The Secure Router is directly connected to the adsl interface without any adsl modem



Download 118.61 Kb.
Date27.01.2017
Size118.61 Kb.
#8782

The Secure Router is directly connected to the ADSL interface without any ADSL modem.

Note that multiple layers are implied:

- Layer 1 (Physical) is ADSL (int ADSL 1/1)

- Layer 2 (Link Layer) is ATM (int ATM 1). We bind it to ADSL 1

- Layer 2-1 On top of ATM, the adaptation layer (AAL5MUX or AAL5SNAP)

define how frames are converted into ATM cells.

In ATM, data is sent on a Permanent Virtual Circuit (PVC) defined with

its VPI / VCI. The PVC is bound to the Point to point ATM sub-interface named ATM 1.1.

- Layer 2-2 is the PPP Layer defined in the logical interface PPP 1 that used PPPOA

- Layer 3 is IP
Note: once an IP address and a password have been setup, most of this configuration can easily

be created using the Web interface and its Firewall wizard. To beginners it will ease configuration,

to experts it will speed the configuration process.
hostname "ADSL-Router"

ip routing


  1. ADSL – PPPoA configuration



Enable Firewall

! Enable Firewall – Requires defining Access Policy

! Access Policy defines NAT and Filters

ip firewall
DHCP Server for LAN
! Define DHCP service for the LAN in the 192.168.1.0 range

ip dhcp-server pool "pool-for-lan"

network 192.168.1.0 255.255.255.0

! Following given by the provider



domain-name "wanadoo.fr"

dns-server 193.252.19.4 193.252.19.3

netbios-node-type h-node

default-router 192.168.1.1

lease 1
The LAN Interface.
interface eth 0/1

ip address 192.168.1.1 255.255.255.0

! Inbound traffic is NATed as defined in the Access-policy FROM-LAN



access-policy FROM-LAN

no shutdown
interface eth 0/2

no ip address

shutdown
The WAN physical interface = ADSL
interface adsl 1/1

! ADSL interface auto detects ADSL mode: G.dmt, G-LITE, T1.413…



training-mode multi-mode

no shutdown
ATM is the encapsulation of the ADSL interface
! Traffic is sent in cells

interface atm 1 point-to-point

no shutdown

! We bind ATM interface (logical) to ADSL interface (physical)

! Note that encapsulation is aal5mux by default. The other choice is aal5snap

! Provider provides the info



bind 1 adsl 1/1 atm 1
ATM PVC (Permanent Virtual Circuit)
! This PVC is bound to a point to point ATM interface

interface atm 1.1 point-to-point

no shutdown

! Provider tells you what VPI/VCI (id of the PVC) to use.

! You can’t guess but you can find on Internet other examples of config

pvc 8/35

no ip address
PPP interface
interface ppp 1

! ip address is negotiated via PPP with provider’s router



ip address negotiated

no fair-queue

! Authentication: credentials are sent using PAP or CHAP

! For PAP, use ppp pap sent-username… command

! If you don’t know what protocol to use, chose either PAP or CHAP and start

! “debug ppp authentication” to check what is required by ISP

ppp chap hostname id-given-by-isp

ppp chap password pw-given-by-isp

no shutdown

! We bind the ppp interface to the ATM 1.1



bind 2 atm 1.1 ppp 1
ACL selects the traffic to be NATed
ip access-list extended lan-acl

remark used for Nat

permit ip any any
Policy-class

! It translates the Private IP source addresses (NAT) of the traffic

! of the LAN into the Public IP address of the PPP interface

ip policy-class FROM-LAN

nat source list lan-acl interface ppp 1 overload

(skip)

end

The Secure Router is directly connected to the ADSL interface without any ADSL modem.


Note that multiple layers are implied:

- Layer 1 (Physical) is ADSL (int ADSL 1/1)

- Layer 2 (Link Layer) is ATM (int ATM 1). We bind it to ADSL 1

- Layer 2-1 On top of ATM, the adaptation layer (AAL5MUX or AAL5SNAP)

define how frames are converted into ATM cells.

In ATM, data is sent on a Permanent Virtual Circuit (PVC) defined with

its VPI / VCI. The PVC is bound to the Point to point ATM sub-interface named ATM 1.1.

