Configuring PPP over ATM with NAT
The Cisco 1801, Cisco 1802, and Cisco 1803 access routers support Point-to-Point Protocol over Asynchronous Transfer Mode (PPPoA) clients and network address translation (NAT).
Multiple PCs can be connected to the LAN behind the router. Before traffic from the PCs is sent to the PPPoA session, it can be encrypted, filtered, and so forth. PPP over ATM provides a network solution with simplified address handling and straight user verification like a dial network. Figure 4-1 shows a typical deployment scenario with a PPPoA client and NAT configured on the Cisco router. This scenario uses a single static IP address for the ATM connection.
Figure 4-1 PPP over ATM with NAT
|
Small business with multiple networked devices—desktops, laptop PCs, switches
|
|
Fast Ethernet LAN interface (inside interface for NAT, 192.168.1.1/24)
|
|
PPPoA Client—Cisco 1801, Cisco 1802, or Cisco 1803 router
|
|
Point at which NAT occurs
|
|
ATM WAN interface (outside interface for NAT)
|
|
PPPoA session between the client and a PPPoA server at the ISP
|
In this scenario, the small business or remote user on the Fast Ethernet LAN can connect to an Internet Service Provider (ISP) using the following protocols on the WAN connection:
-
Asymmetric digital subscriber line (ADSL) over plain old telephone service (POTS) using the Cisco 1801 router
-
ADSL over integrated services digital network (ISDN) using the Cisco 1802 router
-
Single-pair high-speed digital subscriber line (G.SHDSL) using the Cisco 1803 router
The Fast Ethernet interface carries the data packet through the LAN and off-loads it to the PPP connection on the ATM interface. The ATM traffic is encapsulated and sent over the ADSL, ISDN, or G.SHDSL lines. The dialer interface is used to connect to the ISP.
PPPoA
The PPPoA Client feature on the router provides PPPoA client support on ATM interfaces. A dialer interface must be used for cloning virtual access. Multiple PPPoA client sessions can be configured on an ATM interface, but each session must use a separate dialer interface and a separate dialer pool.
A PPPoA session is initiated on the client side by the Cisco 1800 series router.
NAT
NAT (represented as the dashed line at the edge of the Cisco router) signifies two addressing domains and the inside source address. The source list defines how the packet travels through the network.
Configuration Tasks
Perform the following tasks to configure this network scenario:
An example showing the results of these configuration tasks is shown in the section “Configuration Example.”
Configure the Dialer Interface
The dialer interface indicates how to handle traffic from the clients, including, for example, default routing information, the encapsulation protocol, and the dialer pool to use. It is also used for cloning virtual access. Multiple PPPoA client sessions can be configured on an ATM interface, but each session must use a separate dialer interface and a separate dialer pool.
Perform these steps to configure a dialer interface for the ATM interface on the router, starting in global configuration mode.
|
|
|
Step 1
|
interface dialer dialer-rotary-group-number
Example:
Router(config)#
interface dialer 0
|
Creates a dialer interface (numbered 0–255), and enters into interface configuration mode.
|
Step 2
|
ip address negotiated
Example:
Router(config-if)#
ip address negotiated
|
Specifies that the IP address for the dialer interface is obtained through PPP/IPCP (IP Control Protocol) address negotiation.
|
Step 3
|
ip mtu bytes
Example:
Router(config-if)#
ip mtu 4470
|
Sets the size of the IP maximum transmission unit (MTU). The default minimum is 128 bytes. The maximum for ATM is 4470 bytes.
|
Step 4
|
encapsulation encapsulation-type
Example:
Router(config-if)#
encapsulation ppp
|
Sets the encapsulation type to PPP for the data packets being transmitted and received.
|
Step 5
|
ppp authentication {
protocol1
[
protocol2
...]}
Example:
Router(config-if)#
ppp authentication chap
|
Sets the PPP authentication method.
The example applies the Challenge Handshake Authentication Protocol (CHAP).
