Vodafone VDSL and Cisco 887va

Forums › One New Zealand (including Vodafone, WxC, Farmside) › Vodafone VDSL and Cisco 887va

crookdexter

3 posts

Wannabe Geek

#157285 26-Nov-2014 15:12

I am stuck with this one for sometime and VF helpdesk has not been of much help here.

We have a site where I installed a cisco 887va with a standard vdsl config (which works with ISP's like spark, snap, orcon, etc.)
The connection worked for a few days and then suddenly lost auth. We still continue to get a solid cd light but nothing on ppp.
Rang vodafone who continue to say that there is nothing wrong at their end. So I ended up replacing the router with another Cisco 887va which did not work either. Same issue.
Vodafone shipped out a Huawei which works perfectly fine. Which tells me that VF has changed something for this customer.

Info I got from VF is as below.
IPoE
no un/pass (as its port based)
vlan tag of 10

Ironically we have two other VF customers on VDSL and with the same cisco router and similar config which work fine. I have posted the sh ru as below.
Please if anybody can spot any issues here, would be great. I have looked around and haven't found much info on this type of setup.

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxxxxxxxxxxxxxxxxxxxx
!
boot-start-marker
boot-end-marker
!
clock timezone NZST 12
clock summer-time NZDT recurring last Sun Sep 2:00 1 Sun Apr 3:00
!
enable password yyyyyyyyyyyyyy
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
!
!
ip cef
ip name-server x.x.x.x
ip name-server x.x.x.x
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT100 icmp
no ipv6 cef
!
!
!
!
username uuuuuuuuu password ppppppppppp
!
!
!
!
controller VDSL 0
!
!
no crypto isakmp enable
!
!
!
!
ip dhcp excluded-address 10.12.13.1 10.12.13.250
!
!
ip dhcp pool WDTEST
import all
network 10.12.13.0 255.255.255.0
default-router 10.12.13.1
dns-server 8.8.8.8
lease infinite
!
!
!
!
interface Tunnel0
ip address 192.168.232.13 255.255.255.252
ip access-group 101 in
ip mtu 1420
ip nat outside
ip virtual-reassembly in
tunnel source Dialer1
tunnel destination x.x.x.x
tunnel path-mtu-discovery
shut
!
interface Ethernet0
no ip address
no shut
!
interface Ethernet0.10
encapsulation dot1Q 10
pppoe-client dial-pool-number 1
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 2
no shutdown
!
!
interface Vlan1
ip address 192.168.0.254 255.255.255.0
ip access-group 100 in
ip nat inside
ip inspect DEFAULT100 in
ip virtual-reassembly in
ip tcp adjust-mss 1380
ip policy route-map tunnel
!
!
interface vlan2
no shut
ip address 10.12.13.1 255.255.255.0
ip nat inside
!
interface Dialer1
ip address negotiated
ip access-group 103 in
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname user@xtrabb.co.nz
ppp chap password abc123
ppp pap sent-username user@xtrabb.co.nz password abc123
hold-queue 224 in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 102 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
logging trap warnings
logging x.x.x.x
access-list 100 remark Vlan1 In
access-list 100 deny ip 219.89.0.0 0.0.255.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit gre any host 202.89.39.245
access-list 100 permit ip any any
access-list 101 remark Tunnel0 In
access-list 101 permit gre host 202.89.39.245 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 102 permit ip 10.12.13.0 0.0.0.255 any
access-list 103 deny ip 192.168.0.0 0.0.255.255 any
access-list 103 deny ip 172.16.0.0 0.15.255.255 any
access-list 103 deny ip 10.0.0.0 0.255.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip host 0.0.0.0 any
access-list 103 permit icmp any any unreachable
access-list 103 permit icmp any any echo-reply
access-list 103 permit icmp any any packet-too-big
access-list 103 permit icmp any any time-exceeded
access-list 103 permit icmp any any traceroute
access-list 103 permit icmp any any administratively-prohibited
access-list 103 permit icmp any any echo
access-list 103 permit tcp any any eq telnet
access-list 103 permit udp any any eq 123
access-list 103 permit tcp any eq www any established
access-list 103 permit tcp any eq 443 any established
access-list 103 permit udp any any eq domain
access-list 103 permit tcp any any eq domain
access-list 103 permit tcp any any eq smtp
access-list 103 permit tcp any any eq pop3
access-list 103 permit tcp any any eq 143
access-list 103 permit tcp any any eq 465
access-list 103 permit tcp any any eq 587
access-list 103 permit tcp any any eq 993
access-list 103 permit tcp any any eq 1723
access-list 103 permit udp any any eq 1701
access-list 103 permit udp any any eq non500-isakmp
access-list 103 permit udp any any eq isakmp
access-list 103 permit tcp any any eq 59000
access-list 103 permit tcp any any eq 30100
access-list 103 permit tcp any any eq www
access-list 103 deny ip any any log
access-list 110 remark etap/assembly exception
access-list 110 deny ip any 123.100.99.0 0.0.0.255
access-list 110 deny ip any 202.164.31.0 0.0.0.255
access-list 110 deny ip 10.12.13.0 0.0.0.255 any
access-list 110 remark Policy Route Match for Tunnel for Jetstream only
access-list 110 deny ip any 203.96.63.0 0.0.0.255
access-list 110 deny ip any 192.122.171.0 0.0.0.255
access-list 110 deny ip any 222.154.236.0 0.0.0.255
access-list 110 permit tcp 10.11.0.0 0.0.0.255 any eq www
access-list 110 permit tcp 10.11.0.0 0.0.0.255 any eq 443
access-list 123 permit tcp host 222.154.238.15 any eq telnet
access-list 123 permit tcp host 203.89.172.122 any eq telnet
access-list 123 permit tcp host 203.89.173.234 any eq telnet
access-list 123 permit tcp host 202.89.39.245 any eq telnet
access-list 123 permit tcp host 202.89.39.246 any eq telnet
access-list 123 permit tcp host 203.89.173.235 any eq telnet
access-list 123 permit tcp host 203.89.173.232 any eq telnet
access-list 123 permit tcp 202.90.44.0 0.0.0.255 any eq telnet
access-list 123 permit tcp 202.90.56.0 0.0.0.255 any eq telnet
access-list 123 permit tcp 10.12.13.0 0.0.0.255 any eq telnet
access-list 123 permit tcp 192.168.0.0 0.0.0.255 any eq telnet
dialer-list 1 protocol ip permit
!
!
!
!
route-map tunnel permit 10
match ip address 110
set ip next-hop 192.168.232.14
!
route-map tunnel permit 20
!
!
line con 0
exec-timeout 120 0
logging synchronous
transport preferred none
transport output all
stopbits 1
line aux 0
transport preferred none
transport output all
line vty 0 4
access-class 123 in
exec-timeout 120 0
privilege level 15
login local
length 0
transport preferred none
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
ntp server 64.4.10.33
ntp server 64.236.96.53
end

