Fastweb FTTS su Cisco 867VAE

Tutto ciò che ha a che fare con la configurazione di apparati Cisco (e non rientra nelle altre categorie)

Moderatore: Federico.Lagni

Rispondi
Avatar utente
@lan72
Cisco enlightened user
Messaggi: 157
Iscritto il: gio 22 mag , 2008 4:36 pm
Località: Sicily

Buongiorno a tutti, ho un contratto con fastweb Joy solo dati da circa 2 anni qualche giorno fa mi hanno migrato da adsl2 a vdsl2 (FTTS) con il modem tecnicolor originale funziona tutto perfettamente mentre con il cisco 867vae che avevo configurato in adsl l'interfaccia vdsl si allinea ma l'atm e sempre in down, ho provato a fare alcune modifiche sulla atm0.1 impostando statico l'ip ma non va, vi posto la parte delle interfacce della conf perfettamente funzionante in adsl2

Codice: Seleziona tutto

interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no ip mroute-cache
 no atm ilmi-keepalive

interface ATM0.1 point-to-point
 ip address dhcp
 ip mtu 1492
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 atm route-bridged ip
 pvc 8/36
  encapsulation aal5snap

interface Vlan1
 ip address 192.168.0.221 255.255.255.0
 ip mtu 1492
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
se faccio uno sh controller vdsl 0 l'interfaccia è allineata e stabile ma l'atm non va su.. qualcuno può darmi una dritta su come gestire le interfacce.. grazie
share your knowledge

.::.::. Cisco867VAE [IOS:15.4.3.M6a|FW:35j23je]
lorbellu
Network Emperor
Messaggi: 313
Iscritto il: gio 25 ott , 2007 6:14 pm

Ciao,

le connessioni VDSL2 non hanno portante ATM ma ethernet quindi la tua punto punto deve essere configurata sull'interfaccia ethernet0 del router non sull'ATM. Se la fai sull'ATM il MUX riceve una connessione ADSL.
La configurazione la puoi trovare su questo post, é per link Telecom ma a parte che la VLAN dovrebbe essere 836 non dovresti avere altri cambiamenti.
Lorbellu
Avatar utente
@lan72
Cisco enlightened user
Messaggi: 157
Iscritto il: gio 22 mag , 2008 4:36 pm
Località: Sicily

ciao, sai che mi era venuta in mente che non potevo usare l'atm infatti pensavo proprio di impostare il tutto sulla ethernet.. quindi ricapitolando mi consigli di impostare le interfacce così:


interface Ethernet0
no ip address

interface Ethernet0.836
encapsulation dot1Q 836
ip address dhcp

interface ATM0
no ip address
shutdown

interface Vlan1
ip address 192.168.0.254 255.255.255.0
share your knowledge

.::.::. Cisco867VAE [IOS:15.4.3.M6a|FW:35j23je]
lorbellu
Network Emperor
Messaggi: 313
Iscritto il: gio 25 ott , 2007 6:14 pm

Esatto, facci sapere.

Saluti
Lorbellu
Avatar utente
@lan72
Cisco enlightened user
Messaggi: 157
Iscritto il: gio 22 mag , 2008 4:36 pm
Località: Sicily

