[cisco-nas] Bonded PPPoE over bridged DSL lines with multilink PPP
Joe Mays
jfmays at launchpad.win.net
Mon Mar 21 01:09:50 EDT 2011
Okay, I tried adding "ppp multilink" to the 7200 config
Without it --
gw1.armplc#show users
Line User Host(s) Idle Location
* 2 vty 0 admin idle 00:00:00 admin1.win.net
Interface User Mode Idle Peer Address
Vi2.1 K1.LXFU.396853..SC PPPoE 00:01:32 216.24.35.57
Vi2.2 quickcash1 PPPoE 00:00:09 216.24.12.100
... and I can ping 216.24.12.100 (the 2620) and telnet to it fine.
With it....
gw1.armplc#show users
Line User Host(s) Idle Location
* 2 vty 0 admin idle 00:00:00 admin1.win.net
Interface User Mode Idle Peer Address
Vi2.1 K1.LXFU.396853..SC PPPoE 00:00:40 216.24.35.57
Vi3 quickcash1 PPPoE 00:00:24
Vi4 quickcash1 MLP Bundle 00:00:24 216.24.12.100
... and 216.24.12.100 does not respond to ping or telnet requests.
----- Original Message -----
From: "Vince Mammoliti" <vince at cisco.com>
To: "'Joe Mays'" <jfmays at launchpad.win.net>
Cc: <cisco-nas at puck.nether.net>
Sent: Saturday, March 19, 2011 11:47 AM
Subject: RE: [cisco-nas] Bonded PPPoE over bridged DSL lines with
multilink PPP
> Joe,
>
>
>
> At a very quick look it looks like you are missing:
>
>
>
> ppp multilink
>
>
>
> on your 7200 config:
>
>
>
> From:
>
> interface Virtual-Template1
> ip unnumbered FastEthernet1/0.2
> ip tcp adjust-mss 1360
> peer default ip address pool pppoepool
> ppp authentication pap chap
>
>
>
> to:
>
> interface Virtual-Template1
> ip unnumbered FastEthernet1/0.2
> ip tcp adjust-mss 1360
> peer default ip address pool pppoepool
> ppp authentication pap chap
>
> ppp multilink
>
>
>
>
>
> Regards,
>
>
>
> Vince
>
>
>
>
>
>
>
>
>
>
>
> From: cisco-nas-bounces at puck.nether.net
> [mailto:cisco-nas-bounces at puck.nether.net] On Behalf Of Joe Mays
> Sent: Saturday, March 19, 2011 3:27 AM
> To: cisco-nas at puck.nether.net
> Subject: [cisco-nas] Bonded PPPoE over bridged DSL lines with
multilink PPP
>
>
>
> Okay. At one end is a 2620 running 12.3(15) IPBase, with a 4NME
card. At the
> other is a 7206. Between them are three DSL lines, all running in
bridged
> mode. Two are bonded together between the DSL modem and the DSLam,
so
> essentially, we have two long Ethernet lines, plugged into ports
ethernet1/0
> and ethernet1/1 on the 2620.
>
>
>
> /--------C1 ~~~~\
> A ~~~~~~~ B< > D
> \========C2 ~~~~/
>
>
>
>
> A (Cisco 7206, FE2/0)
> B (Zhone Bitstorm)
> ~ (ethernet link)
> - (single DSL line)
> = (bonded DSL lines)
> D (Cisco 2620, 4NME card, E1/0 and E1/1)
>
>
>
> Essentially it all seems to work, turning it up with one port binds
virtual
> access 1 to the multilink PPP connection. But when both ports on
turned up
> on the 2620, it binds the second port, but then the second port
begins to go
> up and down and massive packet loss starts occuring. It's not the
DSL line,
> we tried both lines separately in port 1, but work great. It's not
the port,
> the same problem occurs if we using ethernet1/2 as the second port,
instead
> of E1/1. I was just guessing at the config to make this work and I
may have
> done it completely wrongly.
>
>
>
> Cisco 2620 config....
>
>
>
> Current configuration : 1388 bytes
> !
> version 12.3
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname Quickcash
> !
> boot-start-marker
> boot-end-marker
> !
> enable secret 5 xxxxxxxx.
> !
> aaa new-model
> !
> !
> aaa authentication login default local
> aaa accounting delay-start
> aaa session-id common
> ip subnet-zero
> ip cef
> !
> !
> !
> vpdn enable
> vpdn ip udp ignore checksum
> !
> vpdn-group 1
> request-dialin
> protocol pppoe
> !
> !
> username admin password 0 xxxxxxxx
> !
> !
> !
