1. Delete all configuration and start from scratch
advertisement
Configure Cisco 1802 for T-DSL created by: Rainer Bemsel – Version 1.0 – Dated: Jan/22/2011 The purpose of this document is to provide a comprehensive documentation to configure a Cisco 1802 for TDSL Usage. I’ve seen several examples and I don’t consider myself a CNIE, however I think it’s good to have a cheat sheet to consult for time to time. One note for the new DSL-16000 (G.992.5 ADSL2+). Cisco 1802 do not support DPBO (Downstream Power Back-Off). This feature is required of outdoor installed DSLAMs. The new DSL is based on that. I’m using C180X-ADVENTERPRISEK9-M, Version 12.4(22)T, RELEASE SOFTWARE (fc1) Connect the blue Console Cable with the console connector at 5 (upper connection) 1. Delete all configuration and start from scratch Router> en Password: Router#write erase Router#reload System configuration has been modified. Save? [yes/no]: no Proceed with reload [confirm] Once the router reloads, the System Configuration Dialog appears. ---- Systems Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: no Router> Configure Cisco 1802 for T-DSL page 2 of 12 2. Set the enable password Router> en Router# conf t Router(config)#enable password cisco Router(config)#exit Router# wr mem Building configuration ….. [OK] Router# 3. Give the router a name Router> en Password: Router# conf t Router(config)# hostname CSCO-1802-DSL CSCO-1802-DSL(config)#exit CSCO-1802-DSL# wr mem Building configuration ….. [OK] CSCO-1802-DSL 4. Provide an IP Address to VLAN 1 I’m using in this configuration VLAN 1 (FastEthernet 1 – FastEthernet 8) as the Inside Interface. This also means VLAN 1 need to get an IP Address from the internal Network. This will be also used for Network Address Translation CSCO-1802-DSL(config)#int vlan1 CSCO-1802-DSL(config-if)#ip address 192.168.10.1 255.255.255.0 CSCO-1802-DSL(config-if)#ip nat inside CSCO-1802-DSL(config-if)#exit CSCO-1802-DSL(config)#exit Building configuration ….. [OK] CSCO-1802-DSL 5. Create a VPDN Group Enable Virtual Private Dialup Networking (vpdn) on the Router to support PPPOE. CSCO-1802-DSL(config)#vpdn enable CSCO-1802-DSL(config)#no vpdn logging CSCO-1802-DSL(config)#vpdn-group 1 CSCO-1802-DSL(config-vpdn)#request-dialin CSCO-1802-DSL(config-vpdn-req-in) Configure Cisco 1802 for T-DSL page 3 of 12 6. Configure physical Outside Interface If you do have a Cisco 1801 (ADSLoverPOTS), this configuration will not work in Germany. 1802 is using ADSLoverISDN and this the one to bypass a DSL-Modem, like Speedport 200 (check my drawing on page 11) and connects directly CSCO-1802-DSL(config)#int ATM0 CSCO-1802-DSL(config-if)#no ip address CSCO-1802-DSL(config-if)#no atm ilmi-keepalive CSCO-1802-DSL(config-if)#dsl operating-mode auto CSCO-1802-DSL(config-if)#pvc 1/32 CSCO-1802-DSL(config-if-atm-vc)#pppoe-client dial-pool-number 1 There are a few more DSL Operating Modes available, which can be different in your environment. • • • • • adsl2 adls2+ auto etsi itu-dmt ITU G.992.3 Annex B ITU G.992.5 Annex B auto detect mode ETSI TS 101 388 V1.3.1 Annex C ITU G.992.1 Annex B 7. Configure Dialer Create the dialer to connect to T-DSL. Note: It is important to reduce MTU Size from the default of 1500 to 1492, as the remaining will be used for the PPPOE Header. Dialer 1 is also the Outside Interface for NAT. Also “ip tcp adjust-mss” is absolutely a must have. CSCO-1802-DSL(config)#interface dialer 1 CSCO-1802-DSL(config-if)#description T-SYSTEMS ADSL CSCO-1802-DSL(config-if)#ip address negotiated CSCO-1802-DSL(config-if)#no ip unreachables CSCO-1802-DSL(config-if)#ip