For details about this command and additional parameters that can be set, see the
Cisco IOS Security Command Reference
.
|
Step 6
|
dialer pool number
Example:
Router(config-if)#
dialer pool 1
|
Specifies the dialer pool to use to connect to a specific destination subnetwork.
|
Step 7
|
dialer-group group-number
Example:
Router(config-if)#
dialer-group 1
|
Assigns the dialer interface to a dialer group (1–10).
Tip Using a dialer group controls access to your router.
|
Step 8
|
exit
Example:
|
Exits the dialer 0 interface configuration.
|
Step 9
|
dialer-list
dialer-group
protocol
protocol-name
{permit | deny | list
access-list-number
| access-group}
Example:
Router(config)# dialer-list 1 protocol ip permit
|
Creates a dialer list and associates a dial group with it. Packets are then forwarded through the specified interface dialer group.
For details about this command and additional parameters that can be set, see the
Cisco IOS Dial Technologies Command Reference
.
|
Step 10
|
ip route
prefix mask
{
interface-type interface-number
}
Example:
Router(config)#
ip route 10.10.25.0 255.255.255.0 dialer 0
|
Sets the IP route for the default gateway for the dialer 0 interface.
For details about this command and additional parameters that can be set, see the
Cisco IOS IP Command Reference, Volume 1 of 4: Routing Protocols
.
|
Repeat these steps for any additional dialer interfaces or dialer pools needed.
Configure the ATM WAN Interface
Perform these steps to configure the ATM interface, beginning in global configuration mode.
|
|
|
Step 1
|
interface type number
Example:
Router(config)#
interface atm 0
|
Enters interface configuration mode for the ATM interface (labeled ADSLoPOTS or G.SHDSL on the back of your router).
Note This interface was initially configured during basic router configuration. See “Configure WAN Interfaces” section.
|
Step 2
|
pvc
vpi
/
vci
Example:
Router(config-if)#
pvc 8/35
Router(config-if-atm-vc)#
|
Creates an ATM PVC for each end node (up to ten) with which the router communicates. Enters ATM virtual circuit configuration mode.
When a PVC is defined, AAL5SNAP encapsulation is defined by default. Use the
encapsulation
command to change this, as shown in . The VPI and VCI arguments cannot be simultaneously specified as zero; if one is 0, the other cannot be 0.
For details about this command and additional parameters that can be set, see the
Cisco IOS Wide-Area Networking Command Reference
.
|
Step 3
|
encapsulation {
aal5auto
|
aal5autoppp
virtual-template
number
[
group
group-name
] |
aal5ciscoppp virtual-template
number
|
aal5mux
protocol
|
aal5nlpid
|
aal5snap
}
Example:
Router(config-if-atm-vc)#
encapsulation aal5mux ppp dialer
Router(config-if-atm-vc)#
|
Specifies the encapsulation type for the PVC and points back to the dialer interface.
For details about this command and additional parameters that can be set, see the
Cisco IOS Wide-Area Networking Command Reference
.
|
Step 4
|
dialer pool-member
number
Example:
Router(config-if-atm-vc)#
dialer pool-member 1
Router(config-if-atm-vc)#
|
Specifies the ATM interface as a member of a dialer profile dialing pool. The pool number must be in the range of 1–255.
|
Step 5
|
no shutdown
Example:
Router(config-if-atm-vc)#
no shutdown
|
Enables interface and configuration changes just made to the ATM interface.
|
Step 6
|
exit
Example:
|
Exits configuration mode for the ATM interface.
|
Configure DSL Signaling Protocol
DSL signaling must be configured on the ATM interface for connection to your ISP. The Cisco 1801 supports ADSL signaling over POTS, the Cisco 1802 supports ADSL signaling over ISDN, and the Cisco 1803 supports SHDSL signaling.
Based on the router you are configuring, see one of the following sections to configure the appropriate DSL signaling protocol.
Configuring ADSL
The default configuration for ADSL signaling is shown in
Table 4-1
.
Table 4-1 Default ADSL Configuration
|
|
|
Operating mode
|
Specifies the operating mode of the digital subscriber line (DSL) for an ATM interface.
-
ADSL over POTS—ANSI or ITU full rate, or automatic selection.
