Doymer Consultores

  • Increase font size
  • Default font size
  • Decrease font size
Inicio Blog Assorted ADSL2+, Annex-M...¿Is your cisco router becoming aged?
01
Aug
2010

ADSL2+, Annex-M...¿Is your cisco router becoming aged?

Print PDF

As technology advance users start asking more performance and features to installed systems. This trend also apply to speed of ADSL links where circuits are being pushed to the limits. Where few time ago maximum speed were 10Mbps now we have up to 20Mbps and the same apply to the upgoing speed; we short ago were happy if we got 1 Mbps whilst now we are being offered links up to two and a half figure (2,5 Mbps).

Anyway all this has a hidden cost that is the need to update the router that manage these high speed links. Usually the ISP deliver the right equipment for the speed of the link they offer but , what if the router we are using is not form the ISP but ours?. In some scenarios it is normal to substitute the simple and not too powerful router that the ISP supplied with an owned one –usually a cisco SOHO model– that allowed us both to improve our services offering and increase the security level of our network; Has its final day come? Do we have to thow it away?

An spanish saying reads 'Update or die'. And, though this is what is usual in the IT world, this time we are to show an alternative configuration that will allow you to extend the life of your now obsolete router until it blows out or you get enough money to buy a new one if you would rather.

Let us welcome 20Mbps

As far as we have seen in the forums it is quite normal to have a cisco 857 or cisco 877 as internet edge router. Theese routers were designed for the SOHO market with a very affordable price tag and they already are old friend to many. The problem is that theese routers are not modular: features are bonded to the model you buy and for the given models the limits are at 10Mbps downstream and 1Mbps upstream.

NOTE: As a kind reader has already indicated the cisco 857 is not a valid router because it does not support more than a single VLAN, the one that already come defined by default. Other routers that may apply, though not initially oriented to the SOHO market but because their obsolescence may be adquired at a good price in the second hand market, are those of series 17xx like 1711 or 1721. To know which models support this feature we can go to the Cisco Feature Selector page, select 'IEE 802.1Q VLAN Support' and click the continue button. In the lower block you will get all the models that support this feature in the 'Platform' tab.

 In most of cases providers are updating their infrastructure and moving old 10Mbps circuits to the new 20Mbps ones. It is expected that, before making the move,you have been contacted and noticed. It is also expected that you will have received a new conection kit that include a new ADSL2+ router but we know of cases where such notice has not existed or has lost and the user has found, one day to another, that she had no internet access and, even if the notification had been sent and the kit received, the day that the move occurs your cisco stops working.

Surpassing the limits: Annex-M

Many other times we receive a call asking if we will bother to improve our connection: "The coverage in your zone has improved" you are told, and you are offered an upstream speed of up to 2,5 Mbps witn no traffic restrictions. But else, to be able to achieve this speed your route hast to activate an special mode called Annex-M and as it happens, your router does not have it. In short you have to reject the update or your actual router.

The solution

Before starting to think about melting your router in a electric blender as is common in some internet pages we may try an alternate way to connect it so that we are able to keep most ob both worlds. The proposed solution is sketched in the following figure:

bridge_adslThas is, the new ADSL2+ link is conected to the new router that the provider did supply us so that we guarantee that the line is going to activate and work at the maximum speed.

But we are going to slightly modify the configuration of the new router to make our trick. Thanks to selfinesh of service providers that connected your computer, at the very begining of the ADSL boom, directly to the network in a way they called 'bridge', avoiding that way that you were able to share your line with other computers in your environment (for that you had to pay apart), all routers they offer include the bridge mode that we are going to (ab)use. And if this mode is not available in ALL of them, at least it is available in all we have tested so that is may happen that your's already have it.

Bridge mode allows your router to be 'transparent' in regards to network conectivity and we are going to receive in our cisco router all traffis as if this later were directly connected to the ISP circuit. In this sense we are going to make the cisco to behave as if it were a PC from the IPS point of view except for the lower layer of the OSI stack that is just what we are after.

So that, starting from the 'official' configuration we get from the ISP, let us take an standard network cable and connect one of the ports of the new router –for example LAN2x– to one of the network ports of our cisco router. As we are probably using interface FE0 already to connect to the rest of our inside network we may use interface FE3.

