[cisco-nas] Bonded PPPoE over bridged DSL lines with multilink PPP

Joe Mays jfmays at launchpad.win.net
Mon Mar 28 12:53:53 EDT 2011


Okay, I got this to work, for a given value of working. Adding ppp
multilink to the virtual template on the 7206 and removing the minimum
links entry on the 2600 led to the connection coming up with both ends
showing both links bundled into one MLP bundle, and I was able to ping
both directions across the bundle fine. Unfortunately, inexplicably,
the 2600, which had its default route set to "ip route 0.0.0.0 0.0.0.0
Dialer1" began ignoring the default route. It could ping the local
lan, could ping the 7206, but given an IP address that was not
directly connected, it would respond no route to host.

This is close to working. Can anyone offer any ideas about what might
have been causing this?


----- Original Message ----- 
From: "Joe Mays" <jfmays at launchpad.win.net>
To: <cisco-nas at puck.nether.net>
Sent: Saturday, March 19, 2011 2:26 AM
Subject: [cisco-nas] Bonded PPPoE over bridged DSL lines with
multilink PPP


Okay. At one end is a 2620 running 12.3(15) IPBase, with a 4NME card.
At the other is a 7206. Between them are three DSL lines, all running
in bridged mode. Two are bonded together between the DSL modem and the
DSLam, so essentially, we have two long Ethernet lines, plugged into
ports ethernet1/0 and ethernet1/1 on the 2620.

            /--------C1 ~~~~\
A ~~~~~~~ B<                 > D
            \========C2 ~~~~/


A (Cisco 7206, FE2/0)
B (Zhone Bitstorm)
~ (ethernet link)
- (single DSL line)
= (bonded DSL lines)
D (Cisco 2620, 4NME card, E1/0 and E1/1)

Essentially it all seems to work, turning it up with one port binds
virtual access 1 to the multilink PPP connection. But when both ports
on turned up on the 2620, it binds the second port, but then the
second port begins to go up and down and massive packet loss starts
occuring. It's not the DSL line, we tried both lines separately in
port 1, but work great. It's not the port, the same problem occurs if
we using ethernet1/2 as the second port, instead of E1/1. I was just
guessing at the config to make this work and I may have done it
completely wrongly.

Cisco 2620 config....

Current configuration : 1388 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Quickcash
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxx.
!
aaa new-model
!
!
aaa authentication login default local
aaa accounting delay-start
aaa session-id common
ip subnet-zero
ip cef
!
!
!
vpdn enable
vpdn ip udp ignore checksum
!
vpdn-group 1
 request-dialin
  protocol pppoe
!
!
username admin password 0 xxxxxxxx
!
!
!
interface FastEthernet0/0
 ip address xxx.24.2.89 255.255.255.248
 duplex auto
 speed auto
!
interface Ethernet1/0
 no ip address
 full-duplex
 pppoe enable
 pppoe-client dial-pool-number 1
!
interface Ethernet1/1
 no ip address
 shutdown
 full-duplex
 pppoe enable
 pppoe-client dial-pool-number 1
!
interface Ethernet1/2
 no ip address
 shutdown
 full-duplex
 pppoe enable
 pppoe-client dial-pool-number 1
!
interface Ethernet1/3
 no ip address
 shutdown
 half-duplex
!
interface Dialer1
 ip address xxx.24.12.100 255.255.255.0
 ip mtu 1420
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username quickcash1 password 0 xxxxxxxx
 ppp multilink
 ppp multilink links minimum 2
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
line con 0
line aux 0
line vty 0 4
 transport preferred none
 transport input telnet
!
!
end

Cisco 7206 Config....

