MediaWiki:Welcome to the Howto page/Cisco/ADSL

From wiki
Jump to: navigation, search

Configuring a Cisco Integrated Services Router (ISR) Asynchronous Digital Subscriber Line (ADSL) Interface


In order to configure a Cisco router to connect to an ADSL line an understanding of the IOS model needs to be obtained. Unlike consumer routers who's configurations are done via a web user interface (UI), Cisco routers are configured from the IOS on two interfaces:


  1. The ATM (Asynchronous Transfer Mode) interface
  2. The Dialer interface


These interfaces have the following functions:


  • The ATM interface physically encodes the data on to the network medium and provides connectivity with the ISP's DSLAM and ATM circuitry.
  • The Dialer interface effectively 'dials' through the ATM interface and provides connectivity to the higher layers of the OSI system stack.


To begin the ATM interface needs to be configured in order to properly encode the signals on the line. The first step in configuration is to make sure that the interface detects the ADSL encoding and can communicate with the DSLAM at a physical level.

This can be done by issuing the:

show dsl interface

command.



An example of the type of output can be seen below:


Cisco857W#sh dsl inter
ATM0
Alcatel 20190 chipset information
 		ATU-R (DS)			ATU-C (US)
Modem Status:	 Showtime (DMTDSL_SHOWTIME)
DSL Mode:	 ITU G.992.5 (ADSL2+) Annex A
ITU STD NUM: 	 0x03				 0x2 
Chip Vendor ID:	 'STMI'				 'GSPN'
Chip Vendor Specific:  0x0000			 0x0010
Chip Vendor Country:   0x0F			 0xFF
Modem Vendor ID: 'CSCO'				 'GSPN'
Modem Vendor Specific: 0x0000			 0x1000
Modem Vendor Country:  0xB5			 0xFF
Serial Number Near:    FCZ111840K1
Serial Number Far:     
Modem VerChip ID: 	 C196 (0)
DFE BOM:	 DFE3.0 Annex A (1)
Capacity Used:	 99%				 96%
Noise Margin:	  6.0 dB			  6.0 dB
Output Power:	 20.0 dBm			 10.5 dBm
Attenuation:	 20.0 dB			  7.0 dB
Defect Status:	 None                            None                        
Last Fail Code:	 None
Watchdog Counter: 0x61
Watchdog Resets: 0
Selftest Result: 0x00
Subfunction:	 0x00 
Interrupts:	 59177 (0 spurious)
PHY Access Err:	 0
Activations:	 110
LED Status:	 ON
LED On Time:	 100
LED Off Time:	 100
Init FW:	 init_AMR-4.0.015.bin
Operation FW:	 AMR-4.0.015.bin
FW Source:	 external
FW Version:	 4.0.15

 		 DS Channel1	  DS Channel0	US Channel1	  US Channel0
Speed (kbps):	          0	       19161	         0	         967
Cells:		          0	     3664423	         0	   166848083
Reed-Solomon EC:          0	           0	         0	           0
CRC Errors:	          0	        4117	         0	           0
Header Errors:	          0	        3390	         0	           0
Total BER:		  0E-0		 7076E-9
Leakage Average BER:	  0E-0		 5631E-9
Interleave Delay:         0	          46	         0	          62
                	ATU-R (DS)	ATU-C (US)
Bitswap:	       enabled		  enabled
Bitswap success:          0	              0
Bitswap failure:          0	              0

LOM Monitoring : Enabled
LOM watch configured for 200 times
LOM appeared continuously for 0 times


DMT Bits Per Bin
000: 0 0 0 0 0 0 0 2 3 5 7 8 A B B C
010: C D C D D D D D D D C C C C B B
020: 0 0 2 2 5 6 6 7 8 9 9 A A B B B
030: C C C C D D D D D D D D D D D D
040: D E D D D D D D D D 2 D D D D D
050: D D D D D D D D D D D D D D D D
060: D D D D D D D D D D D D D D D D
070: D D D D D D D D D D D D D D D D
080: D D D D D D D D D D C C C C C C
090: C C C C C C C C C C C C C C C C
0A0: C C C C C C B C C B B B B B C C
0B0: C B C C B B C C C C C C C C C C
0C0: C C C C C C C C C C C C C C C C
0D0: C B B 9 B B C B B B B B B B B B
0E0: B B B B B B B B B B B B B B B B
0F0: B B B B B B B B B B B B B B B C
100: C C B C B B B B C C C A C C C C
110: C C C C C C C C B B 9 C C C C C
120: C C C C C C C C C C C C B B B B
130: B B B B B B B B B B B B B B B B
140: B B B B B B B B B B B B B B B B
150: B B 8 B B B B B B B B B B B B B
160: B B B B B B B 6 B B B B B B A A
170: A A A A A A A A A A A A A A A A
180: A A A A A A A A A A A A A A A A
190: A A A A A A A A A A A A A A A A
1A0: A A A A A A A A A 9 9 9 9 9 9 9
1B0: 9 9 9 9 9 9 9 9 9 9 9 9 9 8 8 8
1C0: 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8
1D0: 8 8 8 8 8 8 8 8 7 7 7 7 7 7 7 7
1E0: 7 7 7 7 7 7 0 0 0 0 0 0 0 0 0 0
1F0: 7 6 6 6 6 6 6 6 6 6 6 5 5 5 5 5

DSL: Training log buffer capability is not enabled


The connection method to the ISP then needs to be established, as in which Point-to-Point protocol the connection uses: PPPoA (Point-to-Point over ATM) or PPPoE (Point-to-Point over Ethernet). Also which VPI (Virtual Path Identifier) and VCI (Virtual Circuit Identifier) the ISP is using, this is usually based on geographic location.


