Any help regarding PPPoE with Cisco 1841 router

Answered Question
Sep 10th, 2008

Hello everybody

could any one help me in this please.

iam having cisco 1841 router and i want to configure this router for internet connection.

below are the configuration please let me know what is wrong, thank you.

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 8 years 1 month ago

Hello Ala,

the router can solve

www.google.com

try

ping www.google.com

the URL http://www.google.com is for use on a browser on a PC not sure a router can solve it.

you need the presence of the command

ip domain-lookup

ip name-server 194.170.1.7

I cannot test this in production routers

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (6 ratings)
Loading.
alaeldien Wed, 09/10/2008 - 01:02

version 12.4

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname tiger

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 debugging

logging console critical

enable secret xxx

enable password xxx

!

no aaa new-model

!

resource policy

!

clock timezone PCTime 4

mmi polling-interval 60

no mmi auto-configure

mmi pvc 0/50

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

!

ip tcp synwait-time 10

no ip dhcp use vrf connected

!

!

vpdn enable

vpdn ip udp ignore checksum

!

vpdn-group pppo

request-dialin

protocol pppoe

!

!

!

!

!

interface FastEthernet0/0

description ADSL LAN Interface$ES_LAN$$ETH-LAN$

ip address 10.10.10.1 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip nat inside

ip tcp adjust-mss 1452

no ip mroute-cache

duplex auto

speed auto

no cdp enable

no mop enabled

!

interface FastEthernet0/1

description ADSL WAN Interface$ES_WAN$

no ip address

no ip unreachables

no ip proxy-arp

no ip mroute-cache

duplex auto

speed auto

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

!

interface Dialer1

ip address negotiated

ip mtu 1452

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname alaeldien

ppp chap password ***********

ppp pap sent-username alaeldien password ************

!

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip http server

ip nat inside source list 1 interface Dialer1 overload

ip nat inside source list acl1 pool pool1

!

logging trap debugging

access-list 1 permit 0.0.0.0 255.255.255.0

access-list 1 permit 10.10.10.0 0.0.0.255

dialer-list 1 protocol ip permit

snmp-server community public RO

!

Giuseppe Larosa Wed, 09/10/2008 - 01:50

Hello Ala,

int dialer 1

ip nat outside

to have NAT to work

access-list 1 :

I don't understand the first line, the second line is enough for nat

use

access-list 2 permit 10.10.10.0 0.0.0.255

no ip nat inside source list acl1 pool pool1

no ip nat inside source list 1 interface Dialer1 overload

ip nat inside source list 2 interface Dialer1 overload

you can use debug ppp neg and debug ppp auth to see if authentication is ok

Hope to help

Giuseppe

alaeldien Wed, 09/10/2008 - 02:40

hello

thank you for your immediate response

i have tried your suggestion

icome up accross

all interfaces are up

but when iam pinging to the internet

it shows me this msg"Unrecognized host or protocol not running"

what to do please advice

thank you

Giuseppe Larosa Wed, 09/10/2008 - 09:50

Hello Ala,

first of all I would issue:

config

ip routing

then try again

Hope to help

Giuseppe

alaeldien Wed, 09/10/2008 - 21:01

hello

thanks again

i did what you suggest this time when iam issuing the debug ....!!commands it shows me only debugging in on with out showing any information.

suppose if i issue debug auth"debug auth is on"

and so on , so how to deal with it

with lot of thanks

Giuseppe Larosa Wed, 09/10/2008 - 23:31

Hello Ala,

thank you very much for your kind remarks.

If you are in a telnet or ssh session you need to use

Router# terminal monitor

to see debug output

Router# terminal no monitor

to remove it

use two sessions one with term mon and another without where you are ready to disable debug if necessary (if cpu goes very high use sh proc cpu | inc util to see this on the second session)

if you like you can also post the sh int dialer 1

check if the ppp state is OPEN this would mean everything is OK.

if not ok you can post the output of debug ppp neg and debug ppp auth here.

Hope to help

Giuseppe

alaeldien Sun, 09/14/2008 - 01:56

good after

here is out put of the interface dialer1

Dialer1 is up, line protocol is up (spoofing)

Hardware is Unknown

Internet address will be negotiated using IPCP

MTU 1500 bytes, BW 56 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation PPP, loopback not set

Keepalive set (10 sec)

DTR is pulsed for 1 seconds on reset

Last input never, output never, output hang never

Last clearing of "show interface" counters 01:01:10

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: weighted fair

Output queue: 0/1000/64/0 (size/max total/threshold/drops)

Conversations 0/0/16 (active/max active/max total)

Reserved Conversations 0/0 (allocated/max allocated)

Available Bandwidth 42 kilobits/sec

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes

0 packets output, 0 bytes

and the state is open after issuing debug command

what do you suggest

Giuseppe Larosa Sun, 09/14/2008 - 02:53

Hello Ala,

good to hear from you.