Current configuration : 11227 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gw1.armplc
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxx
!
aaa new-model
!
!
aaa group server radius WinAuthAcct
 server xxx.24.27.48 auth-port 1812 acct-port 1813
 server xxx.24.27.49 auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication ppp default local group WinAuthAcct
aaa authorization exec default local none
aaa authorization network default local group WinAuthAcct
if-authenticated
aaa accounting delay-start
aaa accounting update newinfo
aaa accounting network default start-stop broadcast group WinAuthAcct
aaa session-id common
ip subnet-zero
no ip source-route
!
!
ip cef
ip telnet source-interface Loopback100
ip tftp source-interface Loopback100
ip domain list win.net
ip domain name win.net
ip name-server xxx.24.27.3
ip name-server xx.235.0.25
ip name-server xxx.24.27.4
!
no ip bootp server
pppoe-forwarding
!
!
!
!
!
!
!
!
!
!
!
username admin secret 5 xxxxxxxx
username quickcash1 password 0 xxxxxxxx
!
!
controller T3 6/0
!
!
bba-group pppoe global
 virtual-template 1
!
bba-group pppoe global1
 virtual-template 2
!
!
interface Loopback100
 description gw1.armplc.win.net loopback interface
 ip address 216.24.30.16 255.255.255.255
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface FastEthernet1/0
 ip address xxx.24.8.1 255.255.255.0
 duplex full
!
interface FastEthernet1/0.2
 encapsulation dot1Q 2
 ip address xxx.24.12.193 255.255.255.192
 pppoe enable group global
 no snmp trap link-status
!
interface FastEthernet1/0.3
 encapsulation dot1Q 3
 ip tcp adjust-mss 1360
 pppoe enable group global1
 no snmp trap link-status
!
interface FastEthernet1/0.16
 encapsulation dot1Q 16
 no snmp trap link-status
!
interface FastEthernet1/0.17
 encapsulation dot1Q 17
 no snmp trap link-status
!
interface FastEthernet2/0
 no ip address
 shutdown
 duplex half
!
interface Serial3/0
 description Armory Place CO to Heyburn
 bandwidth 44210
 ip address 216.24.28.246 255.255.255.252
 ip route-cache flow
 dsu bandwidth 44210
 framing c-bit
 cablelength 50
 serial restart-delay 0
 no cdp enable
!
interface Serial3/1
 no ip address
 shutdown
 dsu bandwidth 44210
 framing c-bit
 cablelength 10
 serial restart-delay 0
!
interface Serial4/0
 no ip address
 shutdown
 dsu bandwidth 44210
 framing c-bit
 cablelength 10
 serial restart-delay 0
!
interface ATM5/0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface Virtual-Template1
 ip unnumbered FastEthernet1/0.2
 ip tcp adjust-mss 1360
 peer default ip address pool pppoepool
 ppp authentication pap chap
!
interface Virtual-Template2
 mtu 1400
 ip unnumbered FastEthernet1/0.3
 peer default ip address pool pppoepool
 ppp mtu adaptive
 ppp authentication pap chap
!
router ospf 5150
 log-adjacency-changes
 area 0 authentication message-digest
 summary-address 216.24.9.0 255.255.255.128
 redistribute connected subnets route-map ospf-redistrib
 redistribute static subnets route-map ospf-redistrib
 passive-interface default
 no passive-interface FastEthernet1/0
 no passive-interface Serial3/0
 no passive-interface Loopback100
 network 24.235.0.0 0.0.31.255 area 0
 network 216.24.0.0 0.0.63.255 area 0
!
ip local pool pppoepool 216.24.12.100 216.24.12.180
ip classless
ip route 0.0.0.0 0.0.0.0 Serial3/0
ip route 216.24.2.88 255.255.255.248 216.24.12.100
ip route 216.24.35.91 255.255.255.255 216.24.12.100
no ip http server
!
!
!
ip access-list standard allow-our-nets
 permit 216.24.0.0 0.0.63.255
 permit 24.235.0.0 0.0.31.255
!
ip access-list extended in-block-all-smtp-nb
 deny   tcp any any eq smtp log-input
 deny   tcp any any range 135 139 log-input
 permit udp any eq netbios-ns host 216.24.27.3 eq domain