> interface FastEthernet0/0
> ip address xxx.24.2.89 255.255.255.248
> duplex auto
> speed auto
> !
> interface Ethernet1/0
> no ip address
> full-duplex
> pppoe enable
> pppoe-client dial-pool-number 1
> !
> interface Ethernet1/1
> no ip address
> shutdown
> full-duplex
> pppoe enable
> pppoe-client dial-pool-number 1
> !
> interface Ethernet1/2
> no ip address
> shutdown
> full-duplex
> pppoe enable
> pppoe-client dial-pool-number 1
> !
> interface Ethernet1/3
> no ip address
> shutdown
> half-duplex
> !
> interface Dialer1
> ip address xxx.24.12.100 255.255.255.0
> ip mtu 1420
> encapsulation ppp
> dialer pool 1
> dialer-group 1
> ppp authentication pap callin
> ppp pap sent-username quickcash1 password 0 xxxxxxxx
> ppp multilink
> ppp multilink links minimum 2
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 Dialer1
> no ip http server
> !
> !
> line con 0
> line aux 0
> line vty 0 4
> transport preferred none
> transport input telnet
> !
> !
> end
>
> Cisco 7206 Config....
>
>
>
> Current configuration : 11227 bytes
> !
> version 12.3
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname gw1.armplc
> !
> boot-start-marker
> boot-end-marker
> !
> enable secret 5 xxxxxxxx
> !
> aaa new-model
> !
> !
> aaa group server radius WinAuthAcct
> server xxx.24.27.48 auth-port 1812 acct-port 1813
> server xxx.24.27.49 auth-port 1812 acct-port 1813
> !
> aaa authentication login default local
> aaa authentication ppp default local group WinAuthAcct
> aaa authorization exec default local none
> aaa authorization network default local group WinAuthAcct
if-authenticated
> aaa accounting delay-start
> aaa accounting update newinfo
> aaa accounting network default start-stop broadcast group
WinAuthAcct
> aaa session-id common
> ip subnet-zero
> no ip source-route
> !
> !
> ip cef
> ip telnet source-interface Loopback100
> ip tftp source-interface Loopback100
> ip domain list win.net
> ip domain name win.net
> ip name-server xxx.24.27.3
> ip name-server xx.235.0.25
> ip name-server xxx.24.27.4
> !
> no ip bootp server
> pppoe-forwarding
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> username admin secret 5 xxxxxxxx
> username quickcash1 password 0 xxxxxxxx
> !
> !
> controller T3 6/0
> !
> !
> bba-group pppoe global
> virtual-template 1
> !
> bba-group pppoe global1
> virtual-template 2
> !
> !
> interface Loopback100
> description gw1.armplc.win.net loopback interface
> ip address 216.24.30.16 255.255.255.255
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> !
> interface FastEthernet1/0
> ip address xxx.24.8.1 255.255.255.0
> duplex full
> !
> interface FastEthernet1/0.2
> encapsulation dot1Q 2
> ip address xxx.24.12.193 255.255.255.192
> pppoe enable group global
> no snmp trap link-status
> !
> interface FastEthernet1/0.3
> encapsulation dot1Q 3
> ip tcp adjust-mss 1360
> pppoe enable group global1
> no snmp trap link-status
> !
> interface FastEthernet1/0.16
> encapsulation dot1Q 16
> no snmp trap link-status
> !
> interface FastEthernet1/0.17
> encapsulation dot1Q 17
> no snmp trap link-status
> !
> interface FastEthernet2/0
> no ip address
> shutdown
> duplex half
> !
> interface Serial3/0
> description Armory Place CO to Heyburn
> bandwidth 44210
> ip address 216.24.28.246 255.255.255.252
> ip route-cache flow
> dsu bandwidth 44210
> framing c-bit
> cablelength 50
> serial restart-delay 0
> no cdp enable
> !
> interface Serial3/1
> no ip address
> shutdown
> dsu bandwidth 44210
> framing c-bit
> cablelength 10
> serial restart-delay 0
> !
> interface Serial4/0
> no ip address
> shutdown
> dsu bandwidth 44210
> framing c-bit
> cablelength 10
> serial restart-delay 0
> !
> interface ATM5/0
> no ip address
> shutdown
> no atm ilmi-keepalive
> !
> interface Virtual-Template1
> ip unnumbered FastEthernet1/0.2
> ip tcp adjust-mss 1360
> peer default ip address pool pppoepool
> ppp authentication pap chap
> !
> interface Virtual-Template2
> mtu 1400
> ip unnumbered FastEthernet1/0.3
> peer default ip address pool pppoepool
> ppp mtu adaptive
> ppp authentication pap chap
> !
