Cisco Router 850 Series Software Configuration Guide
Have a look at the manual Cisco Router 850 Series Software Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
CH A P T E R 3-1 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 121753 2 3 5 6 1 7 4 3 Configuring PPP over Ethernet with NAT The Cisco 851 and Cisco 871access routers support Point-to-Point Protocol over Ethernet (PPPoE) clients and network address translation (NAT). Multiple PCs can be connected to the LAN behind the router. Before the traffic from these PCs is sent to the PPPoE session, it can be en crypted, filtered, and so forth. Figure 3-1 shows a typical deployment scenario with a PPPoE client and NA T configured on the Cisco router. Figure 3-1 PPP over Ethernet with NAT 2 3 5 1 7 4 1Multiple networked devices—Desktops, laptop PCs, switches 2Fast Ethernet LAN interface (inside interface for NAT) 3PPPoE client—Cisco 851 or Cisco 871 access router 4Point at which NAT occurs 5Fast Ethernet WAN interface (outside interface for NAT) 6Cable modem or other server (for example, a Cisco 6400 server) that is connected to the Internet 7PPPoE session between the client and a PPPoE server
3-2 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 3 Configuring PPP over Ethernet with NAT Configure the Virtual Private Dialup Network Group Number PPPoE The PPPoE Client feature on the router provides PPPoE client support on Ethernet interfaces. A dialer interface must be used for cloning virtual access. Multiple PPPoE client sessions can be configured on an Ethernet interface, but each session must use a separate dialer interface and a separate dialer pool. A PPPoE session is initiated on the client side by the Cisco 850 or Cisco 870 series router.An established PPPoE client session can be terminated in one of two ways: By entering the clear vpdn tunnel pppoe command. The PPPoE client session terminates, and the PPPoE client immediately tries to reestablish the session. This also occurs if the session has a timeout. By entering the no pppoe-client dial-pool number command to clear the session. The PPPoE client does not attempt to reestablish the session. NAT NAT (represented as the dashed line at the edge of the Cisco router) signifies two addressing domains and the inside source address. The source list defines how the packet travels through the network. Configuration Tasks Perform the following tasks to configure this network scenario: Configure the Virtual Private Dialup Network Group Number Configure the Fast Ethernet WAN Interfaces Configure the Dialer Interface Configure Network Address Translation An example showing the results of these configuration tasks is shown in the “Configuration Example” section on page 3-9. Configure the Virtual Private Dialup Network Group Number Configuring a virtual private dialup network (VPDN) enables multiple clients to communicate through the router by way of a single IP address. Complete the following steps to configure a VPDN, starting from the global configuration mode. See the “Configure Global Parameters” section on page 1-5 for details about entering this mode. Command or ActionPurpose Step 1vpdn enable Example: Router(config)# vpdn enable Router(config-vpdn)# Enables VPDN on the router. Step 2vpdn group name Example: Router(config-vpdn)# vpdn group 1 Router(config-vpdn-grp)# Creates and associates a VPDN group with a customer or VPDN profile.
3-3
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01
Chapter 3 Configuring PPP over Ethernet with NAT
Configure the Virtual Private Dialup Network Group Number
Step 3request-dialin
Example:
Router(config-vpdn-grp)# request-dialinRouter(config-vpdn-grp)#
Creates a request-dialin VPDN subgroup,
indicating the dialing direction, and initiates the
tunnel.
Step 4initiate to ip ip-address
Example:
Router(config-vpdn-grp)# initiate to
192.168.1.1
Router(config-vpdn-grp)#
Specifies the address to which requests are
tunneled.
For details about this command and additional
parameters that can be set, see the
Cisco IOS Dial
Technologies Command Reference.
Step 5protocol {l2f | l2tp | pppoe | any}
Example:
Router(config-vpdn-grp)# protocol pppoe
Router(config-vpdn-grp)#
Specifies the type of sessions the VPDN subgroup
can establish.
Step 6exit
Example:
Router(config-vpdn-grp)# exitRouter(config-vpdn)#
Exits VPDN group configuration.
Step 7exit
Example:
Router(config-vpdn)# exit
Router(config)#
Exits VPDN configuration, returning to global
configuration mode.
