Home / server / Questions / 573973
In Process
Myles Gray
Asked: 2014-02-08 06:56:41 +0800 CST

Cisco 1841 - Acting as a PPPoE terminator?

  • 772

We have 2x Fortigate 200B firewalls that we wish to operate in Active/Active HA mode - though, obviously, they cannot do this with PPPoE/DHCP enabled on the externally facing interfaces.

To overcome this we want to use a Cisco 1841 as a PPPoE terminator on its f0/1 interface and present a static IP on its f0/0 interface (we have done similar with Cisco 857 boxes to terminate RJ11 ADSL PPPoE connections and forward present on a FE interface in RJ45 for the 200Bs). This will allow us to set both 200Bs to manual and issue them the public IP address.

The general theory is to:

Unnumber the static route address against the LAN f0/0 side with the PPPoE virtual interface Dialer1.

So, we have this config (which works) on our Cisco 857s:

!Internally facing

interface Ethernet0
 ip address [ip.add.ress.here] 255.255.255.248
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 hold-queue 100 out

!Externally facing ADSL connection

interface ATM0
 no ip address
 atm vc-per-vp 64
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 8/35 
  no oam-pvc manage
  pppoe-client dial-pool-number 1

!Virtual PPPoE interface

interface Dialer1
 ip unnumbered Ethernet0
 ip virtual-reassembly
  encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname [our username]
 ppp chap password 7 [our password]
 ppp pap sent-username [our username] password 7 [our password]
!
ip route 0.0.0.0 0.0.0.0 Dialer1

On our 1841 we have this:

! Internally Facing

interface FastEthernet0/0
 ip address [ip.add.ress.here] 255.255.255.248
 ip nat inside
 speed 100
 full-duplex

! Externally Facing

interface FastEthernet0/1
 no ip address
 speed 100
 full-duplex
 pppoe enable group global
 pppoe-client dial-pool-number 1

! Virtual PPPoE Interface

interface Dialer1
 mtu 1492
 ip unnumbered FastEthernet0/0
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname [our username]
 ppp chap password 0 [our password]
 ppp pap sent-username [our username] password 0 [our password]
 no cdp enable
!
no ip classless
ip forward-protocol nd
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
dialer-list 1 protocol ip permit

But we don't seem to have any luck with this config, can anyone advise?

networking

0 Answers