how-to block ads
|
| | | | FAQ Revisions | Editors: skj  , Covenant , aryoba , Phraxos
Last modified on 2008-08-27 08:31:20
| |
|
|
50.1 PPPoE/PPPoA/DHCP·Sample Configuration on Real Network
·Configure router as DHCP client using external modem
·Configure router with integrated ADSL modem as DHCP client
·Configure a PIX/ASA as DHCP client using external modem
·Quick Guide of Configuring Cisco router for PPPoE using external modem
·Walkthrough of Configuring Cisco Routers for ADSL PPPoE using external modem
·678 ADSL External Modem/Router
·678 on MSN DSL
·Configuring router with integrated ADSL modem running PPPoE
·Configure a PIX/ASA as PPPoE client using external modem
·ADSL router configuration for PPPoA/PPPoE with NAT
·ADSL Router Sample Configuration running GRE
·Configuring router with integrated ADSL modem running PPPoA
·Generic PPPoA configuration w/ dynamic address
·Generic PPPoA/PPPoE/RFC1483 Bridging/RFC1483 Routing Configurations
·Generic PPPoE configuration
·How can I configure broadband router with cable/dsl using static IP address
·Configure a PIX/ASA using static IP address from ISP
·Setting Up Network With ISP WAN and Public IP Block subnets running NAT
| | | ISP used on the thread are SBC with PPPoE, Verizon (US) with PPPoE; Zen (UK) with PPPoA
»PPPoE configs required
Notes:
* Qwest uses PPPoA in certain area and uses PPPoE in others for xDSL services. When you are having Qwest as your DSL Internet provider, confirm with Qwest which PPP technology is used within your area.
* Verizon uses DHCP/Static in certain area and uses PPPoE in others for xDSL servers. When you are having Verizon as your DSL Internet provider, confirm with Verizon which technology is used within your area.
Non-PPPoE Static IP Verizon ADSL Sample Configuration (contributed by mannygib )
More Sample Configurations
The following link provides sample configurations for Cisco routers concerning PPPoE, PPPoA, and DHCP environment. Your network setup could be similar, different, or mixed. You may not even use the same router model as the sample configurations used. However the sample configurations can be considered generic. Go explore the link and see if you can answer your own question. Of course you can always post questions to the forum for further assistance. Have fun :)
Cisco website
http://www.cisco.com/en/US/products/hw/routers/ps259/prod_configuration_examples_list.html
Cisco 827 Router Configuration Frequently Asked Questions
Various PPPoE/PPPoA/DHCP/Static Sample Configuration with Cisco
 feedback form
 feedback form
by aryoba
last modified: 2008-03-16 07:12:52 | | | Suggested prerequisite reading:
»Cisco Forum FAQ »Things to expect when setup network for home or small business
For many cable and DSL internet connections, the ISPs inform their customers (subscribers) to set their router to receive IP address from them automatically. This means that the ISPs treat their subscriber's router as DHCP client.
When this is your case, then the following sample configuration is a good starting point to help you configure the router. Though the example uses 2514 router, the configuration applies to any router that uses or has two Ethernet interfaces for connection (one for WAN or facing the ISP, and another for LAN or facing your computers).
Typical network environment that might utilize following sample router configuration is as follows
* There is a modem in front of the router, which the modem connects to the ISP
* ISP is providing Public IP address to the router via DHCP
* There is NAT/PAT in place on the router to translate internal IP addresses to the ISP-provided Public IP address
* The router is also acting as DHCP server, which provide dynamic IP info for hosts behind the router
Note:
Keep in mind that there are two DHCP process on this sample configuration. One is between your ISP and the router, and another is between the router and machines within your LAN. Your ISP would hand out specific IP address (i.e. 1.1.1.1) where your router would hand out completely different IP address for internal usage.
This sample router configuration assumes the followings
* Internal private IP subnet (for hosts behind the router): 192.168.1.0/24
* All of the hosts' gateway would be the router inside interface IP address: 192.168.1.1
* The IP address range of 192.168.1.31-192.168.1.254 would be available for DHCP pool client
* The IP address range of 192.168.1.2-192.168.1.30 would be reserved for statically-assigned hosts, consequently
* The DHCP clients would also receive DNS IP addresses of 4.2.2.5, 4.2.2.6, and 4.2.2.66 automatically as part of the dynamically assigned IP address process
* When all hosts behind the router go out to the Internet, the hosts would be using the router outside interface IP address (which is the ISP-assigned Public IP address)
Note:
* The DNS server IP addresses used here are 4.2.2.5, 4.2.2.6, and 4.2.2.66 which may not reflect your ISP DNS server IP addresses. To match your ISP DNS server IP addresses, simply replace those IP addresses with your ISP DNS server IP addresses.
SAMPLE CONFIGURATION
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
!
ip subnet-zero
no ip finger
ip dhcp excluded-address 192.168.1.1 192.168.1.30
!
ip dhcp pool insideDHCP
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 4.2.2.5 4.2.2.6 4.2.2.66
!
!
!
!
!
interface Ethernet0
description Facing the ISP (the WAN)
ip address dhcp
ip nat outside
no ip route-cache
no ip mroute-cache
!
interface Ethernet1
description Facing my LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
ip kerberos source-interface any
ip nat inside source list 1 interface Ethernet0 overload
ip classless
ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
line con 0
exec-timeout 0 0
password 7 104308100F1E1C0C
logging synchronous
login
transport input none
line aux 0
password 7 082C4D4703100B10
login
line vty 0 4
password 7 050607062B45400E
login
!
end
The following is the DHCP discussion.
/forum/remark,10697474~mode=flat?hilite=2514
»[Config] my verizon DSL and cisco 2514 configuration
Note:
* Watch the exclusion of the gateway of the last resort command (ip route 0.0.0.0 0.0.0.0). This command is not needed for dynamic public IP address assignment via DHCP since that's the whole point of using DHCP.
* Some ISP lock down handed-down IP address with certain MAC address. When this is the case, you may want to inform your ISP to replace the MAC address with the correct one (which is your router WAN interface MAC address) or "clone" MAC address from the working one into the router. Check out the following thread for illustration
»[help] 851W and ISP DHCP
feedback form
feedback form
by aryoba
last modified: 2008-04-13 06:25:13 | | | Suggested prerequisite reading:
»Cisco Forum FAQ »Things to expect when setup network for home or small business
For many cable and DSL internet connections, the ISPs inform their customers (subscribers) to set their router to receive IP address from them automatically. This means that the ISPs treat their subscriber's router as DHCP client.
