- Preface
- Cisco 900 Series Integrated Services Routers Overview
- Installing the Software
- Basic Router Configuration
- Configuring the Ethernet Switches
- Configuring PPP over Ethernet with NAT
- Configuring a LAN with DHCP and VLANs
- Configuring Identity Features on Layer 3 Interface
- Configuring Security Features
- Configuring VDSL2 and ADSL2/2+
- Configuring 4G Wireless WAN
- Configuring Secure Storage
Cisco 900 Series ISR Software Configuration Guide
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- Updated:
- June 6, 2019
Chapter: Configuring PPP over Ethernet with NAT
Configuring PPP over Ethernet with NAT
This chapter provides an overview of Point-to-Point Protocol over Ethernet (PPPoE) clients and network address translation (NAT) that can be configured on the Cisco 900series Integrated Services Routers (ISRs).
Multiple PCs can be connected to the LAN behind the router. Before the traffic from these PCs is sent to the PPPoE session, it can be encrypted, filtered, and so forth. Figure 5-1 shows a typical deployment scenario with a PPPoE client and NAT configured on the Cisco router.
Figure 5-1 PPP over Ethernet with NAT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Cable modem or other server that is connected to the Internet |
|
|
The PPPoE client feature on the router provides PPPoE client support on Ethernet interfaces. A dialer interface must be used for cloning virtual access. Multiple PPPoE client sessions can be configured on an Ethernet interface, but each session must use a separate dialer interface and a separate dialer pool.
A PPPoE session is initiated on the client side by the Cisco 860 or Cisco 880 ISRs. An established PPPoE client session can be terminated in one of two ways:
- By entering the clear vpdn tunnel pppoe command. The PPPoE client session is terminated, and the PPPoE client immediately tries to reestablish the session. This also occurs if the session has a timeout.
- By entering the no pppoe-client dial-pool number command to clear the session. The PPPoE client does not attempt to reestablish the session.
NAT (represented as the dashed line at the edge of the Cisco router) signifies two addressing domains and the inside source address. The source list defines how the packet travels through the network.
Perform the following tasks to configure this network scenario:
- Configuring the Virtual Private Dialup Network Group Number
- Configuring Ethernet WAN Interfaces
- Configuring the Dialer Interface
- Configuring Network Address Translation
An example showing the results of these configuration tasks is shown in the “Configuration Example” section.
Configuring the Virtual Private Dialup Network Group Number
Configuring a virtual private dialup network (VPDN) enables multiple clients to communicate through the router by way of a single IP address.
This example shows how to configure a VPDN:
Configuring Ethernet WAN Interfaces
In this scenario, the PPPoE client (your Cisco router) communicates over a 10/100/1000 Mbps-Ethernet interface on both the inside and the outside.
This example shows how to configure the Fast Ethernet WAN interfaces:
Ethernet Operations, Administration, and Maintenance
Ethernet Operations, Administration, and Maintenance (OAM) is a protocol for installing, monitoring, and troubleshooting Ethernet metropolitan-area networks (MANs) and Ethernet WANs. It relies on a new, optional sublayer in the data link layer of the Open Systems Interconnection (OSI) model. The OAM features covered by this protocol are Discovery, Link Monitoring, Remote Fault Detection, Remote Loopback, and Cisco Proprietary Extensions.
For setup and configuration information about Ethernet OAM, see Using Ethernet Operations, Administration, and Maintenance at:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/cether/configuration/15-mt/ce-15-mt-book/ce-oam.html
Configuring the Dialer Interface
The dialer interface indicates how to handle traffic from the clients, including, for example, default routing information, the encapsulation protocol, and the dialer pool to use. The dialer interface is also used for cloning virtual access. Multiple PPPoE client sessions can be configured on a Fast Ethernet interface, but each session must use a separate dialer interface and a separate dialer pool.
This example shows how to configure a dialer interface for one of the Gigabit Ethernet LAN interfaces on the route:
Configuring Network Address Translation
Network Address Translation (NAT) translates packets from addresses that match a standard access list, using global addresses allocated by the dialer interface. Packets that enter the router through the inside interface, packets sourced from the router, or both are checked against the access list for possible address translation. You can configure NAT for either static or dynamic address translations.
This example shows how to configure the outside Gigabit Ethernet WAN interface with dynamic NAT:
Note
To use NAT with a virtual-template interface, you must configure a loopback interface. See “Basic Router Configuration,” for information on configuring a loopback interface.
Configuration Example
The following configuration example shows a portion of the configuration file for the PPPoE scenario described in this chapter.
The VLAN interface has an IP address of 192.168.1.1 with a subnet mask of 255.255.255.0. NAT is configured for inside and outside
Note Commands marked by “(default)” are generated automatically when you run the show running-config command.
vpdn-group 1
request-dialin
protocol pppoe
!
interface vlan 1
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast (default)
ip nat inside
no ip address
no ip directed-broadcast (default)
ip nat outside
pppoe enable group global
pppoe-client dial-pool-number 1
no sh
interface dialer 0
ip address negotiated
ip mtu 1492
encapsulation ppp
ppp authentication chap
dialer pool 1
dialer-group 1
!
dialer-list 1 protocol ip permit
ip nat inside source list 1 interface dialer 0 overload
ip classless (default)
ip route 10.10.25.2 255.255.255.255 dialer 0
ip nat inside source list acl1 pool pool1
Verifying Your Configuration
Use the show ip nat statistics command in privileged EXEC mode to verify the PPPoE with NAT configuration. You should see verification output similar to the following example:
Feedback