Home / Internet / Podešavanje Cisco C8xx rutera za Telekom Srbija ADSL

Podešavanje Cisco C8xx rutera za Telekom Srbija ADSL

Ukoliko imate Cisco router 800 series (C837, C877, C876…), a potrebna su vam podešavanja, prikazaćemo vam primer konfiguracije namenjen za Telekom Srbija ADSL servis. U suštini, isto je i za sve provajdere na teritoriji Srbije, samo se razlikuje username i password.

U okviru konfiguracije postoji par zanimljivih detalja oko konfiguracije ATM dela, Dialer interfejsa i NAT-ovanja pomoću access liste. Na njih ćemo staviti akcenat, pošto ovo ostalo verovatno znate.

Cisco 877 ADSL Router - podesavanje

Cisco 877 ADSL Router

Podešavanje DSL dela u okviru Cisco rutera:

!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
dsl enable-training-log
pvc 8/35 
encapsulation aal5snap
pppoe-client dial-pool-number 1
!

Podešavanje Dialer0 interfejsa, koji će pokrenuti PPPoE konekciju:

!
interface Dialer0
description INTERNET KONEKCIJA
ip address negotiated
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
no cdp enable
ppp pap sent-username [email protected] password 7 xxxxxxxxxx
!

Dodavanje Default Route:

!
ip route 0.0.0.0 0.0.0.0 Dialer0
!

Access lista i NAT Overload:

!
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 10.0.0.0 0.0.0.127
access-list 1 remark LAN
!

 Ethernet0 Interfejs:

!
interface Ethernet0
ip address 10.0.0.1 255.255.255.128
ip nat inside
!

DHCP Server Pool:

!
ip dhcp excluded-address 10.0.0.1 10.0.0.10
!
ip dhcp pool LAN
network 10.0.0.0 255.255.255.128
default-router 10.0.0.1 
dns-server 8.8.8.8
domain-name cisco.home
!

PODESAVANJE TELEKOM IPTV-a NA CISCO RUTERU

Primer full konfiguracije za ADSL + OPEN IPTV.

Credits: Dusan Vuckovic i Optix

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetim e msec
service password-encryption
!
hostname prvi
!
boot-start-marker
boot-end-marker
!
enable secret 5
enable password 7
!
no aaa new-model
!
dot11 ssid mile.voli.cisco
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7
!
ip cef
!
####### NAJVAZNIJE ZA IPTV
no ip igmp snooping
!
bridge irb
!
!
interface BRI0
no ip address
encapsulation hdlc
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl o perating-mode auto
dsl enable-training-log
!
interface ATM0.1 point-to-point
description ATM za internet
no snmp trap link-status
pvc 8/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
!
interface ATM0.2 point-to-point
description IPTV
ip igmp static-group *
no snmp trap link-status
pvc 8/37
encapsulation aal5snap
!
bridge-group 2
!
interface FastEthernet0
description Internet1
no cdp enable
!
interface FastEthernet1
description IPTVport
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers aes-ccm
!
broadcast-key vlan 1 change 45
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
power local cck 10
power local ofdm 10
power client 17
channel 2462
station-role root
rts threshold 2312
world-mode dot11d country JP indoor
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip virtual-reassembly
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip virtual-reassembly
bridge-group 1
!
interface Vlan2
no ip address
bridge-group 2
!
interface Dialer0
description WAN
ip address negotiated
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
no cdp enable
ppp pap sent-username adsl.@eunet password 7
ppp ipcp dns request
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface BVI2
no ip address
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 remark LAN
!
######## Meni nije ukljucen DHCP jer imam drugi na mrezi. Ako vam treba ne zaboravite da dodate
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
!
line con 0
exec-timeout 0 0
password 7
no modem enable
line aux 0
line vty 0 4
session-timeout 60
access-class 13 in
exec-timeout 60 0
privilege level 15
login local
!
scheduler max-task-time 5000
ntp clock-period 17175085
ntp se rver 147.91.8.77
ntp server 31.19.179.249
ntp server 10.10.192.11
ntp server 212.200.82.130
end

 

Tagged with:

About Miloš

Ljubitelj računarskih mreža i interneta. Voljan da pomogne drugima :) Zaljubljenik u sve što ima veze sa mrežama, komunikacijama i bezbednošću na mreži. Cisco i MikroTik sertifikovani inženjer. Obožava digitalnu fotografiju.