pauln

55 posts

Master Geek

#1185190 28-Nov-2014 22:43

Hi there, not sure if it's relevant but I do notice this in the config:
ppp chap hostname user@xtrabb.co.nz

// ]]>

ppp chap password abc123
ppp pap sent-username user@xtrabb.co.nz

// ]]>

password abc123

Obviously these are Spark details, is it possible voda have migrated you to a LLU service and this is causing an issue?

Cheers, Paul

nigelj

856 posts

Ultimate Geek

#1185199 28-Nov-2014 23:43

I'm nearly certain that there is no PPP listener on VDSL (from Vodafone) services (someone from Vodafone would need to confirm though), it's straight RFC1483 IPoE (Not IPoA), just need to place a DHCP client on VLAN10 and you should be good. (No need for any sort of Dialer interface like in your current configuration).

crookdexter

3 posts

Wannabe Geek

#1186189 1-Dec-2014 10:22

since then i shipped a netcomm vdsl router to our customer premise
standard vlan tag of 10
pppoe un fn105489
pppoe pass abc123

and this works. router is online.
just not working with the cisco.

crookdexter

3 posts

Wannabe Geek

#1187939 3-Dec-2014 13:46

Hello Everyone,

Thank you for your input.

I shipped this client a cisco867vae with a config similar to the cisco887va and its worked.

So config is still
PPPoE
vlan10
user@xtrabb.co.nz
abc123
PAP/CHAP

*****************************************************************************
no aaa new-model
wan mode dsl
clock timezone NZST 12 0
clock summer-time NZDT recurring last Sun Sep 2:00 1 Sun Apr 3:00
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 10.12.13.1 10.12.13.250
!
ip dhcp pool WDTEST
import all
network 10.12.13.0 255.255.255.0
default-router 10.12.13.1
dns-server 8.8.8.8
lease infinite
!
!
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT100 icmp
ip name-server 202.90.44.11
ip name-server 202.90.44.12
!
!
!
crypto pki token default removal timeout 0
!
!
!
!
username abc password 123456
!
!
controller VDSL 0
!
!
!
!
no crypto isakmp enable
!
!
!
!
!
!
interface Tunnel0
ip address 192.168.232.13 255.255.255.252
ip access-group 101 in
ip mtu 1420
ip nat outside
ip virtual-reassembly in
tunnel source Dialer1
tunnel destination x.x.x.x
tunnel path-mtu-discovery
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
!
interface Ethernet0.10
encapsulation dot1Q 10
pppoe-client dial-pool-number 1
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 2
no ip address
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.0.254 255.255.255.0
ip access-group 100 in
ip inspect DEFAULT100 in
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1380
ip policy route-map tunnel
!
interface Vlan2
ip address 10.12.13.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname uuuuuuuuuuuuu
ppp chap password pppppppppppppp
ppp pap sent-username uuuuuuuuuuuu password ppppppppppppppp
hold-queue 224 in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
**********************************************************************

Really not sure what has changed in the last few days.

Anyways it's resolved and to get vodafone to give me a detailed dslam report will be a mission.