When this is your case, then the following sample configuration is a good starting point to help you configure the router. Typical network environment that might utilize following sample router configuration is as follows
* There is no (external) modem in front of the router that connects to the ISP
* The modem to the ISP would be internal within the router itself
* DSL line would go directly to the router internal modem
* ISP is providing Public IP address to the router via DHCP
* There is NAT/PAT in place on the router to translate internal IP addresses to the ISP-provided Public IP address
* The router could also be acting as DHCP server, which provide dynamic IP info for hosts behind the router
Note:
Keep in mind that when the router acts as DHCP server, there are two DHCP process on this sample configuration. One is between your ISP and the router, and another is between the router and machines within your LAN. Your ISP would hand out specific IP address (i.e. 1.1.1.1) where your router would hand out completely different IP address for internal usage.
Preliminary
DHCP client configuration for generic (dual-Ethernet) router or for ADSL router is basically the same. Specifically for ADSL router, you need to configure the DSL (ATM) interface, the BVI interface, and the IRB feature.
To go a bit technical, the ATM interface should be configured as point to point with the matching ISP VPI/VCI value. The reason behind it is that there is possibility of having multiple VPI/VCI values within the same ATM interface. By setting a sub-interface as point-to-point connection with specific VPI/VCI value, the ADSL modem will know how it correctly forwards traffic to proper path.
The next step is to tie point-to-point ATM interface to a specific BVI interface by setting them in the same broadcast domain. In this sample configuration, both the ATM interface and the BVI interface are in the same broadcast domain #1 (bridge group 1).
The reason behind such setup is following. There are two interfaces that deal with the DSL connection. One interface is the physical ATM interface where you physically connect phone cable into it. The other interface is the logical Layer-2/3 BVI interface that will do IP routing and switching. In other words, the BVI is handling the ISP and Internet IP routing connection.
Where logically the BVI is the WAN side, the LAN side is still the same which is the Ethernet interface. When your LAN needs to go out to the Internet, the router will send all necessary packets from the Ethernet interface to the BVI interface. Since BVI interface is only a logical interface and not a physical interface, the BVI will then look for its physical interface in order to forward the packets that need to go out to the Internet. The physical interface in question is the ATM interface.
To make sure the BVI interface know that its associating physical interface is the ATM interface, you need to put them in the same broadcast domain. This is where the "bridge group 1" command come in handy.
Since your router would have two interfaces (the ATM and BVI) in the same broadcast domain and would need to do proper IP routing between your ISP and your LAN, then you also need to configure the IRB feature. IRB is short for Integrated Routing Bridging. With IRB, your router is capable to act as a bridge (for the ATM and BVI interfaces) and as a router (for routing business between your ISP and your LAN).
This sample router configuration assumes the followings
* Internal private IP subnet (for hosts behind the router): 10.10.10.0/24
* All of the hosts' gateway would be the router inside interface IP address: 10.10.10.1
* The IP address range of 10.10.10.2 to 10.10.10.254 would be available for your LAN devices/hosts
* When all hosts behind the router go out to the Internet, the hosts would be using the router outside interface IP address (which is the ISP-assigned Public IP address)
SAMPLE CONFIGURATION
Following is a sample configuration to set an ADSL router as the ISP's DHCP client.
!
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
!
ip subnet-zero
!
bridge irb
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface ATM0
no ip address
no ip directed-broadcast
no atm ilmi-keepalive
bundle-enable
hold-queue 208 in
!
interface ATM0.35 point-to-point
no ip directed-broadcast
pvc 0/35
encapsulation aal5snap
!
bridge-group 1
!
!
interface BVI1
ip address dhcp
no ip directed-broadcast
ip nat outside
!
ip nat inside source list 1 interface BVI1 overload
ip classless
no ip http server
!
access-list 1 permit 10.10.10.0 0.0.0.255
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
exec-timeout 0 0
transport input none
stopbits 1
line vty 0 4
password ****
login
!
scheduler max-task-time 5000
end
Please note that the pvc (vpi/vci) value used here in this sample configuration MUST BE MODIFIED to match your ISP vpi/vci's. Since only your ISP that know for sure what their own vpi/vci value, then you should ask your ISP which value they use.
Note:
* Watch the exclusion of the gateway of the last resort command (ip route 0.0.0.0 0.0.0.0). This command is not needed for dynamic public IP address assignment via DHCP since that's the whole point of using DHCP.
* Some ISP lock down handed-down IP address with certain MAC address. When this is the case, you may want to inform your ISP to replace the MAC address with the correct one (which is your router WAN interface MAC address) or "clone" MAC address from the working one into the router. Check out the following thread for illustration
»[help] 851W and ISP DHCP
Setup the router as DHCP server (handing out IP address to LAN hosts automatically)
Keep in mind that the above sample configuration assumes all of your LAN machines (i.e. computers, print servers) to have their associating IP address statically configured. When your computers are configured to receive IP address automatically (read: as DHCP clients), then you need to configure the router as the DHCP server to your LAN machines. The following is the needed configuration.
ip dhcp excluded-address 10.10.10.1 10.10.10.31
!
ip dhcp pool CLIENT
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 4.2.2.5 4.2.2.6 4.2.2.66
import all
With the above setup,
* The IP address range of 10.10.1.32-10.10.10.254 would be available for DHCP pool client
* The IP address range of 10.10.10.2-192.168.1.31 would be reserved for statically-assigned hosts, consequently
* The DHCP clients would also receive DNS IP addresses of 4.2.2.5, 4.2.2.6, and 4.2.2.66 automatically as part of the dynamically assigned IP address process
* These 4.2.2.5, 4.2.2.6, and 4.2.2.66 should be either your local DNS/WINS servers or ISP-provided DNS servers
feedback form
feedback form
by aryoba
last modified: 2008-06-04 12:41:43 | | | Suggested prerequisite reading:
»Cisco Forum FAQ »Things to expect when setup network for home or small business
For many cable and DSL internet connections, the ISPs inform their customers (subscribers) to set their router to receive IP address from them automatically. This means that the ISPs treat their subscriber's router as DHCP client.
When this is your case, then the following sample configuration is a good starting point to help you configure the firewall. There are two sample configurations provided here, one is the PIX version and another is ASA version. Note that both configurations are identical.
Typical network environment that might utilize following sample PIX/ASA configuration is as follows
* There is a modem in front of the PIX/ASA, which the modem connects to the ISP
* ISP is providing Public IP address to the PIX/ASA via DHCP
* There is NAT/PAT in place on the PIX/ASA to translate internal IP addresses to the ISP-provided Public IP address
* The PIX/ASA is also acting as DHCP server to the local LAN, which provide dynamic IP info for hosts behind the PIX/ASA within the LAN
Note:
Keep in mind that there are two DHCP processes on this sample configuration. One is between your ISP and the PIX/ASA, and another is between the PIX/ASA and machines within your LAN. Your ISP would hand out specific WAN or Public IP address (i.e. 1.1.1.1) to the WAN interface of your PIX or ASA via ISP DHCP mechanism where your PIX/ASA would hand out completely different IP address for internal usage via PIX/ASA DHCP mechanism.