 permit udp any eq netbios-ns host 216.24.27.4 eq domain
 permit udp any eq netbios-ns host 199.120.154.17 eq domain
 permit udp host 216.24.27.3 eq domain any eq netbios-ns
 permit udp host 216.24.27.4 eq domain any eq netbios-ns
 permit udp host 199.120.154.17 eq domain any eq netbios-ns
 deny   udp any any eq netbios-ns
 deny   udp any any range 135 netbios-ss log-input
 deny   tcp any any eq 445 log-input
 deny   udp any any eq 445 log-input
 permit ip any any
ip access-list extended in-block-nb
 remark -- Same as out-block-nb
 deny   tcp any any range 135 139 log-input
 permit udp any eq netbios-ns host 216.24.27.3 eq domain
 permit udp any eq netbios-ns host 216.24.27.4 eq domain
 permit udp any eq netbios-ns host 199.120.154.17 eq domain
 permit udp host 216.24.27.3 eq domain any eq netbios-ns
 permit udp host 216.24.27.4 eq domain any eq netbios-ns
 permit udp host 199.120.154.17 eq domain any eq netbios-ns
 deny   udp any any eq netbios-ns
 deny   udp any any range 135 netbios-ss log-input
 deny   tcp any any eq 445 log-input
 deny   udp any any eq 445 log-input
 permit ip any any
ip access-list extended in-block-smtp-nb
 permit tcp any 216.24.27.0 0.0.0.255 eq smtp
 deny   tcp any any eq smtp log-input
 deny   tcp any any range 135 139 log-input
 permit udp any eq netbios-ns host 216.24.27.3 eq domain
 permit udp any eq netbios-ns host 216.24.27.4 eq domain
 permit udp any eq netbios-ns host 199.120.154.17 eq domain
 permit udp host 216.24.27.3 eq domain any eq netbios-ns
 permit udp host 216.24.27.4 eq domain any eq netbios-ns
 permit udp host 199.120.154.17 eq domain any eq netbios-ns
 deny   udp any any eq netbios-ns
 deny   udp any any range 135 netbios-ss log-input
 deny   tcp any any eq 445 log-input
 deny   udp any any eq 445 log-input
 permit ip any any
ip access-list extended in-dangerously-allow-all
 permit ip any any
ip access-list extended in-permitlog-smtp
 remark -- This one is used to see who we need to not apply blocksmtp
to.
 remark -- It is functionally identical to in-block-nb.
 permit tcp any 216.24.27.0 0.0.0.255 eq smtp
 permit tcp any any eq smtp syn log-input
 permit tcp any any eq smtp
 deny   tcp any any range 135 139 log-input
 permit udp any eq netbios-ns host 216.24.27.3 eq domain
 permit udp any eq netbios-ns host 216.24.27.4 eq domain
 permit udp any eq netbios-ns host 199.120.154.17 eq domain
 permit udp host 216.24.27.3 eq domain any eq netbios-ns
 permit udp host 216.24.27.4 eq domain any eq netbios-ns
 permit udp host 199.120.154.17 eq domain any eq netbios-ns
 deny   udp any any eq netbios-ns
 deny   udp any any range 135 netbios-ss log-input
 deny   tcp any any eq 445 log-input
 deny   udp any any eq 445 log-input
 permit ip any any
ip access-list extended out-block-all-smtp-nb
 deny   tcp any eq smtp any log-input
 deny   tcp any any range 135 139 log-input
 permit udp any eq netbios-ns host 216.24.27.3 eq domain
 permit udp any eq netbios-ns host 216.24.27.4 eq domain
 permit udp any eq netbios-ns host 199.120.154.17 eq domain
 permit udp host 216.24.27.3 eq domain any eq netbios-ns
 permit udp host 216.24.27.4 eq domain any eq netbios-ns
 permit udp host 199.120.154.17 eq domain any eq netbios-ns
 deny   udp any any eq netbios-ns
 deny   udp any any range 135 netbios-ss log-input
 deny   tcp any any eq 445 log-input
 deny   udp any any eq 445 log-input
 permit ip any any
ip access-list extended out-block-nb
 remark -- Same as in-block-nb
 deny   tcp any any range 135 139 log-input
 permit udp any eq netbios-ns host 216.24.27.3 eq domain
 permit udp any eq netbios-ns host 216.24.27.4 eq domain
 permit udp any eq netbios-ns host 199.120.154.17 eq domain
 permit udp host 216.24.27.3 eq domain any eq netbios-ns
