1. Delete all configuration and start from scratch

advertisement
Configure Cisco 1802 for T-DSL
created by: Rainer Bemsel – Version 1.0 – Dated: Jan/22/2011
The purpose of this document is to provide a comprehensive documentation to configure a Cisco 1802 for TDSL Usage. I’ve seen several examples and I don’t consider myself a CNIE, however I think it’s good to have
a cheat sheet to consult for time to time.
One note for the new DSL-16000 (G.992.5 ADSL2+). Cisco 1802 do not support DPBO (Downstream Power
Back-Off). This feature is required of outdoor installed DSLAMs. The new DSL is based on that.
I’m using C180X-ADVENTERPRISEK9-M, Version 12.4(22)T, RELEASE SOFTWARE (fc1)
Connect the blue Console Cable with the console connector at 5 (upper connection)
1. Delete all configuration and start from scratch
Router> en
Password:
Router#write erase
Router#reload
System configuration has been modified. Save? [yes/no]: no
Proceed with reload [confirm]
Once the router reloads, the System Configuration Dialog appears.
---- Systems Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: no
Router>
Configure Cisco 1802 for T-DSL
page 2 of 12
2. Set the enable password
Router> en
Router# conf t
Router(config)#enable password cisco
Router(config)#exit
Router# wr mem
Building configuration …..
[OK]
Router#
3. Give the router a name
Router> en
Password:
Router# conf t
Router(config)# hostname CSCO-1802-DSL
CSCO-1802-DSL(config)#exit
CSCO-1802-DSL# wr mem
Building configuration …..
[OK]
CSCO-1802-DSL
4. Provide an IP Address to VLAN 1
I’m using in this configuration VLAN 1 (FastEthernet 1 – FastEthernet 8) as the Inside Interface. This also
means VLAN 1 need to get an IP Address from the internal Network. This will be also used for Network
Address Translation
CSCO-1802-DSL(config)#int vlan1
CSCO-1802-DSL(config-if)#ip address 192.168.10.1 255.255.255.0
CSCO-1802-DSL(config-if)#ip nat inside
CSCO-1802-DSL(config-if)#exit
CSCO-1802-DSL(config)#exit
Building configuration …..
[OK]
CSCO-1802-DSL
5. Create a VPDN Group
Enable Virtual Private Dialup Networking (vpdn) on the Router to support PPPOE.
CSCO-1802-DSL(config)#vpdn enable
CSCO-1802-DSL(config)#no vpdn logging
CSCO-1802-DSL(config)#vpdn-group 1
CSCO-1802-DSL(config-vpdn)#request-dialin
CSCO-1802-DSL(config-vpdn-req-in)
Configure Cisco 1802 for T-DSL
page 3 of 12
6. Configure physical Outside Interface
If you do have a Cisco 1801 (ADSLoverPOTS), this configuration will not work in Germany. 1802 is using
ADSLoverISDN and this the one to bypass a DSL-Modem, like Speedport 200 (check my drawing on page 11)
and connects directly
CSCO-1802-DSL(config)#int ATM0
CSCO-1802-DSL(config-if)#no ip address
CSCO-1802-DSL(config-if)#no atm ilmi-keepalive
CSCO-1802-DSL(config-if)#dsl operating-mode auto
CSCO-1802-DSL(config-if)#pvc 1/32
CSCO-1802-DSL(config-if-atm-vc)#pppoe-client dial-pool-number 1
There are a few more DSL Operating Modes available, which can be different in your environment.
•
•
•
•
•
adsl2
adls2+
auto
etsi
itu-dmt
ITU G.992.3 Annex B
ITU G.992.5 Annex B
auto detect mode
ETSI TS 101 388 V1.3.1 Annex C
ITU G.992.1 Annex B
7. Configure Dialer
Create the dialer to connect to T-DSL.
Note: It is important to reduce MTU Size from the default of 1500 to 1492, as the remaining will be used
for the PPPOE Header. Dialer 1 is also the Outside Interface for NAT. Also “ip tcp adjust-mss” is absolutely
a must have.