-
ADSL over ISDN—ITU full rate, ETSI, or automatic selection.
|
Auto
|
Loss of margin
|
Specifies the number of times a loss of margin may occur.
|
|
Training log
|
Toggles between enabling the training log and disabling the training log.
|
Disabled
|
If you wish to change any of these settings, use one of the following commands in global configuration mode.
-
dsl operating-mode
(from the ATM interface configuration mode)
-
dsl lom
integer
-
dsl enable-training-log
See the Cisco IOS Wide-Area Networking Command Reference for details of these commands.
Verify the Configuration
You can verify that the configuration is set the way you want using the
show dsl interface atm 0
command from privileged EXEC mode.
Configuring SHDSL
Complete the following steps to configure the DSL controller in your router to use SHDSL signaling, beginning in global configuration mode.
|
|
|
Step 1
|
controller dsl port
Example:
Router(config)#
controller dsl 0
Router(config-controller)#
|
Enters the configuration mode for the DSL controller.
|
Step 2
|
line-term
{
co
|
cpe
}
Example:
Router(config-controller)#
line-term co
Router(config-controller)#
|
Specifies if the DSL line is terminated at a central office (CO) or at customer premises equipment (CPE).
|
Step 3
|
exit
Example:
Router(config-controller)#
exit
|
Exits controller configuration mode, returning to global configuration mode.
|
Step 4
|
mode
protocol
Example:
Router(config-controller)#
|
Specifies the mode of the DSL controller and enters controller configuration mode.
|
Step 5
|
line-mode
{
4-wire enhanced
|
4-wire standard
|
2-wire
}
Example:
Router(config-controller)#
line-mode 4-wire standard
Router(config-controller)#
|
Specifies whether this DSL connection is operating in 2-wire, 4-wire standard, or 4-wire enhanced mode.
Note line mode 4-wire will default to 4-wire enhanced mode.
|
Step 6
|
ignore-error-duration
number
Example:
Router(config-controller)#
ignore-error-duration 15
Router(config-controller)#
|
Specifies how long, 15 to 30 seconds, to ignore errors.
|
Step 7
|
exit
Example:
Router(config-controller)#
exit
|
Exits controller configuration mode, returning to global configuration mode.
|
Note If you are integrating your Cisco router into a European network, please use one of the following commands:
For CO mode, use the dsl dsl-mode shdsl symmetric annex {A | B | B-ANFP} command to choose annex B or B-ANFP.
For CPE mode, use the dsl dsl-mode shdsl symmetric annex {A | A-B | A-B-ANFP | B | B-ANFP} to choose any option except option A.
The router uses annex A by default (United States).
Verify the Configuration
You can verify that the configuration is set the way you want using the
show controllers dsl
command from privileged EXEC mode.
Router# show controllers dsl 0 SLOT 0: Globespan xDSL controller chipset Line Mode: Four Wire Standard Mode Configured Line rate: Auto Line Re-activated 6 times after system bootup LOSW Defect alarm: ACTIVE CRC per second alarm: ACTIVE Current 15 min LOSW Defect: 0 Current 15 min ES Defect: 0 Current 15 min SES Defect: 0 Current 15 min UAS Defect: 33287 Previous 15 min CRC Defect: 0 Previous 15 min LOSW Defect: 0 Previous 15 min ES Defect: 0 Previous 15 min SES Defect: 0 Previous 15 min UAS Defect: 0 Modem Status: Data, Status 1 Last Fail Mode: No Failure status:0x0 Framer Sync Status: In Sync Rcv Clock Status: In the Range Loop Attenuation: 341.1450 dB Receiver Gain: 22.5420 dB
Configure Network Address Translation
Network Address Translation (NAT) translates packets from addresses that match a standard access list, using global addresses allocated by the dialer interface. Packets that enter the router through the inside interface, packets sourced from the router, or both are checked against the access list for possible address translation. You can configure NAT for either static or dynamic address translations.