Something is not working.

post the output of debug ppp negotiation and debug ppp negotiation so that it is possible to investigate.

You say that the state is open after issuing debug commands.

PPPoE is however a dialup technology so some event has to trigger "the call".

Depending on the client telnet software you are using you have the option to save a log file.

Hope to help

Giuseppe

alaeldien Sun, 10/05/2008 - 02:58

hello every body

iam opening this case again becasue the last attempts did not work

so here is the running config

vpdn enable

vpdn ip udp ignore checksum

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

!

!

!

!

interface FastEthernet0/0

description ADSL LAN Interface

ip address 10.10.10.1 255.255.255.248

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

description WAN Interface

ip address dhcp

no ip unreachables

shutdown

duplex auto

speed auto

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

!

interface Dialer1

ip address dhcp client-id FastEthernet0/1

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp chap hostname falcon-wimax

ppp chap password xxx

ppp pap sent-username fsecuri password xxx

!

ip classless

!

ip http server

ip nat inside source list 1 interface Dialer1 overload

!

access-list 1 permit 10.10.10.0 0.0.0.255

Giuseppe Larosa Sun, 10/05/2008 - 09:58

Hello Ala,

sorry to hear you case is still open

using PPPoE or PPPoA or any other variation the ip address is not provided by DHCP but by IPCP that is part of PPP negotiation.

so config of dialer should contain

int dialer 1

ip address negotiated

! means negotiated by IPCP

so this has to be fixed.

then you need a default static route using dialer1 as output interface

ip route 0.0.0.0 0.0.0.0 Dialer1

After this you can troubleshoot the pppoe session by using the following

terminal monitor

debug ppp negotiation

debug ppp authentication

look for errors in authentication that will stop the PPP negotiation process

you have configured parameters for CHAP and PAP with different username and passwords.

try to use

ppp authentication pap chap

instead of

ppp authenticastion pap callin

collect the output of debugs and if you like post here

to get help in understanding it.

in a working link you will see

sh int dialer1

..

IPCP open

...

Hope to help

Giuseppe

alaeldien Sun, 10/05/2008 - 21:10

thanks alot for ur help, idid what you suggest and here is out put of debugging commands................................

...........................................

what must be done, please advice.

Giuseppe Larosa Sun, 10/05/2008 - 22:33

Hello Ala,

unfortunately I cannot see the file contents this docx file format is not a text file.

May you save the file as an ASCII text file and post it again ?

Thanks for your patience and kind remarks I hope we will find a solution to your issue.

Best Regards

Giuseppe

alaeldien Sun, 10/05/2008 - 23:24

thank you again and i'm really appreciated.

please do your best to examine the output

if you could not open the file notify me immediatly.

Alaeldien

Attachment: 
Giuseppe Larosa Mon, 10/06/2008 - 01:47

Hello Ala,

you have an authentication issue:

the other side wants to use CHAP and your side wants to use PAP.

I : input : received on your side

O : output sent from your side

see the following sequence:

*Oct 6 05:03:08.335: Vi1 LCP: I CONFREQ [REQsent] id 248 len 18

*Oct 6 05:02:00.391: Vi1 LCP: AuthProto CHAP (0x0305C223

*Oct 6 05:03:08.335: Vi1 LCP: MRU 1492 (0x010405D4)Oct 6 05:

*Oct 6 05:02:00.391: Vi1 LCP: O CONFREQ [RE

*Oct 6 05:03:08.335: Vi1 LCP: AuthProto PAP (0x0304C023)

*Oct 6 05:01

*Oct 6 05:02:00.391: Vi1 LCP: AuthPr

*Oct 6 05:03:08.335: Vi1 LCP: MagicNumber 0x219

*Oct 6 05:03:08.355: Vi1 LCP: MagicNumber 0x21911AC0 (0x050621911AC0)305)

*Oct 6 05:01:14.

*Oct

*Oct 6 05:03:08.355: Vi1 LCP: O CONFNAK [REQsent] id 249 len 8E3C)

*Oct 6 05:01:14.987: Vi1

*Oct 6 05:03:08.355: Vi1 LCP: MRU 1500 (0x010405DC)[ACKsent] id 8 len 9

*Oct 6 0

*Oct 6 05:03:08.375: Vi1 LCP: I CONFREJ [REQsent] id 2 len 9uthProto CHAP (0x0305C22305)

*Oct 6 05:03:08.375: Vi1 LCP: AuthProto CHAP (0x0305C22305)CONFREQ [ACKsent] id 9 len 14

*Oct 6 05:03:08.375: Vi1 LCP: O CONFREQ [REQsent] id 3 len 14AuthProto PAP (0x0304C023)

*Oct 6 05:03:08.375: Vi1 LCP: MRU 1492 (0x010405D4)15

the key point is that if authentication fails no ip address is assigned and the dialer is torned down

there is also a mismatch in MTU: pppoe uses 8 bytes so mtu -> 1492

use

int dialer1

mtu 1492

ppp authentication chap

and repeat the troubleshooting procedure with

term mon

debug ppp neg

debug ppp auth

this time you should see something different.

