>
ppp ipcp dns request
ppp ipcp route default
ppp ipcp address accept
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
no ip http server
no ip http secure-server
!
kron occurrence Backup at 23:00 Fri recurring
policy-list Backup
!
kron policy-list Backup
cli show run | redirect ftp://ftp.mycyberspace.net/gw02-backup.cfg
!
logging host 192.168.6.2 transport tcp port 1514
snmp-server community public RO
!
!
!
control-plane
!
!
!
!
!
!
!
!
banner login ^CC

UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.

You must have explicit permission to access or configure this device. All activities performed on this device may be logged.

Violations of this policy may result in disciplinary action and may be reported to the relevant law enforcement agencies. There is no right to privacy on this device

^C
privilege exec level 1 ping
!
line con 0
line aux 0
line vty 0 4
password <password here>
login
transport input telnet
!
scheduler allocate 20000 1000
ntp clock-period 17180204
ntp server 192.168.50.1
!
end

garry.mccandless · ‎04-01-2022

As I wasn't getting anywhere I decided to take a step back and to reassess my problem.

I have now found a working solution, but it's by no means perfect and I need to find something better. My issue wasn't related to NAT as suggested a few times, it was a routing issue.

What I have done to getting me working is to build a new VM which has Linux (CentOS installed, this has been configured to route traffic and act as an internal router. This sits between my Firewall (also a VM) and C2851, I have a policy in place to direct everything via this internal router. There are a number of flaws with this solution, the main one being that if I have to reboot my ESXi host for any reason I lose all network connectivity.

My original aim for using the C2851 was to only have one router in my network and to replace my ISP's consumer router. I was hoping that the data throughput of the C2851 would massively out perform my consumer router. I'm sure there is a way to achieve this, but I've now reached the limits of my Cisco/Networking knowledge.

I'd like to thank all of those who have contributed to my post as far.

Richard Burts · ‎04-02-2022

Garry

Thanks for the update. Glad to know that you have a work around. I find your explanation of the work around a bit puzzling. You have the 2851 connected to the ISP and to the new VM/internal router, and the VM/internal router connects to the firewall. Am I correct in assuming that all of the internal networks/subnets are connected to the firewall? And am I correct in assuming that the firewall is doing the inter vlan routing and doing the address translation for the inside networks? If not correct please provide clarification.

HTH

Rick