Cisco with Telekom Malaysia vDSL

Posted on 2013-01-16
Last Modified: 2013-01-17
Good evening,
we are wokring on a project for a company with an office in Kuala Lumpur. The office currently has a VDSL circuit with Telekom Malaysia which has also provided them with a VDSL modem. I've been told that Telekom Malaysia is tagging the traffic and is using VLAN500 to do so. We have decided to use Cisco 2921 for our network, connect it to the VDSL modem and setup VLAN tagging for VLAN500 on the WAN interface of the Cisco but some of our consultants disagree that this will work.
My question is; has anyone ever dealt with configuring a Cisco device for a Malaysian ISP and if so, can what I am suggesting be done?
Our contact in Malaysia has specified that the router should have an Ethernet WAN interface, VLAN tagging capabilities on the WAN interface and be configured with a PPPoE MTU1492.
Thank you
Question by:EnQuestPLC
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2

Expert Comment

ID: 38781847
Can you put the vdsl modem on bridge mode ?

Author Comment

ID: 38781858
I believe it already is...

The current setup is the following:

The vDSL modem provided by Telekom Malaysia is connected to a Vyatta firewall which is performing PPPoE, NAT, firewall, etc.

All we need to do is take the Vyatta out of the network and replace it with a Cisco 2921. Plug the Ethernet port of the Cisco to the vDSL modem and set up the same services (plus a couple more) on the Cisco.

Expert Comment

ID: 38781865
If the Vyatta is currently performing PPPoE, NAT, firewall, then the Cisco should definitely work.
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.


Author Comment

ID: 38781880
I share your optimism and I agree completely. After all, I can't accept the fact that Cisco cannot do what Vyatta (or other cheaper hardware) are doing.

But, what puzzles me is the response from our local (Malaysian) consultant:

".....So if we subscribe to telco A, then the VDSL modem (or fiber BTU) that is provided by telco A is configured to tag into its own VLAN, and not VLANs of other telcos. For example, telco A uses VLAN 500 for data, VLAN 600 for voice and VLAN 700 for IPTV video. And telco B uses VLAN 800 for data, 900 for voice and etc etc.
Therefore it is because of this reason, the telcos don't allow us to meddle with the VDSL modem because this box contains the VLAN parameters that port us back to the rightful ISP.
Anything after the VDSL modem and VLAN untagging, you are free to dictate things your way. So it follows your choice router must either have VLAN untagging capabilities or you can use a standard 802.11q VLAN switch to untag the tunnels for your router. From the best of my knowledge, by itself alone Cisco IOS can do VLAN tagging and untagging at LAN level but not at WAN level....."

The above makes me think that we can indeed set it up but on another email he mentions that Cisco is not capable of performing "virtual VLAN untagging"..

Assisted Solution

Teeshirt earned 250 total points
ID: 38781898
The consultants are wrong!!

I have approximately same type of service at home, my telco provider delivers me internet on a separate vlan, voip traffic on a separate vlan, ip tv traffic on a separate vlan.

My telco provider provided me with a cheap ZTE modem which never worked as it should, I'm currently using a Cisco 1841 since 2 years... Works like a charm.

You don't even need to tag the vlans on the Cisco, just create a VLAN interface with the same name, for e.g VLAN 500 & allow it on a port & you're done :-)

Expert Comment

by:Sandeep Gupta
ID: 38782295
VLAN 500 is quite confusing  but as per your requirement following configs. will be required:

interface Ethernet
 description WAN link
 bandwidth 2048
 no ip address
 no ip redirects
 duplex auto
 speed auto
 pppoe-client dial-pool-number 1
 no cdp enable
 no shutdown
interface Dialer1
 description WAn link
 bandwidth 2048
! you can use ip address dhcp
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1492
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp chap hostname <<DSL username>>
 ppp chap password <<DSL password>>
 ppp pap sent-username <<DSL username>> password <<DSL password>>

Author Comment

ID: 38782308
Thank you for the config template guptasan26 !

Why is the VLAN500 confusing? Is there some peculiarity involved in it?

Accepted Solution

Sandeep Gupta earned 250 total points
ID: 38782380
I daily used to deal with different ISPs daily and few of them always confuses me about WAN settings...

You must be ready for this...

Generally PPPoE /w Ethernet I configures with above setting..if we take vlan 500 into account then your configs become lik this

on your router:

vlan 500
name WAN

int WAN
switchport mode access vlan 500
speed auto
duplex auto.

try with this as well.

Also sometimes I don't care what IPS gives..I reqest my technician onsite to connect his laptop to modem and tell me the IP he is getting, netmask and gateway.

Then I configure my router interface with that IP/mask and point my default route to gateway IP.

There are many ways..

If you want to know specific configs then let me know what yoour ISP is giving the info to set up your WAN

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question