Mailing List Archive

It's a pretty straight forward set up.

Eg:
203.10.20.30/32 (Static IP assigned via Service Provider)
203.40.50.60/29 (Routed subnet)

On your Ethernet or FastE interface:

interface Ethernet0
ip address 203.40.50.61 255.255.255.248

All your devices on that LAN segment will use 203.40.50.61 as their
gateway. This is the typical set up if your devices on the LAN side are
using IP's from the routed subnet. Eg: web server 203.40.50.62, mail
server 203.40.50.63, etc

For your local PC's are using private IP's (eg: 192.168.1.0/24), you can
use the same ethernet interface and add in a secondary IP address to act
as the gateway for the local PC's.

interface Ethernet0
ip address 203.40.50.61 255.255.255.248
ip address 192.168.1.1 255.255.255.0 secondary
ip nat inside

Because you have atleast 6 IP's to use from your routed subnet
(203.40.50.61-66), you can also use static nat so that your local PC's
might go out to the Internet with a public IP from your routed subnet
instead of the PPPoE assigned IP.

HTH.

Cheers.

Andy

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
Please notify the sender immediately by email if you have received this
email by mistake and delete this email from your system. Please note that
any views or opinions presented in this email are solely those of the
author and do not necessarily represent those of the organisation.
Finally, the recipient should check this email and any attachments for
the presence of viruses. The organisation accepts no liability for any
damage caused by any virus transmitted by this email.

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Hi Andy,

The configuration you have suggested would be a typical PPPoE setup, but I'm
faced with a situation where the IP assignment is something like:

Static IP assigned via Service Provider: 203.40.50.61/32
Routed Subnet: 203.40.50.60/29

RADIUS would probably have a Framed-Route attribute of something like
Framed-Route="203.40.50.60/29 203.40.50.61 1"

Meaning the the dialer interface (or bridged interface or whatever that
interface might be) will have .61 and other usable IPs in that subnet will
be used for hosts behind that router.
Any ideas?

Thanks again.

cheers,
Patrick
On Tue, Jan 13, 2009 at 8:03 AM, Andy Saykao <
andy.saykao@staff.netspace.net.au> wrote:

> It's a pretty straight forward set up.
>
> Eg:
> 203.10.20.30/32 (Static IP assigned via Service Provider)
> 203.40.50.60/29 (Routed subnet)
>
> On your Ethernet or FastE interface:
>
> interface Ethernet0
> ip address 203.40.50.61 255.255.255.248
>
> All your devices on that LAN segment will use 203.40.50.61 as their
> gateway. This is the typical set up if your devices on the LAN side are
> using IP's from the routed subnet. Eg: web server 203.40.50.62, mail
> server 203.40.50.63, etc
>
> For your local PC's are using private IP's (eg: 192.168.1.0/24), you can
> use the same ethernet interface and add in a secondary IP address to act
> as the gateway for the local PC's.
>
> interface Ethernet0
> ip address 203.40.50.61 255.255.255.248
> ip address 192.168.1.1 255.255.255.0 secondary
> ip nat inside
>
> Because you have atleast 6 IP's to use from your routed subnet
> (203.40.50.61-66), you can also use static nat so that your local PC's
> might go out to the Internet with a public IP from your routed subnet
> instead of the PPPoE assigned IP.
>
> HTH.
>
> Cheers.
>
> Andy
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> Please notify the sender immediately by email if you have received this
> email by mistake and delete this email from your system. Please note that
> any views or opinions presented in this email are solely those of the
> author and do not necessarily represent those of the organisation.
> Finally, the recipient should check this email and any attachments for
> the presence of viruses. The organisation accepts no liability for any
> damage caused by any virus transmitted by this email.
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>

You could probably set up your ethernet interface to use the IP assigned
to the dialer interface with "ip unnumbered dialer0" and still have the
private IP as secondary.

interface Ethernet0
ip unnumbered dialer 0
ip address 192.168.1.1 255.255.255.0 secondary
ip nat inside

Thats what comes to mind now :)

Cheers.

