11-22-2011 10:48 AM - edited 03-04-2019 02:22 PM
Hello,
I seem to be having an issue with Policy Based Routing on a Dialer interface. I have the following two setups:
A. Cisco router with ADSL WIC - relevant configuration information
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
pvc 0/35
pppoe-client dial-pool-number 1
interface FastEthernet0/1
ip address x.x.x.x x.x.x.x
ip nat inside
ip policy route-map dialer1-access
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
route-map dialer1-access permit 10
match ip address acl_dialer1_permit
set default interface Dialer1
B. Cisco router Ethernet interface connected to DSL modem via switch - relevant configuration information
interface GigabitEthernet0/2.220
encapsulation dot1q 220
pppoe enable
pppoe-client dial-pool-number 10
interface GigabitEthernet0/1
ip address x.x.x.x x.x.x.x
ip nat inside
ip policy route-map dialer10-access
interface Dialer10
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 10
route-map dialer10-access permit 10
match ip address acl_dialer10_access
set default interface Dialer10
There is no static default route (ip route 0.0.0.0 0.0.0.0) on either setup. Setup A works for me successfully. As configured, setup B does not seem to correctly 'route' the traffic (connection fails)? If I add the following command to the Dialer interface,
ppp ipcp route default
then connections succeed but I believe this is because there is now a static default route installed which I don't want.
Questions:
1. Is there a way around this?
2. Is this behaviour different when using PPPoE vs ATM?
Thanks,
Mike
11-22-2011 08:28 PM
before you can get the right answer
can you describe what you trying to archive and why you do not use a static default route for example in your setup ?
11-23-2011 07:26 AM
Hi,
I am trying to achieve the following:
Only 2 systems on the internal network (192.168.0.50 and 192.168.0.75) should be allowed to access the internet. All systems should be able to communicate over the 'interoffice backbone'. The 'interoffice backbone' is using the eigrp routing protocol.
To modify my example B:
interface GigabitEthernet0/0
description access to interoffice backbone
ip address 10.0.0.1 255.255.255.248
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip policy route-map dialer10-access
interface GigabitEthernet0/2.220
no ip address
encapsulation dot1q 220
pppoe enable
pppoe-client dial-pool-number 10
interface Dialer10
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 10
ip nat inside source list acl_dialer10_permit interface Dialer10 overload
router eigrp 5
network 10.0.0.0 0.0.0.7
network 192.168.0.0 0.0.0.255
passive-interface default
no passive-interface GigabitEthernet0/0
route-map dialer10-access permit 10
match ip address acl_dialer10_access
set default interface Dialer10
ip access-list standard acl_dialer10_permit
permit host 192.168.0.50
permit host 192.168.0.75
ip access-list acl_dialer10_access
permit ip host 192.168.0.50 any
permit ip host 192.168.0.75 any
Only .50 and .75 should have access to the internet via the Dialer10 interface and should only use the Dialer interface if the route is specifically not known (the default option in the set statement). Traffic from any other device on the 192.168.0.0/24 network should be dropped by the router (no route to host)
If we modify example A:
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
pvc 0/35
pppoe-client dial-pool-number 1
interface FastEthernet0/0
description access to interoffice backbone
ip address 10.0.0.1 255.255.255.248
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.248
ip nat inside
ip policy route-map dialer1-access
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ip nat inside source list acl_dialer1_permit interface Dialer10 overload
router eigrp 5
network 10.0.0.0 0.0.0.7
network 192.168.0.0 0.0.0.255
passive-interface default
no passive-interface FastEthernet0/0
ip access-list standard acl_dialer1_permit
permit host 192.168.0.50
permit host 192.168.0.75
ip access-list extended acl_dialer1_access
permit ip host 192.168.0.50 any
permit ip host 192.168.0.75 any
Again only .50 and .75 should have access to the internet.
With example A:
show ip route
Gateway of last resort is not set
Traffic from .50 and .75 can access the internet
With example B:
show ip route
Gateway of last resort is not set
Traffic from .50 and .75 can not access the internet unless I add the following to the Dialer interface:
ppp ipcp route default
Why does example A work using the ATM interface, but example B not work using the GigabitEthernet sub-interface?