Perform these steps to configure the outside ATM WAN interface with dynamic NAT, beginning in global configuration mode:
|
|
|
Step 1
|
ip nat pool
name start-ip end-ip
{
netmask
netmask
|
prefix-length
prefix-length
}
Example:
Router(config)#
ip nat pool pool1 192.168.1.0 192.168.2.0 netmask 0.0.0.255
|
Creates pool of global IP addresses for NAT.
|
Step 2
|
ip nat inside source {list
access-list-number
} {interface
type number |
pool
name
} [overload]
Example 1:
Router(config)#
ip nat inside source list 1 interface dialer 0 overload
or
Example 2:
Router(config)#
ip nat inside source list acl1 pool pool1
|
Enables dynamic translation of addresses on the inside interface.
The first example shows the addresses permitted by the access list
1
to be translated to one of the addresses specified in the dialer interface
0
.
The second example shows the addresses permitted by access list
acl1
to be translated to one of the addresses specified in the NAT pool
pool1
.
For details about this command and additional parameters that can be set, as well as information about enabling static translation, see the
Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services
.
|
Step 3
|
interface type number
Example:
Router(config)#
interface vlan 1
|
Enters configuration mode for the VLAN (on which the Fast Ethernet LAN interfaces [FE2–FE9] reside) to be the inside interface for NAT.
|
Step 4
|
ip nat {inside | outside}
Example:
Router(config-if)#
ip nat inside
|
Applies NAT to the Fast Ethernet LAN interface as the inside interface.
For details about this command and additional parameters that can be set, as well as information about enabling static translation, see the
Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services
.
|
Step 5
|
no shutdown
Example:
Router(config-if)#
no shutdown
|
Enables the configuration changes just made to the Ethernet interface.
|
Step 6
|
exit
Example:
|
Exits configuration mode for the Fast Ethernet interface.
|
Step 7
|
interface type number
Example:
Router(config)#
interface fastethernet 0
|
Enters configuration mode for the ATM WAN interface (FE0 or FE1) to be the outside interface for NAT.
|
Step 8
|
ip nat {inside | outside}
Example:
Router(config-if)#
ip nat outside
|
Identifies the specified WAN interface as the NAT outside interface.
For details about this command and additional parameters that can be set, as well as enabling static translation, see the
Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services
.
|
Step 9
|
no shutdown
Example:
Router(config-if)#
no shutdown
|
Enables the configuration changes just made to the Ethernet interface.
|
Step 10
|
exit
Example:
|
Exits configuration mode for the ATM interface.
|
Step 11
|
access-list
access-list-number
{
deny
|
permit}
source
[
source-wildcard
]
Example:
Router(config)#
access-list 1 permit 192.168.1.0 0.0.0.255
|
Defines a standard access list permitting addresses that need translation.
Note All other addresses are implicitly denied.
|
Note If you want to use NAT with a virtual-template interface, you must configure a loopback interface. See “Basic Router Configuration,” for information on configuring the loopback interface.
For complete information on NAT commands, see the Cisco IOS Release 12.3 documentation set. For more general information on NAT concepts, see
Appendix B, “Concepts.”
Configuration Example
The following configuration example shows a portion of the configuration file for a client in the PPPoA scenario described in this chapter.
The VLAN interface has an IP address of 192.168.1.1 with a subnet mask of 255.255.255.0. NAT is configured for inside and outside.
Note Commands marked by “(default)” are generated automatically when you run the show running-config command.
ip address 192.168.1.1 255.255.255.0 ip virtual-reassembly (default) encapsulation aal5mux ppp dialer ip nat pool pool1 192.168.1.0 192.168.2.0 netmask 0.0.0.255 ip nat inside source list 1 interface Dialer0 overload access-list 1 permit 192.168.1.0 0.0.0.255 dialer-list 1 protocol ip permit ip route 10.10.25.2 0.255.255.255 dialer 0
Verifying Your Configuration
Use the show ip nat statistics command in privileged EXEC mode to verify the PPPoA client with NAT configuration. You should see verification output similar to the following example:
Router# show ip nat statistics Total active translations: 0 (0 static, 0 dynamic; 0 extended) CEF Translated packets: 0, CEF Punted packets: 0 [Id: 1] access-list 1 interface Dialer0 refcount 0