Andy





________________________________

From: Patrick Wu [mailto:pwu828@gmail.com]
Sent: Tuesday, 13 January 2009 9:49 AM
To: Andy Saykao
Cc: cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] PPPoE with Routed Subnet


Hi Andy,

The configuration you have suggested would be a typical PPPoE setup, but
I'm faced with a situation where the IP assignment is something like:

Static IP assigned via Service Provider: 203.40.50.61/32
Routed Subnet: 203.40.50.60/29

RADIUS would probably have a Framed-Route attribute of something like
Framed-Route="203.40.50.60/29 203.40.50.61 1"

Meaning the the dialer interface (or bridged interface or whatever that
interface might be) will have .61 and other usable IPs in that subnet
will be used for hosts behind that router.

Any ideas?

Thanks again.

cheers,
Patrick

On Tue, Jan 13, 2009 at 8:03 AM, Andy Saykao
<andy.saykao@staff.netspace.net.au> wrote:


It's a pretty straight forward set up.

Eg:
203.10.20.30/32 (Static IP assigned via Service Provider)
203.40.50.60/29 (Routed subnet)

On your Ethernet or FastE interface:

interface Ethernet0
ip address 203.40.50.61 255.255.255.248

All your devices on that LAN segment will use 203.40.50.61 as
their
gateway. This is the typical set up if your devices on the LAN
side are
using IP's from the routed subnet. Eg: web server 203.40.50.62,
mail
server 203.40.50.63, etc

For your local PC's are using private IP's (eg: 192.168.1.0/24),
you can
use the same ethernet interface and add in a secondary IP
address to act
as the gateway for the local PC's.

interface Ethernet0
ip address 203.40.50.61 255.255.255.248
ip address 192.168.1.1 255.255.255.0 secondary
ip nat inside

Because you have atleast 6 IP's to use from your routed subnet
(203.40.50.61-66), you can also use static nat so that your
local PC's
might go out to the Internet with a public IP from your routed
subnet
instead of the PPPoE assigned IP.

HTH.

Cheers.

Andy

This email and any files transmitted with it are confidential
and intended
solely for the use of the individual or entity to whom they are
addressed.
Please notify the sender immediately by email if you have
received this
email by mistake and delete this email from your system. Please
note that
any views or opinions presented in this email are solely those
of the
author and do not necessarily represent those of the
organisation.
Finally, the recipient should check this email and any
attachments for
the presence of viruses. The organisation accepts no liability
for any
damage caused by any virus transmitted by this email.

_______________________________________________
cisco-bba mailing list

cisco-bba@puck.nether.net

https://puck.nether.net/mailman/listinfo/cisco-bba




______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________

Patrick,
If this is like most of the PPPoE setups I have worked with (I work on the
service provider side of things) you would have a static that is assigned to
the wan of your router using ipip, and the /29 is routed to that
address(think - ip route $subnet 255.255.255.248 $static). When that subnet
hits your router you can do pretty much anything you want to with it. We
usually suggest that customers assign the first usable to the lan of their
router (usually ala linksys variety) and make sure that nat(or gateway mode)
is turned off. They would set up their internal host using an ip out of the
subnet with the router internal as their gateway. Some customers even add a
second router for NATing (if you are using lo end soho routers that may be
your only option). Since you are using a IOS powered cisco you can look into
using something like 1:1 nat to allow you to use all 8 addresses in the
subnet if you want to make sure to use one for pat (i.e. standard nat) if you
need to.


