Configure Cisco 831 router to Static ATT DSL

andersenks
andersenks used Ask the Experts™
on
Anyone have a config for a Cisco 831 need to bridge (Is bridge the right term? When connecting the Motorola/Netopia 3000 modem to the Cisco router?) a Netopia 3000 modem to the Cisco router.

Account uses the following..
PPPoe
PAP/CHAP
Static IP

Thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Robert Sutton JrSenior Network Manager

Commented:
Do you have access (Internal) to the Netopia 3000 or does your sevice provider control that unit?
Head of IT Security Division
Top Expert 2010
Commented:
Hi,

Try this

interface Dialer0
 ip address negotiated
 ip mtu 1442
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username xxxxx password xxxxxxxxxxxxx
 crypto map VPNmap
!

ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0

Author

Commented:
I have access to the Netopia. Currently the Gateway IP is 192.168.1.254
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
This is what I have so far
RO_Home#sh run
Building configuration...
 
Current configuration : 3099 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RO_Home
!
boot-start-marker
boot-end-marker
!
enable password 7 xxxxxxxx
!
aaa new-model
!
!
aaa authentication login REMOTE local
aaa authentication login userauthen group radius
aaa authorization exec REMOTE local if-authenticated
aaa authorization network groupauthor group radius
aaa session-id common
ip subnet-zero
ip dhcp excluded-address 172.16.10.1 172.16.10.100
!
ip dhcp pool domain
   network 172.16.10.0 255.255.255.0
   default-router 172.16.10.1
   lease 14
!
!
ip domain name aldikhome.com
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall icmp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall rtsp
ip inspect name firewall esmtp
ip ips po max-events 100
no ftp-server write-enable
!
!
username admin privilege 15 password 7 xxxxxxxx
!
!
!
crypto isakmp policy 3
 encr 3des
 authentication pre-share
 group 2
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
 set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface Ethernet0
 description Internal LAN
 ip address 172.16.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 no cdp enable
 hold-queue 32 in
!
interface Ethernet1
 description DSL connection to ATT
 no ip address
 duplex auto
 pppoe enable
 pppoe-client dial-pool-number 1
 crypto map clientmap
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface Dialer0
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp chap hostname xxxxxxxx@att.net
 ppp chap password 7 xxxxxxxxx
 ppp pap sent-username xxxxx@att.net password 7 xxxxxx
!
ip local pool VPNpool 172.16.20.1 172.16.20.50
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
ip nat inside source list 110 interface Ethernet1 overload
!
!
access-list 110 permit ip 172.16.10.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 authorization exec REMOTE
 login authentication REMOTE
!
scheduler max-task-time 5000
end

Open in new window

Istvan KalmarHead of IT Security Division
Top Expert 2010
Commented:
what showing the following:

debug ppp authentication
debug ppp negotiation

ter mon
Istvan KalmarHead of IT Security Division
Top Expert 2010

Commented:
andersenks:?

Author

Commented:
Have to wait for my customer to finish something before I can take it down. 5 minutes

Thanks
Istvan KalmarHead of IT Security Division
Top Expert 2010

Commented:
ok

Author

Commented:

RO_Home#sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
Dialer0                    unassigned      YES NVRAM  up                    up
Ethernet0                  172.16.10.1     YES NVRAM  up                    up
Ethernet1                  unassigned      YES NVRAM  up                    up
FastEthernet1              unassigned      YES unset  down                  down
FastEthernet2              unassigned      YES unset  down                  down
FastEthernet3              unassigned      YES unset  down                  down
FastEthernet4              unassigned      YES unset  up                    up
RO_Home#debug ppp authentication
PPP authentication debugging is on
RO_Home#debug ppp negotiation
PPP protocol negotiation debugging is on
RO_Home#
RO_Home#ter mon
% Console already monitors

Open in new window

Istvan KalmarHead of IT Security Division
Top Expert 2010

Commented:
If it nothing showing you not seen the DSL...... or your modem not in Bridged mode!!!!!

please provide me
deb pppoe errors
deb pppoe packets
deb pppoe events

Author

Commented:
Doesn't look like its in bridge mode.... see pic3
AHome1.bmp
Ahome2.bmp
AHome3.bmp

Author

Commented:
Debugging
*Mar  1 00:29:27.611: [0]PPPoE 0: O PADT  R:0000.0000.0000 L:0000.0000.0000 Et1
         00 00 00 00 00 00 00 15 2B 94 B0 B1 88 63 11 A7
         00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...deb pppoe events
PPPoE protocol events debugging is on
RO_AldikHome#
*Mar  1 00:29:47.835:  Sending PADI: Interface = Ethernet1
*Mar  1 00:29:47.835: pppoe_send_padi:
         FF FF FF FF FF FF 00 15 2B 94 B0 B1 88 63 11 09
         00 00 00 0C 01 01 00 00 01 03 00 04 81 95 49 E4 ...
*Mar  1 00:29:47.875: PPPoE 0: I PADO  R:0024.3730.2270 L:0015.2b94.b0b1 Et1
         00 15 2B 94 B0 B1 00 24 37 30 22 70 88 63 11 07
         00 00 00 41 01 01 00 00 01 03 00 04 81 95 49 E4 ...
*Mar  1 00:29:49.883:  PPPOE: we've got our pado and the pado timer went off
*Mar  1 00:29:49.883: OUT PADR from PPPoE Session
         00 24 37 30 22 70 00 15 2B 94 B0 B1 88 63 11 19
         00 00 00 41 01 01 00 00 01 03 00 04 81 95 49 E4 ...
*Mar  1 00:30:00.127: OUT PADR from PPPoE Session
         00 24 37 30 22 70 00 15 2B 94 B0 B1 88 63 11 19
         00 00 00 41 01 01 00 00 01 03 00 04 81 95 49 E4 ...

