c836 router + external dsl modem - acl questions

Unanswered Question
Apr 9th, 2009

Hello NetPRO Members,

I am not really sure for the best configuriation with my network setup.

Currently i use an old c836 router. AFAIK it fill my needs excepting a missing ADSL2+ internal atm interface.

I decided to use a device which my provider supplied as ADSL Modem replacement. It is a Siemens ADSL2+ Router but that device run simple in bridgeing mode. I only use it as ADSL2+ Modem. Now i am looking for a way to access this Siemens Device over lan.

NOTE: When i write DSL Modem i mean a DSL Router with ADSL2+ integrated modem.

My Network scenario is:

An c836 router use Ethernet0 as lan interface with nat inside.

Ethernet2 should be the WAN interface useing PPPOE over ethernet with Dialer0.

interface Dialer0

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname myusername

ppp chap password 0 mypassword

ppp pap sent-username myusername password 0 mypassword

ppp ipcp dns request

ppp ipcp route default

ppp ipcp address accept

I configured an access-list that allow

lan camputers to access the internet.

access-list 1 permit 192.168.1.0 0.0.0.255

NOTE: I am not very familiar with ACLs in IOS. Later i like fine tune it^

Now i am not sure what will be the best way to make the DSL modem accessible over ethernet. Is there any difference whether i add the network 192.168.254.0 on Ethernet2 dirctly when on its same interface is a Dialer interface configured?

The DSL Modem listen on an IP Adress in network 192.168.254.0. But with access lists i have no idea how to make sure that WAN/Internet Traffic can be filtered correctly.

Can i use an IP on Ethernet2 and place access-lists independently? I am not sure whether it works fine to setup different access control lists on Ethernet2. For Example i like to

enable firewall rules for Internet Traffic (going in/out over Dialer0) and make the 192.168.254.0 network on the same interface only accessable for my self.

I also know that i can create virtual interfaces i.e Ethernet2.1 and add an IP there. I simple like to access the DSL Modem by http for trouble shooting.

When my dsl connetion is not working then i like to check for connectivity.

I hope it was possible to explain my desired configuration as good as possible.

Thanks for every help!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mhnsitnet Sat, 04/25/2009 - 08:24

Hello NetPRO Members,

Is nobody here with some free time? I hope my reply helps to get some answers :)

Actions

This Discussion