RFC 1483 or Routed IP over ATM mode is used

- Layer 3 is IP and is defined in the ATM 1.1 subinterface



Note: once an IP address and a password have been setup, most of this configuration can easily

be created using the Web interface and its Firewall wizard. To beginners it will ease configuration,

to experts it will speed the configuration process.

A) ADSL – IPoA configuration

hostname "Secure-Router"
ip routing

Enable Firewall
! Enable Firewall – Requires defining Access Policy

! Access Policy defines NAT and Filters



ip firewall
DNS, DHCP service and pool
! Define DHCP service for the LAN in the 192.168.1.0 range

! Router is defines as the Default-gateway and DNS-server



ip dhcp-server pool "pool-for-lan"

network 192.168.1.0 255.255.255.0

dns-server 193.252.19.4 193.252.19.3

netbios-node-type h-node

default-router 192.168.1.1

lease 1
The LAN Interface
interface eth 0/1

ip address 192.168.1.1 255.255.255.0

! Inbound traffic is NATed as defined in the Access-policy FROM-LAN



access-policy FROM-LAN

no shutdown
interface eth 0/2

no ip address

shutdown
The WAN physical interface = ADSL
interface adsl 1/1

! Auto detects ADSL mode: G.dmt, G-LITE, T1.413…



training-mode multi-mode

no shutdown
ATM is the encapsulation of the ADSL interface
! Traffic is sent in cells

interface atm 1 point-to-point

no shutdown

! We bind ATM interface (logical) to ADSL interface (physical)

! Provider provides the info

bind 1 adsl 1/1 atm 1
ATM PVC (Permanent Virtual Circuit)
! This PVC is bound to a point to point ATM interface

interface atm 1.1 point-to-point

no shutdown

! Provider defines what VPI/VCI (id of the PVC) to use.



pvc 8/36

! Following command defines Adaptation Layer and Routed IP over ATM option



encapsulation aal5mux ip

! IP address is typically obtained via DHCP.

! Note that your ISP may provide a permanent address via DHCP

ip address dhcp
ACL to define IP range from which the Secure Router can be managed
ip access-list standard manage-rtr

permit 192.168.1.0 0.0.0.255
ACL to define the traffic to be NATed
ip access-list extended lan-acl

remark used for Nat

permit ip any any

The Access Policy applied to the LAN Interface:

- first lets ip packets destined to internal IP stack to manage the router

- second “NATs” packets destined to the Internet using the IP of the WAN interface



ip policy-class FROM-LAN

allow list manage-rtr self

nat source list lan-acl interface atm 1.1 overload
(skip)
End
B) Check the connection
First check the status of your interface ADSL and ATM is UP