mtu 1492 CSCO-1802-DSL(config-if)#ip nat outside CSCO-1802-DSL(config-if)#encapsulation ppp CSCO-1802-DSL(config-if)#ip tcp adjust-mss 1452 CSCO-1802-DSL(config-if)#dialer pool 1 CSCO-1802-DSL(config-if)#dialer idle-timeout 10800 CSCO-1802-DSL(config-if)#dialer fast-idle 600 CSCO-1802-DSL(config-if)#dialer enable-timeout 1 CSCO-1802-DSL(config-if)#dialer-group 1 CSCO-1802-DSL(config-if)#no cdp enable CSCO-1802-DSL(config-if)#ppp authentication chap callin CSCO-1802-DSL(config-if)#ppp chap hostname xxxxxxxxxyyyyyyyyyy0001@t-online.de CSCO-1802-DSL(config-if)#ppp chap password abcdef Configure Cisco 1802 for T-DSL page 4 of 12 8. Define internal IP Address Range This will define the internal IP Address Range, where NAT is going to be done. This is bound to Inteface Dialer 1, where also default Gateway should point to. Not to forget to create an Access-List for Network Adress Translation. CSCO-1802-DSL(config-if)#ip nat inside source list 101 interface Dialer1 overload CSCO-1802-DSL(config)#ip route 0.0.0.0 0.0.0.0 Dialer1 CSCO-1802-DSL(config)#access-list 101 permit ip any any 8. Create an ACL List to prohibit Microsoft NetBIOS traffic It’s best practice to block Microsoft NetBIOS traffic for going out. CSCO-1802-DSL(config)#access-list CSCO-1802-DSL(config)#access-list CSCO-1802-DSL(config)#access-list CSCO-1802-DSL(config)#access-list CSCO-1802-DSL(config)#access-list CSCO-1802-DSL(config)#access-list CSCO-1802-DSL(config)#access-list CSCO-1802-DSL(config)#access-list CSCO-1802-DSL(config)#dialer-list 102 deny udp any eq netbios-dgm any 102 deny udp any eq netbios-ns any 102 deny udp any eq netbios-ss any 102 deny tcp any e 102 deny tcp any eq 137 any 102 deny tcp any eq 138 any 102 deny tcp any eq 139 any 102 permit ip any any 1 protocol ip list 102 Configure Cisco 1802 for T-DSL page 5 of 12 - - - - - - - - - - - - - - - - - - Optional - - - - - - - - - - - - - - - - - Configure DHCP If you do not use static IP address scheme there is a need for a local DHCP server. Most routers can act as local DHCP server, so can my Cisco 1802. Required Steps to configure DHCP Configuring a DHCP Database Agent or Disabling DHCP Conflict Logging Excluding IP Addresses Configuring a DHCP Address Pool Configuring the DHCP Address Pool Name and Entering DHCP Pool Configuration Mode As I do not have a large network to provide DHCP, I can skip DHCP Database agent and better disable DHCP conflict logging CSCO-1802-DSL(config)#no ip dhcp conflict logging The DCHP server assumes that all IP Addresses in a DHCP pool are available for assigning to HDCP clients. My DHCP Lease range goes from 192.168.10.3 to 192.168.10.9, all other IP addresses are excluded. CSCO-1802-DSL(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.2 CSCO-1802-DSL(config)#ip dhcp excluded-address 192.168.10.10 192.168.10.254 You can configure a DHCP address pool with a name that is a symbolic string (such as "home-network") or an integer (such as 0). Configuring a DHCP address pool also places you in DHCP pool configuration mode — identified by the (config-dhcp)# prompt—from which you can configure pool parameters CSCO-1802-DSL(config)#ip dhcp pool home-network To configure a subnet and mask for the newly created DHCP address pool, which contains the range of available IP addresses that the DHCP server may assign to clients CSCO-1802-DSL(dhcp-config)#network 192.168.10.0 255.255.255.0 The domain name of a DHCP client places the client in the general grouping of networks that make up the domain. To configure a domain name string for the client, use the following command in DHCP pool