Cisco 870-Series Router Manual PDF (Setup & Configuration Guide)

Page 41 / 196 Scroll up to view Page 36 - 40

3-5

Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide

OL-5332-01

Chapter 3

Configuring PPP over Ethernet with NAT

Configure the Dialer Interface

Step 5

ppp authentication

{

protocol1

[

protocol2

...]}

Example:

Router(config-if)#

ppp authentication chap

Router(config-if)#

Sets the PPP authentication method to Challenge

Handshake Authentication Protocol (CHAP).

For details about this command and additional

parameters that can be set, see the

Cisco IOS

Security Command Reference

.

Step 6

dialer pool

number

Example:

Router(config-if)#

dialer pool 1

Router(config-if)#

Specifies the dialer pool to use to connect to a

specific destination subnetwork.

Step 7

dialer-group

group-number

Example:

Router(config-if)#

dialer-group 1

Router(config-if)#

Assigns the dialer interface to a dialer group

(1–10).

Tip

Using a dialer group controls access to

your router.

Step 8

exit

Example:

Router(config-if)#

exit

Router(config)#

Exits the dialer 0 interface configuration.

Step 9

dialer-list

dialer-group

protocol

protocol-name

{

permit

|

deny

|

list

access-list-number

|

access-group

}

Example:

Router(config)#

dialer-list 1 protocol ip

permit

Router(config)#

Creates a dialer list and associates a dial group

with it. Packets are then forwarded through the

specified interface dialer group.

For details about this command and additional

parameters that can be set, see the

Cisco IOS Dial

Technologies Command Reference

.

Step 10

ip route

prefix mask

{

interface-type

interface-number

}

Example:

Router(config)#

ip route 10.10.25.2

255.255.255.255 dialer 0

Router(config)#

Sets the IP route for the default gateway for the

dialer 0 interface.

For details about this command and additional

parameters that can be set, see the

Cisco IOS IP

Command Reference, Volume 2; Routing

Protocols

.

Command

Purpose

Page 42 / 196

3-6

Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide

OL-5332-01

Chapter 3

Configuring PPP over Ethernet with NAT

Configure Network Address Translation

Network Address Translation (NAT) translates packets from addresses that match a standard access list,

using global addresses allocated by the dialer interface. Packets that enter the router through the inside

interface, packets sourced from the router, or both are checked against the access list for possible address

translation. You can configure NAT for either static or dynamic address translations.

Perform these steps to configure the outside Fast Ethernet WAN interface with dynamic NAT, beginning

in global configuration mode:

Command

Purpose

Step 1

ip nat pool

name start-ip end-ip

{

netmask

|

prefix-length

}

Example:

Router(config)#

ip nat pool pool1

192.168.1.0 192.168.2.0 netmask

255.255.252.0

Router(config)#

Creates pool of global IP addresses for NAT.

Step 2

ip nat inside source

{

list

access-list-number

}

{

interface

type number |

pool

name

} [

overload

]

Example 1:

Router(config)#

ip nat inside source list

1

interface dialer 0 overload

or

Example 2:

Router(config)#

ip nat inside source list

acl1 pool

pool1

Enables dynamic translation of addresses on the

inside interface.

The first example shows the addresses permitted

by the access list

1

to be translated to one of the

addresses specified in the dialer interface

0

.

The second example shows the addresses

permitted by access list

acl1

to be translated to one

of the addresses specified in the NAT pool

pool1

.

For details about this command and additional

parameters that can be set, as well as information

about enabling static translation, see the

Cisco IOS IP Command Reference, Volume 1 of 4:

Addressing and Services

.

Step 3

interface

type number

Example:

Router(config)#

interface

vlan 1

Router(config-if)#

Enters configuration mode for the VLAN (on

which the Fast Ethernet LAN interfaces

[FE0–FE3] reside) to be the inside interface for

NAT.

Step 4

ip nat

{

inside

|

outside

}

Example:

Router(config-if)#

ip nat inside

Router(config-if)#

Identifies the specified VLAN interface as the

NAT inside interface.

