Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
2
Replies

Help - 887VA-M basic Config non nat

antonical
Level 1
Level 1

‎01-03-2013 11:56 PM - edited ‎03-04-2019 06:34 PM

Hello,

I am struggling to get this working afetr spending many hours looking at it I am now completely stuck. We are upgradng from a 857W to this 887 VA-M I have some experience of IOS and the 800 series. Our 857W works perfectly using almost the same config.

Our situation is that the router will sit in front of our firewall and act essentially as a simple router passing everything through to our Firewall. Nat is done at the Firewall.

We currently have the followig configuration that seems to connect the the ISP fine but I cannot connect to the vlan2 port on the switch teh firewall connot connect ot he internet or route anything via the Vlan2 port no pings etc.. I am using FastEthernet 0 as the Vlan2 port and the rest are Vlan 1 with a local network address to allow me to connect a laptop.

We have a block of static IP addresses, the base of which is assigned to the Vlan 2 interface and used by Dialer 0 as IP Unnumbered.

Can anyione see the problem with the config below. Any help would be much appreciated.

Many thanks

Tony

Using 4590 out of 262136 bytes
!
! Last configuration change at 17:42:06 UTC Thu Jan 3 2013
! NVRAM config last updated at 17:43:00 UTC Thu Jan 3 2013
! NVRAM config last updated at 17:43:00 UTC Thu Jan 3 2013
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname XXXXXXX
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$H6dv$YjRUiq1nuOQpaJVyuRkvH.
enable password 7 121A0C041104545C7D3D2525
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local 
!
!
!
!
!
aaa session-id common
!
memory-size iomem 25
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3558655132
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3558655132
 revocation-check none
 rsakeypair TP-self-signed-3558655132
!
crypto pki trustpoint test_trustpoint_config_created_for_sdm
 subject-name e=sdmtest@sdmtest.com
 revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-3558655132
 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
crypto pki certificate chain test_trustpoint_config_created_for_sdm
no ip source-route
!
!
!
!
!
no ip cef
no ip bootp server
ip domain name our.domain
ip name-server our.isp.dns.server1
ip name-server our.isp.dns.server2
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887VA-M-K9 sn FCZ1634C1NF
license accept end user agreement
license boot module c880-data level advipservices
!
!
username USERNAME privilege 15 view root secret 5 $1$Nv.r$.SPASK/daeNsD3lu9LFvX/
!
!
!
!
controller VDSL 0
!
ip tcp synwait-time 10
no ip ftp passive
ip ftp username USERNAME
ip ftp password 7 03104C03015D711C16
! 
!
!
!
!
!
!
interface Ethernet0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip route-cache
 shutdown
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip route-cache
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 description ISP CONNECTION
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip route-cache
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
 switchport access vlan 2
 no ip address
 duplex full
 speed 100
!
interface FastEthernet1
 no ip address
 duplex full
 speed 100
!
interface FastEthernet2
 no ip address
 duplex full
 speed 100
!
interface FastEthernet3
 no ip address
 duplex full
 speed 100
!
interface Vlan1
 description $FW_INSIDE$
 ip address 192.168.0.10 255.255.255.0
 ip access-group 102 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip route-cache
!
interface Vlan2
 ip address our.static.ip.address our.static.subnet.mask
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip flow egress
!
interface Dialer0
 description $FW_OUTSIDE$
 ip unnumbered Vlan2
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname OUR HOSTANME
 ppp chap password OUR PASSWORD
!
ip forward-protocol nd
ip http server
ip http access-class 1
ip http secure-server
!
ip flow-top-talkers
 top 20
 sort-by bytes
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
logging trap debugging
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark CCP_ACL Category=1
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit our.static.ip.address our.static.subnet.mask
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark CCP_ACL Category=1
access-list 100 permit ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark CCP_ACL Category=1
access-list 101 permit ip any any
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 102 permit ip our.static.ip.address our.static.subnet.mask any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
!
!
control-plane
!
!
line con 0
 login authentication local_authen
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 access-class 102 in
 password 7 00071A150754535E58
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
 transport output telnet ssh
!
scheduler interval 500
end

command completed.
Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎01-04-2013 01:45 AM

In your setup Dialer0 and Vlan2 are different L3-interfaces that need routing by default. I never configured that but if you want to use them as one network you probably have to connect the dialer and the vlan with a bridge-group.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

antonical
Level 1
Level 1
In response to Karsten Iwen

‎01-04-2013 02:43 AM

Thanks for the heads up. Now I am really confused.

Is there another way to do what I need. This should be a very simple config. ATM to the ISP with a static IP range and then connection from one of the switch ports to the firewall. Pass everthing both ways.

I only configured the Vlan1 so that I could connect to the router from my laptop with another cable, as I could not get to it via the firewall. The port shows up (lights on) but nothing goes up or down.

Ideally I would want to use it at the moment almost acting like a simple modem, if I could simply bridge the atm and Vlan2 ports and plug straight into the firewall that might save me an IP address. I could still use the Vlan1 for configuration.

Any help appreciated.

Cheers

Tony

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card