14 comments

  1. Dusan Vuckovic
    2. јула 2015. at 22:06

    Izvini, ali ima li sanse da znas kako u ovu konfiguraciju da se doda IPTV . Znam da je pvc 8/37 ali ne kontam kako su ga slozili . Nista mi ne radi. Dobijam neki Sync error na televizoru. I telekom i eunet su me otkacili za tech support . podrzavaju samo one njihove igracke . Hvala puno

    Одговори
    • milosbeo
      2. јула 2015. at 23:03

      Dobro pitanje, nisam razmisljao o ovome. Ideja treba da bude da se bridzuje neki fizicki interfejs, recimo FA3 i PVC sa 8 i 37. Nemam sad nijedan C800 series ruter pri ruci, ali cu pogledati sutra…

      Одговори
      • Dusan Vuckovic
        3. јула 2015. at 00:16

        Mislim da nece bas ovako. Evo dokle sam stigao i mislim da sam tu negde , jer za bilo koju kombinaciju na TV se ne desava nista, a ovako dobijem onaj telekomov login screen, ukucam pin i prodje. Onda mogu da menjam kanale, ali je slika crna i pojavljuje se samo „Error during videoSetSink“ . Tako da mislim da je problem samo u nekom parametru veze . Menjah aal5snap u one druge kombinacije , ali je rezultat bio samo jos gori.

        Hvala puno

        version 12.4

        no service pad

        service timestamps debug datetime msec

        service timestamps log datetime msec

        service password-encryption

        !

        hostname VuckovicADSL

        !

        boot-start-marker

        boot-end-marker

        !

        enable secret 5XXXXX

        enable password 7 XXXXX

        !

        no aaa new-model

        !

        dot11 ssid adsl.vuckovic

        vlan 1

        authentication open

        authentication key-management wpa

        guest-mode

        wpa-psk ascii 7 XXXXXX

        !

        ip cef

        !

        !

        ip name-server 8.8.8.8

        ip name-server 194.247.192.1

        ip name-server 194.247.192.33

        !

        !

        crypto pki trustpoint TP-self-signed-3115437063

        enrollment selfsigned

        subject-name cn=IOS-Self-Signed-Certificate-3115437063

        revocation-check none

        rsakeypair TP-self-signed-3115437063

        !

        !

        crypto pki certificate chain TP-self-signed-3115437063

        certificate self-signed 01

        quit

        !

        !

        username YYYY privilege 15 secret 5 XXXXX

        username YYYY password 7 XXXXX

        !

        !

        !

        bridge irb

        !

        !

        !

        interface BRI0

        no ip address

        encapsulation hdlc

        !

        interface ATM0

        no ip address

        no ip mroute-cache

        no atm ilmi-keepalive

        dsl operating-mode auto

        dsl enable-training-log

        !

        interface ATM0.1 point-to-point

        description ATM for internet

        no snmp trap link-status

        pvc 8/35

        encapsulation aal5snap

        pppoe-client dial-pool-number 1

        !

        !

        interface ATM0.2 point-to-point

        description IPTV-VC

        no snmp trap link-status

        atm route-bridged ip

        pvc IPTV 8/37

        encapsulation aal5snap

        !

        bridge-group 2

        bridge-group 2 spanning-disabled

        !

        interface FastEthernet0

        description Veza ka kancelariji

        no cdp enable

        !

        interface FastEthernet1

        description IPTV telekom

        switchport access vlan 2

        !

        interface FastEthernet2

        switchport access vlan 2

        !

        interface FastEthernet3

        !

        interface Dot11Radio0

        no ip address

        !

        encryption vlan 1 mode ciphers aes-ccm

        !

        broadcast-key vlan 1 change 45

        !