Now we have already stablished our physical link. Now we have a couple other things to do:

  1. To configure the provider router as a bridge
  2. To configure the cisco to negotiate session stablishment with the ISP via interface FE3

Configuring the bridge mode

Something that is evident though we may not have expressed formerly is that we need to have full access to the IPS router conifguration. This is something that ISPs allow from along time ago now so that you do not need to fight with them to achieve it. 1234/1234 and admin/admin are common pairs now ouser/password at least in my country. If your router does not work with any of them then you will have to go to the internet to search for the pair that apply to your router/provider brand or ask your provider directly.

It is evident too that there exist a huge ammount of brands and models out there so that this instructions may not apply exactly to yours but the Comtrend 5361 is one of the most common models supplied with the new circuits and is the one that will be used for our test. The given instructions may be used only as a guide if your model does not fit eaxctly with the one presented.

puertos_redThe rear side of the router has the connections that are shown in the picture at the left. This router may come in different flavors one of them with 2 out of the 4 available ports reserved for IP TV and IP Telephony (the one labeled HG). If this is your model these two ports are port number 3 and 4 in the internal router configuration panes and you tmust not touch them. In fact we will only touch the configuration of the port we are going to use to connect to our cisco router so that we can guarantee that we are able to still browse the internet through the other ethernet port and this way keep on with the questions that the provider may ask us if, or when, we have any problems with the line avoiding this way to invalidate the technical support (they cling at straws). So that, if you plug your PC to port LAN1x of the provider router (the new one), you will have the direct internet access that, by default, they offer and you will able to reply all questions asked without having to be 'creative' with the answers.

After accesing the router console select the 'Advanced Setup' tab and you will get a screen like this one:

captura_1

You should have two interfaces on it, one connecting to the provider (the one named pppoe_8_35_2 in our screen capture) and another one named nas_8_35 or something alike. The most important part of all this is the procotol: for the forst one this is PPPoE while for the second one it is of Bridge type. If you do not have any interface o this bridge type configured you will have to add it. Make use of the 'Add' button at the botton of the table for this and use the following screnns as a guide:

if_bridge1if_bridge2if_bridge3

Whe everything is ok we may look the assignment we are after. So we must go to the 'Port Mapping' part of the 'Advanced Setup' tab where we must have a group named 'Default' that aggregates all ports that are not explicitely assigned to any other group. In our router we have the following:

port_mapping

 

We can see that interfaces LAN1x, LAN2x (named ENET1 and ENET2 in the configuration screens) are already assigned to the default group whilst  the other two (ENET3 and ENET4) are assigned to an special group named Bridge.

Why do I say that it is an special group? Because one of the members of this group is the one named 'nas_8_35' that, if we recall, had a Bridge protocol type.

If your router does not include this group you must create it and assign it, at least, interfaces LAN2x (or the one used to connect to your cisco router) and 'nas_8_35'. Our goal is to include the network interface used to connect to our cisco router in this group.

So click the 'Edit' button (or the 'Add' button if the group did not existed before) and enter the configuration mode for interface groups.

port_mapping1Managing this iscreen is as usual. We select the desired interfaces in the lists (the 'Available Interfaces' or the 'Grouped Interfaces') and move between them by means of the button with corresponding pointing arrow. At the end, at least, we should have the former two interfaces in the left side list. In our case we already had two and now we have the desired ENET2 in the grouped list.

Once the list is as we like we save it assigning a name of your preference if you are creating it instead of only updating it.

At the end we will have two groups with the desired interface distribution.

port_mapping2

annex_mAs a final note if you are contracting the high speed Jazztel pack it is necessary to take into account a detail; The router you are sent is NOT configured to work at the highest possible speed. You have to go to the 'DSL' option in the 'Advanced Setup' tab and y UNCHECK the 'AnnexM DISABLED' chackbox that, as we have said, comes checked by default (in fact DISABLING the high speed as a consecuence). Besides it is possible that you may have to make a call to tech support and ask them to enable the high speed AnnexM mode. I had to do it or else I was limited to low speed upstream. In you case you may verify if you have it active already prior to calling.