In addition to providing the connection information, the MTU (maximum transmission unit) also needs to be specified in order to tell the interface how large packets should be transmitted at for more efficient communication.


The examples below show the different ways to configure the ATM interface;


ATM 1 shows the interface having an mtu of 1500 and has the PVC (Private Virtual Circuit) defining which VPI/VCI numbers are used. The current values being 0 for the VPI and 38 for the VCI. Since this example uses the PPPoA the encapsulation has been set to AAL5MUX over the *PPP* dialer.


ATM 2 is pretty similar however having an mtu of 1492 and different VPI/VCI values, at 8 and 35 respectively. Since this example uses the PPPoE protocol there is no AAL5 Multiplexing included in the configuration.


interface ATM0
 description WAN interface ATM0
 mtu 1500
 no ip address
 no ip route-cache
 no atm ilmi-keepalive
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 dsl operating-mode auto 
 dsl lom 200

ATM 1

interface ATM0 description WAN interface ATM0
 mtu 1492
 no ip address
 no ip route-cache
 no atm ilmi-keepalive
 pvc 8/35 
  pppoe-client dial-pool-number 1
 !
 dsl operating-mode auto

ATM 2


The next step is to configure the Dialer interface which is a little more involved then the ATM interface configuration. To start with the WAN (Wide Area Network) or Public IP address needs to be negotiated with the PoP (Point-of-Presence) server and the NAT (Network Address Translation) needs to be put 'outside' the interface as the translations should occur from inside-to-outside.


Setting the encapsulation to PPP is expected here as we want the Dialer interface to talk to the PoP on a Point-to-Point basis. The additional: no cdp run statement turns of the Cisco Discovery Protocol on the interface just in case someone at the ISP suddenly decides that they are going start querying CDP neighbors of which they will be able to find out a substantial amount of information about the Cisco hardware that's being used as the CPE (Customer Premises Equipment).


Both examples contain a Dialer Pool statement of which they are attached to. The Dialer Pool is a pool of addresses which can be used to translate between private->public. This comes from the basis that there are 65536 ports in the TCP/IP stack and that a certain number of users behind the NAT is going to use up all the ports as the first 49151 are not usable since they are registered by vendors or "well-known" meaning that they are more for server applications and not dynamic. 2000 or more employees can easily use up the remaining 16385 ports. The pool definition designates that a bunch of WAN or public IP addresses can be included in order for the router to NAT properly and not run into any problems of which end users will identify as "system timeout" messages.


The Dialer Pool is provided by this statement:


ip nat inside source list 1 interface Dialer0 overload


where list 1 is provided by this:


dialer-list 1 protocol ip permit



Another discrete difference between the Dialer 1 and Dialer 2 examples is the authentication mechanisms they use in order to connect to the DSL infrastructure. Using the PPP protocol there are two authentication methods available: CHAP (Challenge-Handshake Authentication Protocol) and PAP(Password Authentication Protocol). The former having security built in via a 3-way handshake and the latter sending all authentication in clear text.


If the DNS (Domain Name Servers) servers for the network are not local and are provided by the ISP then IPCP (Internet Protocol Control Protocol) can be used in order to automatically get values of resolving servers using the 'DNS Request' and 'DNS Accept' statements.


interface Dialer0
 description To ISP via DSLAM @ Local Exchange
 ip address negotiated
 ip nat outside
 no ip virtual-reassembly
 encapsulation ppp
 no ip route-cache
 dialer pool 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname isphostname
 ppp chap password 7 isppassword
 ppp ipcp dns request
 ppp ipcp dns accept

Dialer 1

interface Dialer0 description To ISP via DSLAM @ Local Exchange
 ip address negotiated
 ip mtu 1492
 ip nat outside
 no ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 ppp authentication pap callin
 ppp pap sent-username isphostname@isp password 0 isppassword

Dialer 2


Now that we have a connection to the internet the next phase is to setup the NAT and the Dialer Pool and then an ACL (Access Control List) in order to let internal networks connect to the outside.


The first part in this procedure is to 'overload' the NAT which in terms of Cisco IOS means activating PAT (Port Address Translation) so that one public IP address can be used to translate many internal addresses. The dialer-list specifies the internal addresses to be translated; since the network we have setup currently is a small to medium stub network we only have one public IP address to translate so we simply permit the IP protocol.


The access list is just a standard ACL so all that is needed to do is define the source addresses to be permitted with the reciprocal of their subnet masks. A gateway of last-resort also needs to be added by using the ip route statement. This effectively means that if the router can't find a better match in order to route packets it will simply route them straight out of the Dialer interface.


ip route 0.0.0.0 0.0.0.0 Dialer0
ip nat inside source list 1 interface Dialer0 overload
dialer-list 1 protocol ip permit
access-list 1 permit 10.10.1.0 0.0.0.255
access-list 1 permit 10.10.0.0 0.0.0.255