        !

        ssid ADSL

        !

        speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

        power local cck 10

        power local ofdm 10

        power client 17

        channel 2462

        station-role root

        rts threshold 2312

        world-mode dot11d country JP indoor

        no cdp enable

        !

        interface Dot11Radio0.1

        encapsulation dot1Q 1 native

        ip virtual-reassembly

        no cdp enable

        bridge-group 1

        bridge-group 1 subscriber-loop-control

        bridge-group 1 spanning-disabled

        bridge-group 1 block-unknown-source

        no bridge-group 1 source-learning

        no bridge-group 1 unicast-flooding

        !

        interface Vlan1

        no ip address

        ip virtual-reassembly

        bridge-group 1

        !

        interface Vlan2

        no ip address

        ip virtual-reassembly

        bridge-group 2

        bridge-group 2 spanning-disabled

        !

        interface Dialer0

        description WAN

        ip address negotiated

        no ip redirects

        no ip unreachables

        ip mtu 1492

        ip nat outside

        ip virtual-reassembly

        encapsulation ppp

        dialer pool 1

        no cdp enable

        ppp pap sent-username YYYYY@eunet password 7 XXXXX

        !

        interface BVI1

        ip address 192.168.10.55 255.255.255.0

        ip nat inside

        ip virtual-reassembly

        !

        interface BVI2

        no ip address

        ip virtual-reassembly

        !

        ip route 0.0.0.0 0.0.0.0 Dialer0

        !

        ip http server

        ip http authentication local

        ip http secure-server

        ip nat inside source list 1 interface Dialer0 overload

        !

        access-list 1 permit 192.168.10.0 0.0.0.255

        access-list 1 remark LAN

        !

        !

        !

        control-plane

        !

        bridge 1 protocol ieee

        bridge 1 route ip

        !

        line con 0

        exec-timeout 0 0

        password 7 04792B0C2F25495C29

        no modem enable

        line aux 0

        line vty 0 4

        session-timeout 60

        access-class 13 in

        exec-timeout 60 0

        privilege level 15

        login local

        !

        scheduler max-task-time 5000

        ntp clock-period 17175100

        ntp server 147.91.8.77

        ntp server 31.19.179.249

        ntp server 10.10.192.11

        ntp server 212.200.82.130

        end

        Одговори
        • milosbeo
          3. јула 2015. at 00:46

          Uglavnom meni deluje da ti je konfiguracija dobra. Čim si prosao autorizaciju/autentikaciju i dobio kanal, to je to, sad ostaje neki jos detalj.

          Mozda je potrebno dodati tom PVC-u/ATM interfejsu neki QoS parametar.

          Bilo je nešto… Sačekaćemo Dejana da vidi poruku, on je iz TS 🙂

          Одговори
        • Dusan Vuckovic
          14. августа 2015. at 13:13

          Morao sam da se vratim na Kasdu. Nikako ne mogu da ga napravim da radi. Jos par poziva sam imao ka Telekom tech supportu . Kako su mi rekli , niko nikada kod njih nijhe probao da iskonfigurise Cisco za IPTV. Dakle , neistrazena teritorija. Ono sto bi pomoglo da znam jeste , da li , posto je port u bridge modu sa PVC 8/37, postoji neki DHCP za IPTV kod njih , ili to ja moram da resim pa da natujem ? Neka ideja . Trenutno sam clueless. A nerviram se sto sam toliko blizu 🙂

          Одговори
          • milosbeo
            14. августа 2015. at 16:43

            Ovo je sigurno:

            – kod njih postoji DHCP Server
            – Autorizacija se vrsi po MAC adresi STB-a.
            Ukoliko bi klonirao MAC adresu STB-a na neki PC, 100% bi primio neku IP adresu, i onda pomocu VLC-a… ali posto su kanali kriptovani, verovatno bi samo video zelenu sliku… STB ih dekriptuje….

          • Dejan
            20. августа 2015. at 23:44

            Evo i mene najzad.
            Pošto sam mrtav umoran nisam stigao da pregledam konfig detaljno.
            Ono što sam primetio da fali je:
            CBR za atm0.2 (680 x 424 = 288320 )
            Ne vidim da je ip multicast-routing enable-ovan u global-u
            nema ip pim sparse-dense-mode na interface-ima
            ip igmp helper-address x.x.x.x fali takođe.
            Ja organski ne podnosim bilo kakav saobraćaj ovog tipa ( a i sve VoIP/SIP varijacije ) te zato i nemam runnung config da publish-ujem.
            Što se igmp helpera tiče, do njega možeš doći wiresharkom ili bilo kakvim drugim snifferom, source IP adresa sa koje stižu multicast paketi je helper. I ta ista adresa treba da bude override za slučaj konflikta.