----------------------

Brian Raaen
Network Engineer
braaen@zcorum.com

On Sunday 11 January 2009, Patrick Wu wrote:
> Hi Everyone,
>
> I have a DSL connection running PPPoE with a routed subnet, the service
> provider indicated that it will use the 1st IP address of the routed subnet
> for the router (WAN?), and the rest of the IPs of the subnet can be assigned
> to the hosts behind the router.
>
> What I want to know is whether I need a bridged interface between the WAN
> and LAN side of the router (Cisco877), and what configuration will help me
> achieve this?
>
> Thanks to all!
>
> What I have so far (was doing NAT before, but probably will remove it
> later):
>
> interface ATM0
> no ip address
> no atm ilmi-keepalive
> dsl operating-mode auto
> service-policy output SIP-priority
> !
> interface ATM0.1 point-to-point
> description $FW_OUTSIDE$$ES_WAN$
> pvc 8/35
> pppoe-client dial-pool-number 1
> !
> !
> interface FastEthernet0
> !
> interface FastEthernet1
> !
> interface FastEthernet2
> !
> interface FastEthernet3
> !
> interface Vlan1
> description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
> ip address 192.168.0.1 255.255.255.0
> ip nat inside
> ip virtual-reassembly
> ip tcp adjust-mss 1412
> !
> interface Dialer0
> description $FW_OUTSIDE$
> ip address negotiated
> ip mtu 1452
> ip nat outside
> ip virtual-reassembly
> encapsulation ppp
> dialer pool 1
> dialer-group 1
> no cdp enable
> ppp authentication pap callin
> ppp pap sent-username xxxx@xxxx password 7 xxxx
> !
> ip forward-protocol nd
> ip route 0.0.0.0 0.0.0.0 Dialer0
> !
> ip nat translation udp-timeout never
> ip nat inside source list 1 interface Dialer0 overload
>


_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Brian is basically suggesting that the service provider route the /29 via
the IP address the PPPoE client obtains. That means the customer has an
outside (PPPoE) and inside (/29) interface.

I haven't tried bridging, but I would think it's possible to have the
service provider's RADIUS server hand out an IP address from the /29 block
to the PPPoE client, and then bridge the other IPs in the /29.

I think it would be much more straight forward if you could have bridged
connection or do what Brian recommended.

Frank

-----Original Message-----
From: cisco-bba-bounces@puck.nether.net
[mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of Brian Raaen
Sent: Monday, January 12, 2009 6:21 PM
To: cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] PPPoE with Routed Subnet

Patrick,
If this is like most of the PPPoE setups I have worked with (I work
on the
service provider side of things) you would have a static that is assigned to
the wan of your router using ipip, and the /29 is routed to that
address(think - ip route $subnet 255.255.255.248 $static). When that subnet
hits your router you can do pretty much anything you want to with it. We
usually suggest that customers assign the first usable to the lan of their
router (usually ala linksys variety) and make sure that nat(or gateway mode)
is turned off. They would set up their internal host using an ip out of the
subnet with the router internal as their gateway. Some customers even add a
second router for NATing (if you are using lo end soho routers that may be
your only option). Since you are using a IOS powered cisco you can look
into
using something like 1:1 nat to allow you to use all 8 addresses in the
subnet if you want to make sure to use one for pat (i.e. standard nat) if
you
need to.


----------------------

Brian Raaen
Network Engineer
braaen@zcorum.com

On Sunday 11 January 2009, Patrick Wu wrote:
> Hi Everyone,
>
> I have a DSL connection running PPPoE with a routed subnet, the service
> provider indicated that it will use the 1st IP address of the routed
subnet
> for the router (WAN?), and the rest of the IPs of the subnet can be
assigned
> to the hosts behind the router.
>
> What I want to know is whether I need a bridged interface between the WAN
> and LAN side of the router (Cisco877), and what configuration will help me
> achieve this?
>
> Thanks to all!
>
> What I have so far (was doing NAT before, but probably will remove it
> later):
>
> interface ATM0
> no ip address
> no atm ilmi-keepalive
> dsl operating-mode auto
> service-policy output SIP-priority
> !
> interface ATM0.1 point-to-point
> description $FW_OUTSIDE$$ES_WAN$
> pvc 8/35
> pppoe-client dial-pool-number 1
> !
> !
> interface FastEthernet0
> !
> interface FastEthernet1
> !
> interface FastEthernet2
> !
> interface FastEthernet3
> !
> interface Vlan1
> description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
> ip address 192.168.0.1 255.255.255.0
> ip nat inside
> ip virtual-reassembly
> ip tcp adjust-mss 1412
> !
> interface Dialer0
> description $FW_OUTSIDE$
> ip address negotiated
> ip mtu 1452
> ip nat outside
> ip virtual-reassembly
> encapsulation ppp
> dialer pool 1
> dialer-group 1
> no cdp enable
> ppp authentication pap callin
> ppp pap sent-username xxxx@xxxx password 7 xxxx
> !
> ip forward-protocol nd
> ip route 0.0.0.0 0.0.0.0 Dialer0
> !
> ip nat translation udp-timeout never
> ip nat inside source list 1 interface Dialer0 overload
>


_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Thanks to all!