ciao ho fatto alcune prova ma continua a non funzionare sulla ethernet0.836 ho impostato sia dhcp che l'ip assegnato interno che negozia con il router tecnicolor che inizia per 100.xx.xx.xx
cmq ho fatto richiesta ieri di un ip pubblico statico e ad oggi ancora non è stato abilitato magari il problema sta li, cioè ho letto in giro che alcuni utenti hanno dovuto configurare una dialer mentre altri direttamente l'ip sulla interfaccia.. riproverò non appena e attivo l'ip pubblico statico intanto allego la conf completa, dimmi come ti sembra..
version 15.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname C867VAE
!
boot-start-marker
boot system flash:c860vae-ipbasek9-mz.154-3.M3.bin
boot-end-marker
!
!
logging buffered 52000
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
!
!
!
aaa session-id common
wan mode dsl
clock timezone MET 1 0
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
!
ip dhcp excluded-address 192.168.0.201 192.168.0.254
!
ip dhcp pool home
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.221
domain-name MATRIX
dns-server 8.8.8.8 8.8.4.4
lease infinite
!
ip dhcp pool ALIENWARE
host 192.168.0.1 255.255.255.0
client-identifier xxxxxxxxxxxxxx
client-name ALIENWARE
!
ip dhcp pool SPLIT-X2
host 192.168.0.2 255.255.255.0
client-identifier xxxxxxxxxxxxxxxx
client-name SPLIT-X2
!
ip dhcp pool IPHONE
host 192.168.0.3 255.255.255.0
client-identifier 013c.d0f8.8440.36
client-name IPHONE
!
ip dhcp pool vmwaresrv
host 192.168.0.4 255.255.255.0
client-identifier xxxxxxxxxxxxxxxxx
client-name vmwaresrv
!
ip dhcp pool chromecast
host 192.168.0.5 255.255.255.0
hardware-address xxxxxxxxxxxx
client-name chromecast
!
!
!
ip domain name MATRIX
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
file verify auto
username Agodmin privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
controller VDSL 0
operating mode vdsl2
no cdp run
!
ip tcp selective-ack
ip tcp timestamp
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
ip flow ingress
hold-queue 256 in
!
interface Ethernet0.836
description Fastweb Joy
encapsulation dot1Q 836
ip address dhcp
ip access-group 101 in
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1452
no cdp enable
!
interface FastEthernet0
description Apple AirPort-Express
no ip address
!
interface FastEthernet1
no ip address
shutdown
!
interface FastEthernet2
no ip address
shutdown
!
interface FastEthernet3
description Linksys Switch-Gigabit
no ip address
!
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.0.221 255.255.255.0
ip access-group 102 in
ip mtu 1492
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Ethernet0.836 overload
ip nat inside source static tcp 192.168.0.1 4662 interface Ethernet0.836 4662
ip nat inside source static udp 192.168.0.1 4672 interface Ethernet0.836 4672
ip nat inside source static tcp 192.168.0.1 6881 interface Ethernet0.836 6881
ip route 0.0.0.0 0.0.0.0 Ethernet0.836
!
mac-address-table aging-time 10
!
access-list 1 remark The local LAN.
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 remark Where management can be done from.
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 101 remark Traffic allowed to enter the router from the Internet
access-list 101 permit udp any eq bootpc any eq bootps
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit tcp any any gt 1023 established
access-list 101 permit udp any any gt 1023
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any traceroute
access-list 101 deny icmp any any log
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit udp host 8.8.8.8 eq domain any
access-list 101 permit udp host 8.8.4.4 eq domain any
access-list 101 permit udp any any eq ntp
access-list 101 permit tcp any any eq 4662
access-list 101 permit udp any any eq 4672
access-list 101 permit tcp any any eq 6881
access-list 101 deny ip any any log
access-list 102 remark Traffic allowed to enter the router from the Ethernet
access-list 102 permit ip any host 192.168.0.221
access-list 102 deny ip any host 192.168.0.255
access-list 102 deny udp any any eq tftp log
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny ip any 192.168.0.0 0.0.255.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny udp any any eq 135 log
access-list 102 deny tcp any any eq 135 log
access-list 102 deny udp any any eq netbios-ns log
access-list 102 deny udp any any eq netbios-dgm log
access-list 102 deny tcp any any eq 445 log
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
!
!
!
control-plane
!
!
banner login ^C.!|!.!|!. Cisco Systems, Inc




_______ ____ __________ _ _____ ______
/ ____(_)_____________ ( __ )/ ___/__ / | | / / | / ____/
/ / / / ___/ ___/ __ \ / __ / __ \ / / | | / / /| | / __/
/ /___/ (__ ) /__/ /_/ / / /_/ / /_/ / / / | |/ / ___ |/ /___
\____/_/____/\___/\____/ \____/\____/ /_/ |___/_/ |_/_____/





Authorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!
^C
!
line con 0
login authentication local_authen
no modem enable
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
access-class 2 in
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 50000 1000
sntp server 216.239.32.15
sntp server 216.239.34.15
!
end
share your knowledge

.::.::. Cisco867VAE [IOS:15.4.3.M6a|FW:35j23je]
Avatar utente
@lan72
Cisco enlightened user
Messaggi: 157
Iscritto il: gio 22 mag , 2008 4:36 pm
Località: Sicily

Ho risoltoo in sostanza ho configurato tutto sulla eternet0 in dhcp in alternativa se imposto l'ip fisso funziona lo stesso
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
no atm ilmi-keepalive

interface Ethernet0
description Fastweb Joy
ip address dhcp
ip access-group 101 in
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1452
hold-queue 256 in

interface Vlan1
description Virtual Local Area Network
ip address 192.168.0.221 255.255.255.0
ip access-group 102 in
ip mtu 1492
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452

ip nat inside source list 1 interface Ethernet0 overload
ip route 0.0.0.0 0.0.0.0 dhcp
access-list 1 permit 192.168.0.0 0.0.0.255
share your knowledge

.::.::. Cisco867VAE [IOS:15.4.3.M6a|FW:35j23je]
lorbellu
Network Emperor
Messaggi: 313
Iscritto il: gio 25 ott , 2007 6:14 pm

Grande!!
Si vede che nelle connessioni residenziali base, laddove non ci sono servizi aggiunti ti arriva una connessione ethernet untagged, quindi il comando

Codice: Seleziona tutto

encapsulation dot1q 
non serve, anzi non va messo.

Saluti
Lorbellu
Avatar utente
@lan72
Cisco enlightened user
Messaggi: 157
Iscritto il: gio 22 mag , 2008 4:36 pm
Località: Sicily

Infatti credo che se avessi avuto anche la fonia il tutto sulla Ethernet0 non avrebbe funzionato, ma dovevo per forza passare dalla vlan Ethernet0.835/6

cmq grazie, s'impara sempre qualcosa :)
share your knowledge

.::.::. Cisco867VAE [IOS:15.4.3.M6a|FW:35j23je]
paolomat75
Messianic Network master
Messaggi: 2965
Iscritto il: ven 29 gen , 2010 10:25 am
Località: Prov di GE

Buono a sapersi :-)
Anche se VDSL da me non se ne parla ancora :(
Non cade foglia che l'inconscio non voglia (S.B.)
Rispondi