Secure-Router#show interface adsl 1/1

adsl 1/1 is UP, line protocol is UP

Link Status Up G.DMT

Line Type Interleave

Line Length 9480 ft
Downstream Upstream

Line Rate 6656 kbps 576 kbps

Current margin 9.0 dB 10.0 dB

Attenuation 38.0 dB 31.5 dB

Power 19 dBm 11 dBm

Prev Rate 0 kbps 0 kbps

Actual Delay 4 msecs 4 msecs

Loss of Framing Seconds 0 0

Loss of Signal Seconds 0 0

Loss of Power Seconds 0 0

Errored Seconds 15 2

Line Inits 1 N/A

Rx Blocks 30881 30881

Tx Blocks 30881 30881

Corrected Blocks 11069 0

UncorrectedBlocks 27 5

Last Failure NONE

Last Failure Time N/A


DMT Bits Per Bin

000: 0 0 0 0 0 0 0 8 9 9 9 9 9 9 9 9

010: 9 8 8 8 8 8 8 8 7 7 7 6 6 6 0 0

020: 0 0 0 0 0 0 8 A B B C B C C C C

030: C B 9 C D D C D D B C C C C C B

040: 0 C C C C C C C B 9 8 A 7 9 9 B

050: B B B B B B B B A B B B A B B B

060: B B B B B 9 9 B B A 7 B B B A 9

070: A A B B A B A A 8 A A A A A 9 5

080: 9 9 A A A A 5 A A 9 8 7 2 7 9 9

090: 9 9 A 8 7 9 A 9 7 9 9 9 9 9 9 9

0A0: 9 8 4 7 9 9 9 9 9 8 9 9 9 8 9 9

0B0: 6 7 7 9 9 9 9 8 9 9 7 8 8 8 5 6

0C0: 8 8 8 8 9 8 8 9 9 8 8 5 8 8 8 8

0D0: 8 8 8 8 7 8 8 8 7 7 7 5 7 6 7 7

0E0: 7 7 7 7 5 7 7 6 6 6 7 6 6 6 6 6

0F0: 6 5 5 5 5 5 5 2 5 3 4 2 2 4 4 4
Secure-Router#show int atm 1

atm 1 is UP, line protocol is UP

BW 576 Kbit/s

16 maximum active VCCs, 16 VCCs per VP, 1 current VCCs

Queueing strategy: Per VC Queueing

5 minute input rate 3328 bits/sec, 0 packets/sec

5 minute output rate 800 bits/sec, 0 packets/sec

484 packets input, 127924 bytes

0 pkts discarded, 0 error pkts, 0 unknown protocol pkts

3018 cells received, 0 OAM cells received

751 packets output, 53038 bytes

3 tx pkts discarded, 0 tx error pkts

1606 cells sent, 0 OAM cells sent
Then check your WAN interface has an IP address.

Secure-Router#show int atm 1.1

atm 1.1 is Active

Internet address is 82.67.71.47, mask is 255.255.255.0 (via DHCP)

MTU is 1500 bytes

Encapsulation is AAL5

Encapsulation method is IP

VC tx ring limit: 2

Output Queue: 0/4/200/0 (size/highest/max total/drops)

487 packets input, 145152 bytes

754 packets output, 77232 bytes

3024 cells input, 1609 cells output

0 OAM cells input, 0 OAM cells output

AAL5 CRC errors : 0

AAL5 SAR Timeouts : 0

AAL5 Oversized SDUs : 0

AAL5 length violations : 0
Make sure all ip interfaces are UP.

Secure-Router#show ip int brief
Interface IP Address Status Protocol

atm 1.1 82.67.71.47 UP UP

eth 0/1 192.168.1.1 UP UP
Check your routing table. Note that a default route has been generated.

Secure-Router#show ip route

Codes: C - connected, S - static, R - RIP, O - OSPF, B - BGP

IA - OSPF inter area, N1 - OSPF NSSA external type 1

N2 - OSPF NSSA external type 2, E1 - OSPF external type 1

E2 – OSPF external type 2
Gateway of last resort is 82.67.71.254 to network 0.0.0.0
S 0.0.0.0/0 [1/0] via 82.67.71.254, atm 1.1

C 82.67.71.0/24 is directly connected, atm 1.1

C 192.168.1.0/24 is directly connected, eth 0/1
Verify your Secure Router serves IP addresses to PC clients on LAN

Secure-Router#show ip dhcp-server binding

IP Address Client Id Lease Expiration Client Name

192.168.1.2 01:00:0a:95:ab:bf:b0 Apr 07 2005 1:30 PM JM
Verify that connections to the Internet from PC generate sessions on

the stateful Firewall of your Secure Router



Secure-Router#show ip policy-sessions
Protocol (TTL)

Src IP Address Src Port Dest IP Address Dst Port NAT IP Address NAT Port

--------------- -------- --------------- -------- ----------------- --------

Policy class "FROM-LAN":

tcp (600)

192.168.1.2 59869 192.168.1.1 23

udp (4)

192.168.1.2 54940 212.27.39.2 53 s 82.67.71.47 1391



udp (4)

192.168.1.2 54941 212.27.39.2 53 s 82.67.71.47 1392


Policy class "self":
Policy class "default":

tcp (6)


82.67.93.31 1082 82.67.71.47 445
Secure-Router#sh ip policy-stats

Global 14 current sessions (83200 max)


Policy-class "FROM-LAN":

14 current sessions (27700 max)

Entry 1 - allow list manage-rtr self

13979 in bytes, 206692 out bytes, 17 hits

Entry 2 - nat source list lan-acl interface atm 1.1 overload

29263 in bytes, 110943 out bytes, 274 hits



The Secure Router is directly connected to the ADSL interface


Note that multiple layers are implied:

- Layer 1 (Physical) is ADSL (int ADSL 1/1)

- Layer 2 (Link Layer) is ATM (int ATM 1). We bind it to ADSL 1

- Layer 2-1 On top of ATM, the adaptation layer (AAL5MUX or AAL5SNAP)

define how frames are converted into ATM cells.