CSCO-1802-DSL(config)#interface dialer 1
CSCO-1802-DSL(config-if)#description T-SYSTEMS ADSL
CSCO-1802-DSL(config-if)#ip address negotiated
CSCO-1802-DSL(config-if)#no ip unreachables
CSCO-1802-DSL(config-if)#ip mtu 1492
CSCO-1802-DSL(config-if)#ip nat outside
CSCO-1802-DSL(config-if)#encapsulation ppp
CSCO-1802-DSL(config-if)#ip tcp adjust-mss 1452
CSCO-1802-DSL(config-if)#dialer pool 1
CSCO-1802-DSL(config-if)#dialer idle-timeout 10800
CSCO-1802-DSL(config-if)#dialer fast-idle 600
CSCO-1802-DSL(config-if)#dialer enable-timeout 1
CSCO-1802-DSL(config-if)#dialer-group 1
CSCO-1802-DSL(config-if)#no cdp enable
CSCO-1802-DSL(config-if)#ppp authentication chap callin
CSCO-1802-DSL(config-if)#ppp chap hostname [email protected]
CSCO-1802-DSL(config-if)#ppp chap password abcdef
Configure Cisco 1802 for T-DSL
page 4 of 12
8. Define internal IP Address Range
This will define the internal IP Address Range, where NAT is going to be done. This is bound to Inteface
Dialer 1, where also default Gateway should point to. Not to forget to create an Access-List for Network
Adress Translation.
CSCO-1802-DSL(config-if)#ip nat inside source list 101 interface Dialer1 overload
CSCO-1802-DSL(config)#ip route 0.0.0.0 0.0.0.0 Dialer1
CSCO-1802-DSL(config)#access-list 101 permit ip any any
8. Create an ACL List to prohibit Microsoft NetBIOS traffic
It’s best practice to block Microsoft NetBIOS traffic for going out.
CSCO-1802-DSL(config)#access-list
CSCO-1802-DSL(config)#access-list
CSCO-1802-DSL(config)#access-list
CSCO-1802-DSL(config)#access-list
CSCO-1802-DSL(config)#access-list
CSCO-1802-DSL(config)#access-list
CSCO-1802-DSL(config)#access-list
CSCO-1802-DSL(config)#access-list
CSCO-1802-DSL(config)#dialer-list
102 deny udp any eq netbios-dgm any
102 deny udp any eq netbios-ns any
102 deny udp any eq netbios-ss any
102 deny tcp any e
102 deny tcp any eq 137 any
102 deny tcp any eq 138 any
102 deny tcp any eq 139 any
102 permit ip any any
1 protocol ip list 102
Configure Cisco 1802 for T-DSL
page 5 of 12
- - - - - - - - - - - - - - - - - - Optional - - - - - - - - - - - - - - - - - Configure DHCP
If you do not use static IP address scheme there is a need for a local DHCP server. Most routers can
act as local DHCP server, so can my Cisco 1802.
Required Steps to configure DHCP
Configuring a DHCP Database Agent or Disabling DHCP Conflict Logging
Excluding IP Addresses
Configuring a DHCP Address Pool
Configuring the DHCP Address Pool Name and Entering DHCP Pool Configuration Mode
As I do not have a large network to provide DHCP, I can skip DHCP Database agent and better
disable DHCP conflict logging
CSCO-1802-DSL(config)#no ip dhcp conflict logging
The DCHP server assumes that all IP Addresses in a DHCP pool are available for assigning to HDCP
clients. My DHCP Lease range goes from 192.168.10.3 to 192.168.10.9, all other IP addresses are
excluded.
CSCO-1802-DSL(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.2
CSCO-1802-DSL(config)#ip dhcp excluded-address 192.168.10.10 192.168.10.254
You can configure a DHCP address pool with a name that is a symbolic string (such as "home-network") or an
integer (such as 0). Configuring a DHCP address pool also places you in DHCP pool configuration mode —
identified by the (config-dhcp)# prompt—from which you can configure pool parameters
CSCO-1802-DSL(config)#ip dhcp pool home-network
To configure a subnet and mask for the newly created DHCP address pool, which contains the range of
available IP addresses that the DHCP server may assign to clients
CSCO-1802-DSL(dhcp-config)#network 192.168.10.0 255.255.255.0
The domain name of a DHCP client places the client in the general grouping of networks that make up the
domain. To configure a domain name string for the client, use the following command in DHCP pool
configuration mode:
CSCO-1802-DSL(dhcp-config)#domain-name bemsel.home
You will also need to tell the DCHP Clients, what DNS Servers to query and what will be the default Gateway
to find the way out of your private network.
CSCO-1802-DSL(dhcp-config)#dns-server 192.168.10.60 194.25.0.68 194.25.0.60
CSCO-1802-DSL(dhcp-config)#default-router 192.168.10.1
Note: Don’t forget to save the configuration to the startup-config -> CRTL+Z
Configure Cisco 1802 for T-DSL
page 6 of 12
A list of public DNS Servers
I did create a list of a few DNS Servers as a backdoor. You should use the DNS Servers, your Service
Provider has given.
T-DSL Business
• 194.25.0.68
• 194.25.0.60
• 194.25.0.52
Frankfurt
Hannover
Leipzig
Enable Telnet Access
As my home office and router location are too far apart to use a standard console cable, I’ve provided
myself access via telnet. There are only a few things to configure for a simple configuration.
CSCO-1802-DSL(config)#username rainer password bemsel
CSCO-1802-DSL(config)#line vty 0 4
CSCO-1802-DSL(config-line)#login local
CSCO-1802-DSL(config-line)#end
CSCO-1802-DSL#
Configure Cisco 1802 for T-DSL
page 7 of 12
Enable SNMP Access
CSCO-1802-DSL(config)#snmp-server community public
CSCO-1802-DSL(config)#snmp-server contact Rainer Bemsel
CSCO-1802-DSL(config)#snmp-server location Home-Office
UNSUCCESSFUL
SUCCESSFUL
Enable Netflow-9
Finally, I do have a Netflow collector (192.168.10.72) running in my Home-Office.
CSCO-1802-DSL(config)#ip flow-export source vlan 1
CSCO-1802-DSL(config)#ip flow-export version 9
CSCO-1802-DSL(config)#ip flow-cache time
CSCO-1802-DSL(config)#ip flow-cache timeout act
CSCO-1802-DSL(config)#ip flow-cache timeout active 1
CSCO-1802-DSL(config)#ip flow-export destination 192.168.10.72 9995
CSCO-1802-DSL(config)#snmp-server ifindex persist
CSCO-1802-DSL(config)#int atm0
CSCO-1802-DSL(config-if)#ip flow egress
CSCO-1802-DSL(config-if)#ip flow ingress
As I am very interested what’s going in and out my DSL Line, I did chose the Dialer. I also used VLAN to get
Host conversations as well
CSCO-1802-DSL(config)#int dialer1
CSCO-1802-DSL(config-if)#ip flow egress
CSCO-1802-DSL(config-if)#ip flow ingress
CSCO-1802-DSL(config-if)#
Configure Cisco 1802 for T-DSL
page 8 of 12
Disable DNS Control
This will prevent the router to run DNS resolution (saves time with typos at CLI level)
CSCO-1802-DSL(config)#no ip domain lookup
Configure Wireless LAN
First, delete the IP Address von VLAN 1 (you’ve added an IP Address in Step 4) and use it for Bridging
Group
CSCO-1802-DSL(config)#int vlan1
CSCO-1802-DSL(config)#no ip address
CSCO-1802-DSL(config)#bridge-group 1
CSCO-1802-DSL(config)#int BVI1
CSCO-1802-DSL(config-if)#ip address 192.168.10.1 255.255.255.0
Enabling the Radio Interface is the first thing to do, as wireless device radios are disabled by default. The
2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1. I’m enabling 2.4 GHz and leave 5 GHz disabled.
