Solved: PPOE, How to verify the DHCP IP & ACL Binding

avilt · ‎10-19-2011

I have configued PPOE on a 2901 router and the device has successfully obtained the IP address from the ISP.

1) How can I verify this dynamic IP address? Show ip interface brief and show ip interface dialer0 does not show the IP address details.

2) Also where should I bind the ACL? Is it on the physical interface or Dialer0 ?

Thank You

smitesh kharecha · ‎10-20-2011

Hi,

Then i suppose modem in front of your router is working in bridge mode.

PPOE is not a interface it is a technology. Bassically PPP is encapsulated in Ethernet frames is what PPPoE is.

PPoE indeed works on Layer 2

Regards,

Smitesh

View solution in original post

smitesh kharecha · ‎10-20-2011

Hi,

How do you know that it has successfully obtained IP from ISP, if you are not seeing it on any interface ??

can you please paste sanitised config of dialer 0 ( if you usiing dialer 0 for dialing).

Generally IP address should be seeing on dialer, and it is the place where ACl should be placed.

HTH,

Smitesh

avilt · ‎10-20-2011

Hello,

Pls find the configuration below. Note that inside interface is already hard coded with static public IP address. From the Internet I am able to reach the inside interface 61.196.X.Y.

Also where should I bind the ACL? is it on

GigabitEthernet0/1?

1.Internal Ethernet interface configuration

interface GigabitEthernet0/0

description Inside Interface

ip address 61.196.X.Y 255.255.255.248

2. External Ethernet interface configuration

Router(config)#Interface GigabitEthernet0/1

Router(config-if)#Description External interface

Router(config-if)#no ip address

Router(config-if)#pppoe enable

Router(config-if)#pppoe-client dial-pool-number 1

Router(config-if)#no ip mroute-cache

Router(config)#interface Dialer0

Router(config-if)#ip address negotiated

Router(config-if)#ip mtu 1492

Router(config-if)#encapsulation ppp

Router(config-if)#dialer pool 1

Router(config-if)#ppp authentication chap pap callin

Router(config-if)#ppp chap hostname xxxxxxxxxxx

Router(config-if)#ppp chap password xxxxxxxxxxx

Router(config-if)#no ip mroute-cache

Router(config)#ip route 0.0.0.0 0.0.0.0 dialer 0

smitesh kharecha · ‎10-20-2011

Hi,

Can you please put the sanitised output of command below:

sh ip int brief | i Di

debug ppp neg

debug ppp auth

Regards,

Smitesh

avilt · ‎10-20-2011

INTERNETRTR#show ip interface brief | i Di

Dialer0 unassigned YES DHCP up up

INTERNETRTR#show pppoe summary

1 client session

The router is at the remote location, I will not execute debug commands, I might lose connectivity.

smitesh kharecha · ‎10-20-2011

Hi,

Since, Dialer haven't got any IP address, there won't be any packet going out.

Also, i assume your IP address on Inside interface is conneted to your LAN or is it working in bridge mode ???

Since, dialer is not obtaining any IP address, it would be difficult to procced without any debugs outputs.

Regards,

Smitesh

avilt · ‎10-20-2011

The router is at the remote location. External interface is connected to ISP modem and internal to a switch. On this switch nothing is connected except the router interface. From the internet I can connect to the inside interface (ssh/https). From the router I can ping any internet device. So there is no doubt that router has a full connectivity to internet via the external interface.

Is VPDN/PPOE a virtual interface? Does it operate @ Layer 2?

smitesh kharecha · ‎10-20-2011

Hi,

Then i suppose modem in front of your router is working in bridge mode.

PPOE is not a interface it is a technology. Bassically PPP is encapsulated in Ethernet frames is what PPPoE is.

PPoE indeed works on Layer 2

Regards,

Smitesh

avilt · ‎10-20-2011

So where should I bind the ACL? It it on Dialer0?

smitesh kharecha · ‎10-21-2011

Hi,

You will never be able to place a ACL on interface, which doesn't have IP address.

In your case, since Dialer is IP Negotiated, you can place it there.

But I would suggest, placing it on your internal interface.

HTH,

Smitesh