This sample PIX/ASA configuration assumes the followings
* Internal private IP subnet (for hosts behind the PIX): 10.0.0.0/24
* All of the hosts' gateway would be the PIX/ASA inside interface IP address: 10.0.0.1
* The IP address range of 10.0.0.30-10.0.0.254 would be available for DHCP pool client
* The IP address range of 10.0.0.2-10.0.0.29 would be reserved for statically-assigned hosts, consequently
* The DHCP clients would also receive DNS IP addresses of 68.87.64.196 and 68.87.66.196 automatically as part of the dynamically assigned IP address process
* When all hosts behind the PIX/ASA go out to the Internet, the hosts would be using the PIX/ASA outside interface IP address (which is the ISP-assigned Public IP address)
* Necessary ICMP packet coming from the Internet would be permitted to enter your LAN
SAMPLE CONFIGURATION
1. PIX
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ***** encrypted
passwd ***** encrypted
hostname PIX
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group icmp-type ICMP-INBOUND
description Permit necessary inbound ICMP traffic
icmp-object 0
icmp-object 3
icmp-object 11
access-list INBOUND permit icmp any any object-group ICMP-INBOUND
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 10.0.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group INBOUND in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no http server enable
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 10.0.0.30-10.0.0.254 inside
dhcpd dns 68.87.64.196 68.87.66.196
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
terminal width 80
2. ASA
hostname ASA
domain-name xxxxx
enable password xxxxxxxxx encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd xxxxxxxxxxx encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name xxx.xxx
object-group icmp-type ICMP-INBOUND
description Permit necessary inbound ICMP traffic
icmp-object 0
icmp-object 3
icmp-object 11
access-list INBOUND extended permit icmp any any object-group ICMP-INBOUND
pager lines 24
logging enable
logging console notifications
logging buffered warnings
logging asdm notifications
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group INBOUND in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 10.0.0.30-10.0.0.254 inside
dhcpd dns 68.87.64.196 68.87.66.196 interface inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
webvpn
enable outside
prompt hostname context
feedback form
feedback form
by aryoba
last modified: 2008-04-13 06:28:00 | | | Suggested prerequisite reading:
»Cisco Forum FAQ »Things to expect when setup network for home or small business
For many cable and DSL internet connections, the ISPs inform their customers (subscribers) to set their router to receive IP address from them using username and password. This means that the ISPs treat their subscriber's router as PPP client.
When this is your case, then the following sample configuration is a good starting point to help you configure the router. If your ISP requires you to use PPPoE for Internet access, the general idea is that you configure the router as PPPoE client to the ISP.
Following is the sample configuration using Cisco 2514 with IOS image version 12.3. Even though the example uses 2514 router, the configuration applies to any router that utilizes two ethernet interfaces for connection.
Typical network environment that might utilize following sample router configuration is as follows
* There is a modem in front of the router, which the modem connects to the ISP
* ISP is providing Public IP address to the router via PPPoE
* There is NAT/PAT in place on the router to translate internal IP addresses to the ISP-provided Public IP address
This sample router configuration assumes the followings
* Internal private IP subnet (for hosts behind the router): 10.10.10.0/24
* All of the hosts' gateway would be the router inside interface IP address: 10.10.10.1
* The IP address range of 10.10.10.2-10.10.10.254 would be available for hosts within your LAN
* When all hosts behind the router go out to the Internet, the hosts would be using the router outside interface IP address (which is the ISP-assigned Public IP address)
* The router is not setup as DHCP server to LAN machines. You can check out the next PPP router sample configuration to illustrate of setting up a router as the DHCP server.
SAMPLE CONFIGURATION
version 12.3
no parser cache
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service dhcp
!
hostname Router
!
!
enable password xxxxxxxxxx
no aaa new-model
ip subnet-zero
ip cef
!
!!!!! Configure Router as PPPoE Client to the ISP
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!!!!!
!
!
!
interface Ethernet0
description My LAN Interface
ip address 10.10.10.1 255.255.255.0
!!!! When NAT/PAT occurs, this interface is the source candidate (inside local)
ip nat inside
!!!!
no ip mroute-cache
no cdp enable
!
interface Ethernet1
description Physical ADSL Interface (Facing the ISP)
no ip address
no ip mroute-cache
!!!! Ties this interface to the Dialer interface
pppoe enable
pppoe-client dial-pool-number 1
!!!!
no cdp enable
!
interface Serial0
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Serial1
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Dialer1
description Logical ADSL Interface
ip address negotiated
ip mtu 1492
!!!! When NAT/PAT occurs, this interface is the destination candidate (inside global)
ip nat outside
!!!!
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
!!!!! Ties this logical interface to the proper physical interface
dialer pool 1
!!!!!
!!!!! Passing the protocol allowed by the "dialer-list" command
dialer-group 1
!!!!!
no cdp enable
ppp authentication chap callin
ppp chap hostname
ppp chap password
ppp pap sent-username password
!!!! Default Gateway to the ISP
ppp ipcp route default
!
!!!! PAT subnets allowed by the ACL 10
ip nat inside source list 10 interface Dialer1 overload
!!!!
no ip http server
ip classless
!!!!
!
!
!!!! ACL 10 determines which subnet to be PATed
access-list 10 permit 10.10.10.0 0.0.0.255
!!!!
!!!! Determine which protocol to pass through
dialer-list 1 protocol ip permit
!!!!
no cdp run
!
!
!
line con 0
exec-timeout 120 0
stopbits 1
line vty 0 4
exec-timeout 0 0
login local
length 0
!
scheduler max-task-time 5000
end
A Walkthrough
»Cisco Forum FAQ »Walkthrough of Configuring Cisco Routers for ADSL PPPoE using external modem
Note:
For those of you who curious to learn more of the PPPoE client configuration on Cisco router, you may issue the questions mark ? command to find out the available protocol list to do the VPDN dial. As a headsup, the pppoe may not show when you issue the ?. However when you enter the pppoe command, the router will take it without problem. In other words, the pppoe protocol choice command may somewhat hidden.
More PPPoE sample configuration
»Cisco Forum FAQ »Wireless Router Sample Configuration
Some discussion
/forum/remark,10361865~mode=flat
»getting my hand wet over cisco!! please help
PPPoE Troubleshooting Guide from official Cisco website in case something goes wrong:
»www.cisco.com/en/US/tech/tk175/t···c2.shtml
Side Note:
Some might argue that the configuration only applies to dynamic ISP IP address assignment. That when using static, the command under interface Dialer1 is "ip address x.x.x.x x.x.x.x" instead of "ip address negotiated". However, you may have to use "ip address negotiated" on static IP address to make everything work (the VPN, public server access, etc.) in some cases.
Check out the following FAQ for more info
»Cisco Forum FAQ »Between DHCP, PPP, Dynamic, and Static IP Address
feedback form
feedback form
by aryoba
last modified: 2008-06-03 09:02:11 | | | Suggested prerequisite reading:
»Cisco Forum FAQ »Things to expect when setup network for home or small business
For a quick guide and some network topology, check out the following FAQ
»Cisco Forum FAQ »Quick Guide of Configuring Cisco router for PPPoE using external modem
For a basic walk through to help you to configure any Cisco with two ethernet interfaces and Cisco IOS for ADSL, keep reading.