Open in new window

Istvan KalmarHead of IT Security Division
Top Expert 2010

Commented:
debug vpdn pppoe-events
?
Istvan KalmarHead of IT Security Division
Top Expert 2010

Commented:
But it seems the modem is routed mode????

Author

Commented:
OK its working now. Below is the working config.

-Had to change the Netopia modem to Bridged Mode
-Changed  "ip nat inside source list 110 interface Ethernet1 overload"
  - to  "ip nat inside source list 110 interface Dialer0 overload"
-added DNS
    ip name-server 68.94.156.1
    ip name-server 68.94.157.1

-And made DHCP use the router as the DNS server
ip dhcp pool Home
   network 172.16.10.0 255.255.255.0
   default-router 172.16.10.1
   dns-server 172.16.10.1
   lease 14
RO_Home#sh run
Building configuration...
 
Current configuration : 3178 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RO_Home
!
boot-start-marker
boot-end-marker
!
enable password 7 08001D4A00122D471F0E
!
aaa new-model
!
!
aaa authentication login REMOTE local
aaa authentication login userauthen group radius
aaa authorization exec REMOTE local if-authenticated
aaa authorization network groupauthor group radius
aaa session-id common
ip subnet-zero
ip dhcp excluded-address 172.16.10.1 172.16.10.100
!
ip dhcp pool Home
   network 172.16.10.0 255.255.255.0
   default-router 172.16.10.1
   dns-server 172.16.10.1
   lease 14
!
!
ip domain name aldikhome.com
ip name-server 68.94.156.1
ip name-server 68.94.157.1
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall icmp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall rtsp
ip inspect name firewall esmtp
ip ips po max-events 100
no ftp-server write-enable
!
!
username admin privilege 15 password 7 xxxxxx
!
!
!
crypto isakmp policy 3
 encr 3des
 authentication pre-share
 group 2
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
 set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface Ethernet0
 description Internal LAN
 ip address 172.16.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 no cdp enable
 hold-queue 32 in
!
interface Ethernet1
 description DSL connection to ATT
 no ip address
 duplex auto
 pppoe enable
 pppoe-client dial-pool-number 1
 crypto map clientmap
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface Dialer0
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp chap hostname xxxxx@att.net
 ppp chap password 7 xxxx
 ppp pap sent-username xxxxx@att.net password 7 xxxxx
!
ip local pool VPNpool 172.16.20.1 172.16.20.50
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
ip nat inside source list 110 interface Dialer0 overload
!
!
access-list 110 permit ip 172.16.10.0 0.0.0.255 any
dialer-list 1 protocol ip permit

Open in new window

Which type of  account do you have with AT&T? Residential or business? if business, do you have static (sticky) IP address? I deal with lots of AT&T business  DSL  services (with Motorola 3000 series) and I might be able to help if you provide the above info.

Author

Commented:
Yes it business DSL with "Sticky Static"
ok. If I understand your situation, you are going to keep your motorala/Netopia DSL modem/router and connect Cisco 831 behind it as your main router, correct? so, if that is correct, you will have to reconfigure your Netopia  with your sticky IP address (ISP gateway) on the LAN side and configure your Cisco 831 Ethernet1 with the 1st available static IP provided by your ISP. With this setup, you do not need to create any dialer interface on CIsco since the Netopia/motorola 3000 will be handling all DSL sync and authentication processes. keep in mind that you will not need to get this modem in bridge mode. Keep it in routing mode but  disable NAT and its firewall inspection options.
Let me know if we are on the same page, then I will give you some configuration you may consider for both motorola and cisco router.

Author

Commented:
Seems to be working fine with the config above. Only problem is when I try to connect to the Netopia modem using the public ip 99.40.146.x its not accepting the password I used to get into it before.

Author

Commented:
Also tried 192.0.2.100 and it does'nt find it through a browser but I can ping it. I need to access it to turn off the wireless.
I'm  glad it is working for you. The 192.02.100 it's on ISP side; You can't connect to it. And the reason you are not able to connect to it is bcz the motorola has been reset. If I recall right, any time you change those devices' modes (from routing to Bridge or visa versa) it factory defaults. So, you may try the default password, which is mostly the serial number or contact motorola tech support.

Commented:
Hi,

Could you send me the config to have the netopia router and a cisco route connected with the pppoe still being done by the netopia and the public ip on the lan side of the netopia router.

Regards

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial