PPPoE/DSL -- no connectivity

If anyone can give me some config pointers, I would appreciate it. I have a Cisco 837 with IOS 12.3(7)T10. I have a basic working config, but can't seem to connect. The router interface ATM0 trains-up just fine and all interfaces are UP, but periodically the Interface Virtual-Access1 unbinds from Interface Dialer1 giving me this debug error message: %DIALER-6-BIND: Interface Vi1 bound to profile Di1

At no time have I ever connected and been able to ping out. When I do a debug PPP Authentication I get the following message every time the Virtual-Access1 comes back up:

*Mar 1 00:57:30.819: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up *Mar 1 00:57:33.859: Vi1 PPP: No authorization without authentication *Mar 1 00:57:33.871: Vi1 CHAP: I CHALLENGE id 171 len 34 from "(dslam username)" *Mar 1 00:57:33.875: Vi1 CHAP: Using hostname from interface CHAP *Mar 1 00:57:33.875: Vi1 CHAP: Using password from interface CHAP *Mar 1 00:57:33.875: Vi1 CHAP: O RESPONSE id 171 len 32 from "(PPPoE username)" *Mar 1 00:57:34.011: Vi1 CHAP: I SUCCESS id 171 len 4 *Mar 1 00:57:35.011: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up

I HAVE TRIED THIS CONFIG ON AN Cisco 678, 827, 837, 1700, 2600 AND GET THE SAME RESULT ON ALL...

Please see the config below and provide any pointers if you can THANKS IN ADVANCE TO ALL WHO CAN HELP !!!

======================================================= version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! memory-size iomem 5 ! no aaa new-model ip subnet-zero ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool new-pool network 10.0.0.0 255.0.0.0 default-router 10.10.10.1 dns-server (assigned dns server) ! ip audit po max-events 100 no ftp-server write-enable ! no crypto isakmp enable ! ! interface Ethernet0 ip address 10.10.10.1 255.0.0.0 ip nat inside ip tcp adjust-mss 1452 hold-queue 100 out no shut ! interface ATM0 no ip address no atm ilmi-keepalive bundle-enable dsl operating-mode auto dsl enable-training-log no shut ! interface ATM0.1 point-to-point pvc 0/35 pppoe-client dial-pool-number 1 ! ! interface Dialer1 mtu 1492 ip address (static IP & mask given by provider) ip nat outside encapsulation ppp dialer pool 1 dialer-group 1 ppp chap hostname (username1) ppp chap password (password1) ppp pap sent-username (username1) password (password1) ! ip classless no ip http server no ip http secure-server ip nat inside source list 1 interface Dialer1 overload ! ! access-list 1 permit 10.0.0.0 0.0.0.255 dialer-list 1 protocol ip permit ! control-plane ! ! line con 0 ! (config omitted) line aux 0 ! (config omitted) line vty 0 4 ! (config omitted) scheduler max-task-time 5000 ! end

Reply to
newbie
Loading thread data ...

Greetings,

*Mar 1 00:57:33.871: Vi1 CHAP: I CHALLENGE id 171 len 34 from "(dslam username)" *Mar 1 00:57:33.875: Vi1 CHAP: Using hostname from interface CHAP *Mar 1 00:57:33.875: Vi1 CHAP: Using password from interface CHAP *Mar 1 00:57:33.875: Vi1 CHAP: O RESPONSE id 171 len 32 from "(PPPoE username)" *Mar 1 00:57:34.011: Vi1 CHAP: I SUCCESS id 171 len 4 *Mar 1 00:57:35.011: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up

... chopped ...

You appear to have specified both PAP and CHAP be used at the same time, and as CHAP looks like its working, I suspect the PAP config may be preventing traffic to flow... Are there no other log entries for apparent Auth failures? It may be worth confirming which authentication system your ISP is expecting, as while the logs suggest CHAP is succeeding, CHAP may not actually be valid for your ISP's PPPoE environment. I would also not mix CHAP and PAP on the same interface, I can't say I have seen a situation where that has ever worked, its usually one of the other, but not both.

Good luck...............pk.

Reply to
Peter

Long post -- if anyone has any ideas, please share

OK Peter from Auckland. Point well taken. I separately tried both types of authentication, and the DLSAM will not authenticate using PAP, so it has to be CHAP. But I still have the problem of no connectivity.

As for the AUTHENTICATION ISSUE, I get this failure (where "O" means outbound, and "I" means inbound).......

*Mar 1 01:02:13.495: Vi1 IPCP: O CONFACK [Listen] id 234 len 10 *Mar 1 01:02:13.495: Vi1 IPCP: Address 172.31.255.253 (0x0306AC1FFFFD) *Mar 1 01:02:13.515: Vi1 IPCP: I CONFNAK [ACKsent] id 3 len 10 *Mar 1 01:02:13.515: Vi1 IPCP: Address 172.18.100.88 (0x0306AC126458) *Mar 1 01:02:13.515: Vi1 IPCP: O CONFREQ [ACKsent] id 4 len 4 *Mar 1 01:02:13.539: Vi1 IPCP: I CONFACK [ACKsent] id 4 len 4 *Mar 1 01:02:13.539: Vi1 IPCP: State is Open *Mar 1 01:02:13.539: Vi1 IPCP: I TERMREQ [Open] id 235 len 4 *Mar 1 01:02:13.539: Vi1 IPCP: O TERMACK [Open] id 235 len 4 *Mar 1 01:02:13.539: Vi1 IPCP: State is Closed *Mar 1 01:02:15.543: Vi1 IPCP: TIMEout: State Closed *Mar 1 01:02:15.543: Vi1 IPCP: State is Listen

======================================================= I also have an issue with the Virtual-Access Interface UNBINDING from the Dialier1 interface EVERY 2 MINUTES... when I do a show user I can see the timer coming up to 2 minutes and then the interface UNBINDS and crashes... it seem's like I need a static map, but all the Cisco documentation for static PPP maps show it on an ISDN interface, and I don't see any static map commands in the dialer1 interface...

Router837#sho debug PPP: PPP authentication debugging is on PPP protocol negotiation debugging is on

Router837#sho user Interface User Mode Idle Peer Address Vi1 PPPoE 00:01:56 172.31.255.253

Router837#

*Mar 1 01:08:39.987: Vi1 LCP: I TERMREQ [Open] id 199 len 4 *Mar 1 01:08:39.987: Vi1 LCP: O TERMACK [Open] id 199 len 4 *Mar 1 01:08:39.987: Vi1 PPP: Sending Acct Event[Down] id[23] *Mar 1 01:08:39.991: Vi1 IPCP: State is Closed *Mar 1 01:08:39.991: Vi1 PPP: Phase is TERMINATING *Mar 1 01:08:40.007: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1 *Mar 1 01:08:40.011: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down *Mar 1 01:08:40.011: Vi1 LCP: State is Closed *Mar 1 01:08:40.011: Vi1 PPP: Phase is DOWN *Mar 1 01:08:40.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down

*Mar 1 01:09:02.527: %DIALER-6-BIND: Interface Vi1 bound to profile Di1

*Mar 1 01:09:02.527: Vi1 PPP: Phase is DOWN, Setup *Mar 1 01:09:02.527: Vi1 PPP: Using dialer call direction *Mar 1 01:09:02.527: Vi1 PPP: Treating connection as a callout *Mar 1 01:09:02.527: Vi1 PPP: Phase is ESTABLISHING, Active Open *Mar 1 01:09:02.531: Vi1 PPP: Authorization required *Mar 1 01:09:02.531: Vi1 PPP: No remote authentication for call-out *Mar 1 01:09:02.531: Vi1 LCP: O CONFREQ [Closed] id 1 len 14 *Mar 1 01:09:02.531: Vi1 LCP: MRU 1492 (0x010405D4) *Mar 1 01:09:02.531: Vi1 LCP: MagicNumber 0x0CC49C63 (0x05060CC49C63) *Mar 1 01:09:02.531: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

*Mar 1 01:09:02.551: Vi1 LCP: I CONFACK [REQsent] id 1 len 14

*Mar 1 01:09:02.555: Vi1 LCP: MRU 1492 (0x010405D4) *Mar 1 01:09:02.555: Vi1 LCP: MagicNumber 0x0CC49C63 (0x05060CC49C63) *Mar 1 01:09:04.535: Vi1 LCP: TIMEout: State ACKrcvd *Mar 1 01:09:04.535: Vi1 LCP: O CONFREQ [ACKrcvd] id 2 len 14 *Mar 1 01:09:04.535: Vi1 LCP: MRU 1492 (0x010405D4) *Mar 1 01:09:04.535: Vi1 LCP: MagicNumber 0x0CC49C63 (0x05060CC49C63) *Mar 1 01:09:04.551: Vi1 LCP: I CONFACK [REQsent] id 2 len 14 *Mar 1 01:09:04.551: Vi1 LCP: MRU 1492 (0x010405D4) *Mar 1 01:09:04.555: Vi1 LCP: MagicNumber 0x0CC49C63 (0x05060CC49C63) *Mar 1 01:09:05.595: Vi1 LCP: I CONFREQ [ACKrcvd] id 149 len 19 *Mar 1 01:09:05.599: Vi1 LCP: MRU 1492 (0x010405D4) *Mar 1 01:09:05.599: Vi1 LCP: AuthProto CHAP (0x0305C22305) *Mar 1 01:09:05.599: Vi1 LCP: MagicNumber 0x40BE32AD (0x050640BE32AD) *Mar 1 01:09:05.599: Vi1 LCP: O CONFACK [ACKrcvd] id 149 len 19 *Mar 1 01:09:05.599: Vi1 LCP: MRU 1492 (0x010405D4) *Mar 1 01:09:05.599: Vi1 LCP: AuthProto CHAP (0x0305C22305) *Mar 1 01:09:05.599: Vi1 LCP: MagicNumber 0x40BE32AD (0x050640BE32AD) *Mar 1 01:09:05.599: Vi1 LCP: State is Open *Mar 1 01:09:05.603: Vi1 PPP: No authorization without authentication *Mar 1 01:09:05.603: Vi1 PPP: Phase is AUTHENTICATING, by the peer *Mar 1 01:09:05.623: Vi1 CHAP: I CHALLENGE id 197 len 34 from "(DSLAM user ID)" *Mar 1 01:09:05.623: Vi1 CHAP: Using hostname from interface CHAP *Mar 1 01:09:05.623: Vi1 CHAP: Using password from interface CHAP *Mar 1 01:09:05.623: Vi1 CHAP: O RESPONSE id 197 len 32 from "username1" *Mar 1 01:09:05.835: Vi1 CHAP: I SUCCESS id 197 len 4 *Mar 1 01:09:05.835: Vi1 PPP: Phase is FORWARDING, Attempting Forward *Mar 1 01:09:05.835: Vi1 PPP: Phase is ESTABLISHING, Finish LCP *Mar 1 01:09:05.835: Vi1 PPP: Phase is UP *Mar 1 01:09:05.835: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10 *Mar 1 01:09:05.835: Vi1 IPCP: Address (static IP address) (0x030648F5DC71) *Mar 1 01:09:05.839: Vi1 PPP: Process pending ncp packets *Mar 1 01:09:05.855: Vi1 IPCP: I CONFNAK [REQsent] id 1 len 10 *Mar 1 01:09:05.855: Vi1 IPCP: Address 172.18.100.111 (0x0306AC12646F) *Mar 1 01:09:05.855: Vi1 IPCP: O CONFREQ [REQsent] id 2 len 4 *Mar 1 01:09:05.875: Vi1 IPCP: I CONFACK [REQsent] id 2 len 4 *Mar 1 01:09:05.935: Vi1 IPCP: I CONFREQ [ACKrcvd] id 139 len 10 *Mar 1 01:09:05.939: Vi1 IPCP: Address 172.31.255.253 (0x0306AC1FFFFD) *Mar 1 01:09:05.939: Vi1 IPCP: O CONFACK [ACKrcvd] id 139 len 10 *Mar 1 01:09:05.939: Vi1 IPCP: Address 172.31.255.253 (0x0306AC1FFFFD) *Mar 1 01:09:05.939: Vi1 IPCP: State is Open *Mar 1 01:09:05.943: Di1 IPCP: Install route to 172.31.255.253 *Mar 1 01:09:05.943: Vi1 IPCP: Add link info for cef entry 172.31.255.253 *Mar 1 01:09:05.963: Vi1 IPCP: I TERMREQ [Open] id 140 len 4 *Mar 1 01:09:05.963: Vi1 IPCP: O TERMACK [Open] id 140 len 4 *Mar 1 01:09:05.971: Vi1 IPCP: Remove link info for cef entry 172.31.255.253 *Mar 1 01:09:05.971: Vi1 IPCP: State is Closed *Mar 1 01:09:05.971: Di1 IPCP: Remove route to 172.31.255.253 *Mar 1 01:09:06.835: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up

*Mar 1 01:09:07.959: Vi1 IPCP: TIMEout: State Closed

*Mar 1 01:09:07.959: Vi1 IPCP: State is Listen Router837#

==================================================== >Greetings,

Reply to
newbie

Hello,

try:

ppp authentication pap chap callin

This is usually used in ISP dialin environments, where the ISP authenticates you, but you do not authenticate the ISP.

Regards,

snipped-for-privacy@solutionfinders.nl

Reply to
helpdesk

Greetings,

Something is timing out... Also, the 172.31.x.x address is a bit odd, that suggests your ISP is trying to assign private address space and not a public IP. After you get a connection, if you are still not able to reach anything, then that is likely to be a Routing issue on their part (172.31..x.x is not areal world IP). Are you able to get confirmation from your ISP of the address range they should be assigning to you? I am wondering if they have mis-configured something on their side of things...

This suggests to me that the PPP session is not completely establishing, it is being torn down after 2 minutes, possibly because its only getting ONE WAY Authentication, which would match a situation where it may be PAP and not CHAP.... Again, this suggests to me your ISP needs to look at this, or at least provide you with some more info.

Also -

This is what is telling me that CHAP is not completeing. I would still think PAP is more likely for an ADSL setup.

CHAP is frequently used with Dial-up because it authenticates in both directions because the dialed circuit is unknown at BOTH end points until authentication happens (CHAP), however with an ADSL connection, the ISP end is permanently wired to your house (over a fixed telephone circuit), so only one way authentication is really needed, hence why PAP is usually preferred. Note that this could also be why you are getting the 172.31.x.x address...

Cheers..............pk.

Reply to
Peter

[...]

'dialer idle-timeout' should help with this. Also, unless you really want DDR, you don't really need 'dialer-group 1' in Dialer 1 configuration

[...]

It looks like remote router doesn't want you with this address. Since you've said this address is static given by the provider, I'd contact them and clarify the issue.

Remote side explicitly requested to terminate the session. This behaviour may be due to misconfiguration on the other side. Since you have problem with given IP address, it well might be the case that your RADIUS profile has some errors.

Before you contact your provider, try following: ! int Dialer 1 ip address negotiated !

I'm curious if this would help.

Now, not directly related to the problem you describe, I've noticed your config doesn't contain 'ip virtual-reassembly' on Dialer1. This is necessary for NAT to work properly, and in fact 'ip nat outside' should have caused this statement to be automatically added to your configuration.

Regards, iLya

Reply to
Charlie Root

Reply to
newbie

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.