First we will need to build the VPDN group so we will be able to add our dialer after we configure the Ethernet interface we will use for the WAN connection :
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#vpdn enable
router(config)#vpdn-group 1
router(config-vpdn)#request-dialin
router(config-vpdn)#protocol pppoe
router(config-vpdn)#exit
Now we configure one Ethernet interface for use as our WAN interface :
router(config)#interface Ethernet1
router(config-if)#description ADSL WAN Interface
router(config-if)#no ip address
router(config-if)#no ip redirects
router(config-if)#no ip unreachables
router(config-if)#no ip proxy-arp
router(config-if)#no ip mroute-cache
router(config-if)#pppoe enable
router(config-if)#no cdp enable
router(config-if)#exit
Now to add your Dialer interface :
router(config)#interface Dialer1
router(config-if)#description ADSL WAN Dialer
router(config-if)#ip address negotiated
router(config-if)#no ip unreachables
router(config-if)#ip nat outside
router(config-if)#encapsulation ppp
router(config-if)#no ip mroute-cache
router(config-if)#dialer pool 1
router(config-if)#dialer-group 1
router(config-if)#no cdp enable
At this point you will need to find out what type of authentication your ISP requires. When I have run into problems with this (ISP says one thing, its actually something else...) I turn on the debug ppp packet option to view low level packet output. Generally you will need to either use CHAP or PAP authentication, my ISP requires both so I'll show you how to set both up :
router(config-if)#ppp authentication chap callin
router(config-if)#ppp chap hostname ispusername
Want to make sure that username is whatever your ISP requires. Some like the full e-mail address, some just need the username.
router(config-if)#ppp chap password isppassword
router(config-if)#ppp pap sent-username ispusername password isppassword
router(config-if)#exit
You can see with PAP as opposed to chap you input your username and password all at once in one command.
Another problem you may experience with many providers making constant changes to their network is with packet fragmentation from PCs with MTUs set too high. Many people on BBR suggest setting MTU size and tweaking each machine for optimal broadband settings, but the Cisco IOS allows you to perform traffic shaping on your Dialer interface that will correct this problem.
Feel free to read here :
Troubleshooting MTU Size in PPPoE Dialin Connectivity
for additional information about adjusting Maximum Segment (MSS) sizes on your equipment.
Now we configure our other Ethernet interface for use as our LAN interface :
router(config)#interface Ethernet0
router(config-if)#description ADSL LAN Interface
When adding the IP address we can pretty much put whatever on there as long as the rest of the NAT setup matches. Format is ip address and the subnet mask.
router(config-if)#ip address 10.10.10.1 255.255.255.0
router(config-if)#no ip redirects
router(config-if)#no ip unreachables
router(config-if)#no ip proxy-arp
router(config-if)#ip nat inside
router(config-if)#no ip mroute-cache
router(config-if)#no cdp enable
router(config-if)#exit
Now we're done with the actual LAN / WAN setup and just need to add a few more parts to get everything working.
We add our access-list for NAT :
router(config)#access-list 10 permit 10.10.10.0 0.0.0.255
And disable CDP :
router(config)#no cdp run
And add our NAT source list :
router(config)#ip nat inside source list 10 interface Dialer1 overload
Turn on CIDR routing :
router(config)#ip classless
And finally add our default route to the internet. There are two ways of doing so. One (the correct way) is to let PPP negotiation process determine the default gateway IP address. To do so, enter the following commands.
router(config)#interface Dialer1
router(config-if)#shutdown
router(config-if)#ppp ipcp route default
router(config-if)#no shutdown
router(config-if)#exit
On some IOS images, the ppp ipcp command is not supported unfortunately. When this applies to you, then you have no choice to either upgrade the IOS image that support the command or to use the following command.
router(config)#ip route 0.0.0.0 0.0.0.0 Dialer1
Now you should have a basic connection built and running. You will probably want to add a little more in the way of security such as setting vty, console, and enable passwords, as well as disabling any unnecessary services on the router and adding name servers, time servers, etc.
feedback form
feedback form
by amethyst1x edited by aryoba
last modified: 2008-06-03 09:01:00 | | | OK fist we are going to start with PPP.
Note that any users on a DSL line using PPPoE would not be able to use PPP will get on that later...
Here is an example configuration for a Cisco 678 DMT.
First we are going to logging in to the command console here are the steps...
1* Connect the cable to the back of the router in the MGNT port and then to the back of your computer to COM 1.
2* Open Hyper Terminal and create a new connection, set it as follows, 1: Name the connection Cisco, 2: Ignore the first three fields and in the third "Connect using" set it to COM1. Click ok.
3* Set Bits per second to 38400, Data Bits 8, parity none, Stop Bits 1, Flow control None. click ok.
Then your Hyper Terminal Session screen will pop up. Hit Enter.
5* User Access Verification
Password: Is the next thing that appears. If this is a new router hit enter. Otherwise enter the password and hit enter.
6* cbos> appears. Type enable and hit enter.
7* enter the exec password then enter or hit enter if a new router.
8* cbos# appears. You are now in "Enable" mode and can setup your DSL router!
Here is a list of commands that will get up up and running if your ISP set you up with a dynamic IP address.
set nvram erase
write
reboot
Get back into the "enable" mode as you did above.
set password enable ~Make up a password~
set password exec ~Make up a password~ I use the same password I did above, easier to remember
set ppp restart enabled
set ppp wan0-0 ipcp 0.0.0.0
set ppp wan0-0 dns 0.0.0.0
set ppp wan0-0 login ( Supplied by your ISP )
set ppp wan0-0 password ( Supplied by your ISP )
set nat enable
set nat timeout udp 3600 ( for online gaming )
set nat timeout icmp 3600 ( for online gaming )
set dhcp server enable
set int wan0-0 disable
write
set int wan0-0 vpi 0 ( Supplied by your ISP )
set int wan0-0 vci 35 ( Supplied by your ISP )
set int wan0-0 enable
set ppp wan0-0 subnet 0.0.0.0
set web disable ( Code Red Virus Deterrent!)
set web port 8081 ( Code Red Virus Deterrent!)
set web remote 255.255.255.255 ( Code Red Virus Deterrent!)
write
reboot
You are finished! Close Hyper Terminal and you should be able to connect to the Internet!
Note:
On CBOS 2.4.6 and up you do not have to set the web disable because these burnability is address...
But for double security you can still disable it ;)
Also the VPI/VCI vary upon ISP so you might want to call your ISP and ask them what is there VPI/VCI. The one I posted above is for SBC.
Now here are the steps for PPP if you have a Cisco 678 CAP.
1* Connect the cable to the back of the router in the MGNT port and then to the back of your computer to COM 1.