Thanks,
Mike
11-23-2011 12:26 AM
Hi Michael,
One doubt, why you have put IP address on GigE and also had put IP ADDRESS Negotiated on Dialer ?
Remove IP address from GigE interface and check whether it is working or not.
If it is NOT working even after removing IP address from GigE, then can you please issue debug ppp negotiation, sh caller and paste the outputs.
Regards,
Smitesh
11-23-2011 07:29 AM
Hi,
I am not sure I understand your question!
GigabitEthernet0/2.220 is the interface using the Dialer and although I didn't put the statement, there is no ip address assigned to that interface. GigabitEthernet0/1 is used for the internal network where the workstations reside (ip address 192.168.0.1 255.255.255.0).
Thanks,
Mike
11-23-2011 08:32 AM
Hi Michael,
My apologies, I misread the interface config.
Are you trying to have PPP between A and B or PPP at both sides is with SP.
Also can you please provide the output of following commands,
sh caller ip
debug ppp negotiation
Regards,
Smitesh
11-23-2011 10:22 AM
Hi Smitesh,
I am establishing a PPP session to an ISP successfully with both configurations (I get an IP address). When using the ATM0/0/0 interface, I can set default interface Dialer1 in the route-map and traffic will go to the internet with no default route set. When using the ethernet interface and using the same command, the traffic will not go to the internet with no default route set. I must add ppp ipcp route default before traffic will go to the internet (which also adds a static default route to the routing table).
sh caller ip
Line User IP address Local Number Remote Number <->
Vi2
Note that the above is the same with or without the ppp ipcp route default command on the Dialer interface.
I didn't think the ppp debugging is needed since I am successfully establishing a connection.
The IOS version is 15.1(4).
Thanks,
Mike
11-23-2011 08:56 PM
Hi Mike,
I requested for debug ppp negotiation to check whether you are getting default route & gateway from your ISP and is IPCP working fine.
Regards,
Smitesh
11-24-2011 06:38 AM
Hi Smitesh,
As I mentioned before, the default route is being distributed by the ISP.
Here is the output I believe you are looking for:
With ppp ipcp route default command enabled.
Nov 24 14:25:53.979: Di10 IPCP: Install negotiated IP interface address xx.xx.xxx.xxx
Nov 24 14:25:53.979: Di10 IPCP: Install default route thru xx.xxx.xxx.x
Nov 24 14:25:53.979: Di10 Added to neighbor route AVL tree: topoid 0, address xx.xxx.xxx.x
Nov 24 14:25:53.979: Di10 IPCP: Install route to xx.xxx.xxx.xx
With ppp ipcp route default command disabled.
Nov 24 14:28:27.353: Di10 IPCP: Install negotiated IP interface address xx.xx.xxx.xxx
Nov 24 14:28:27.353: Di10 Added to neighbor route AVL tree: topoid 0, address xx.xxx.xxx.x
Nov 24 14:28:27.353: Di10 IPCP: Install route to xx.xxx.xxx.x
Thanks,
Mike
11-24-2011 08:34 AM
HI Mike,
Seems like you are not receiving default route from ISP when ppp ipcp route default is disabled.
Can you post
sh ip route 0.0.0.0 with ppp ipcp route default disabled.
If you not see anything, then it time to call up your ISP.
Regards,
Smitesh
11-24-2011 09:50 AM
Hi Smitesh,
I recieve the default route with or without the ppp ipcp route default command on the Dialer interface. The message 'Di10 IPCP: Install route to xx.xxx.xxx.x' is installing the route and it is visible in the routing table.
sh ip route 0.0.0.0 will show if I have a default route installed, but as I mentioned before, I do not want a route to 0.0.0.0 / default route installed.
I do not need the default route installed when using the DSL WIC to have traffic go to the internet using PBR. This does not seem to be replicating when using an Ethernet interface with PPPoE.
Thanks,
Mike
11-24-2011 08:34 PM
Hi Mike,
Can you make a try making a PBR for your other subnets and route them through other connection ?
Just an thought of alternative way to solve the issue...
Edited:
Also else you can make an ACl, so that other subnets ( which you don't want to transverse though Dialer) gets dropped.
Regards,
Smitesh
Message was edited by: smitesh kharecha
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide