Solved

Cisco with Telekom Malaysia vDSL

Posted on 2013-01-16
8
1,189 Views
Last Modified: 2013-01-17
Good evening,
 
we are wokring on a project for a company with an office in Kuala Lumpur. The office currently has a VDSL circuit with Telekom Malaysia which has also provided them with a VDSL modem. I've been told that Telekom Malaysia is tagging the traffic and is using VLAN500 to do so. We have decided to use Cisco 2921 for our network, connect it to the VDSL modem and setup VLAN tagging for VLAN500 on the WAN interface of the Cisco but some of our consultants disagree that this will work.
 
My question is; has anyone ever dealt with configuring a Cisco device for a Malaysian ISP and if so, can what I am suggesting be done?
 
Our contact in Malaysia has specified that the router should have an Ethernet WAN interface, VLAN tagging capabilities on the WAN interface and be configured with a PPPoE MTU1492.
 
Thank you
0
Comment
Question by:EnQuestPLC
  • 3
  • 3
  • 2
8 Comments
 
LVL 3

Expert Comment

by:Teeshirt
ID: 38781847
Can you put the vdsl modem on bridge mode ?
0
 

Author Comment

by:EnQuestPLC
ID: 38781858
I believe it already is...

The current setup is the following:

The vDSL modem provided by Telekom Malaysia is connected to a Vyatta firewall which is performing PPPoE, NAT, firewall, etc.

All we need to do is take the Vyatta out of the network and replace it with a Cisco 2921. Plug the Ethernet port of the Cisco to the vDSL modem and set up the same services (plus a couple more) on the Cisco.
0
 
LVL 3

Expert Comment

by:Teeshirt
ID: 38781865
If the Vyatta is currently performing PPPoE, NAT, firewall, then the Cisco should definitely work.
0
 

Author Comment

by:EnQuestPLC
ID: 38781880
I share your optimism and I agree completely. After all, I can't accept the fact that Cisco cannot do what Vyatta (or other cheaper hardware) are doing.

But, what puzzles me is the response from our local (Malaysian) consultant:

".....So if we subscribe to telco A, then the VDSL modem (or fiber BTU) that is provided by telco A is configured to tag into its own VLAN, and not VLANs of other telcos. For example, telco A uses VLAN 500 for data, VLAN 600 for voice and VLAN 700 for IPTV video. And telco B uses VLAN 800 for data, 900 for voice and etc etc.
Therefore it is because of this reason, the telcos don't allow us to meddle with the VDSL modem because this box contains the VLAN parameters that port us back to the rightful ISP.
Anything after the VDSL modem and VLAN untagging, you are free to dictate things your way. So it follows your choice router must either have VLAN untagging capabilities or you can use a standard 802.11q VLAN switch to untag the tunnels for your router. From the best of my knowledge, by itself alone Cisco IOS can do VLAN tagging and untagging at LAN level but not at WAN level....."

The above makes me think that we can indeed set it up but on another email he mentions that Cisco is not capable of performing "virtual VLAN untagging"..
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 3

Assisted Solution

by:Teeshirt
Teeshirt earned 250 total points
ID: 38781898
The consultants are wrong!!

I have approximately same type of service at home, my telco provider delivers me internet on a separate vlan, voip traffic on a separate vlan, ip tv traffic on a separate vlan.

My telco provider provided me with a cheap ZTE modem which never worked as it should, I'm currently using a Cisco 1841 since 2 years... Works like a charm.

You don't even need to tag the vlans on the Cisco, just create a VLAN interface with the same name, for e.g VLAN 500 & allow it on a port & you're done :-)
0
 
LVL 9

Expert Comment

by:Sandeep Gupta
ID: 38782295
VLAN 500 is quite confusing  but as per your requirement following configs. will be required:

interface Ethernet
 description WAN link
 bandwidth 2048
 no ip address
 no ip redirects
 duplex auto
 speed auto
 pppoe-client dial-pool-number 1
 no cdp enable
 no shutdown
exit
interface Dialer1
 description WAn link
 bandwidth 2048
! you can use ip address dhcp
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1492
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp chap hostname <<DSL username>>
 ppp chap password <<DSL password>>
 ppp pap sent-username <<DSL username>> password <<DSL password>>
end
0
 

Author Comment

by:EnQuestPLC
ID: 38782308
Thank you for the config template guptasan26 !

Why is the VLAN500 confusing? Is there some peculiarity involved in it?
0
 
LVL 9

Accepted Solution

by:
Sandeep Gupta earned 250 total points
ID: 38782380
I daily used to deal with different ISPs daily and few of them always confuses me about WAN settings...

You must be ready for this...

Generally PPPoE /w Ethernet I configures with above setting..if we take vlan 500 into account then your configs become lik this

on your router:
-----------------------


vlan 500
name WAN

int WAN
switchport
switchport mode access vlan 500
speed auto
duplex auto.

try with this as well.

Also sometimes I don't care what IPS gives..I reqest my technician onsite to connect his laptop to modem and tell me the IP he is getting, netmask and gateway.

Then I configure my router interface with that IP/mask and point my default route to gateway IP.

There are many ways..

If you want to know specific configs then let me know what yoour ISP is giving the info to set up your WAN
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Please see preceding article here: http://www.experts-exchange.com/Networking/Operating_Systems/A_11209-Root-Bridge-Election.html Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now