Static ip scenario

Answered Question
Oct 24th, 2007

Hello !!

I have some questions about BRAS and ip address assigment to users.

Let`t say we have the interface below on our BRAS 7200.

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address

So the IPDSLAM is connected to this 7200 series router, and all users are in the same vlan. Now how can I assign one ip address for 1 user, and don`t let him use another ip address than one we assigned to him. If he tries to use another one than he should not be able to acces the network.

I know about one isp which did this on the same way, and the best of all is they have not binded ip address to mac address, because their customers can use any router/modem they just want, but they can ONLY use the ip address they are assigned from this isp.

How is this possible ? we will not use PPPoE or PPPoA because this makes many problems for our customers when they need to restart their equipment, the authentication is not allways successfull.

Any idea ? what is the best way to accomplish this goal ??

I`ll not forget the rating !

Thank You

Best regards

I have this problem too.
0 votes
Correct Answer by Paolo Bevilacqua about 8 years 11 months ago

Confirm first that you have set the DLSAM to map individual lines into an individual vlan. Create the subinterface, add the correct vlan ID as encapsulation, assign any IP address and enter static route for the remote, pointing to subinterface. That's it.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Paolo Bevilacqua Thu, 10/25/2007 - 05:14


This may not be so easy to meet. Anway, I think it's not possible for sure, as long you have a single vlan for all dsl pvcs. You should set the dlsma so maps each line to a vlan, then find the best configurtion there, I'm looking in more detail on how this would be possible, so ls stand by.

050878james Thu, 10/25/2007 - 06:03

Hi again !!

Thank You for reply, I really tried to find a solution for this scenario, but it seems that I had no luck this time :( I hope that You can figure it out. I was thinking about static arp table, but not useful at all because this is used to ensure that user receives the same ip from dhcp each time it ask for it, but this will not pervent user to type another ip address manually and connect to the network.

Thank You I am waiting for some answer and I hope that You can find a solution.

Best regards

Paolo Bevilacqua Thu, 10/25/2007 - 06:30

One way could be this (I can't test that yet).

Configure the IP DSLAM to map each PVC that need a static address in a separate vlan.

Under the subinterface, configure a private address/mask, that is ok as long doesn';t overlap with others.

Then configure as many static routes as necessary with mask /32 for the static address, pointing each one to the corresponding subinterface.

050878james Thu, 10/25/2007 - 06:37

Could I ask You for one "sample example config" that is working ?

I`ll be out of the office for 1 hour, but than I am back !!

Thank You very much for helping !!!!

I really need to fix this isue.

Best regards

Correct Answer
Paolo Bevilacqua Thu, 10/25/2007 - 11:36

Confirm first that you have set the DLSAM to map individual lines into an individual vlan. Create the subinterface, add the correct vlan ID as encapsulation, assign any IP address and enter static route for the remote, pointing to subinterface. That's it.

050878james Thu, 10/25/2007 - 12:23

hmm, well let me think little about it, so I`ll let You know my understanding...

Looks very interesting solution......

Thank You very much !!!!

Best regards

Paolo Bevilacqua Thu, 10/25/2007 - 12:44

This one should work by virtue of proxy arp. The PC sends ARP for gateway address, and even if this address is not the one of the interface receiving ARP, router will reply with a MAC address.

Thanks for the nice rating and let us know how it goes!

050878james Thu, 10/25/2007 - 13:09

You`re welcome !!!

Well hope that I have right understanding now.

Let say we have one sub-interface:

int fa/0.010

description dsl_cust

ensapsulation dot1q 10

ip address

Than we configure the IPDSLAM for example,

we configure switch port number 1 on the

IPDSLAM as a member of the VLAN 10, but hmm

I am still little confused here.. because this dsl user needs to use the ip

as the gateway and he can use as

his static ip address. But I still don`t understand how I can (fix) this ip, so he can`t use for example og .4 not just .2

I am really trying to understand but it is not that easy.

Thank You for helping !! any better explanation using config maybe ?

Best regards

050878james Thu, 10/25/2007 - 13:48

Well for 20 min ago I asked one of my old friends to test something for me. He is connected to the ISP which assigns static ip addresses for its customers.

Let`s say this is the ip address my friend got from his ISP:

ip address



And he is only able to use ip address and not another ip addresses, even if this is a big subnet. Another customer got and both of these customers uses the same gateway. But they can`t use another ip address than one ISP assigned to them.

My friend have Cisco ASA 5505 and he NAT`s to his internal LAN, so his lan ip of the ASA is

And than I asked him to trace

so after the trace was successfull:

As first HOP he got the ip address

1 10 ms 7 ms 6 ms

And if You see this ip address is not on his network, this is ip address from IPDSLAM I think ?? and why he receives this ip address, because as first hop he should get the ip address, because this is his GATEWAY he got from his ISP and this ip is used in the default route on his ASA, but not instead of ip he gots this ip as first hop

So they must use one or another router on the PSTN which is connected to IPDSLAM or this is ip of the IP DSLAM.

Do You understand this scenario ??? maybe this will give You idea how to explain it to me ??

Thank You !!!!

I AM REALLY SORY for long post, but I like to describe every detail, so You understand what I mean.

Best regards

Paolo Bevilacqua Thu, 10/25/2007 - 14:05


You have observed in act, what I was suggesting you to try.

He gets an "off-subnet" first hop address because the router interface doesn't have the address configured as GW on the ASA. Instead that interface has a private address picked as ISP likes.

But due to proxy-arp, or call it router magic, no other address outside the static route will work on that vlan. You can also add more addresses to a customer, if you want.

Good luck!

050878james Thu, 10/25/2007 - 14:19

Well I`ll try it tomorrow, and I`ll let You know !!

Thank You again !!

Best regards

050878james Thu, 11/01/2007 - 15:13

Hello again !!

Well I really tried but no success, do You have any possibilities to create a short sample how the config exactly should look like ?? on the BRAS (Router) ? where the IPDSLAM is connected to.

Thank You for helping !!!

I`ll rate the answer !! hope You`ll create the short sample.

I`ll really appreciate Your help !!

Best regards


steveo123 Thu, 11/01/2007 - 16:54

this is not possible without the use of an radius assigned pool. which will need pppoe or pppoa.


050878james Fri, 11/02/2007 - 00:30

Well, than how this ISP I was talking about fixed these issues ? They are just giving their customers "static ip address" "subnetmask" and "gateway" så than they are on the network, no PPPoA and no PPPoE. So this is 100% possible, but I just need one example from someone who did this before.

Thank You

Best regards

steveo123 Sun, 11/04/2007 - 19:00

My friend,

First of all are you an ISP/NSP..?? because if you are then YES, it is possible to perform direct static assignments to end users without the use of ppoe or pppoa. The protocols pppoa/pppoe are only used between the CPE and Telco LAC to uniquely identify users via there username-authentication mapping it to a unique realm, then, this realm is used to identify the upstream ISP that the telco needs to forward packets to the correct L2TP tunnel, or in telco terms is knows as DSL local aggregation.

Now having said all this, there are 2 options: 1) if you ACTUALLY are the ISP and the TECO (NSP) then you would own your own DSLAM meaning you can own every bit of infrastructure between your LNS/core network up to the DSLAM/CPE, which would enable you to easily configure static IP's and a Default gateway without any authentication stacks in your packets designated upstream.

2) if you are NOT the ISP or NSP then

The PC dialer interface would send off a request with the clients username and password. The username

plus the domain name(realm) is what the TECO use to domain route this PPP session to its destination(ie ISP).

ie [email protected]. The domain denotes a predefined LNS IP address that the TECO will terminate

this PPP session upon. It is then the responsibility of the ISP to authenticate the user johnsmith or assign it a static ip address via configuring your LNS under vpdn group to map users to static IP.

which are you ??? what is your infrastructure like..??

Steve K

050878james Sun, 11/04/2007 - 22:38

Hello Steve !!

Thank You very much for reply !!

I am the first option, we are the ISP and have around 310 our own IPDSLAM`s. All of our DSLAMS are connected to our (BRAS) Core network Router.

So today we are using PPPoE but will move over to "static ip address assigment", therfore I am asking for god suggestion and ofcourse some "sample" example.

Our IPDSLAM is ZyXel, while whole core network is running on 5 Cisco 7200 Routers, which exchanges BGP.

Any sample example ? I could try ?

Our IPDSLAM`s can only filter on MAC address, but this is not useful option, because users may want to change their modems, or bridge them, than they need to call us for configuring new mac address on the IPDSLAM, so I need an option which can assign static ip address to users without to filter MAC address.

Best regards

050878james Fri, 01/04/2008 - 17:06

Hello again dude,

Could you please provide me an example for your explanation you wrote above on this forum:

"Confirm first that you have set the DLSAM to map individual lines into an individual vlan. Create the subinterface, add the correct vlan ID as encapsulation, assign any IP address and enter static route for the remote, pointing to subinterface. That's it."

I tried but I am not 100 % what you mean with

"enter static route for the remote"

I hope you can provide me an example for this.

Thank You !!

Best regards



This Discussion