configuration mode: CSCO-1802-DSL(dhcp-config)#domain-name bemsel.home You will also need to tell the DCHP Clients, what DNS Servers to query and what will be the default Gateway to find the way out of your private network. CSCO-1802-DSL(dhcp-config)#dns-server 192.168.10.60 194.25.0.68 194.25.0.60 CSCO-1802-DSL(dhcp-config)#default-router 192.168.10.1 Note: Don’t forget to save the configuration to the startup-config -> CRTL+Z Configure Cisco 1802 for T-DSL page 6 of 12 A list of public DNS Servers I did create a list of a few DNS Servers as a backdoor. You should use the DNS Servers, your Service Provider has given. T-DSL Business • 194.25.0.68 • 194.25.0.60 • 194.25.0.52 Frankfurt Hannover Leipzig Enable Telnet Access As my home office and router location are too far apart to use a standard console cable, I’ve provided myself access via telnet. There are only a few things to configure for a simple configuration. CSCO-1802-DSL(config)#username rainer password bemsel CSCO-1802-DSL(config)#line vty 0 4 CSCO-1802-DSL(config-line)#login local CSCO-1802-DSL(config-line)#end CSCO-1802-DSL# Configure Cisco 1802 for T-DSL page 7 of 12 Enable SNMP Access CSCO-1802-DSL(config)#snmp-server community public CSCO-1802-DSL(config)#snmp-server contact Rainer Bemsel CSCO-1802-DSL(config)#snmp-server location Home-Office UNSUCCESSFUL SUCCESSFUL Enable Netflow-9 Finally, I do have a Netflow collector (192.168.10.72) running in my Home-Office. CSCO-1802-DSL(config)#ip flow-export source vlan 1 CSCO-1802-DSL(config)#ip flow-export version 9 CSCO-1802-DSL(config)#ip flow-cache time CSCO-1802-DSL(config)#ip flow-cache timeout act CSCO-1802-DSL(config)#ip flow-cache timeout active 1 CSCO-1802-DSL(config)#ip flow-export destination 192.168.10.72 9995 CSCO-1802-DSL(config)#snmp-server ifindex persist CSCO-1802-DSL(config)#int atm0 CSCO-1802-DSL(config-if)#ip flow egress CSCO-1802-DSL(config-if)#ip flow ingress As I am very interested what’s going in and out my DSL Line, I did chose the Dialer. I also used VLAN to get Host conversations as well CSCO-1802-DSL(config)#int dialer1 CSCO-1802-DSL(config-if)#ip flow egress CSCO-1802-DSL(config-if)#ip flow ingress CSCO-1802-DSL(config-if)# Configure Cisco 1802 for T-DSL page 8 of 12 Disable DNS Control This will prevent the router to run DNS resolution (saves time with typos at CLI level) CSCO-1802-DSL(config)#no ip domain lookup Configure Wireless LAN First, delete the IP Address von VLAN 1 (you’ve added an IP Address in Step 4) and use it for Bridging Group CSCO-1802-DSL(config)#int vlan1 CSCO-1802-DSL(config)#no ip address CSCO-1802-DSL(config)#bridge-group 1 CSCO-1802-DSL(config)#int BVI1 CSCO-1802-DSL(config-if)#ip address 192.168.10.1 255.255.255.0 Enabling the Radio Interface is the first thing to do, as wireless device radios are disabled by default. The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1. I’m enabling 2.4 GHz and leave 5 GHz disabled. CSCO-1802-DSL(config)#int dot11radio 0 CSCO-1802-DSL(config-if)#ssid CSCO-WIRELESS CSCO-1802-DSL(config-if-ssid)#vlan 1 CSCO-1802-DSL(config-if-ssid)#authentication-open CSCO-1802-DSL(config-if-ssid)#guest-mode CSCO-1802-DSL(config-if-ssid)#no shutdown You need to configure static WEP keys only if your access point needs to support client devices that use static WEP. CSCO-1802-DSL(config)# int dot11radio 0 CSCO-1802-DSL(config-if)#encryption vlan 1 key 1 size 128 12345678901234567890123456 transmit-key CSCO-1802-DSL(config-if)# encryption vlan 1 mode wep mandatory Configure Cisco 1802 for T-DSL page 9 of 12 - - - - - - - - - - - - - - - - - Troubleshooting - - - - - - - - - - - - - - - - If you experience issues and problems during manual configuration or when connecting the fresh configured router to the internet, Cisco does have some show and debug commands implemented - debug vpdn pppoe-events - debug vpdn pppoe-data - debug pppoe errors - debug pppoe packets - show vpdn - show vpdn session all Configuration - show run DHCP - show ip dhcp show ip dhcp show ip dhcp show ip dhcp binding server statistics conflict pool NetFlow - show ip flow export show ip cache flow show ip flow interface debug flow exporter debug flow event debug flow packet no debug all -> Flow Exporter Errors -> Flow Exporter Events -> Flow Exporter Packet Information -> switch off all possible debugging Of course, there are many more troubleshooting commands, but those were the ones, I used during this setup. Configure Cisco 1802 for T-DSL page 10 of 12 - - - - - - - - - - - - - - Complete Configuration - - - - - - - - - - - - - This is my basic and working configuration to connect my Cisco 1802 directly with ATMoverISDN (no other DSL Modem used) – Wireless is not used on my router ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname CSCO-1802-DSL ! boot-start-marker boot-end-marker ! logging message-counter syslog enable password 7 14040342ed72f22 ! no aaa new-model ! dot11 syslog ip source-route ! ! no ip dhcp conflict logging ip dhcp excluded-address 192.168.10.1 192.168.10.2 ip dhcp excluded-address 192.168.10.10 192.168.10.254 ! ip dhcp pool home-network network 192.168.10.0 255.255.255.0 domain-name bemsel.home dns-server 194.25.0.68 194.25.0.60 default-router 192.168.10.254 ! ! ip cef no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! Configure Cisco 1802 for T-DSL page 11 of 12 vpdn enable ! vpdn-group 1 request-dialin protocol pppoe ! ! archive log config hidekeys ! interface FastEthernet0 description *** DO NOT USE *** no ip address shutdown duplex auto speed auto ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface FastEthernet1 description *** HOME-OFFICE *** ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface Dot11Radio0 no ip address shutdown speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Dot11Radio1 no ip address shutdown speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 station-role root ! interface ATM0 no ip address no atm ilmi-keepalive pvc 1/32 pppoe-client dial-pool-number 1 ! dsl operating-mode itu-dmt ! Configure Cisco 1802 for T-DSL page 12 of 12 interface Virtual-Template1 no ip address ! interface Vlan1 ip address 192.168.10.254 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Dialer1 description *** T-SYSTEMS ADSL *** ip address negotiated no ip unreachables ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname xxxxxxxyyyyyyyyyy0001@t-online.de ppp chap password 7 0aaaaaaaaaa05F ppp ipcp dns request ! interface Dialer0 no ip address ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer1 no ip http server no ip http secure-server ! ! ip nat inside source list 101 interface Dialer1 overload ! access-list 101 permit ip 192.0.0.0 0.255.255.255 any access-list 102 deny udp any eq netbios-dgm any access-list 102 deny udp any eq netbios-ns any access-list 102 deny udp any eq netbios-ss any access-list 102 deny tcp any eq 137 any access-list 102 deny tcp any eq 138 any access-list 102 deny tcp any eq 139 any access-list 102 permit ip any any dialer-list 1 protocol ip list 102 snmp-server community XXXXro RO snmp-server ifindex persist snmp-server location Home-Office snmp-server contact Rainer Bemsel! ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 login local ! end
