ISR 1100 - Beginner trouble routing VLAN to Internet via PPPoE Dialer

jupiter.jones · ‎02-18-2021

It's been 10 years since I've worked with IOS so I'm back to being a beginner and would really appreciate any advice you can offer to help with the issue - "not routing to the internet"

Network setup is:

1 VLAN for internal services (101) associated with 4 interfaces GigabitEthernet0/1/0 - 3

1 VLAN for digital audio (102) associated with 3 interfaces GigabitEthernet0/1/4 - 6

1 WLAN for local private WiFi on interface Wlan-GigabitEthernet0/1/8

PPPoE on interface GigabitEthernet0/0/0 via Dialer 1 to Internet

Requirements:

1. VLAN 1 has AppleTV and Lights that need to be on the same subnet as Phone Apps on WLAN for mDNS to work.

2. VLAN 1 and WLAN need access to the Internet

3. VLAN 2 is isolated from the others and has no access to internet.

The configuration is partially from the DayZero setup, and partially my own. The following configuration snippets I think are the relevant ones:

ip dhcp excluded-address 10.0.0.0 10.0.0.99
!
ip dhcp pool ServicesPool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1 
dns-server 10.0.0.1 
! 
class-map match-any IEEE-1588
match ip dscp cs7 
class-map match-any DANTE-OTHER
match ip dscp cs1 
class-map match-any DANTE-AUDIO-P2P
match ip dscp ef 
!
policy-map DantePolicyMap
class IEEE-1588
priority level 1 percent 5
class DANTE-AUDIO-P2P
priority level 2 percent 90
class DANTE-OTHER
bandwidth percent 5 
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description Connection to Internet
no ip address
ip mtu 1492
ip nat outside
ip tcp adjust-mss 1412
negotiation auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/1
no ip address
shutdown
speed 1000
no negotiation auto
!
interface GigabitEthernet0/1/0
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/1/1
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/1/2
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/1/3
switchport access vlan 101
switchport mode access
!
interface GigabitEthernet0/1/4
switchport access vlan 102
switchport mode access
flowcontrol receive on
spanning-tree portfast
service-policy output DantePolicyMap
!
interface GigabitEthernet0/1/5
switchport access vlan 102
switchport mode access
flowcontrol receive on
spanning-tree portfast
service-policy output DantePolicyMap
!
interface GigabitEthernet0/1/6
switchport access vlan 102
switchport mode access
flowcontrol receive on
spanning-tree portfast
service-policy output DantePolicyMap
!
interface GigabitEthernet0/1/7
!
interface Wlan-GigabitEthernet0/1/8
switchport access vlan 101
switchport mode access
!
!
!
!
interface Vlan1
no ip address
!
interface Vlan101
description Services Vlan
ip address 10.0.0.1 255.255.255.0
ip nbar protocol-discovery
ip nat inside
!
interface Vlan102
description Audio Vlan
ip address 10.1.1.1 255.255.255.0
!
!
!
!
!
interface Dialer1
description Dialer to Internet
ip address negotiated
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1412
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp mtu adaptive
ppp authentication chap pap callin
ppp chap hostname <username>
ppp chap password 7 <password>
ppp pap sent-username <username> password 7 <password>
ppp ipcp dns request
!
ip nat inside source route-map track-primary-if interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
ip access-list extended 197
dialer-list 1 protocol ip permit
!
!
route-map track-primary-if permit 1 
match ip address 197
set interface Dialer1

So far the main issue is routing from VLAN 1 and WLAN to the internet - it isn't working.

Can anyone see what I'm missing?

The access-list and route-map at the end are new to me. They were added by the webUI when setting up PPPoE.

Thanks in advance.

johnd2310 · ‎02-18-2021

Hi

looks like your access-list 197 is missing some data.

can you start with a simple nat configuration. can you add the following:

"access-list 10 permit 10.0.0.0 0.0.0.255"

then change the NAT statement to the following:

"ip nat inside source list 10 interface Dialer 0 overload"

Thanks

John

**Please rate posts you find helpful**

jupiter.jones · ‎02-18-2021

Hi John,

Thanks for your reply.

That’s a step forward - I can ping the internet from VLAN 101 and WLAN. So it’s was a NAT issue. I’ll need to do some more reading about the access list that was created by webUI.

There’s still a DNS issue. I’m guessing that since the pool is providing clients with a DNS address that is the VLAN interface address, I’ll need something to forward those queries to whatever upstream DNS is negotiated over PPPoE?

Georg Pauwen · ‎02-19-2021

Hello,

is this the full configuration ? There seems to be some redundant stuff in there (such as the tracking), but maybe you did not post these parts.

For the DNS to work, change the DNS server IP addresses in the pool:

ip dhcp pool ServicesPool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
--> dns-server 8.8.8.8 8.8.4.4

MHM Cisco World · ‎02-19-2021

you can use
ppp ipcp dns request
this make router ask PPPoE ask DNS from Server
then config DHCP with DNS server as IP address of Router,
this make router as DNS proxy,
receive the DNS request from Host and forward it to DNS of ISP.