Command or Action Purpose
3-4 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 3 Configuring PPP over Ethernet with NAT Configure the Fast Ethernet WAN Interfaces Configure the Fast Ethernet WAN Interfaces In this scenario, the PPPoE client (your Cisco router) communicates over a 10/100 Mbps-Ethernet interface on both the inside and the outside. Perform these steps to configure the Fast Ethernet WAN interfaces, starting in global configuration mode: CommandPurpose Step 1interface type number Example: Router(config)# interface fastethernet 4 Router(config-if)# Enters interface configuration mode for a Fast Ethernet WAN interface. Step 2pppoe-client dial-pool-number number Example: Router(config-if)# pppoe-client dial-pool-number 1 Router(config-if)# Configures the PPPoE client and specifies the dialer interface to use for cloning. Step 3no shutdown Example: Router(config-if)# no shutdownRouter(config-if)# Enables the Fast Ethernet interface and the configuration changes just made to it. Step 4exit Example: Router(config-if)# exit Router(config)# Exits configuration mode for the Fast Ethernet interface and returns to global configuration mode.
3-5
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01
Chapter 3 Configuring PPP over Ethernet with NAT
Configure the Dialer Interface
Configure the Dialer Interface
The dialer interface indicates how to handle traffic from the clients, including, for example, default
routing information, the encapsulation protocol, and the dialer pool to use. The dialer interface is also
used for cloning virtual access. Multiple PPPoE client sessions can be configured on a Fast Ethernet
interface, but each session must use a separate dialer interface and a separate dialer pool.
Complete the following steps to configure a dialer interface for one of the Fast Ethernet LAN interfaces
on the router, starting in global configuration mode.
CommandPurpose
Step 1interface dialer dialer-rotary-group-number
Example:
Router(config)# interface dialer 0
Router(config-if)#
Creates a dialer interface (numbered 0–255), and
enters interface configuration mode.
Step 2ip address negotiated
Example:
Router(config-if)# ip address negotiatedRouter(config-if)#
Specifies that the IP address for the interface is
obtained through PPP/IPCP (IP Control Protocol)
address negotiation.
Step 3ip mtu bytes
Example:
Router(config-if)# ip mtu 1492
Router(config-if)#
Sets the size of the IP maximum transmission unit
(MTU). The default minimum is 128
bytes. The
maximum for Ethernet is 1492
bytes.
Step 4encapsulation encapsulation-type
Example:
Router(config-if)# encapsulation ppp
Router(config-if)#
Sets the encapsulation type to PPP for the data
packets being transmitted and received.
Step 5ppp authentication {protocol1 [protocol2...]}
Example:
Router(config-if)# ppp authentication chapRouter(config-if)#
Sets the PPP authentication method to Challenge
Handshake Authentication Protocol (CHAP).
For details about this command and additional
parameters that can be set, see the Cisco IOS
Security Command Reference.
Step 6dialer pool number
Example:
Router(config-if)# dialer pool 1
Router(config-if)#
Specifies the dialer pool to use to connect to a
specific destination subnetwork.
3-6
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01
Chapter 3 Configuring PPP over Ethernet with NAT
Configure the Dialer Interface
Step 7dialer-group group-number
Example:
Router(config-if)# dialer group 1Router(config-if)#
Assigns the dialer interface to a dialer group
(1–10).
TipUsing a dialer group controls access to
your router.
Step 8exit
Example:
Router(config-if)# exit
Router(config)#
Exits the dialer 0 interface configuration.
Step 9dialer-list dialer-group protocol protocol-name
{permit | deny | list access-list-number |
access-group}
Example:
Router(config)# dialer-list 1 protocol ip
permit
Router(config)#
Creates a dialer list and associates a dial group
with it. Packets are then forwarded through the
specified interface dialer group.
For details about this command and additional
parameters that can be set, see the Cisco IOS Dial
Technologies Command Reference.
Step 10ip route prefix mask {interface-type
interface-number}
Example:
Router(config)# ip route 10.10.25.2
0.255.255.255 dialer 0
Router(config)#
Sets the IP route for the default gateway for the
dialer 0 interface.
For details about this command and additional
parameters that can be set, see the Cisco IOS IP
Command Reference, Volume 2; Routing
Protocols.
Command Purpose
3-7
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01
Chapter 3 Configuring PPP over Ethernet with NAT
Configure Network Address Translation
Configure Network Address Translation
Network Address Translation (NAT) translates packets from addresses that match a standard access list,
using global addresses allocated by the dialer interface. Packets that enter the router through the inside
interface, packets sourced from the router, or both are checked against the access list for possible address
translation. You can configure NAT for either static or dynamic address translations.
Perform these steps to configure the outside Fast Ethernet WAN interface with dynamic NAT, beginning
in global configuration mode:
CommandPurpose
Step 1ip nat pool name start-ip end-ip {netmask
netmask | prefix-length prefix-length}
Example:
Router(config)# ip nat pool pool1
192.168.1.0 192.168.2.0 netmask 0.0.0.255
Router(config)#
Creates pool of global IP addresses for NAT.