> router ospf 5150
> log-adjacency-changes
> area 0 authentication message-digest
> summary-address 216.24.9.0 255.255.255.128
> redistribute connected subnets route-map ospf-redistrib
> redistribute static subnets route-map ospf-redistrib
> passive-interface default
> no passive-interface FastEthernet1/0
> no passive-interface Serial3/0
> no passive-interface Loopback100
> network 24.235.0.0 0.0.31.255 area 0
> network 216.24.0.0 0.0.63.255 area 0
> !
> ip local pool pppoepool 216.24.12.100 216.24.12.180
> ip classless
> ip route 0.0.0.0 0.0.0.0 Serial3/0
> ip route 216.24.2.88 255.255.255.248 216.24.12.100
> ip route 216.24.35.91 255.255.255.255 216.24.12.100
> no ip http server
> !
> !
> !
> ip access-list standard allow-our-nets
> permit 216.24.0.0 0.0.63.255
> permit 24.235.0.0 0.0.31.255
> !
> ip access-list extended in-block-all-smtp-nb
> deny tcp any any eq smtp log-input
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip access-list extended in-block-nb
> remark -- Same as out-block-nb
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip access-list extended in-block-smtp-nb
> permit tcp any 216.24.27.0 0.0.0.255 eq smtp
> deny tcp any any eq smtp log-input
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip access-list extended in-dangerously-allow-all
> permit ip any any
> ip access-list extended in-permitlog-smtp
> remark -- This one is used to see who we need to not apply
blocksmtp to.
> remark -- It is functionally identical to in-block-nb.
> permit tcp any 216.24.27.0 0.0.0.255 eq smtp
> permit tcp any any eq smtp syn log-input
> permit tcp any any eq smtp
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip access-list extended out-block-all-smtp-nb
> deny tcp any eq smtp any log-input
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip access-list extended out-block-nb
> remark -- Same as in-block-nb
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip access-list extended out-block-smtp-nb
> permit tcp 216.24.27.0 0.0.0.255 eq smtp any
> deny tcp any eq smtp any log-input
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip access-list extended out-dangerously-allow-all
> permit ip any any
> ip access-list extended out-permitlog-smtp
> permit tcp any 216.24.27.0 0.0.0.255 eq smtp
> permit tcp any any eq smtp log-input
> deny tcp any any range 135 139 log-input
> permit udp any eq netbios-ns host 216.24.27.3 eq domain
> permit udp any eq netbios-ns host 216.24.27.4 eq domain
> permit udp any eq netbios-ns host 199.120.154.17 eq domain
> permit udp host 216.24.27.3 eq domain any eq netbios-ns
> permit udp host 216.24.27.4 eq domain any eq netbios-ns
> permit udp host 199.120.154.17 eq domain any eq netbios-ns
> deny udp any any eq netbios-ns
> deny udp any any range 135 netbios-ss log-input
> deny tcp any any eq 445 log-input
> deny udp any any eq 445 log-input
> permit ip any any
> ip radius source-interface Loopback100
> logging source-interface Loopback100
> !
> route-map ospf-redistrib permit 10
> match ip address allow-our-nets
> !
> snmp-server trap-source Loopback100
> !
> radius-server attribute nas-port format c
> radius-server dead-criteria tries 2
> radius-server host 216.24.27.201 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.202 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.203 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.204 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.205 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.206 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.207 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.208 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.209 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.200 auth-port 1645 acct-port 1646
> radius-server retry method reorder
> radius-server transaction max-tries 3
> radius-server retransmit 0
> radius-server timeout 3
> radius-server deadtime 2
> radius-server key m00c0w6809
> radius-server vsa send accounting
> radius-server vsa send authentication
> !
> !
> !
> !
> gatekeeper
> shutdown
> !
> !
> line con 0
> stopbits 1
> line aux 0
> stopbits 1
> line vty 0 4
> exec-timeout 60 0
> logging synchronous
> transport preferred none
> transport input telnet
> !
> !
> end
>
>
>
>
>
>
>
> --
> "The problem with our concept of mind is that we confuse our own
kind of
> self-awareness with thinking in general. Self-awareness is an
attribute of
> certain kinds of social animals. Why should a mind be self-aware?
It's
> enough it's world-aware. If it isn't socially connected to other
minds, it
> doesn't need social filters or self-modeling. It's self-making,
> self-sufficient. It embodies and acts. A world-aware mind is just
one step
> closer to God than you and I."
> -- Greg Bear, "Slant"
>
>
More information about the cisco-nas
mailing list