In ATM, data is sent on a Permanent Virtual Circuit (PVC) defined with its VPI / VCI. The PVC is bound to the Point to point ATM sub-interface named ATM 1.1

- Layer 2-2 is the PPP Layer, defined in logical interface PPP 1 that used PPPOE mode.

We bind the PPP 1 interface to the ATM 1.1

- Layer 3 is IP
Note: once an IP address and a password have been setup, most of this configuration can easilybe created using the Web interface and its Firewall wizard. To beginners it will ease configuration,to experts it will speed the configuration process.
A- ADSL-PPPoE configuration
hostname "ADSL-Router"

ip routing
Enable Firewall
! Enable Firewall – Requires defining Access Policy

! Access Policy defines NAT and Filters

ip firewall
DNS proxy

! On a LAN with no DNS servers, we can define the router as a proxy DNS. It acts

! as a DNS server for the DHCP clients. It gets the DNS servers definition from

! the ISP during PPP negotiation.



ip domain-proxy

ip domain-name "yourprovider.com"
DHCP Server for LAN
! Define DHCP service for the LAN in the 192.168.1.0 range

ip dhcp-server pool "pool-for-lan"

network 192.168.1.0 255.255.255.0
! The provider gives following info

domain-name "wanadoo.fr"

dns-server 192.168.1.1

netbios-node-type h-node

default-router 192.168.1.1

lease 1
The LAN Interface.
interface eth 0/1

ip address 192.168.1.1 255.255.255.0

! Inbound traffic from the LAN is NATed as defined in the Access-policy FROM-LAN



access-policy FROM-LAN

no shutdown
interface eth 0/2

no ip address

shutdown
The WAN physical interface = ADSL
interface adsl 1/1

! ADSL interface auto detects the ADSL mode: G.dmt, G-LITE, T1.413…



training-mode multi-mode

no shutdown

ATM is the encapsulation of the ADSL interface
! Traffic is sent in cells

interface atm 1 point-to-point

no shutdown

! We bind ATM interface (logical) to ADSL interface (physical)

! Note that encapsulation is aal5snap by default. The other choice is aal5mux

! Your provider must provide this info



bind 1 adsl 1/1 atm 1
ATM PVC (Permanent Virtual Circuit)
! ATM cells are transmitted over a PVC.

! The PVC is defined in a point to point ATM sub-interface



interface atm 1.1 point-to-point

no shutdown

! Provider tells you what VPI/VCI (id of the PVC) to use.

! You can’t guess but you can find on Internet other examples of config

pvc 8/35

no ip address
PPP interface
interface ppp 1

! The ip address is negotiated via PPP with provider’s router

! As on a PC connection, router gets DNS servers info and IP of concentrator

ip address negotiated

no fair-queue

! Authentication: credentials are sent using PAP or CHAP

! For PAP, use ppp pap sent-username… command

! If you don’t know what protocol to use, chose either PAP or CHAP and start

! “debug ppp authentication” to check what is required by ISP

ppp chap hostname id-given-by-isp

ppp chap password pw-given-by-isp

no shutdown
! We bind the ppp interface to the ATM 1.1 specifying we’re in PPPoE mode

bind 2 atm 1.1 ppp 1 pppoe-client
ACL defines the traffic to be NATed
ip access-list extended lan-acl

remark used for Nat

permit ip 192.168.1.0 0.0.0.255 any

Policy-class
! It translates the Private IP source addresses (NAT) of the traffic

! of the LAN into the Public IP address of the PPP interface



ip policy-class FROM-LAN

nat source list lan-acl interface ppp 1 overload
(skip)
end
B- Check the status of the configuration
! Note the ADSL interface is UP and the ADSL type is G.DMT.

