Solved: Re: Simple PPP WAN (NooB)

somwicked · ‎03-27-2005

Extensive LAN experience but (very) limited WAN experience -- so, need some advice and direction.

Connecting 2 sites (main and remote) via leased line (T1) with Cisco 1750s.

Main site:

- 192.168.0.0/24

- default (internet) gateway - Cisco PIX 506e - 192.168.0.1

- W2K DC, Exchange, DHCP, etc...

Remote site:

- 192.168.2.0/24

- no internet access

- no servers on site

Concerns / questions:

- basic WAN connectivity.

- pass DHCP (and options) from server to remote clients?

- use PIX @ main site for all clients internet access?

- VoIP system at main site with extensions at remote (enable QoS)?

- possible to simply extend LAN scheme to remote site?

Main Site 1750 config:

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname main

enable password blah

memory-size iomem 25

ip subnet-zero

no ip domain-lookup

ip audit notify-log

ip audit po max-events 100

call rsvp-sync

interface FastEthernet0

ip address 192.168.0.5 255.255.255.0

speed auto

interface Serial0

description WAN to remote

ip unnumbered FastEthernet0

encapsulation ppp

router rip

version 2

network 192.168.0.0

no auto-summary

ip classless

no ip http server

line con 0

line aux 0

line vty 0 4

no scheduler allocate

Remote Site 1750 config:

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname remote

enable password blah

memory-size iomem 25

ip subnet-zero

no ip domain-lookup

ip audit notify-log

ip audit po max-events 100

call rsvp-sync

interface FastEthernet0

ip address 192.168.2.5 255.255.255.0

speed auto

interface Serial0

description WAN to main

ip unnumbered FastEthernet0

encapsulation ppp

router rip

version 2

network 192.168.2.0

no auto-summary

ip classless

no ip http server

line con 0

line aux 0

line vty 0 4

no scheduler allocate

Many, many thanks you to anyone who can provide enlightenment.

Georg Pauwen · ‎03-31-2005

Hello,

specify the network 192.168.33.0 in your RIP configuration on both routers as well, other than that your configuration looks ok. I assume you are sending the router to the remote location ? I would send a console cable along as well, that way, should anything go wrong unexpectedly, you can instruct somebody to connect to the router and check what is going wrong.

Also, I would configure a local username and password, e.g.:

username admin privilege 15 password 0 cisco

and then configure the VTY and the CON with the 'login local' command:

line vty 0 4

login local

line con 0

login local

Other than that, you could try and install a modem on the AUX port for Out-of-band access. That is actually a very good way to save travel time, since you will always be able to connect to the router, unless the router is physically dead.

HTH,

GP

View solution in original post

Georg Pauwen · ‎03-28-2005

Hello,

regarding your basic WAN connectivity: I would not use IP Unnumbered on the serial interfaces, unless you have a specific need for that, such as a shortage of IP address space, which I think can be excluded in your case, since you are using private space addresses. So assign IP addresses to your serial interfaces.

Regarding the DHCP: assign an ip helper-address to the FastEthernet interface of your remote router. The ip helper-address is the IP address of your DHCP server, and the command forwards DHCP broadcasts to the remote DHCP server. As an alternative, you could also configure the remote router as a DHCP server, which would make your clients at the remote site independent of the availability of the remote DHCP server. Should the remote site or the remote DHCP server be unavailable, the clients at least get an IP address and can work locally.

Regarding the Internet access: as long as your main site router has a default route pointing to the PIX, all traffic not going to any of your local addresses would be routed out to the PIX (and the Internet).

Regarding the VoIP QoS: indeed recommended, you could give priority to VoIP traffic with precedence, it would look like this (to be configured on both routers):

class-map match-all VOIP

match access-group name VoiceOverIP

!

policy-map SET_PRECEDENCE

class VOIP

set ip precedence 5

!

interface FastEthernet0

service-policy input SET_PRECEDENCE

Depending on your IOS version, the ´set ip precedence´ command might have been replaced by the ´set dscp´ command.

Regarding extending the LAN scheme to the remote site: not sure what you mean by that, but if you think about bridging, that would not be a good idea, since all the broadcast traffic would traverse the serial line. It is better to keep the IP addressing separate for both sites.

Hope that makes sense, let me know if you need more help with this.

Regards,

GP

somwicked · ‎03-29-2005

Thanks for the guidance.

I've decided to use 192.168.33.0/24 for the WAN portion of the network with .1 being the main router and .2 being the remote router.

I've also decided against anything DHCP for now. There are only a handful of clients and assigning them statically will allow me to support individual stations better from the main site.

Here are the configs I have so far. My only concerns are:

- I need to make this work first go since the remote location is 4 hours from the main site and travel is a killer (at least it's not cross country).

- In the RIP portion, should I be specifying the network on the ethernet side of the router and the WAN side (i.e. network 192.168.0.0, network 192.168.33.0) or will just the ethernet side work?

Router Main:

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname main

enable secret ...blah..

enable password blah

memory size iomem 25

ip subnet-zero

no ip domain-lookup

ip audit notify log

ip audit po max-events 100

call rsvp-sync

class-map match-all VOIP

match access-group name VoiceOverIP

policy-map SET_PRECEDENCE

class VOIP

set ip precedence 5

interface FastEthernet0

ip address 192.168.0.5 255.255.255.0

service-policy input SET_PRECEDENCE

speed auto

interface Serial0

description WAN to remote

ip address 192.168.33.1 255.255.255.0

encapsulation ppp

router rip

version 2

network 192.168.0.0

no auto-summary

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.0.1

no ip http server

line con 0

line aux 0

line vty 0 4

login

Router Remote:

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname remote

enable secret ...blah..

enable password blah

memory size iomem 25

ip subnet-zero

no ip domain-lookup

ip audit notify log

ip audit po max-events 100

call rsvp-sync

class-map match-all VOIP

match access-group name VoiceOverIP

policy-map SET_PRECEDENCE

class VOIP

set ip precedence 5

interface FastEthernet0

ip address 192.168.2.5 255.255.255.0

service-policy input SET_PRECEDENCE

speed auto

interface Serial0

description WAN to main

ip address 192.168.33.2 255.255.255.0

encapsulation ppp

router rip

version 2

network 192.168.2.0

no auto-summary

ip classless

no ip http server

line con 0

line aux 0

line vty 0 4

login

Georg Pauwen · ‎03-31-2005

Hello,

specify the network 192.168.33.0 in your RIP configuration on both routers as well, other than that your configuration looks ok. I assume you are sending the router to the remote location ? I would send a console cable along as well, that way, should anything go wrong unexpectedly, you can instruct somebody to connect to the router and check what is going wrong.

Also, I would configure a local username and password, e.g.:

username admin privilege 15 password 0 cisco

and then configure the VTY and the CON with the 'login local' command:

line vty 0 4

login local

line con 0

login local

Other than that, you could try and install a modem on the AUX port for Out-of-band access. That is actually a very good way to save travel time, since you will always be able to connect to the router, unless the router is physically dead.

HTH,

GP

somwicked · ‎04-06-2005

Thanks for the guidance so far - it has been a lifesaver (and sanity too).

Everything is up and running smoothly for the most part. The only problem we are seeing is when using the VoIP system (Inter-Tel Axxess, I believe). There is a terrible echo on the line.

From what I've been able to scour, the Inter-tel system is SIP-based similiar to the Cisco phones I believe. Unfortunately, I know less about VoIP (other than theory) than I do/did about WANs.

Any ideas how to cancel the echo?