Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1531
Views
0
Helpful
5
Replies

IPOE KPN connection cisco 4331 with two local vlan does not route to internet

wvanderhorst
Level 1
Level 1

‎05-27-2019 03:31 PM

Hi there,

i need help to configure a new 200mb connection with ipoe .

Situation:

KPN ISP with lighting edge 310. The KPN doc says they need two interfaces: GigabitEthernet0/0/0 for the WAN (KPN side) and GigabitEthernet0/0/1 for the customer side

i installed a NIM-ES2-8 for my local vlan's (10.1.1.x and 192.168.38.x) . I want internet on these vlan's

Cable from light edge > GigabitEthernet0/0/0

Cable from NIM to switches (layer 2)  local vlan's

No cable in GigabitEthernet0/0/1    (my public ip )  ?? Is this correct ? interface is down..

How to configure NAT ACL?

 

any help is appreciated .

Cheers Walter

 

My config ( short)

 

no service pad
service timestamps debug datetime
!
Hostname Cisco 4331

!
enable secret
<ENABLE PASSWORD>
!
ip cef
!
ip domain name network.local"

!

interface GigabitEthernet0/0/0
description Connection to WAN
ip address 145.xxx.xxx.214 255.255.255.252
speed 1000
no negotiation auto
!
interface GigabitEthernet0/0/1
ip address 97.xx.xx.161 255.255.255.248  (my public ip)
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0

switchport access vlan 1
switchport mode access
!
interface GigabitEthernet0/1/1
switchport access vlan 2
switchport mode access
!
!
interface GigabitEthernet0/1/7
shutdown
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
ip address 10.1.1.2 255.255.255.0
no ip proxy-arp
ip nat inside
!
interface Vlan2
ip address 192.168.38.1 255.255.255.0
ip nat inside
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 145.xx.xx.213
!
no ip http server
no ip http secure-server
!
no cdp run
!
l!
line aux 0
no exec
transport preferred none
transport output none
!
line vty 0 4
exec-timeout 30 0
password xxx
login
length 0
!

Labels:
0 Helpful
5 Replies 5

Georg Pauwen
VIP
VIP

‎05-28-2019 12:38 AM

Hello Walter, 

 

the Lighting Edge is the KPN modem, right ? If you have that connected to your 4331, you probably need to do double NAT. I have made some changes to your configuration (marked in bold), see if you get it to work this way:

 

no service pad
service timestamps debug datetime
!
Hostname Cisco 4331

!
enable secret
<ENABLE PASSWORD>
!
ip cef
!
ip domain name network.local"

!

interface GigabitEthernet0/0/0
description Connection to LightingEdge
ip address dhcp
ip nat outside
speed 1000
no negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0

switchport access vlan 1
switchport mode access
!
interface GigabitEthernet0/1/1
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/1/7
shutdown
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
ip address 10.1.1.2 255.255.255.0
no ip proxy-arp
ip nat inside
!
interface Vlan2
ip address 192.168.38.1 255.255.255.0
ip nat inside
!
ip forward-protocol nd
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 dhcp
!
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 permit 192.168.38.0
!
no ip http server
no ip http secure-server
!
no cdp run
!
l!
line aux 0
no exec
transport preferred none
transport output none
!
line vty 0 4
exec-timeout 30 0
password xxx
login
length 0
!

0 Helpful

wvanderhorst
Level 1
Level 1
In response to Georg Pauwen

‎05-28-2019 12:57 PM

Hello Georg,

 

Thanks for your answer . The lighting Edge is the modem indeed. 

The configuration is called ipoe/numberd link. The KPN doc says

With IPoe/numbred link the connection-subnet x.x.x.x/31 or x.x.x.x/30 is not public reachable. The connection sub net is used to build the connection between your firewall /  router and the Edge router . Your public IP range (my 92.70.xx.xxx/29 is transformed over this connection subnet.

Ip route: the default route settings for ipoe connections points to the address your offering your public ip range . this will be the PE/Edge router .(2)

1) I got an example for the Draytek config , This has to be translated as a ios scrpt.

2) same as gateway ?

3) Do i really need two physical wan ports?

4) I only put one cable between the edge router and my cisco (port gigabitethernet0/0/0 ). The interface for my public ip address has no cable plugged in and is not up. The NIM connects to my local subnet switch (10.1.1.0)

5) In your config i do not see any of the /30 or /29 addresses. How does the router know which public ip address it's on?

6) Does the script match the draytek example?

Thanks in advance Capture.PNG

 

draytek ipoe multi nat.png

 

draytek ipoe static.png

 

 

Walter (The Netherlands)

Preview file
168 KB
0 Helpful

Georg Pauwen
VIP
VIP
In response to wvanderhorst

‎05-28-2019 02:44 PM

Hello Walter,

 

I'll have a look and get back with you...

0 Helpful

Georg Pauwen
VIP
VIP
In response to Georg Pauwen

‎05-29-2019 01:50 AM

Hello,

 

I think your original configuration was almost right. Check what I put together (important parts marked in bold) and see if you get it to work. For the sake of convenience I have added a DHCP pool for both your VLANs:

 

Hostname Cisco 4331

!
enable secret
<ENABLE PASSWORD>
!
ip cef
!
ip domain name network.local"
!

ip dhcp excluded-address 10.1.1.2
ip dhcp excluded-address 192.168.38.1
!
ip dhcp pool VLAN1
network 10.1.1.0 255.255.255.0
default-router 10.1.1.2
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool VLAN2
network 192.168.38.0 255.255.255.0
default-router 192.168.38.1
dns-server 8.8.8.8 8.8.4.4

!
interface GigabitEthernet0/0/0
description Connection to WAN
ip address 145.xxx.xxx.214 255.255.255.252
speed 1000
no negotiation auto
!
interface GigabitEthernet0/0/1
description to Customer LAN
ip address 97.xx.xx.161 255.255.255.248

ip nat outside
!
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
switchport access vlan 1
switchport mode access
!
interface GigabitEthernet0/1/1
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/1/7
shutdown
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
ip address 10.1.1.2 255.255.255.0
no ip proxy-arp
ip nat inside
!
interface Vlan2
ip address 192.168.38.1 255.255.255.0
ip nat inside
!
ip forward-protocol nd
ip nat inside source list 1 interface GigabitEthernet0/0/1 overload
ip route 0.0.0.0 0.0.0.0 145.xxx.xxx.213
!
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 permit 192.168.38.0
!
no ip http server
no ip http secure-server
!
no cdp run
!
l!
line aux 0
no exec
transport preferred none
transport output none
!
line vty 0 4
exec-timeout 30 0
password xxx
login
length 0
!

 

 

0 Helpful

RichySlo
Level 1
Level 1

‎04-12-2023 02:15 AM

Hi @wvanderhorst , did you get it to work, I am running into a similar issue with KPN IPOE.

kind regards,
Rischayro Slominska

0 Helpful
Customers Also Viewed These Support Documents