! Note the downstream and upstream rates of the ADSL interface


ADSL-Router#show int adsl 1/1

adsl 1/1 is UP, line protocol is UP

Link Status Up G.DMT

Line Type Interleave

Line Length 10218 ft

Downstream Upstream

Line Rate 608 kbps 160 kbps

Current margin 31.0 dB 31.0 dB

Attenuation 38.0 dB 24.0 dB

Power 17 dBm 11 dBm

Prev Rate 0 kbps 0 kbps

Actual Delay 4 msecs 4 msecs

Loss of Framing Seconds 0 0

Loss of Signal Seconds 0 0

Loss of Power Seconds 0 0

Errored Seconds 0 1

Line Inits 1 N/A

Rx Blocks 3630763 3630763

Tx Blocks 3630763 3630763

Corrected Blocks 4 7619536

UncorrectedBlocks 0 4

Last Failure NONE

Last Failure Time N/A

DMT Bits Per Bin

000: 0 0 0 0 0 0 0 0 2 2 2 3 4 4 4 4

010: 4 4 4 4 4 4 4 4 3 3 2 2 2 2 0 0

020: 0 0 0 0 0 0 2 2 2 2 2 2 2 2 2 2

030: 2 2 2 3 3 3 3 3 3 2 2 2 2 2 2 2

040: 0 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2

050: 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2

060: 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2

070: 2 2 2 2 2 2 0 2 2 3 3 3 2 2 2 2

080: 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2

090: 2 2 2 0 0 2 2 2 2 2 0 0 0 2 2 0

0A0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0B0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0C0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0D0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0E0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0F0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0


! Note ATM interface is UP and one VCC (virtual circuit) is active

ADSL-Router#show int atm 1

atm 1 is UP, line protocol is UP

BW 160 Kbit/s

16 maximum active VCCs, 16 VCCs per VP, 1 current VCCs

Queueing strategy: Per VC Queueing

5 minute input rate 33512 bits/sec, 0 packets/sec

5 minute output rate 3040 bits/sec, 0 packets/sec

69444 packets input, 62104316 bytes

0 pkts discarded, 0 error pkts, 0 unknown protocol pkts

1326184 cells received, 0 OAM cells received

51607 packets output, 5003320 bytes

0 tx pkts discarded, 0 tx error pkts

128792 cells sent, 0 OAM cells sent


! Note ATM 1.1 sub-interface is Active, encapsulation Is AAL5 SNAP

! Note packets and celll input and output on interface

ADSL-Router#show int atm 1.1

atm 1.1 is Active

ATM Routed Bridge Encapsulation: None

Encapsulation is AAL5

Encapsulation method is SNAP

VC tx ring limit: 2

Output Queue: 0/14/200/0 (size/highest/max total/drops)

69452 packets input, 63665904 bytes

51613 packets output, 6182592 bytes

1326373 cells input, 128804 cells output

0 OAM cells input, 0 OAM cells output

AAL5 CRC errors : 0

AAL5 SAR Timeouts : 0

AAL5 Oversized SDUs : 0

AAL5 length violations : 0
! Note the ATM PVC is Active

ADSL-Router#show atm pvc

Encap Peak Avg/Min Burst

Name VPI VCI Type SC Kbps Kbps Cells Status

atm 1.1 8 35 SNAP N/A 0 0 0 Active
! Note the ppp interface is UP meaning that PPP Negotiation including the

! authentication has succeeded.

! In case of trouble, start a “debug ppp authentication”

! Note the IP info learnt by the PPP interface:

! IP address, “Peer address” (router of ISP), DNS servers…

ADSL-Router#show int ppp 1

ppp 1 is UP

Configuration:

Keep-alive is set (10 sec.)

No multilink

MTU = 1500

Peer authenticates with CHAP

IP is configured

IP address negotiated

Link thru atm 1.1 is UP; LCP state is OPENED, negotiated MTU is 1492

receive: bytes=60384371, pkts=76385, errors=0

Transmit: bytes=3555522, pkts=58391, errors=0

5 minute input rate 25720 bits/sec, 4 packets/sec

5 minute output rate 3064 bits/sec, 3 packets/sec

Bundle information

Queueing method: fifo

HDLC tx ring limit: 0

Output queue: 0/1/200/0 (size/highest/max total/drops)

IP is UP, IPCP state is OPENED

Negotiated Address=82.122.147.180 Mask=255.255.255.255

Peer address=193.253.160.3

DNS: Primary=80.10.246.130, Secondary=80.10.246.3

IP MTU=1492, Bandwidth=160 Kbps

LLDPCP State is STOPPED
! Lists the IP interfaces. They should be up.