To asess the router is sinchronizing at the maximum speed go to option 'ADSL' in the 'Device Info' tab and look at the 'Attainable Rate (Kbps)' and 'Rate (Kbps)' fields both in Downstream and Upstream. If AnnexM is on upstream should be closer to two megabites than to one megabite depending on the lenght of your local loop cabling (the  distance you are from your zone exchange point, but this is as always).

 

Configuring interface FE4

And here is where fun is. We should be receiving already frames in our cisco router interface. So we only have to start the right command sequence to set up the connection with upper layers of the protocol. Regarding this we are going to assume that the connection is using PPPoE that is the most common of all possible options and the one that is more frequently being configured by the ADSL providers at this time (as it could be seen in the initial screen of the Comtrend).

NOTICE: As before I am speaking about providers in my country, Spain. Readers from other parts of the world will have to consider the kind of service that their respective providers supply though there exist many chances that  it is the same as mine because suppliers of DSLAMs are the same all over the world. Even though, as it looks evident, I cannot offer any advice for those cases.

What we should do first is to take apart the circuit that connects us with the provider from the one that connects to our internal network. In router all physical ports usually belong to VLAN 1 by default. So that we need to define a new VLAN for the provider network. Then we will assign the desired interface to that VLAN. To achieve this, connect yourself to your cisco router and go to the enable mode if you are not already there. Issue now this commands directly in the enable mode (not having entered the configuration mode yet):

vlan database
vlan10 name <el nombre que quieras>
apply
exit

You may ignore the advice that the cisco spits out; by now it still work this way so that we are using it to define the new VLAN (the rest of commands need to be issued in configuration mode). What is next is to assign the interface that connects to the Comtrend to the VLAN that we have just created:

interface FastEthernet3
switchport access vlan 10
spanning-tree portfast
exit

Now we can shutdown the ATM interface; it is not going to be used anymore so it is unnnecesary to have it active:

interface ATM0
shutdown
exit

Then we define the parameters of our new VLAN10 needed to stablish the communication.

bba-group pppoe global
interface Vlan10
ip address dhcp
pppoe enable group global
pppoe-client dial-pool-number 1
exit

Theese lines state both the connection type and the way to get the default gateway when the link goes up and they use the mechanism that is more common right now that is provider assigned addressing. We also have to define a ppp interface to make the call with:

interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname <your username>
ppp chap password <your connection password>
exit

We can also see that here we get the IP address from the provider too, be it static or dynamic, and that the interface has been marked as outside so that the NAT translations be correctly applied. Of course you have to supply the right usename and connection password and adapt the type of authentication to those your provided has if it is not chap (the other one is pap buit is is not commonly used nowadays because it is quite unsecure ). Finally it is very important to assign the right MTU as it was explained in a former article.

In the steps taken up to now we have excluded other necessary options in an external interface like ACLs, traffic monitoring, etc. limiting ourselves to those that are important for this case. For this configuration to be a bit more complete there are other details to take into account to make all these pieces match and communicate each other like the following:

ip route 0.0.0.0 0.0.0.0 Dialer0 ! May be ommited if the default gateway is automatically assigned
ip nat inside source route-map noNAT interface Dialer0 overload
access-list 1 permit <internal network address>
dialer-list 1 protocol ip permit

And that is all. If we have made it right (and not forgotten anything) the router will start sending PADI calls (PPPoE Active Discovery)extlink that should be answered by the provider with PADO replies and, from that point on, all the connection steps will progress by themselves to let your router get connected to the internet and you being able to browse it from inside your network.

Share
Last Updated on Wednesday, 28 March 2012 15:02  

Add comment

The owner of this site is not responsible of the opinions that users pour in their comments, and can or cannot agree with what they write.

Fair Play, Please

Please do not make offensive or insult-ant comments. Avoid publicity and Spam. Do not use the comments area to 'plug' your own site. Links you write may be erased. We pretend to create an open space for the authors and users to communicate.

Everyone will enjoy the right use of language, because not all are able to understand 'codified' messages SMS alike. Please do not write only with UPPER case because this is like yelling and you will probably not get attended faster only for yelling, probably the opposite.

Editing reserves

We reserve the right to not include comments that are offensive, unpleasant, that attack third parties (racists, homophobes, etc) or that have nothing to do with the site or the article.
Supplied data is private and owned by you and will not be used to start any commercial or other kind of action.


Security code
Refresh


Archived Items

Powered by ArtTree