Solved: CISCO 886w orange vlan 832

RicardoPais41757 · ‎05-04-2020

Hello

I´m using two cisco 886 to connect two centers through ipsec tunneling, until now it is working with an adsl line, now I contract a new isp provider and its connected with fiber OLT and I want to give the wan connection to the cisco. My provider is orange and use the tag with the protocol 802.1Q to connect the wan connection from the isp router on mode ONT.

If I connect my computer directly and config VLan832 on my lan adapter give a dhcp with my static ip wan so I thought that I´d create the vlan 832 to connect with the provider but It don´t assign IP and neither it work with IP fixed.

Can you give a little of light ?

somebody knows something about?

Thank you

Francesco Molino · ‎05-04-2020

Hi

How is the port facing your provider configured?
Also, this router has only 100Mbps ports and hope your provider isn't giving you a 1G port.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

RicardoPais41757 · ‎05-05-2020

Hello

You are right this cisco never get 1Gps but 100/100Mbps ´d be better than
the adsl with 10Mbps/0,5Mbps. My problem is the connection when I try to
make the connection with the dialer and vlan832 I never get the Dhcp IP
WAN from my ISP (ORANGE SPAIN), like you can see in the attachments with
my intel ethernet application I made a tagged with vlan832 and I got the
connection to test the fiber from my GPON (nano fiber), when I try to make
the configuration with the cisco configuration professional but the options
to make a dynamic dhcp must be by ssh because the web interface don´t let
me this option only in static mode but anyway I dont get the config to make
a connection. My ethernet don´t need user and password dialer to get the ip
but a teacher CCNA advise me about this possibility but I create a dialer
with the generic user used by the ISP ORANGE and neither work.

Please I need this connection because 10/0,5 Mbps is the stone age :).

##- Please type your reply above this line

View solution in original post

Francesco Molino · ‎05-04-2020

Hi

How is the port facing your provider configured?
Also, this router has only 100Mbps ports and hope your provider isn't giving you a 1G port.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

RicardoPais41757 · ‎05-05-2020

Hello

You are right this cisco never get 1Gps but 100/100Mbps ´d be better than
the adsl with 10Mbps/0,5Mbps. My problem is the connection when I try to
make the connection with the dialer and vlan832 I never get the Dhcp IP
WAN from my ISP (ORANGE SPAIN), like you can see in the attachments with
my intel ethernet application I made a tagged with vlan832 and I got the
connection to test the fiber from my GPON (nano fiber), when I try to make
the configuration with the cisco configuration professional but the options
to make a dynamic dhcp must be by ssh because the web interface don´t let
me this option only in static mode but anyway I dont get the config to make
a connection. My ethernet don´t need user and password dialer to get the ip
but a teacher CCNA advise me about this possibility but I create a dialer
with the generic user used by the ISP ORANGE and neither work.

Please I need this connection because 10/0,5 Mbps is the stone age :).

##- Please type your reply above this line

RicardoPais41757 · ‎05-05-2020

But can you give other answer that can help me because it´s true but it is other problem.

Francesco Molino · ‎05-05-2020

Issue is solved or not? If not, can you share the cli config please?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

RicardoPais41757 · ‎05-06-2020

Hello

I make a question about my particular topology, now I have a connection adsl(cooper) with movistar via pppoe working and I´m adding other isp ORANGE (fiber) would be the dialer with vlan832.

Movistar make a connection via pppoe with VPI/VCI 8/32 for the adsl and the ATM0.1 make a IPSEC2 with the other campus

The other connection is Orange ISP and is via fiber and it use the Vlan 832.

in the image attached can you see a diagram and my laptop connection with the ONT ubiquiti to test the connection is possible and it´s working with my ethernet card tagged valn832.

Here is the show config-running:

Building configuration...

Current configuration : 4363 bytes
!
! Last configuration change at 11:32:38 UTC Wed May 6 2020 by admin
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname argual
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
enable secret 5 $1$tB7y$KHH1Dmyt12DrpRH******
enable password *****
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
ip name-server 80.58.61.250
ip name-server 80.58.61.254
no ipv6 cef
!
!
vpdn enable
!
vpdn-group 1
!
isdn switch-type basic-net3
license udi pid CISCO886W-GN-E-K9 sn FCZ152490LQ
!
!
username admin privilege 15 secret 5 $1$..xv$qN6hyslXVs7QBMKgIw1Ll1
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key T4bur13nt3 address 88.26.247.119
!
!
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to88.26.247.119
set peer 88.26.247.119
set transform-set ESP-3DES-SHA
match address 101
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn switch-type basic-net3
isdn termination multidrop
isdn point-to-point-setup
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description $ES_WAN$
ip address 80.24.90.156 255.255.255.192
ip nat outside
ip virtual-reassembly
crypto map SDM_CMAP_1
pvc 8/32
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
description Fibra
switchport trunk native vlan 832
switchport mode trunk
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
interface Vlan1
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan832
description orange.es
ip address 85.54.31.1 255.255.255.192
ip nat outside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
pppoe-client dial-pool-number 1
!
interface Dialer1
ip address negotiated
ip access-group 120 in
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname orangeuser@orangeadsl
ppp chap password 0 orange123
ppp pap sent-username orangeuser@orangeadsl password 0 orange123
no cdp enable
crypto map SDM_CMAP_1
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip nat inside source static tcp 192.168.0.150 22 interface ATM0.1 2222
ip nat inside source static tcp 192.168.0.150 5901 interface ATM0.1 5901
ip nat inside source static tcp 192.168.0.251 5900 interface ATM0.1 5903
ip nat inside source static tcp 192.168.0.254 80 interface ATM0.1 8080
ip nat inside source static udp 192.168.0.240 1701 interface ATM0.1 1701
ip nat inside source static tcp 192.168.0.250 443 interface ATM0.1 443
ip nat inside source static tcp 192.168.0.240 1723 interface ATM0.1 1723
ip nat inside source static udp 192.168.0.240 47 interface ATM0.1 47
ip nat inside source route-map SDM_RMAP_1 interface ATM0.1 overload
ip route 0.0.0.0 0.0.0.0 ATM0.1 10 permanent
ip route 85.54.31.0 255.255.255.192 Vlan832 permanent
!
access-list 100 remark CCP_ACL Category=2
access-list 100 remark IPSec Rule
access-list 100 deny ip 192.168.0.0 0.0.0.255 172.26.0.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=4
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.0.0 0.0.0.255 172.26.0.0 0.0.0.255
access-list 102 remark CCP_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.0.0 0.0.0.255 172.26.0.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 100
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
password *********
!
scheduler max-task-time 5000
end

Francesco Molino · ‎05-07-2020

You don't have to create an interface vlan 832. Also if you receive your ip from your pppoe session, you must not set a static ip.
Assign the dialer to your sub interface.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

RicardoPais41757 · ‎05-08-2020

I test it and I´ll say you how it was

Thank you very much

Ibraima.ba1 · ‎10-16-2020

Hi Ricardo,

Were you able to solve your problem ?

If yes, could you please share the relevant info /config with us ?

Thank you

RicardoPais41757 · ‎10-19-2020

At finally, I buy a meriko mk68 and I resolve with the new cisco.
Thanks