2* Open Hyper Terminal and create a new connection, set it as follows, 1: Name the connection Cisco, 2: Ignore the first three fields and in the third "Connect using" set it to COM1. Click ok.
3* Set Bits per second to 38400, Data Bits 8, parity none, Stop Bits 1, Flow control None. click ok.
Then your Hyper Terminal Session screen will pop up. Hit Enter.
5* User Access Verification
Password: Is the next thing that appears. If this is a new router hit enter. Otherwise enter the password and hit enter.
6* cbos> appears. Type enable and hit enter.
7* enter the exec password then enter or hit enter if a new router.
8* cbos# appears. You are now in "Enable" mode and can setup your DSL router!
set nvram erase
write
reboot
Get back into the "enable" mode as you did above.
set password enable ~Make up a password~
set password exec ~Make up a password~ I use the same password I did above, easier to remember
set ppp restart enabled
set ppp wan0-0 ipcp 0.0.0.0
set ppp wan0-0 dns 0.0.0.0
set ppp wan0-0 login ( Supplied by your ISP )
set ppp wan0-0 password ( Supplied by your ISP )
set nat enable
set nat timeout udp 3600 ( for online gaming )
set nat timeout icmp 3600 ( for online gaming )
set dhcp server enable
set web disable ( Code Red Virus Deterrent!)
set web port 8081 ( Code Red Virus Deterrent!)
set web remote 255.255.255.255 ( Code Red Virus Deterrent!)
write
reboot
You are finished! Close Hyper Terminal and you should be able to connect to the Internet
And you are done :)
Now to bridge mode :)
To any DSL ISP that uses PPPoE these is the only option you only have to use with these modem because the Cisco 678 does not uses PPPoE for authentication.
So you will need a router or a Hardware Firewall to handle the PPPoE for you.
1* Connect the cable to the back of the router in the MGNT port and then to the back of your computer to COM 1.
2* Open Hyper Terminal and create a new connection, set it as follows, 1: Name the connection Cisco, 2: Ignore the first three fields and in the third "Connect using" set it to COM1. Click ok.
3* Set Bits per second to 38400, Data Bits 8, parity none, Stop Bits 1, Flow control None. click ok.
Then your Hyper Terminal Session screen will pop up. Hit Enter.
5* User Access Verification
Password: Is the next thing that appears. If this is a new router hit enter. Otherwise enter the password and hit enter.
6* cbos> appears. Type enable and hit enter.
7* enter the exec password then enter or hit enter if a new router.
8* cbos# appears. You are now in "Enable" mode and can setup your DSL router!
set nvram erase
write
reboot
Get back into the "enable" mode as you did above.
set password enable ~Make up a password~
set password exec ~Make up a password~ I use the same password I did above, easier to remember.
set bridging rfc1483 enable
write
reboot
enable
set client dhcp enable or (disable if your going to do dhcp from firewall)
write
set int wan0-0 disable
write
set int wan0-0 vpi 0 ( Supplied by your ISP )
set int wan0-0 vci 35 ( Supplied by your ISP )
set int wan0-0 enable
set web disable ( Code Red Virus Deterrent!)
set web port 8081 ( Code Red Virus Deterrent!)
set web remote 255.255.255.255 ( Code Red Virus Deterrent!)
write
reboot
You are finished! Close Hyper Terminal and you should be able to connect to the Internet
These will get you going in no time :)
Good Luck.
feedback form
feedback form
by XCOM edited by aryoba
last modified: 2005-11-12 07:52:15 | | | The following configuration is courtesy of dh_supreme and may be found in its original format in this thread.
set nvram erase
set password exec (whatever password u desire)
write
set ppp wan0-0 dns 0.0.0.0
set ppp wan0-0 ipcp 0.0.0.0
set ppp wan0-0 login (keycode1@msndsl.net here)
set ppp wan0-0 password (keycode2 here)
set dhcp server enable
set nat enable
set int wan0-0 close
set int wan0-0 vpi 0
set int wan0-0 vci 32
set int wan0-0 open
set ppp restart enable
write
reboot
set nat entry delete all
set nat entry add 10.0.0.2 1-22 0.0.0.0 1-22 tcp
set nat entry add 10.0.0.2 1-22 0.0.0.0 1-22 udp
set nat entry add 10.0.0.2 24-65535 0.0.0.0 24-65535 tcp
set nat entry add 10.0.0.2 24-65535 0.0.0.0 24-65535 udp
write
reboot
I set my nat to forward all ports except 23.
I then use the nat in my router to control what ports are open and where they can go.
feedback form
feedback form
by Covenant edited by aryoba
last modified: 2005-11-12 07:52:34 | | | Suggested prerequisite reading:
»Cisco Forum FAQ »Things to expect when setup network for home or small business
For many cable and DSL internet connections, the ISPs inform their customers (subscribers) to set their router to receive IP address from them using username and password. This means that the ISPs treat their subscriber's router as PPP client.
When this is your case, then the following sample configuration is a good starting point to help you configure the router. If your ISP requires you to use PPPoE for Internet access, the general idea is that you configure the router as PPPoE client to the ISP.
Following is the sample configuration using Cisco 827 with IOS image version of 12.1. Even though the example uses 827 router, the configuration applies to any router that utilizes ATM/DSL interface to ISP connection and Ethernet interface for LAN connection.
Typical network environment that might utilize following sample router configuration is as follows
* There is a no modem in front of the router
* The router has integrated DSL/ATM modem, which would connect to the ISP
* ISP is providing Public IP address to the router via PPPoE
* There is NAT/PAT in place on the router to translate internal IP addresses to the ISP-provided Public IP address
This sample router configuration assumes the followings
* Internal private IP subnet (for hosts behind the router): 10.10.10.0/24
* All of the hosts' gateway would be the router inside interface IP address: 10.10.10.1
* The IP address range of 10.10.10.2-10.10.10.254 would be available for hosts within your LAN
* When all hosts behind the router go out to the Internet, the hosts would be using the router outside interface IP address (which is the ISP-assigned Public IP address)
* The outside interface IP address is statically assigned in addition of PPP configuration. If your ISP requires you to have dynamically-assigned IP address, then you can simply issue ip address negotiated command instead. Check out other FAQ for sample configuration using dynamic IP address.
* The router does not act as DHCP server; hence it is either static IP address assignment is required to all hosts, or there is a separate DHCP server dynamically assign IP addresses to all hosts
* The Ameritech (SBC/AT&T) uses 0/35 as the VPI/VCI which may not reflect your ISP VPI/VCI value. Confirm with your ISP regarding the value.
Preface
Here is a guaranteed working config for anyone using Ameritech ADSL for their circuit provider and Megapath.net for ISP. It took 2 calls 2 cisco and weeks of fighting with ISP tech support, but I learned a valuable lesson about ADSL PPPoE specifically.
