Need help config Cisco 891F router (ppoe dial)

xuanhieuto · ‎10-12-2020

I have router cisco 891F. ISP cable plug into GI8 and dial PPOE via int Dialer1.
GI8 received IP from ISP. End users received IP from DHCP. But can not access the Internet. This is my configuration.

Please help me to check. I attach my config file.

MHM Cisco World · ‎10-12-2020

first
ip route 0.0.0.0 0.0.0.0 "interface" dhcp

there is no interface specific here.

second why there is dhcp pool ?

Giuseppe Larosa · ‎10-12-2020

Hello @xuanhieuto ,

you need to move the ip nat outside statement from physical interface to Dialer1 the one that gets an IP address.

conf t

int gi8

no ip nat outside

exit

int dialer 1

ip nat outiside

exit

! For the default route the usual configuration is:

no ip route 0.0.0.0 0.0.0.0 dhcp

ip route 0.0.0.0 0.0.0.0 Dialer1

end

Try the proposed changes and check NAT operations with

show ip nat translations

Note : PPPoE provides an IP address to Dialer1 using IPCP protocol not DHCP. DHCP is used by your router to provide an IP address to clients on the LAN side. The usual defualt route configuration is to point directlyto the dialer1 interface.

Hope to help

Giuseppe

xuanhieuto · ‎10-17-2020

Thank you.

I have changed as you recommend.

Georg Pauwen · ‎10-13-2020

Hello,

in addition to the other posts, also take out the static host route marked in bold:

hostname Router891F
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
no aaa new-model
!
ip dhcp excluded-address 192.168.1.1 192.168.1.19
ip dhcp excluded-address 192.168.1.201 192.168.1.254
!
ip dhcp pool ippool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
DNS-server 8.8.8.8 8.8.4.4
!
no IP domain-lookup
IP cef
no ipv6 cef
!
multilink bundle-name authenticated
!
license udi pid C891F-K9 sn FGL19392085
!
username admin privilege 15 password 123abc456
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0
no shut
spanning-tree portfast
!
interface GigabitEthernet1
no shut
spanning-tree portfast
!
interface GigabitEthernet2
no shut
spanning-tree portfast
!
interface GigabitEthernet3
no shut
spanning-tree portfast
!
interface GigabitEthernet4
no shut
spanning-tree portfast
!
interface GigabitEthernet5
no shut
spanning-tree portfast
!
interface GigabitEthernet6
no shut
spanning-tree portfast
!
interface GigabitEthernet7
no shut
spanning-tree portfast
!
interface GigabitEthernet8
no shut
no ip address
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Async3
no ip address
encapsulation slip
!
interface Dialer1
ip address negotiated
ip nat inside
ip mtu 1492
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username AAAaaaAAA password 0 1234568e
ppp ipcp dns request
!
ip forward-protocol nd
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer 1
--> no ip route 192.168.1.1 255.255.255.255 Dialer1
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.250 8899 int Dialer1 8899
ip nat inside source static tcp 192.168.1.250 8181 int Dialer1 8181
ip nat inside source static upd 192.168.1.250 8899 int Dialer1 8899
ip nat inside source static upd 192.168.1.250 8181 int Dialer1 8181
!
dialer-list 1 protocol ip permit
no cdp run
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
no modem enable
line aux 0
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
password 123abc456
login
transport input all
!
scheduler allocate 20000 1000
!
end

xuanhieuto · ‎10-17-2020

Dear,

Thanks for you support.

I modify as you remark.

Now the client can access the internet with http. But can not access https.

There is reply from ping command to https site but the browser is not access.

The browser works fine with https when I test via 4G SIM.

Pls refer attach file.

Georg Pauwen · ‎10-17-2020

Hello,

the configuration looks fine, and in theory, it shouldn't make a difference whether you access http or https sites. Which IP address are you actually pinging ? This is what I get:

Pinging raidrive.com [54.244.20.77] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

The only thing I can think of is trying to change the lines below marked in bold:

interface Dialer1
ip address negotiated
ip nat inside
ip mtu 1492
ip virtual-reassembly in
encapsulation ppp

--> ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username AAAaaaAAA password 0 1234568e
--> no ppp ipcp dns request

xuanhieuto · ‎10-19-2020

Hi,

Thanks for your support.

You are super. Https is working fine after changing the marked in bold.

I have more questions, Is this router support DMZ ?

I'd like to config DMZ on int Gi7 (192.168.0.x/24):
- Inside, DMZ can access internet
- Inside access DMZ.
- DMZ access inside.

Georg Pauwen · ‎10-20-2020

Hello,

the config would look like below:

interface GigabitEthernet7
ip address 192.168.0.1 255.255.255.0
description DMZ
ip nat inside

Also, change access list 1 to:

access-list 1 permit 192.168.0.0 0.0.255.255