Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
381
Views
0
Helpful
2
Replies

PPP CHAP, PPPoATM, MLPPP

tomranson
Level 1
Level 1

‎01-17-2008 01:40 PM - edited ‎03-03-2019 08:18 PM

Hi all,

I am experiencing an inconsistent authentication issue with PPP CHAP on a 1721 with 2x WIC-1ADSL, PPPoATM and MLPPP. IOS is 12.4(7).

After a great deal of debugging etc. I am confident that the issue lies with the CHAP auth against my ISP. If the connection drops, I usually have to shut/no shut the dialer interface anywhere from 2 to 25 times before I get a CHAP SUCCESS message back; else the authentication just sits in a loop. *** SEE ATTACHMENT 'CHAP_1.txt' ***

This auth loop will go on indefinitely, and also occurs if the router has been power-cycled/reloaded- I will have to shut/no shut the dialer many times before I successfully auth and negotiate an IP- its a game of chance!

As you can see, there are never any CHAP FAILURE messages so auth is not being denied. After numerous shut/no shuts we finally get a SUCCESS back and things look good. *** SEE ATTACHMENT 'CHAP_2_SUCCESS.txt' ***

The router always talks to the correct ISP LNS, "g.dsl". I have spoken with my ISP who have no explanation; they see no failed auth's in their RADIUS logs.

Relivent portions of my conf are attached *** SEE ATTACHMENT 'running-config_1.txt' ***

Please can someone assist me with this? Please do not hesiate to request additional information.

Many thanks in advance.

Tom

Labels:
Preview file
3 KB
Preview file
1 KB
Preview file
3 KB
0 Helpful
2 Replies 2

paolo bevilacqua
Hall of Fame
Hall of Fame

‎01-17-2008 03:05 PM

Hi,

I'm afraid that your troubles can be due to attempting to MLPPP over two PPPoA interfaces.

Unfortunately that is not a common configuration and likely not tested / supported by cisco.

You can confirm that by shutdown one ATM and removing the minimum link requirement under dialer.

Understating what goes wrong would probably require a lot of debugs and ultimately is not said to be conclusive. If you can eliminate the mlppp, you can load share over the two interfaces and things should work nicely anyway.

0 Helpful

tomranson
Level 1
Level 1
In response to paolo bevilacqua

‎01-18-2008 01:33 AM

Hi there,

Thank you for your prompt reply.

This is a MLPPP bonded service which is supported (and configured) by my ISP. When the two VC's eventually bond, throughput is exactly what would be expected given the line speeds in use.

I have condicted a lot of research through various Cisco tech documents and forums to try and establish a more correct configuration (Virtual-Templates, multilink interface?) however thus far I have been unsuccessful in defining a working configuration.

Can anyone shed some light on this plese?

Many thanks in advance.

Tom

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card