This is from the mouth of Cisco, "If you have ADSL running PPPoE and run into problems resolving DNS, adjust your MTU on your ethernet interface using the command ip tcp adjust-mss 1452. This is because PPPoE requires more bits in the header packet than any other type of circuit." It was news to me, but the minute we adjusted the MTU all my problems were fixed.
So with that in mind, here is a 100% working config from my 827 ADSL router. Hope this lesson I learned helps someone out in the future!!!!
SAMPLE CONFIGURATION
Router#sh run
Building configuration...
Current configuration : 2593 bytes
!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
ip subnet-zero
no ip finger
ip name-server 66.80.130.23
ip name-server 66.80.131.5
!
no ip dhcp-client network-discovery
vpdn enable
no vpdn logging
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
no ip mroute-cache
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.35 point-to-point
pvc 0/35
protocol pppoe
pppoe-client dial-pool-number 1
!
!
!
interface Dialer1
ip address 69.33.10.11 255.255.255.0
ip mtu 1492
encapsulation ppp
ip nat outside
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname ppp-username@megapathdsl.net
ppp chap password 7 Encrypted password
ppp pap sent-username ppp-username@megapathdsl.net password 7 encrypted password
!
ip classless
ip route 0.0.0.0 0.0.0.0 69.33.10.1
no ip http server
ip nat inside source list 10 interface Dialer1 overload
!
dialer-list 1 protocol ip permit
!
access-list 10 permit 10.10.10.0 0.0.0.255
line con 0
password 7 XXXXXXXXX
transport input none
stopbits 1
line vty 0 4
exec-timeout 30 0
password 7 XXXXXXXXX
login
length 0
!
scheduler max-task-time 5000
end
Thanks to sanchito75 for this post leading to this FAQ.
feedback form
feedback form
by nozero edited by aryoba
last modified: 2008-08-14 08:45:59 | | | Suggested prerequisite reading:
»Cisco Forum FAQ »Things to expect when setup network for home or small business
For many cable and DSL internet connections, the ISPs inform their customers (subscribers) to set their router to receive IP address from them automatically with username and password. This means that the ISPs treat their subscriber's router as PPP client.
When this is your case, then the following sample configuration is a good starting point to help you configure the firewall. Typical network environment that might utilize following sample PIX/ASA configuration is as follows
* There is a modem in front of the PIX/ASA, which the modem connects to the ISP
* ISP is providing Public IP address to the PIX/ASA via PPPoE
* There is NAT/PAT in place on the PIX/ASA to translate internal IP addresses to the ISP-provided Public IP address
* The PIX/ASA is also acting as DHCP server to local LAN, which provide dynamic IP info for hosts behind the PIX/ASA within the LAN
This sample PIX/ASA configuration assumes the followings
* Internal private IP subnet (for hosts behind the PIX/ASA): 10.0.0.0/24
* All of the hosts' gateway would be the PIX/ASA inside interface IP address: 10.0.0.1
* The IP address range of 10.0.0.30-10.0.0.254 would be available for DHCP pool client
* The IP address range of 10.0.0.2-10.0.0.29 would be reserved for statically-assigned hosts, consequently
* The DHCP clients would also receive DNS IP addresses of 68.87.64.196 and 68.87.66.196 automatically as part of the dynamically assigned IP address process
* When all hosts behind the PIX/ASA go out to the Internet, the hosts would be using the PIX/ASA outside interface IP address (which is the ISP-assigned Public IP address)
* Necessary ICMP packet coming from the Internet would be permitted to enter your LAN
SAMPLE CONFIGURATION
1. PIX
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ***** encrypted
passwd ***** encrypted
hostname PIX
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group icmp-type ICMP-INBOUND
description Permit necessary inbound ICMP traffic
icmp-object 0
icmp-object 3
icmp-object 11
access-list INBOUND permit icmp any any object-group ICMP-INBOUND
pager lines 24
mtu outside 1492
mtu inside 1500
ip address outside pppoe setroute
ip address inside 10.0.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group INBOUND in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 10.0.0.2 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 10.0.0.2 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group pppoex request dialout pppoe
vpdn group pppoex localname [ENTER ISP USERNAME HERE]
vpdn group pppoex ppp authentication chap (or PAP, depends on your ISP settings)
vpdn username [ENTER ISP USERNAME HERE] password [ENTER ISP PASSWORD HERE]
dhcpd address 10.0.0.30-10.0.0.254 inside
dhcpd dns 68.87.64.196 68.87.66.196
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
terminal width 80
2. ASA
hostname ASA
domain-name xxxxx
enable password xxxxxxxxx encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address pppoe setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd xxxxxxxxxxx encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name xxx.xxx
object-group icmp-type ICMP-INBOUND
description Permit necessary inbound ICMP traffic
icmp-object 0
icmp-object 3
icmp-object 11
access-list INBOUND extended permit icmp any any object-group ICMP-INBOUND
pager lines 24
logging enable
logging console notifications
logging buffered warnings
logging asdm notifications
mtu outside 1492
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group INBOUND in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group pppoex request dialout pppoe
vpdn group pppoex localname [ENTER ISP USERNAME HERE]
vpdn group pppoex ppp authentication chap (or PAP, depends on your ISP settings)
vpdn username [ENTER ISP USERNAME HERE] password [ENTER ISP PASSWORD HERE]
!
dhcpd address 10.0.0.30-10.0.0.254 inside
dhcpd dns 68.87.64.196 68.87.66.196 interface inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
webvpn
enable outside
prompt hostname context
MTU Setting Notes:
* Typical Ethernet connection uses 1500 bytes MTU
* PPPoE uses a 8 bytes overhead MTU, therefore there is only a 1492 bytes MTU left for data
* PPPoE process takes place on the outside interface where the PIX/ASA is connecting to the ISP
* There is just regular Ethernet connection on the inside interface where the PIX/ASA is connecting to the inside LAN
* The 1492 bytes MTU should only take place on the outside interface and keep 1500 bytes MTU on the inside interface
For further info, check out following official Cisco links
PIX
»www.cisco.com/en/US/products/hw/···dd.shtml
ASA
»www.cisco.com/en/US/products/ps6···be6.html
feedback form
feedback form
by aryoba
last modified: 2008-04-13 06:31:46 | | | Note: the steps here are only for the purpose of getting connected to your ISP. Other issues like security and features are not inclusive. They are where you enter your details. You will need to edit this for your use.