For details about this command and additional

parameters that can be set, as well as information

about enabling static translation, see the

Cisco IOS IP Command Reference, Volume 1 of 4:

Addressing and Services

.

Page 43 / 196

3-7

Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide

OL-5332-01

Chapter 3

Configuring PPP over Ethernet with NAT

Configure Network Address Translation

Note

If you want to use NAT with a virtual-template interface, you must configure a loopback interface. See

Chapter 1, “Basic Router Configuration,”

for information on configuring a loopback interface.

Step 5

no shutdown

Example:

Router(config-if)#

no shutdown

Router(config-if)#

Enables the configuration changes just made to the

Ethernet interface.

Step 6

exit

Example:

Router(config-if)#

exit

Router(config)#

Exits configuration mode for the Fast Ethernet

interface.

Step 7

interface

type number

Example:

Router(config)#

interface fastethernet

4

Router(config-if)#

Enters configuration mode for the Fast Ethernet

WAN interface (FE4) to be the outside interface

for NAT.

Step 8

ip nat

{

inside

|

outside

}

Example:

Router(config-if)#

ip nat outside

Router(config-if)#

Identifies the specified WAN interface as the NAT

outside interface.

For details about this command and additional

parameters that can be set, as well as information

about enabling static translation, see the

Cisco IOS IP Command Reference, Volume 1 of 4:

Addressing and Services

.

Step 9

no shutdown

Example:

Router(config-if)#

no shutdown

Router(config-if)#

Enables the configuration changes just made to the

Ethernet interface.

Step 10

exit

Example:

Router(config-if)#

exit

Router(config)#

Exits configuration mode for the Fast Ethernet

interface.

Step 11

access-list

access-list-number

{

deny

|

permit

}

source

[

source-wildcard

]

Example:

Router(config)#

access-list 1

permit

192.168.1.0 255.255.255.0

Defines a standard access list indicating which

addresses need translation.

Note

All other addresses are implicitly denied.

Command

Purpose

Page 44 / 196

3-8

Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide

OL-5332-01

Chapter 3

Configuring PPP over Ethernet with NAT

Configuration Example

For complete information on the NAT commands, see the Cisco IOS Release 12.3 documentation set.

For more general information on NAT concepts, see

Appendix B, “Concepts.”

Configuration Example

The following configuration example shows a portion of the configuration file for the PPPoE scenario

described in this chapter.

The VLAN interface has an IP address of 192.168.1.1 with a subnet mask of 255.255.255.0. NAT is

configured for inside and outside

Note

Commands marked by “

(default)

” are generated automatically when you run the

show running-config

command.

vpdn enable

vpdn-group 1

request-dialin

protocol pppoe

!

interface vlan 1

ip address 192.168.1.1 255.255.255.0

no ip directed-broadcast (default)

ip nat inside

interface FastEthernet 4

no ip address

no ip directed-broadcast (default)

ip nat outside

pppoe enable group global

pppoe-client dial-pool-number 1

no sh

!

interface dialer 1

ip address negotiated

ip mtu 1492

encapsulation ppp

ppp authentication chap

dialer pool 1

dialer-group 1

!

dialer-list 1 protocol ip permit

ip nat inside source list 1 interface dialer 0 overload

ip classless (default)

ip route 10.10.25.2 255.255.255.255 dialer 0

ip nat pool pool1 192.168.1.0 192.168.2.0 netmask 255.255.252.0

ip nat inside source list acl1 pool pool1

!

Page 45 / 196

3-9

Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide

OL-5332-01

Chapter 3

Configuring PPP over Ethernet with NAT

Configuration Example

Verifying Your Configuration

Use the

show ip nat statistics

command in privileged EXEC mode to verify the PPPoE with NAT

configuration. You should see verification output similar to the following example:

Router#

show ip nat statistics

Total active translations: 0 (0 static, 0 dynamic; 0 extended)

Outside interfaces:

FastEthernet4

Inside interfaces:

Vlan1

Misses: 0

CEF Translated packets: 0, CEF Punted packets: 0

Expired translations: 0

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 1 interface Dialer0 refcount 0

Queued Packets: 0

Rate

Popular Cisco Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share