! Note the IP address learnt on ppp 1

ADSL-Router#show ip int brief

Interface IP Address Status Protocol

eth 0/1 192.168.1.1 UP UP

ppp 1 82.122.147.180 UP UP
! Lists the IP Route. Default route 0.0.0.0/0 results from PPP negotiation

ADSL-Router#show ip route

Codes: C - connected, S - static, R - RIP, O - OSPF, B - BGP

IA - OSPF inter area, N1 - OSPF NSSA external type 1

N2 - OSPF NSSA external type 2, E1 - OSPF external type 1

E2 - OSPF external type 2


Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S 0.0.0.0/0 [1/0] via 0.0.0.0, ppp 1

C 82.122.147.180/32 is directly connected, ppp 1

C 192.168.1.0/24 is directly connected, eth 0/1

C 193.253.160.3/32 is directly connected, ppp 1


! After your start communications with the Internet, view the NATed sessions
ADSL-Router#show ip policy-sessions
Protocol (TTL)

Src IP Address Src Port Dest IP Address Dst Port NAT IP Address NAT Port

--------------- -------- --------------- -------- ----------------- --------

Policy class "FROM-LAN":

tcp (600)

192.168.1.3 3646 66.28.8.50 80 s 82.122.147.180 3729

tcp (600)

192.168.1.4 59227 192.168.1.1 22

udp (53)

192.168.1.4 54832 193.252.19.4 53 s 82.122.147.180 6088

udp (53)

192.168.1.4 54833 193.252.19.4 53 s 82.122.147.180 6089

udp (53)

192.168.1.4 54834 193.252.19.4 53 s 82.122.147.180 6090

!-------------------------------------------------------------

! Configuration of 7xxx dl Procurve Router

! ADSL connection using PPPOE

! Router connects to the ADSL modem via an Ethernet connection

!--------------------------------------------------------------

! What info do you need from your ISP?

! Username or ID and password for your connection

! Make sure PPPOE is used by provider.

! Other choice could be RFC 1483 Routed. Not yet supported but coming

!--------------------------------------------------------------

hostname "ADSL-Router"

!

ip routing



!

! Enable Firewall – Required to define Access Policy

! Access Policy is required to define NAT and Filters

ip firewall

!

!

!



!

! Define DHCP service for the LAN in the 192.168.1.0 range

ip dhcp-server excluded-address 192.168.1.1

!

ip dhcp-server pool "pool-for-lan"



network 192.168.1.0 255.255.255.0

! Following given by the provider

domain-name "wanadoo.fr"

dns-server 193.252.19.4 193.252.19.3

netbios-node-type h-node

default-router 192.168.1.1

lease 1

!

! Note you could also define your router as DNS Proxy



! You have to 1) Define router as DNS Server for DHCP Clients

! 2) Define the DNS Servers for the router with

! ip name-server 193.252.19.4 193.252.19.3”

! 3) Define router as proxy with

! ip domain-proxy

!

! The LAN Interface

interface eth 0/1

ip address 192.168.1.1 255.255.255.0

! Inbound traffic is NATed as stated in the Access-policy called FROM-LAN

access-policy FROM-LAN

no shutdown

!

! The LAN Interface connected to ADSL Modem.

interface eth 0/2

no ip address

! Interface is shut by default

no shutdown

! Don’t send LLDP (Link Layer Discovery Protocol) frames to provider

no lldp send-and-receive

!

! On top of Ethernet we build a PPP interface used by IP as layer 2

interface ppp 1

! ip address is negotiated via PPP with provider’s router

ip address negotiated

no fair-queue

! Credentials sent by router to provider. CHAP is the authentication

! In case it’s PAP, use ppp pap sent-username… command

! If you don’t know what protcol is used, use either PAP or CHAP and start

! “debug ppp authentication” to check what is requested by other side

ppp chap hostname id-given-by-isp

ppp chap password pw-given-by-isp

! Don’t send LLDP (Link Layer Discovery Protocol) frames to provider

no lldp send-and-receive

no shutdown

! We bind the ppp interface to the Ethernet interface

! Note that we default to PPPOE

bind 1 eth 0/2 ppp 1
!

!

!



!

! ACL selects the traffic to be NATed

ip access-list extended OUR-LAN

remark used for Nat

permit ip any any

!

! To NAT (and possibly filter) traffic we apply Policy-class to the LAN Interface

ip policy-class FROM-LAN

nat source list OUR-LAN interface ppp 1 overload

!

!



(skip)

!

end

Download 118.61 Kb.

Share with your friends:




The database is protected by copyright ©ininet.org 2024
send message

    Main page