Step 2ip nat inside source {list access-list-number}
{interface type number | pool name} [overload]
Example 1:
Router(config)# ip nat inside source list 1
interface dialer 0 overload
or
Example 2:
Router(config)# ip nat inside source list
acl1 pool pool1
Enables dynamic translation of addresses on the
inside interface.
The first example shows the addresses permitted
by the access list 1 to be translated to one of the
addresses specified in the dialer interface 0.
The second example shows the addresses
permitted by access list acl1 to be translated to one
of the addresses specified in the NAT pool pool1.
For details about this command and additional
parameters that can be set, as well as information
about enabling static translation, see the
Cisco IOS IP Command Reference, Volume 1 of 4:
Addressing and Services.
Step 3interface type number
Example:
Router(config)# interface vlan 1
Router(config-if)#
Enters configuration mode for the VLAN (on
which the Fast Ethernet LAN interfaces
[FE0–FE3] reside) to be the inside interface for
NAT.
Step 4ip nat {inside | outside}
Example:
Router(config-if)# ip nat insideRouter(config-if)#
Identifies the specified VLAN interface as the
NAT inside interface.
For details about this command and additional
parameters that can be set, as well as information
about enabling static translation, see the
Cisco IOS IP Command Reference, Volume 1 of 4:
Addressing and Services.
3-8
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01
Chapter 3 Configuring PPP over Ethernet with NAT
Configure Network Address Translation
NoteIf you want to use NAT with a virtual-template interface, you must configure a loopback interface. See
Chapter 1, “Basic Router Configuration,” for information on configuring a loopback interface.
Step 5no shutdown
Example:
Router(config-if)# no shutdownRouter(config-if)#
Enables the configuration changes just made to the
Ethernet interface.
Step 6exit
Example:
Router(config-if)# exit
Router(config)#
Exits configuration mode for the Fast Ethernet
interface.
Step 7interface type number
Example:
Router(config)# interface fastethernet 4
Router(config-if)#
Enters configuration mode for the Fast Ethernet
WAN interface (FE4) to be the outside interface
for NAT.
Step 8ip nat {inside | outside}
Example:
Router(config-if)# ip nat outside
Router(config-if)#
Identifies the specified WAN interface as the NAT
outside interface.
For details about this command and additional
parameters that can be set, as well as information
about enabling static translation, see the
Cisco IOS IP Command Reference, Volume 1 of 4:
Addressing and Services.
Step 9no shutdown
Example:
Router(config-if)# no shutdown
Router(config-if)#
Enables the configuration changes just made to the
Ethernet interface.
Step 10exit
Example:
Router(config-if)# exitRouter(config)#
Exits configuration mode for the Fast Ethernet
interface.
Step 11access-list access-list-number {deny | permit}
source [source-wildcard]
Example:
Router(config)# access-list 1 permit
192.168.1.0 0.0.0.255
Defines a standard access list indicating which
addresses need translation.
NoteAll other addresses are implicitly denied.
Command Purpose
3-9 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 3 Configuring PPP over Ethernet with NAT Configuration Example For complete information on the NAT commands, see the Cisco IOS Release 12.3 documentation set. For more general information on NAT concepts, see Appendix B, “Concepts.” Configuration Example The following configuration example shows a portion of the configuration file for the PPPoE scenario described in this chapter. The VLAN interface has an IP address of 192.168.1.1 with a subnet mask of 255.255.255.0. NAT is configured for inside and outside. NoteCommands marked by “(default)” are generated automatically when you run the show running-config command. ! vpdn enablevpdn-group 1 request-dialin protocol pppoe! interface vlan 1 ip address 192.168.1.1 255.255.255.0no ip directed-broadcast (default) ip nat inside !interface FastEthernet 4 ip address 192.168.12.2 255.255.255.0 no ip directed-broadcast (default) ip nat outside! interface dialer 1 ip address negotiatedppp authentication chap dialer pool 1 dialer-group 1! dialer-list 1 protocol ip permit ip nat inside source list 1 interface dialer 0 overloadip classless (default) ip route 10.10.25.2 0.255.255.255 dialer 0 !
3-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 3 Configuring PPP over Ethernet with NAT Configuration Example Verifying Your Configuration Use the show ip nat statistics command in privileged EXEC mode to verify the PPPoE with NAT configuration. You should see verification output similar to the following example: Router# show ip nat statistics Total active translations: 0 (0 static, 0 dynamic; 0 extended) Outside interfaces: FastEthernet4 Inside interfaces: Vlan1Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface Dialer0 refcount 0Queued Packets: 0