    • Dusan Vuckovic
      21. августа 2015. at 19:57

      Milose , pomogao mi je optix da dodjem do konfiguracije koja radi. Evo preciscene verzije , pa mozda zelis i to da dodas u tutorial. U principu „no ip igmp snooping“ je sustina svega. Ostalo su podesavanja kako smo i pretpostavljali . Hvala na pomoci svima!!

      version 12.4
      no service pad
      service timestamps debug datetime msec
      service timestamps log datetime msec
      service password-encryption
      !
      hostname prvi
      !
      boot-start-marker
      boot-end-marker
      !
      enable secret 5
      enable password 7
      !
      no aaa new-model
      !
      dot11 ssid mile.voli.cisco
      vlan 1
      authentication open
      authentication key-management wpa
      guest-mode
      wpa-psk ascii 7
      !
      ip cef
      !
      ####### NAJVAZNIJE ZA IPTV
      no ip igmp snooping
      !
      bridge irb
      !
      !

      interface BRI0
      no ip address
      encapsulation hdlc
      !
      interface ATM0
      no ip address
      no ip mroute-cache
      no atm ilmi-keepalive
      dsl operating-mode auto
      dsl enable-training-log
      !
      interface ATM0.1 point-to-point
      description ATM za internet
      no snmp trap link-status
      pvc 8/35
      encapsulation aal5snap
      pppoe-client dial-pool-number 1
      !
      !
      interface ATM0.2 point-to-point
      description IPTV
      ip igmp static-group *
      no snmp trap link-status
      pvc 8/37
      encapsulation aal5snap
      !
      bridge-group 2
      !
      interface FastEthernet0
      description Internet1
      no cdp enable
      !
      interface FastEthernet1
      description IPTVport
      switchport access vlan 2
      spanning-tree portfast
      !
      interface FastEthernet2
      !
      interface FastEthernet3
      !
      interface Dot11Radio0
      no ip address
      !
      encryption vlan 1 mode ciphers aes-ccm
      !
      broadcast-key vlan 1 change 45
      !
      speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
      power local cck 10
      power local ofdm 10
      power client 17
      channel 2462
      station-role root
      rts threshold 2312
      world-mode dot11d country JP indoor
      no cdp enable
      !
      interface Dot11Radio0.1
      encapsulation dot1Q 1 native
      ip virtual-reassembly
      no cdp enable
      bridge-group 1
      bridge-group 1 subscriber-loop-control
      bridge-group 1 spanning-disabled
      bridge-group 1 block-unknown-source
      no bridge-group 1 source-learning
      no bridge-group 1 unicast-flooding
      !
      interface Vlan1
      no ip address
      ip virtual-reassembly
      bridge-group 1
      !
      interface Vlan2
      no ip address
      bridge-group 2
      !
      interface Dialer0
      description WAN
      ip address negotiated
      no ip redirects
      no ip unreachables
      ip mtu 1492
      ip nat outside
      ip virtual-reassembly
      encapsulation ppp
      dialer pool 1
      no cdp enable
      ppp pap sent-username adsl.@eunet password 7
      ppp ipcp dns request
      !
      interface BVI1
      ip address 192.168.1.1 255.255.255.0
      ip nat inside
      ip virtual-reassembly
      !
      interface BVI2
      no ip address
      !
      ip route 0.0.0.0 0.0.0.0 Dialer0
      !
      ip http server
      ip http authentication local
      ip http secure-server
      ip nat inside source list 1 interface Dialer0 overload
      !
      access-list 1 permit 192.168.1.0 0.0.0.255
      access-list 1 remark LAN
      !
      ######## Meni nije ukljucen DHCP jer imam drugi na mrezi. Ako vam treba ne zaboravite da dodate
      !
      control-plane
      !
      bridge 1 protocol ieee
      bridge 1 route ip
      bridge 2 protocol ieee
      !
      line con 0
      exec-timeout 0 0
      password 7
      no modem enable
      line aux 0
      line vty 0 4
      session-timeout 60
      access-class 13 in
      exec-timeout 60 0
      privilege level 15
      login local
      !
      scheduler max-task-time 5000
      ntp clock-period 17175085
      ntp server 147.91.8.77
      ntp server 31.19.179.249
      ntp server 10.10.192.11
      ntp server 212.200.82.130
      end

      Одговори
  2. mizzy
    6. септембра 2012. at 03:44

    … ili ko ne voli cli jednostavno instalira Cisco Configuration Professional i uradi sve preko GUI-ja a usput moze lako da se konfigurise i firewall

    Одговори

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Merenje Brzine Interneta
Scroll To Top