05-01-2013 01:18 PM - edited 03-04-2019 07:47 PM
Please help!!
I have 2 887va routers which are both connected to an ADSL line and each other by VPN.
I am trying to set them up to pass layer 2 traffic. I have followed all the help I can find but they still fail to pass layer 2 traffic.
Below is the config files, please can someone correct these so that I am able to pass layer 2 traffic - I am now getting desperate as I have been trying to do this for nearly a week.
Any help is greatly appreciated.
Router 1
Building configuration...
Current configuration : 4206 bytes
!
! Last configuration change at 15:19:10 UTC Wed May 1 2013
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxx
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
ip cef
no ipv6 cef
l2tp-class l2class
hidden
authentication
hello 100
hostname xxx
password tunnel2
receive-window 35
retransmit retries 10
timeout setup 400
!
!
vpdn enable
vpdn search-order domain
!
vpdn-group vpdngroup1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname xxx
!
license udi pid CISCO887VA-K9 sn FCZ1706908Q
!
!
username xxx password 0 pass
username xxx password 0 pass
!
!
controller VDSL 0
!
pseudowire-class PSClass
! Incomplete config [Encapsulation not specified]
!
pseudowire-class etherpw
encapsulation l2tpv3
sequencing both
ip local interface Dialer0
ip pmtu
ip tos reflect
ip ttl 100
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key VPNKEY address xxx.xxx,xxx,xxx
crypto isakmp keepalive 30 5
!
!
crypto ipsec transform-set VPNSET esp-3des esp-sha-hmac
!
crypto map xxx 10 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set VPNSET
match address 101
!
bridge irb
!
!
interface Loopback1
no ip address
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly in
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Virtual-Template1
ip unnumbered Loopback1
ppp authentication chap
ppp chap hostname xxx
!
interface Virtual-PPP1
ip unnumbered Loopback1
ppp authentication chap
ppp chap hostname wtn-40acre
pseudowire xxx.xxx.xxx.xxx pw-class PSClass
! Incomplete or Invalid Xconnect config
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly in
shutdown
!
interface Vlan2
no ip address
bridge-group 1
bridge-group 1 input-address-list 700
bridge-group 1 output-address-list 700
!
interface Dialer0
ip address xxx.xxx.xxx.xxx 255.255.255.0
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname XXX
ppp chap password 0 XXX
ppp pap sent-username xxx password 0 pass
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto map cmap
!
no ip address
shutdown
!
interface BVI1
ip address 192.168.2.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
ip route 78.105.250.120 255.255.255.255 Dialer0
ip route 192.168.1.0 255.255.255.0 Virtual-PPP1
!
access-list 50 deny any log
access-list 100 deny ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 100 permit ip any any
access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 deny ip any any
access-list 101 deny tcp any any
access-list 101 deny udp any any
access-list 101 deny icmp any any
access-list 111 deny tcp any any eq telnet
access-list 111 permit ip any any
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
dialer-list 1 protocol ip permit
!
bridge 1 protocol vlan-bridge
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
access-class 50 in
exec-timeout 0 0
no login
transport input none
transport output none
!
end
Router 2
Building configuration...
Current configuration : 4057 bytes
!
! Last configuration change at 15:10:56 UTC Wed May 1 2013
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxx
!
boot-start-marker
boot-end-marker
!
enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
ip source-route
!
ip cef
no ipv6 cef
!
l2tp-class L2Class
hidden
authentication
hello 100
hostname xxx
password tunnel2
receive-window 35
retransmit retries 10
timeout setup 400
!
vpdn enable
!
vpdn-group 100
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname wtn-40acre
l2tp tunnel password 0 pass
!
license udi pid CISCO887VA-K9 sn FCZ170690A2
!
username xxx password 0 xxx
username xxx password 0 xxx
!
controller VDSL 0
!
pseudowire-class PSClass
! Incomplete config [Encapsulation not specified]
!
pseudowire-class etherpw
encapsulation l2tpv3
sequencing both
ip local interface Dialer0
ip pmtu
ip tos reflect
ip ttl 100
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key VPNKEY address xxx.xxx.xxx.xxx
crypto isakmp keepalive 30 5
!
crypto ipsec transform-set VPNSET esp-3des esp-sha-hmac
!