PPPoA
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface ethernet 0
router(config)#no ip http server
Router(config-if)#ip address 10.10.10.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface dialer 0
If you are assigned a static IP by your ISP, then follow this command
Router(config-if)#ip address [YOUR IP ADDRESS ASSIGNED BY ISP] [SUBNET MASK]
If you are assigned a dynamic IP address by your ISP, then follow this command
Router(config-if)#ip address negotiated
Continue with the rest of command
Router(config-if)#ip nat outside
Router(config-if)#encapsulation ppp
Router(config-if)#dialer pool 1
Router(config-if)#ppp pap sent-username password
Router(config-if)#exit
Router(config)#interface atm 0
Router(config-if)#pvc
Router(config-if-atm-vc)#en aal5mux ppp dialer
Router(config-if-atm-vc)#dialer pool-member 1
Router(config-if-atm-vc)#no shutdown
Router(config-if)#exit
Router(config)#ip nat inside source list 1 interface dialer 0 overload
If you are assigned a static IP by your ISP, then follow this command
Router(config)#ip route 0.0.0.0 0.0.0.0
If you are assigned a dynamic IP address by your ISP, then follow this command
Router(config)#ip route 0.0.0.0 0.0.0.0 dialer 0
Continue with the rest of command
Router(config)#access-list 1 permit 10.10.10.0 0.0.0.255
Router(config)#exit
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router#
PPPoE
!
!
!
!
Configuration for PPPoE with NAT
Note: Pls note that the steps here are only for the purpose of getting connected with your ISP. Other issues like security and features are not inclusive. They are where you enter your details
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip http server
Router(config)#vpdn enable
Router(config)#vpdn-group ppoe
Router(config-vpdn)#request-dialin
Router(config-vpdn-req-in)#protocol pppoe
Router(config-vpdn-req-in)#exit
Router(config-vpdn)#exit
Router(config)#interface ethernet0
Router(config-if)#ip address 10.10.10.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface atm0
Router(config-if)#pvc
Router(config-if)#no shutdown
Router(config-if-atm-vc)#pppoe-client dial-pool-number 1
Router(config-if-atm-vc)#exit
Router(config-if)#exit
Router(config)#int dialer 1
f you are assigned a static IP by your ISP, then follow this command
Router(config-if)#ip address [YOUR IP ADDRESS ASSIGNED BY ISP] [SUBNET MASK]
If you are assigned a dynamic IP address by your ISP, then follow this command
Router(config-if)#ip address negotiated
Continue with the rest of command
Router(config-if)#ip mtu 1492
Router(config-if)#ip nat outside
Router(config-if)#dialer pool 1
Router(config-if)#ppp authentication pap callin
Router(config-if)#ppp pap sent-username password
Router(config-if)#exit
Router(config)#ip nat inside source list 1 interface dialer 1 overload
Router(config)#ip classless
If you are assigned a static IP by your ISP, then follow this command
Router(config)#ip route 0.0.0.0 0.0.0.0
If you are assigned a dynamic IP address by your ISP, then follow this command
Router(config)#ip route 0.0.0.0 0.0.0.0 dialer 1
Continue with the rest of command
Router(config)#no ip http server
Router(config)#access-list 1 permit 10.10.10.1 0.0.0.255
Router(config)#exit
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router#
This FAQ provided by member sanchito75
feedback form
feedback form
by nozero edited by aryoba
last modified: 2007-12-31 09:07:06 | | | Suggested prerequisite reading:
»Cisco Forum FAQ »Things to expect when setup network for home or small business
Here is a working configuration for a Cisco 1720 router for a UK ADSL ISP as PPPoA client. The 1720 is fitted with 48MB DRAM/16MB FLASH and running IOS 12.3(1).
It also has, obviously, a WIC-1ADSL module and a WIC-2T (not currently used).
In the configuration is also included an example of how to build 3 GRE tunnels to remote sites and how to synchronize the router clock with a NTP time source.
I hope someone will find this of use.
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco1720
!
enable password 7 xxxxxxxx
!
username xxxxxxx@dslgateb.xxxxxxxx.co.uk password 7 xxxxxxxx
username xxxxxxx password 7 xxxxxxx
memory-size iomem 25
ip subnet-zero
!
!
ip name-server 193.xxx.xxx.xxx
ip name-server 194.xxx.xxx.xxx
ip name-server 194.xxx.xxx.xxx
!
ip cef
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
xsm
xsm vdm
xsm edm
xsm history vdm
xsm history edm
!
interface Loopback0
description +++ Always Up Interface +++
ip address 10.10.10.10 255.255.255.255
!
interface Tunnel0
description +++ IP GRE VPN TO Office1 +++
ip address 192.168.xxx.2 255.255.255.252
tunnel source 213.xxx.xxx.76
tunnel destination 213.xxx.xxx.114
tunnel key 123abc
!
interface Tunnel1
description ++++ IP GRE VPN To Office2 ++++
ip address 192.168.xxx.9 255.255.255.252
tunnel source 213.xxx.xxx.76
tunnel destination 213.xxx.xxx.113
tunnel key 123abc
!
interface Tunnel2
description ++++ IP GRE VPN To Office3 ++++
ip address 192.xxx.xxx.13 255.255.255.252
tunnel source 213.xxx.xxx.76
tunnel destination 80.xxx.xxx.xxx
tunnel key 123abc
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
hold-queue 224 in
!
interface FastEthernet0
description +++ Connection To LAN +++
ip address 192.168.30.1 255.255.255.0
ip nat inside
speed auto
full-duplex
!
interface Serial0
no ip address
shutdown
no fair-queue
!
interface Serial1
no ip address
shutdown
!
interface Dialer0
description +++ Connection To ISP ADSL +++
ip address 213.xxx.xxx.76 255.255.255.0
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxxxxx@dslgateb.xxxxxxx.co.uk
ppp chap password 7 xxxxxxxx
ppp pap sent-username xxxxxxx@dslgateb.xxxxxxx.co.uk password 7 xxxxxxx
!
router eigrp 1
redistribute connected
network 10.0.0.0
network 192.168.xxx.0
network 192.168.xxx.0
network 213.xxx.xxx.0
no auto-summary
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.10.10.10 443 interface Dialer0 443
ip nat inside source static tcp 10.10.10.10 23 interface Dialer0 23
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http secure-server
!
!
access-list 1 permit any
!
banner motd ^C
****************************
* WARNING BANNER *
****************************
WARNING - authorized users only
The owner and any subsidiary companies, has proprietary rights
over this system and data. Unauthorized access is unlawful and may
result in disciplinary action and/or legal proceedings.
Access to this system is monitored.
^C
!
line con 0
line aux 0
line vty 0 4
exec-timeout 60 0
password 7 xxxxxxx
login local
transport input telnet
!
ntp clock-period 17179651
ntp server 128.2.129.21
!
end
Cisco1720#
feedback form
feedback form
by Domwilko edited by aryoba
last modified: 2007-12-31 09:25:23 | | | The sample configuration provided in the thread should work with any Cisco router with integrated ADSL modem running PPPoA; such as 827, 837, 857, 877, and on.
Since the configuration is coming from ISP UK Zen customer, some parameters might not work for your ISP (i.e. the VPI/VCI or PVC value). As with any ISP connection using ADSL, please confirm the ISP DSL signaling and VPI/VCI values.