 permit udp host 216.24.27.4 eq domain any eq netbios-ns
 permit udp host 199.120.154.17 eq domain any eq netbios-ns
 deny   udp any any eq netbios-ns
 deny   udp any any range 135 netbios-ss log-input
 deny   tcp any any eq 445 log-input
 deny   udp any any eq 445 log-input
 permit ip any any
ip access-list extended out-block-smtp-nb
 permit tcp 216.24.27.0 0.0.0.255 eq smtp any
 deny   tcp any eq smtp any log-input
 deny   tcp any any range 135 139 log-input
 permit udp any eq netbios-ns host 216.24.27.3 eq domain
 permit udp any eq netbios-ns host 216.24.27.4 eq domain
 permit udp any eq netbios-ns host 199.120.154.17 eq domain
 permit udp host 216.24.27.3 eq domain any eq netbios-ns
 permit udp host 216.24.27.4 eq domain any eq netbios-ns
 permit udp host 199.120.154.17 eq domain any eq netbios-ns
 deny   udp any any eq netbios-ns
 deny   udp any any range 135 netbios-ss log-input
 deny   tcp any any eq 445 log-input
 deny   udp any any eq 445 log-input
 permit ip any any
ip access-list extended out-dangerously-allow-all
 permit ip any any
ip access-list extended out-permitlog-smtp
 permit tcp any 216.24.27.0 0.0.0.255 eq smtp
 permit tcp any any eq smtp log-input
 deny   tcp any any range 135 139 log-input
 permit udp any eq netbios-ns host 216.24.27.3 eq domain
 permit udp any eq netbios-ns host 216.24.27.4 eq domain
 permit udp any eq netbios-ns host 199.120.154.17 eq domain
 permit udp host 216.24.27.3 eq domain any eq netbios-ns
 permit udp host 216.24.27.4 eq domain any eq netbios-ns
 permit udp host 199.120.154.17 eq domain any eq netbios-ns
 deny   udp any any eq netbios-ns
 deny   udp any any range 135 netbios-ss log-input
 deny   tcp any any eq 445 log-input
 deny   udp any any eq 445 log-input
 permit ip any any
ip radius source-interface Loopback100
logging source-interface Loopback100
!
route-map ospf-redistrib permit 10
 match ip address allow-our-nets
!
snmp-server trap-source Loopback100
!
radius-server attribute nas-port format c
radius-server dead-criteria tries 2
radius-server host 216.24.27.201 auth-port 1645 acct-port 1646
radius-server host 216.24.27.202 auth-port 1645 acct-port 1646
radius-server host 216.24.27.203 auth-port 1645 acct-port 1646
radius-server host 216.24.27.204 auth-port 1645 acct-port 1646
radius-server host 216.24.27.205 auth-port 1645 acct-port 1646
radius-server host 216.24.27.206 auth-port 1645 acct-port 1646
radius-server host 216.24.27.207 auth-port 1645 acct-port 1646
radius-server host 216.24.27.208 auth-port 1645 acct-port 1646
radius-server host 216.24.27.209 auth-port 1645 acct-port 1646
radius-server host 216.24.27.200 auth-port 1645 acct-port 1646
radius-server retry method reorder
radius-server transaction max-tries 3
radius-server retransmit 0
radius-server timeout 3
radius-server deadtime 2
radius-server key m00c0w6809
radius-server vsa send accounting
radius-server vsa send authentication
!
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 60 0
 logging synchronous
 transport preferred none
 transport input telnet
!
!
end



--
"The problem with our concept of mind is that we confuse our own kind
of self-awareness with thinking in general. Self-awareness is an
attribute of certain kinds of social animals. Why should a mind be
self-aware? It's enough it's world-aware. If it isn't socially
connected to other minds, it doesn't need social filters or
self-modeling. It's self-making, self-sufficient. It embodies and
acts. A world-aware mind is just one step closer to God than you and
I."
          -- Greg Bear, "Slant"



----------------------------------------------------------------------
----------


> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas



More information about the cisco-nas mailing list