Cisco: 897VAW Running Config with PPPoA (BT)

Below is my latest running config.

My ISP is currently BT (British Telecom) and I have ADSL G.992.1 Annex A, PPPoA. i.e. very slow broadband down a copper wire in the United Kingdom.

It is work in progress and to save making forum entries very long with running-configs, I thought it would be easier to reference the latest version here.

I still have to configure:

  • Zone firewall – partially done, in that the zones are configured but it’s wide open!
  • DMZ
  • VPN to Microsoft Azure cloud
  • Wireless – Working on it…
  • Public IP NAT’ing – I have 5 public IP addresses

It is connected to a Cisco SG300-28p switch, running in Layer 2 mode. I will post the config of the switch in due course.

C897VAW#sh run
Building configuration...

Current configuration : 8195 bytes
!
! Last configuration change at 11:48:42 BST Sat Jul 5 2014
version 15.2
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
!
hostname C897VAW
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
no logging console
no logging monitor
!
no aaa new-model
memory-size iomem 5
clock timezone GMT 0 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
service-module wlan-ap 0 bootimage autonomous
!
!
!
!
!
!
ip domain name myinternaldomain.com
ip name-server 194.72.0.114
ip name-server 62.6.40.178
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-1177921732
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1177921732
revocation-check none
rsakeypair TP-self-signed-1177921732
!
!
crypto pki certificate chain TP-self-signed-1177921732
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313737 39323137 3333301E 170D3134 30363233 32323439
35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31373739
32313733 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
527D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 144EF96E 1D18CC34 5EAE261E 96CE1D10 48A82422 42301D06
03551D0E 04160414 4EF96E1D 18CC345E DD60AE6F CE1D1048 A8242242 300D0609
2A864886 F70D0101 05050003 81810058 1E9CB218 54DF1E32 92FAC84F 0DC6B97A
B1D7A0A4 2DD5BB9E D359A3B1 38BAE5
quit
license udi pid C897VAW-E-K9 sn FCZ274491KG
!
!
username user1 privilege 15 secret 4 F/p3xD3S2V2KxAAiGXa.5/pHabraaaQj5Dk3CdNqiJw
!
!
controller VDSL 0
modem ukfeature
!
no ip ftp passive
ip ssh authentication-retries 5
!
class-map type inspect match-any ByProtocol
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-all ccp-cls--1
match access-group name Outbound
class-map type inspect match-all ccp-cls--2
match access-group name Outbound
class-map type inspect match-all ccp-cls--6
match access-group name Drop
class-map type inspect match-all ccp-cls-ccp-policy-ccp-cls--3-1
match access-group name Inbound
class-map type inspect match-all ccp-cls-ccp-policy-ccp-cls--2-1
match access-group name Block
!
policy-map type inspect ccp-policy-ccp-cls--2
class type inspect ccp-cls--2
pass log
class class-default
drop
policy-map type inspect ccp-policy-ccp-cls--3
class type inspect ccp-cls-ccp-policy-ccp-cls--2-1
pass
class type inspect ccp-cls-ccp-policy-ccp-cls--3-1
pass log
class class-default
drop
!
zone security Internet
zone security Trusted
zone security DMZ
zone security GuestWiFi
zone-pair security sdm-zp-Trusted-Internet source Trusted destination Internet
service-policy type inspect ccp-policy-ccp-cls--2
zone-pair security sdm-zp-Internet-Trusted source Internet destination Trusted
service-policy type inspect ccp-policy-ccp-cls--3
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 0/38
description ***Link to BT BROADBAND***
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Ethernet0
no ip address
shutdown
!
interface GigabitEthernet0
description ***Cisco Switch Pt28***
switchport trunk native vlan 10
switchport mode trunk
no ip address
!
interface GigabitEthernet1
no ip address
shutdown
!
interface GigabitEthernet2
no ip address
shutdown
!
interface GigabitEthernet3
no ip address
shutdown
!
interface GigabitEthernet4
no ip address
shutdown
!
interface GigabitEthernet5
no ip address
shutdown
!
interface GigabitEthernet6
no ip address
shutdown
!
interface GigabitEthernet7
no ip address
shutdown
!
interface GigabitEthernet8
no ip address
shutdown
duplex auto
speed auto
!
interface Wlan-GigabitEthernet8
description Internal switch interface connecting to the embedded AP
switchport trunk native vlan 40
switchport mode trunk
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
ip unnumbered Vlan10
!
interface Vlan1
no ip address
!
interface Vlan10
description ***SWITCH+ROUTER+W-AP***
ip address 172.16.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
zone-member security Trusted
!
interface Vlan30
description GuestWiFi
ip address 172.16.30.1 255.255.255.240
ip helper-address 172.16.60.5
ip nat inside
ip virtual-reassembly in
zone-member security GuestWiFi
!
interface Vlan40
description CoreWiFi
ip address 172.16.40.1 255.255.255.240
ip helper-address 172.16.60.5
ip nat inside
ip virtual-reassembly in
zone-member security Trusted
!
interface Vlan50
description CoreClient
ip address 172.16.50.1 255.255.255.0
ip helper-address 172.16.60.5
ip nat inside
ip virtual-reassembly in
zone-member security Trusted
!
interface Vlan55
description Audio/Video
ip address 172.16.55.1 255.255.255.240
ip helper-address 172.16.60.5
ip nat inside
ip virtual-reassembly in
zone-member security Trusted
!
interface Vlan60
description CoreServers
ip address 172.16.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security Trusted
!
interface Vlan65
description ***Management***
ip address 172.16.65.1 255.255.255.192
ip helper-address 172.16.60.5
ip nat inside
ip virtual-reassembly in
zone-member security Trusted
!
interface Vlan80
description DMZ
ip address 172.16.80.9 255.255.255.248
zone-member security DMZ
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly in
zone-member security Internet
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname D034436@ab70.btclick.com
ppp chap password 7 132F4AE33D01E2076100920
no cdp enable
!
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
ip nat pool NAT_Pool_BT 81.23.201.21 81.23.201.25 netmask 255.255.255.248
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended Block
remark CCP_ACL Category=128
permit ip host 216.17.8.178 any
ip access-list extended Drop
remark CCP_ACL Category=128
permit ip host 216.17.8.178 any
ip access-list extended Inbound
remark CCP_ACL Category=128
permit ip any any
ip access-list extended Outbound
remark CCP_ACL Category=128
permit ip any any
!
logging trap debugging
logging host 172.16.50.100
access-list 100 permit ip any any
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
alias configure sh do sh
alias configure dial int Dialer0
alias exec dot11radio service-module wlan-ap 0 session
banner login ^CTexNet - Unauthorised Access Prohibited^C
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 60 0
privilege level 15
password 7 06225F875AD5C54B59
logging synchronous
login local
transport preferred ssh
transport input telnet ssh
line vty 5 15
exec-timeout 30 0
privilege level 15
logging synchronous
login local
transport input none
!
scheduler allocate 20000 1000
ntp source Dialer0
ntp server 2.uk.pool.ntp.org
ntp server 3.uk.pool.ntp.org
ntp server 0.uk.pool.ntp.org
ntp server 1.uk.pool.ntp.org
!
end

 

Leave a Reply

Your email address will not be published. Required fields are marked *

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax

This site uses Akismet to reduce spam. Learn how your comment data is processed.