More Sample Configuration
Configuring a Cisco 827 Router Using PPPoA With CHAP and PAP
http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_example09186a008009411c.shtml
Some discussion
»Anyone successfully using a Cisco 877 with Qwest?
feedback form
feedback form
by aryoba
last modified: 2008-04-27 04:40:42 | | | Please note this is taken from the Cisco website and can be found in it's original form at »www.cisco.com/warp/public/794/ad···pt1.html
Also note that the comments tag "!!" are comments appended by myself and in no way constitute comments made by Cisco. The person who posted this is not liable for any network problems or any damage caused by configuring their router to the following specification. If in doubt, ask the Cisco forum for any advice.
Type exactly as shown (except the comments which are shown with a preceding "!" or "!!")
Substitute the items in () with your own configuration.
!--- Comments contain explanations and additional information.
!!-- Comments contain explanations and additional information.
service timestamps debug datetime msec
service timestamps log datetime msec
ip subnet-zero
!
ip dhcp excluded-address (ip address of ethernet0)
ip dhcp pool (dhcp pool name)
network (ip network address of ethernet0) (subnet mask)
default-router (ip address of ethernet0)
dns-server (ip address of dns server)
!
!! The DHCP configuration above is optional and it allows your router to assign
!! ip address within the specified range that you input. If you have a server
!! on the network which will do that, then omit it. Note that within the ip
!! dhcp excluded-address you may also put down the ip address of your switch
!! and other devices which require a static ip address.
!! A network address is the network portion of an IP address, ex. for a class C
!! ip address of 192.168.1.1 it would be 192.168.1.0.
!! Add the DNS servers of your ISP (ring them or check their website to get it)
!! and you may put in a whole list if you so desire as they are sure to have
!! many.
interface ethernet0
no shut
ip address (ip address) (subnet mask)
ip nat inside
no ip directed-broadcast
!
!! The ip nat inside statement (3 lines above this) is optional and it allows
!! the sharing of the dynamic public IP address of the Dialer interface.
interface atm0
no shut
no ip address
no ip directed-broadcast
no ip mroute-cache
pvc (vpi/vci)
encapsulation aal5mux ppp dialer
dialer pool-member 1
!--- Common PVC values supported by ISPs are 0/35 or 8/35.
!--- Confirm your PVC values with your ISP.
!
interface dialer1
ip address negotiated
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname (username)
ppp chap password (password)
ppp pap sent-username (username) password (password)
!
!! Again only input the statement ip nat outside (7 lines above this) if you
!! want to configure NAT.
ip nat inside source list 1 interface dialer1 overload
!--- If you have a pool (a range) of public IP addresses provided
!--- by your ISP, you can use a NAT Pool. Replace
!--- ip nat inside source list 1 interface dialer1 overload
!--- with the following two configuration statements:
!--- ip nat inside source list 1 pool (nat pool name) overload
!--- ip nat pool (nat pool name) (first ip address) (last ip address)
!--- netmask (subnet mask)
!--- If Internet users require access to an internal server, you can
!--- add the following static NAT configuration statement:
!--- ip nat inside source static tcp (inside ip address of server) {80 or 25}
!--- (outside well-known ip address of server) {80 or 25} extendable
!--- Note: TCP port 80 (HTTP/web) and TCP port 25 (SMTP/mail) are used
!--- for this example. You can open other TCP or UDP ports, if needed.
!
!! Again use the above 3 paragraphs of configuration statements if you want to
!! configure NAT because your ISP has provided you with additional IP address
!! and if you want users to have access to internal servers (web or email
!! servers).
ip classless
ip route 0.0.0.0 0.0.0.0 dialer1
access-list 1 permit (ip network address of ethernet0) (wildcard mask)
!--- In this configuration, access-list 1 defines a standard access list
!--- permitting the addresses that NAT will translate. For example, if
!--- your private IP network was 10.10.10.0, configuring
!--- access-list 1 permit 10.10.10.0 0.0.0.255 would allow NAT to translate
!--- packets with source addresses between 10.10.10.0 and 10.10.10.255.
!
end
feedback form
feedback form
by Covenant edited by aryoba
last modified: 2005-11-12 07:53:37 | | | For the splash page for PPPoE:
PPPoE Splash Page
There is an online form for you to fill in the details that would be required for you to successfully configure your router. You should be able to get the details required from your ISP.
Once that is done, print it out or make a note of the details and scroll down to the bottom, and click New DSL Configuration.
On the next page, you must choose from the two options, whether your router OR PC will be the PPPoE client.
Click on the relevant link.
Cisco DSL Router is the PPPoE Client
If you click on the The Cisco DSL Router router is the PPPoE client, you will be taken to another page, which asks you whether your IP is dynamic or static.
Click on the relevant link and you will be taken to the page that you requested.
If you have not configured a Cisco router before, click on the last word in the sentence. Note that the link here is NOT active, its only to show you the sentence:
Tip: If you are not familiar with configuring Cisco devices and would like to follow a step-by-step configuration, click here.
The above link can usually be found in the second paragraph after the hard rule at the top.
The PC is the PPPoE client
If you clicked on the The PC is the PPPoE client, you will be taken to the configuration page straight away.
To access the step-by-step guide, find the link as described above in The Cisco DSL Router router is the PPPoE client section.
For the splash page for PPPoA:
PPPoA Splash Page
There is an online form for you to fill in the details that would be required for you to successfully configure your router. You should be able to get the details from your ISP.
Once that is done, print it out or make a note of the details and scroll down to the bottom, and click New DSL Configuration.
You will be taken to another page, which asks you whether your IP is dynamic or static.
Click on the relevant link, and it will take you to a sample configuration output.
To access the step-by-step guide, find the link as described above in The Cisco DSL Router router is the PPPoE client section.
For the splash page for RFC1483 Bridging:
RFC1483 Bridging Splash Page
You must select one of the Bridging options on show before you can proceed further.
RFC1483 Bridging with IRB
There is an online form for you to fill in the details that would be required for you to successfully configure your router. You should be able to get the details from your ISP.
Once that is done, print it out or make a note of the details and scroll down to the bottom, and click New DSL Configuration.
You will be taken to another page, which asks you whether your IP is dynamic or static.
Click on the relevant link, and it will take you to a sample configuration output.
To access the step-by-step guide, find the link as described above in The Cisco DSL Router router is the PPPoE client section.
FC1483 Pure Bridging
There is an online form for you to fill in the details that would be required for you to successfully configure your router. You should be able to get the details from your ISP.
It will take you to a sample configuration output.
To access the step-by-step guide, find the link as described above in The Cisco DSL Router router is the PPPoE client section.
For the splash page for RFC1483 Routing:
RFC1483 Routing Splash Page
The splash page for RFC1483 Routing is the online form for you to fill in the details that would be required for you to successfully configure your router. You should be able to get the details from your ISP.
Once that is done, print it out or make a note of the details and scroll down to the bottom, and click New DSL Configuration.
You will be taken to another page, which asks you whether you are assigned a single IP address or a block of static IP addresses.
Click on the relevant link, and it will take you to a sample configuration outpu |
|