I'll give a try on the suggested solutions and will advise of the outcome.

cheers,
Patrick

On Wed, Jan 14, 2009 at 3:49 AM, Frank Bulk <frnkblk@iname.com> wrote:

> Brian is basically suggesting that the service provider route the /29 via
> the IP address the PPPoE client obtains. That means the customer has an
> outside (PPPoE) and inside (/29) interface.
>
> I haven't tried bridging, but I would think it's possible to have the
> service provider's RADIUS server hand out an IP address from the /29 block
> to the PPPoE client, and then bridge the other IPs in the /29.
>
> I think it would be much more straight forward if you could have bridged
> connection or do what Brian recommended.
>
> Frank
>
> -----Original Message-----
> From: cisco-bba-bounces@puck.nether.net
> [mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of Brian Raaen
> Sent: Monday, January 12, 2009 6:21 PM
> To: cisco-bba@puck.nether.net
> Subject: Re: [cisco-bba] PPPoE with Routed Subnet
>
> Patrick,
> If this is like most of the PPPoE setups I have worked with (I work
> on the
> service provider side of things) you would have a static that is assigned
> to
> the wan of your router using ipip, and the /29 is routed to that
> address(think - ip route $subnet 255.255.255.248 $static). When that
> subnet
> hits your router you can do pretty much anything you want to with it. We
> usually suggest that customers assign the first usable to the lan of their
> router (usually ala linksys variety) and make sure that nat(or gateway
> mode)
> is turned off. They would set up their internal host using an ip out of
> the
> subnet with the router internal as their gateway. Some customers even add
> a
> second router for NATing (if you are using lo end soho routers that may be
> your only option). Since you are using a IOS powered cisco you can look
> into
> using something like 1:1 nat to allow you to use all 8 addresses in the
> subnet if you want to make sure to use one for pat (i.e. standard nat) if
> you
> need to.
>
>
> ----------------------
>
> Brian Raaen
> Network Engineer
> braaen@zcorum.com
>
> On Sunday 11 January 2009, Patrick Wu wrote:
> > Hi Everyone,
> >
> > I have a DSL connection running PPPoE with a routed subnet, the service
> > provider indicated that it will use the 1st IP address of the routed
> subnet
> > for the router (WAN?), and the rest of the IPs of the subnet can be
> assigned
> > to the hosts behind the router.
> >
> > What I want to know is whether I need a bridged interface between the WAN
> > and LAN side of the router (Cisco877), and what configuration will help
> me
> > achieve this?
> >
> > Thanks to all!
> >
> > What I have so far (was doing NAT before, but probably will remove it
> > later):
> >
> > interface ATM0
> > no ip address
> > no atm ilmi-keepalive
> > dsl operating-mode auto
> > service-policy output SIP-priority
> > !
> > interface ATM0.1 point-to-point
> > description $FW_OUTSIDE$$ES_WAN$
> > pvc 8/35
> > pppoe-client dial-pool-number 1
> > !
> > !
> > interface FastEthernet0
> > !
> > interface FastEthernet1
> > !
> > interface FastEthernet2
> > !
> > interface FastEthernet3
> > !
> > interface Vlan1
> > description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
> > ip address 192.168.0.1 255.255.255.0
> > ip nat inside
> > ip virtual-reassembly
> > ip tcp adjust-mss 1412
> > !
> > interface Dialer0
> > description $FW_OUTSIDE$
> > ip address negotiated
> > ip mtu 1452
> > ip nat outside
> > ip virtual-reassembly
> > encapsulation ppp
> > dialer pool 1
> > dialer-group 1
> > no cdp enable
> > ppp authentication pap callin
> > ppp pap sent-username xxxx@xxxx password 7 xxxx
> > !
> > ip forward-protocol nd
> > ip route 0.0.0.0 0.0.0.0 Dialer0
> > !
> > ip nat translation udp-timeout never
> > ip nat inside source list 1 interface Dialer0 overload
> >
>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>