crypto map cmap 10 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set VPNSET
match address 101
!
bridge irb
!
interface Loopback1
no ip address
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
ip virtual-reassembly in
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Virtual-Template1
ip unnumbered Loopback1
peer ip address forced
peer default ip address pool mypool
ppp authentication pap callin
!
interface Virtual-PPP1
ip unnumbered Loopback1
ppp authentication chap
pseudowire xxx.xxx.xxx.xxx 10 pw-class PSClass
! Incomplete or Invalid Xconnect config
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly in
shutdown
!
interface Vlan2
no ip address
bridge-group 1
bridge-group 1 input-address-list 700
bridge-group 1 output-address-list 700
!
interface Dialer0
ip address xxx.xxx.xxx.xxx 255.255.255.0
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname XXX
ppp chap password 0 XXX
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto map xxx
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
no ip unreachables
!
ip local pool mypool 192.168.2.2
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
!
access-list 50 deny any log
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 deny ip any any
access-list 101 deny tcp any any
access-list 101 deny udp any any
access-list 101 deny icmp any any
access-list 111 deny tcp any any eq telnet
access-list 111 permit ip any any
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
dialer-list 1 protocol ip permi
!
bridge 1 protocol vlan-bridge
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
access-class 50 in
exec-timeout 0 0
no login
transport input none
transport output none
!
end
Solved! Go to Solution.
05-02-2013 03:45 AM
Router 1
l2tp-class class1
authentication
password
pseudowire-class etherpw
protocol l2tpv3 class1
interface FastEthernet0
xconnect
Router 2
l2tp-class class1
authentication
password
pseudowire-class etherpw
protocol l2tpv3 class1
interface FastEthernet0
xconnect
05-02-2013 03:45 AM
Router 1
l2tp-class class1
authentication
password
pseudowire-class etherpw
protocol l2tpv3 class1
interface FastEthernet0
xconnect
Router 2
l2tp-class class1
authentication
password
pseudowire-class etherpw
protocol l2tpv3 class1
interface FastEthernet0
xconnect
05-02-2013 05:07 AM
Sorry it is not relvant question regarding issue you have discussed, I have one query for you , i thing you know this ,
i m in process of doing internt using DSL. I have done the configuration on cisco 887VA. Router port eth0 is not comming up , it is shown as up down state .... what can be the wrong ... There are 4 LAN ports as well they come up when i connect any device. When i connect the eth0 port to any device it do not show up , what can be reason , Is this not a regualar routed prot???
05-02-2013 05:17 AM
if your isp gives PPPoA then you dont use the ethernet interface but ATM and Dialer.
ATM needs to be:
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly in
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
PVC you will need to get from your ISP.
The Dialer needs to be:
interface Dialer0
ip address xxx.xxx.xxx.xxx 255.255.255.0
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname XXX
ppp chap password 0 XXX
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto map xxx
The IP Address is your static IP and chap hostame is the ISP username and Password is the passeord for the internet. You will also need to find out what the MTU value is from your ISP.
Sorry but haven't configured a PPPoE connection so cannot help with that.
Hope this helps.
05-02-2013 05:28 AM
my configuration is mention as ....
vpdn enable
vpdn-group 1
request-dialin
protocol pppoe
exit
int eth0
des DSL WAN interface
no ip add
no ip redirects
no ip unrea
no ip proxy-arp
no cdp enabl
no ip mroute-cache
pppoe enable
pppoe-client dial-pool-number 1
no sh
exit
int dialer 1
des DSL WAN Dialer
ip add negotiated
no ip unreach
ip nat outside
encap ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enabl
ip mtu 1492
ip tcp adjust-mss 1452
ppp authentication chap pap callin
ppp chap hostname xxxxxx
ppp chap password xxxxx
ppp pap sent-username xxxxxx password xxxxx
exit
dialer-list 1 protocol ip permit
int vlan 1
des LAN
ip add 192.168.10.1 255.255.255.0
no sh
exit
access-list 1 permit 192.168.10.0 0.0.0.255
ip nat inside source list 1 int dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 dialer 1
I thing my service provider is providing PPOE. You can see the eth0 configuration ....
If you know please help in this regard.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: