ADSL Setup

Answered Question
Nov 27th, 2008

Hi All,


I have just configure an ADSL interface on a router to dynamically connect to BT network for internet connection.


Below is my running config:


!

interface ATM0/1/0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

pvc 0/38

dialer pool-member 1

protocol ppp dialer

!

!

!

interface Dialer1

description ADSL Interface

ip address DHCP

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

ppp chap hostname xxxxxxxxxxxxxxx

ppp chap password xxxxxxxxxxx

ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


Question:


1. Please How do I configure my Dialer1 interface to automatically request a DNS from the BT network?


2. Which do I need to configure on my Dialer1 interface, is it "ip address DHCP" or "ip address negociated"


3. Do I need to configure an "ip nat pool"?


Cheers!

Correct Answer by lejoe.thomas about 8 years 2 months ago

Hi Law,


Guiseppe, there is an access-list misconfiguration for NAT, the correct access-list would be


access-list 100 permit ip 192.168.0.0 0.0.255.255 any


This will permit all address from major networks to be NAtted to the public address.


192.168.1.0/24

192.168.2.0/24

192.168.3.0/24

192.168.4.0/24

192.168.5.0/24


Remember I gave you that access-list (currently in your config) previously as an example.


Also make sure you set your DNS server on the PC and give it a go.


HTH

Lejoe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
lejoe.thomas Fri, 11/28/2008 - 00:25

Hi Lawrence,


1)Please How do I configure my Dialer1 interface to automatically request a DNS from the BT network?

ppp ipcp dns request


2. Which do I need to configure on my Dialer1 interface, is it "ip address DHCP" or "ip address negociated"

ip address negotiated


Do I need to configure an "ip nat pool"?

Yes you'll need to configure NAT


Steps

1) Configure your LAN interface as


ip nat inside


2) Under the dialer interface

dialer-group 1 (assign the dialer interface to dialer group




All in global configuration


3) Configure access-list to specify traffic that will be NAT-ted. Assuming your LAN range is 192.168.0.0/24


access-list 100 permit ip 192.168.0.0 0.0.0.255 any

ip nat inside source list 100 interface dialer 1 overload


4)Specify interesting packets that can trigger a call

dialer-list 1 protocol ip permit



5) Add a default route to point everything through the dialer interface


ip route 0.0.0.0 0.0.0.0 dialer 1


HTH

Lejoe



sr2470182 Fri, 11/28/2008 - 01:59

Dear Lejoe,

Thanks very much for your time! Its well appreciated.

Please find below, my new config. I have done exactly as you directed.


!

interface Dialer1

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp chap hostname xxxxxxxxxxxxxx

ppp chap password 0 xxxxxxxxxxx

ppp pap sent-username xxxxxxxx

ppp ipcp dns request

ppp ipcp route default

ppp ipcp address accept

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

!

!

ip http server

ip http authentication local

ip http secure-server

ip nat inside source list 100 interface Dialer1 overload

!

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!


Question:


1) As you can see in the above config, do I need the following on the dialer 1 interface?

dialer pool 1

ppp ipcp route default

ppp ipcp address accept


Or I should delete them.


2) Why using Access-list 100 and not Access-list 1.


Regards,



Law


lejoe.thomas Fri, 11/28/2008 - 15:52


Hi Law,


1) As you can see in the above config, do I need the following on the dialer 1 interface?

dialer pool 1

ppp ipcp route default

ppp ipcp address accept


Yes you need all the above in your dialer interface configuration. Since you're automatically inserting a dynamic default route through IPCP negotiations (ppp ipcp route default), remove the line

ip route 0.0.0.0 0.0.0.0 Dialer1


2) Why using Access-list 100 and not Access-list 1.


For specifying the traffic (internal LAN range) that will NATed, an extended access-list is used. Extended access-list begins from 100, which can deny or permit packets based on source and destination address, port numbers and upper layer protocols allows greater control and flexibility. Please note that this number (100) is referenced in the statement


ip nat inside source list 100 interface Dialer1 overload


A standard access-list which begins at 1, allows only to permit or deny based on source address or the entire TCP/IP protocol suite. We could also use a standard access-list to specify the NAT traffic, but I mostly prefer extended ACLs because of the control.



HTH

Lejoe

sr2470182 Sun, 11/30/2008 - 10:37

Thanks Lejoe,


I have the following interface on the router:

interface FastEthernet0/0

description LAN Interface

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto


Question:

1) If I should connect a PC configure for 192.168.2.2/24,to the above interface, will I be able to brouse the internet?


2) Do I have to configure an internal DNS on the router to be able to brouse the net fron my internal pcs?


3) Does it mean that the two commands below are same, hence I should remove one?

ppp ipcp route default

ip route 0.0.0.0 0.0.0.0 Dialer1


Thanks a miilion

lejoe.thomas Sun, 11/30/2008 - 14:01

1) If I should connect a PC configure for 192.168.2.2/24,to the above interface, will I be able to brouse the internet?

No, since are you're not running DHCP, you'll have to configure default gateway and DNS on the PC before you can browse.


default gateway : 192.168.2.1/24

DNS Server : ISP obtained


2) Do I have to configure an internal DNS on the router to be able to brouse the net fron my internal pcs?

Yes, DNS is required. You can configure DNS address the same as that you obtain from your ISP on the PCs.



3) Does it mean that the two commands below are same, hence I should remove one?


(obtains default route dynamically through ppp/ipcp negotiations)

ppp ipcp route default


(statically setting a default route)

ip route 0.0.0.0 0.0.0.0 Dialer1


You can remove either of the above lines.


HTH

Lejoe

sr2470182 Mon, 12/01/2008 - 06:29

Thanks Lejoe,


Finally I can ping the internet from my router (i.e ping www.yahoo.com). But I can NOT browse from my internal network, which is connected to the interface f0/0


Please do I need a static NATing? or what can I do to be able to browse the net from my LAN?


Below is my running config:


interface FastEthernet0/0

description LAN Interface

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet0/2/0

switchport access vlan 2

!

interface FastEthernet0/2/1

switchport access vlan 3

!

interface FastEthernet0/2/2

switchport access vlan 4

!

interface FastEthernet0/2/3

switchport access vlan 5

!

interface ATM0/1/0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

pvc 0/38

dialer pool-member 1

protocol ppp dialer

!

!

interface Dot11Radio0/3/0

no ip address

!

encryption mode ciphers aes-ccm

!

ssid xxxx

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0

54.0

channel 2412

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

no ip address

!

interface Vlan2

description USER VLAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan3

description SERVER VLAN

ip address 192.168.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan4

description TRAINING VLAN

ip address 192.168.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan5

description DMZ VLAN

ip address 192.168.5.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Dialer1

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp chap hostname xxx

ppp chap password 0 xxxx

ppp pap sent-username xxxx

ppp ipcp dns request

ppp ipcp address accept

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

!

!

ip http server

ip http authentication local

ip http secure-server

ip nat inside source list 100 interface Dialer1 overload

!

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

gateway

timer receive-rtp 1200

!

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

!

end


Law

Giuseppe Larosa Mon, 12/01/2008 - 07:16

Hello Law,

you may need to add manually the ISP DNS server on your PC LAN settings.


I see that you are not using DHCP so the PC has to be configured manually with a default gateway = 192.168.1.1 and with a DNS server.


Hope to help

Giuseppe


sr2470182 Mon, 12/01/2008 - 08:19

I have got a DHCP/DNS server on my LAN.

I have configuremy PC with static IP and using 192.168.2.1 as my GW. Yet I cannot browse the net.


May be I need to configure an IP NAT Pool (name), using my the IP Addreses that my ISP gave to me.......I don't know.



Thanks

ohassairi Mon, 12/01/2008 - 09:05

i think f0/0 belongs to vlan1. why you don't give the IP address 192.168.2.1 to vlan1 instead of f0/0

lejoe.thomas Mon, 12/01/2008 - 13:43

Hi Law,


The issue of browsing is merely related to DNS. You have already configured NAting on the router, so most of your configuration on the router is correct.


Since you said you run an internal DHCP/DNS server, what I would suggest is

On one of your computers in the internal LAN, get details such as default gateway, DNS.

1) Verify the default gateway is indeed the f0/0 int of the router

2) Verify the DNS server is the address of the internal server

3) Ping the default gateway and DNS server

4) Verify the DNS server, which might be mostly configured as a forwarder is correctly forwarding name resolution queries to a public DNS server.







HTH

Lejoe


sr2470182 Tue, 12/02/2008 - 08:23

Thank you all for all your efforts in helping to solve my problem. However I have tried all your suggestions but no luck yet.


Below is my "sh ip route" when connecting the router to the internet:


Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route


Gateway of last resort is 217.47.30.74 to network 0.0.0.0


81.0.0.0/32 is subnetted, 1 subnets

C 81.135.169.26 is directly connected, Dialer1

217.47.30.0/32 is subnetted, 1 subnets

C 217.47.30.74 is directly connected, Dialer1

C 192.168.2.0/24 is directly connected, FastEthernet0/0

S* 0.0.0.0/0 [1/0] via 217.47.30.74

is directly connected, Dialer1



Again I can ping the internet from the router but I cannot browse the net (from my PC) whenever I connect to the f0/0 interface.



lejoe.thomas Tue, 12/02/2008 - 14:52

Hi Law,


Please host the output of the following commands


show host


show running-config


HTH

Lejoe

lejoe.thomas Tue, 12/02/2008 - 20:54

Hi,

The show host, will show you the address of the name-server. Use this address as the dns server on your PC and try if things work.


HTH

Lejoe

sr2470182 Wed, 12/03/2008 - 01:43

Thanks Lejoe,



#sh hosts

Default domain is not set

Name/address lookup uses domain service

Name servers are 255.255.255.255


Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate

temp - temporary, perm - permanent

NA - Not Applicable None - Not defined


Host Port Flags Age Type Address(es)


As you can see above, nothing is shown in the "sh host" command.


Question:

Do I need to configure a static name-servers (of my ISP) on the router?


Also attached is the running-config.


Thanks





Attachment: 
Giuseppe Larosa Wed, 12/03/2008 - 03:02

Hello Law,

I think there is a little config mismatch in NAT

ip nat inside source list 100 interface Dialer1 overload


access-list 100 permit ip 192.168.0.0 0.0.0.255 any


but f0/0 uses

192.168.2.0/24


so nat is never triggered


you can check nat with

sh ip nat translations


sorry I didn't see before


Hope to help

Giuseppe


sr2470182 Wed, 12/03/2008 - 03:19

Thanks Giuseppe,


when I type in "sh ip nat translations", nothing is shown or displayed.


Though the router is not connected to the internet right now. I mean no adsl cable is connected to the interface.


What do you suggest the correct NAT statement should be If you feel there is a mismatch in the config?



Thanks


Correct Answer
lejoe.thomas Wed, 12/03/2008 - 03:36

Hi Law,


Guiseppe, there is an access-list misconfiguration for NAT, the correct access-list would be


access-list 100 permit ip 192.168.0.0 0.0.255.255 any


This will permit all address from major networks to be NAtted to the public address.


192.168.1.0/24

192.168.2.0/24

192.168.3.0/24

192.168.4.0/24

192.168.5.0/24


Remember I gave you that access-list (currently in your config) previously as an example.


Also make sure you set your DNS server on the PC and give it a go.


HTH

Lejoe

sr2470182 Wed, 12/03/2008 - 03:50

Thank you all. I very much appreciate all your help.


I have now changed the list to

access-list 100 permit ip 192.168.0.0 0.0.255.255 any


I will give it a go and inform you what happen.


Regards to you all,


lejoe.thomas Wed, 12/03/2008 - 03:58

No worries, It's been long as length of this thread would indicate that you've been running behind the problem. Hopefully this should resolve things :)


Please get back if you run into any problems.


Lejoe

Actions

This Discussion