CSCO-1802-DSL(config)#int dot11radio 0
CSCO-1802-DSL(config-if)#ssid CSCO-WIRELESS
CSCO-1802-DSL(config-if-ssid)#vlan 1
CSCO-1802-DSL(config-if-ssid)#authentication-open
CSCO-1802-DSL(config-if-ssid)#guest-mode
CSCO-1802-DSL(config-if-ssid)#no shutdown
You need to configure static WEP keys only if your access point needs to support client devices that use
static WEP.
CSCO-1802-DSL(config)# int dot11radio 0
CSCO-1802-DSL(config-if)#encryption vlan 1 key 1 size 128 12345678901234567890123456
transmit-key
CSCO-1802-DSL(config-if)# encryption vlan 1 mode wep mandatory
Configure Cisco 1802 for T-DSL
page 9 of 12
- - - - - - - - - - - - - - - - - Troubleshooting - - - - - - - - - - - - - - - - If you experience issues and problems during manual configuration or when connecting the fresh configured
router to the internet, Cisco does have some show and debug commands implemented
- debug vpdn pppoe-events
- debug vpdn pppoe-data
- debug pppoe errors
- debug pppoe packets
- show vpdn - show vpdn session all
Configuration
-
show run
DHCP
-
show ip dhcp
show ip dhcp
show ip dhcp
show ip dhcp
binding
server statistics
conflict
pool
NetFlow
-
show ip flow export
show ip cache flow
show ip flow interface
debug flow exporter
debug flow event
debug flow packet
no debug all
-> Flow Exporter Errors
-> Flow Exporter Events
-> Flow Exporter Packet Information
-> switch off all possible debugging
Of course, there are many more troubleshooting commands, but those were
the ones, I used during this setup.
Configure Cisco 1802 for T-DSL
page 10 of 12
- - - - - - - - - - - - - - Complete Configuration - - - - - - - - - - - - - This is my basic and working configuration to connect my Cisco 1802 directly with ATMoverISDN (no other
DSL Modem used) – Wireless is not used on my router
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CSCO-1802-DSL
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable password 7 14040342ed72f22
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.10.1 192.168.10.2
ip dhcp excluded-address 192.168.10.10 192.168.10.254
!
ip dhcp pool home-network
network 192.168.10.0 255.255.255.0
domain-name bemsel.home
dns-server 194.25.0.68 194.25.0.60
default-router 192.168.10.254
!
!
ip cef
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
Configure Cisco 1802 for T-DSL
page 11 of 12
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
archive
log config
hidekeys
!
interface FastEthernet0
description *** DO NOT USE ***
no ip address
shutdown
duplex auto
speed auto
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet1
description *** HOME-OFFICE ***
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1
no ip address
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 1/32
pppoe-client dial-pool-number 1
!
dsl operating-mode itu-dmt
!
Configure Cisco 1802 for T-DSL
page 12 of 12
interface Virtual-Template1
no ip address
!
interface Vlan1
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer1
description *** T-SYSTEMS ADSL ***
ip address negotiated
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname [email protected]
ppp chap password 7 0aaaaaaaaaa05F
ppp ipcp dns request
!
interface Dialer0
no ip address
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
!
ip nat inside source list 101 interface Dialer1 overload
!
access-list 101 permit ip 192.0.0.0 0.255.255.255 any
access-list 102 deny
udp any eq netbios-dgm any
access-list 102 deny
udp any eq netbios-ns any
access-list 102 deny
udp any eq netbios-ss any
access-list 102 deny
tcp any eq 137 any
access-list 102 deny
tcp any eq 138 any
access-list 102 deny
tcp any eq 139 any
access-list 102 permit ip any any
dialer-list 1 protocol ip list 102
snmp-server community XXXXro RO
snmp-server ifindex persist
snmp-server location Home-Office
snmp-server contact Rainer Bemsel!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login local
!
end
Download