Cisco 900 Series ISR Software Configuration Guide

Configuring PPP over Ethernet with NAT

---

This chapter provides an overview of Point-to-Point Protocol over Ethernet (PPPoE) clients and network address translation (NAT) that can be configured on the Cisco 900series Integrated Services Routers (ISRs).

Multiple PCs can be connected to the LAN behind the router. Before the traffic from these PCs is sent to the PPPoE session, it can be encrypted, filtered, and so forth. Figure 5-1 shows a typical deployment scenario with a PPPoE client and NAT configured on the Cisco router.

Figure 5-1 PPP over Ethernet with NAT

PPPoE

The PPPoE client feature on the router provides PPPoE client support on Ethernet interfaces. A dialer interface must be used for cloning virtual access. Multiple PPPoE client sessions can be configured on an Ethernet interface, but each session must use a separate dialer interface and a separate dialer pool.

A PPPoE session is initiated on the client side by the Cisco 860 or Cisco 880 ISRs. An established PPPoE client session can be terminated in one of two ways:

• By entering the clear vpdn tunnel pppoe command. The PPPoE client session is terminated, and the PPPoE client immediately tries to reestablish the session. This also occurs if the session has a timeout.
• By entering the no pppoe-client dial-pool number command to clear the session. The PPPoE client does not attempt to reestablish the session.

NAT

NAT (represented as the dashed line at the edge of the Cisco router) signifies two addressing domains and the inside source address. The source list defines how the packet travels through the network.

Configuration Tasks

Perform the following tasks to configure this network scenario:

• Configuring the Virtual Private Dialup Network Group Number
• Configuring Ethernet WAN Interfaces
• Configuring the Dialer Interface
• Configuring Network Address Translation

An example showing the results of these configuration tasks is shown in the “Configuration Example” section.

Configuring the Virtual Private Dialup Network Group Number

Configuring a virtual private dialup network (VPDN) enables multiple clients to communicate through the router by way of a single IP address.

This example shows how to configure a VPDN:

Configuring Ethernet WAN Interfaces

In this scenario, the PPPoE client (your Cisco router) communicates over a 10/100/1000 Mbps-Ethernet interface on both the inside and the outside.

This example shows how to configure the Fast Ethernet WAN interfaces:

Router(config-if)# exit

Ethernet Operations, Administration, and Maintenance

Ethernet Operations, Administration, and Maintenance (OAM) is a protocol for installing, monitoring, and troubleshooting Ethernet metropolitan-area networks (MANs) and Ethernet WANs. It relies on a new, optional sublayer in the data link layer of the Open Systems Interconnection (OSI) model. The OAM features covered by this protocol are Discovery, Link Monitoring, Remote Fault Detection, Remote Loopback, and Cisco Proprietary Extensions.

For setup and configuration information about Ethernet OAM, see Using Ethernet Operations, Administration, and Maintenance at:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/cether/configuration/15-mt/ce-15-mt-book/ce-oam.html

Configuring the Dialer Interface

The dialer interface indicates how to handle traffic from the clients, including, for example, default routing information, the encapsulation protocol, and the dialer pool to use. The dialer interface is also used for cloning virtual access. Multiple PPPoE client sessions can be configured on a Fast Ethernet interface, but each session must use a separate dialer interface and a separate dialer pool.

This example shows how to configure a dialer interface for one of the Gigabit Ethernet LAN interfaces on the route:

Configuring Network Address Translation

Network Address Translation (NAT) translates packets from addresses that match a standard access list, using global addresses allocated by the dialer interface. Packets that enter the router through the inside interface, packets sourced from the router, or both are checked against the access list for possible address translation. You can configure NAT for either static or dynamic address translations.

This example shows how to configure the outside Gigabit Ethernet WAN interface with dynamic NAT:

Note To use NAT with a virtual-template interface, you must configure a loopback interface. See “Basic Router Configuration,” for information on configuring a loopback interface.

Configuration Example

The following configuration example shows a portion of the configuration file for the PPPoE scenario described in this chapter.

The VLAN interface has an IP address of 192.168.1.1 with a subnet mask of 255.255.255.0. NAT is configured for inside and outside

Note Commands marked by “(default)” are generated automatically when you run the show running-config command.