Hope to help

Giuseppe

alaeldien Thu, 10/09/2008 - 04:03

Hellow Sir

i did all that, but when debugging it shows me that STATE is CLOSED

could you possibly examine the config again and tell me what might be wrong.

with my best thanks.

Alaeldien

Attachment: 
Giuseppe Larosa Thu, 10/09/2008 - 05:37

Hello Ala,

your config looks like fine.

the command

dialer-list 1 protocol ip permit

is still present in your config ?

post the output of the same debug commands and follow the same procedure.

There are chances that PPP authentication still fails

And/OR check with provider your authentication parameters

Hope to help

Giuseppe

alaeldien Sat, 10/18/2008 - 06:20

Hello Giusepee

iwant to thank you,because you are the only one who is dealing in my case.

so could possibly please examine the debug out put and tell me what it might be wrong

*Oct 18 12:56:56.726: Vi1 PPP: Outbound cdp packet dropped

*Oct 18 12:57:56.734: Vi1 PPP: Outbound cdp packet dropped

*Oct 18 12:58:56.742: Vi1 PPP: Outbound cdp packet dropped

*Oct 18 12:59:56.750: Vi1 PPP: Outbound cdp packet dropped

*Oct 18 13:00:56.758: Vi1 PPP: Outbound cdp packet dropped

*Oct 18 13:01:56.766: Vi1 PPP: Outbound cdp packet dropped

*Oct 18 13:02:56.774: Vi1 PPP: Outbound cdp packet dropped

*Oct 18 13:03:56.782: Vi1 PPP: Outbound cdp packet dropped

*Oct 18 13:04:56.790: Vi1 PPP: Outbound cdp packet dropped

*Oct 18 13:05:56.798: Vi1 PPP: Outbound cdp packet dropped

thank you

Alaeldien

Giuseppe Larosa Sat, 10/18/2008 - 08:18

Hello Ala,

>> because you are the only one who is dealing in my case.

This just an accident: however when a thread has many posts this can happen.

this specific error is not a real issue it just says it is dropping CDP packets outbound.

CDP is a Cisco protocol useful in lan environment to detect the neighbor port id.

Here it is not a problem.

on intertace dialer1

int vi1

no cdp enable

there is no use for CDP on your WAN link.

Are you still in trouble ?

I've given a look to previous posts in your last config I didn't see the command to define interesting traffic

dialer-list 1 protocol ip permit

this is needed because using the dialer you are doing a logical DDR over the PPPoE otherwise the session will be closed after idle-time expiration.

I hope this is present otherwise it has to be added.

Now, if PPP authentication is OK as seen with debug ppp negotiation and debug ppp authentication the further steps are PPPoE specific:

sh pppoe session all

example:

r3725#sh pppoe session all

Total PPPoE sessions 2

session id: 82

local MAC address: 000f.349c.eae1, remote MAC address: 000f.f7eb.5bb0

virtual access interface: Vi3, outgoing interface: Fa1/0

10026 packets sent, 10038 received

426176 bytes sent, 420238 received

other useful debug for PPPoE is

debug pppoe events

And:

r3725#sh ip int dialer 1

Dialer1 is up, line protocol is up

Internet address is 101.101.101.2/32

Broadcast address is 255.255.255.255

>> Address determined by IPCP

This happens in a working PPPoE session.

link to doc

http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093fbf.shtml#ethernetlayerclient

Hope to help

Giuseppe

alaeldien Sun, 10/19/2008 - 22:07

Hello sir

i've issue the commands

debug ppp neg

and

debug ppp auth

after enabling the terminal monitor,

but i can't see the out put.

even i issue the command

*show vpdn session

and the output showing the State is NA

could you tell the possibility of NA status.

and let me tell you every thing seem to work fine

*dialer interface getting ip address through IPCP

but when iam pinging to suppost http://www.cisco.com

the out put come showing that unrecognized host or name or protocol is not running

....

could you advice please by examining the attached configuration file and see what should be removed and what to add

lot of thanks

Alaeldien

*******************************************

the most important thing is that the ISP *

providing us with the value of * * PVC(VPI/VCI) that is 0/50, *

where it should be *

included globally or in a diler since *

the *dialer can not accept such type *

of command unless we add mmi. *

*******************************************

Giuseppe Larosa Sun, 10/19/2008 - 23:29

Hello Ala,

PPPoE session is fine:

Encapsulation PPP, LCP Open

Open: IPCP

PPPoE vaccess, cloned from Dialer1

>> but when iam pinging to suppost http://www.cisco.com

the out put come showing that unrecognized host or name or protocol is not running

this is a DNS problem you need to configure on PCs a DNS server that is in your provider network.

give a look at:

http://www.tech-faq.com/public-dns-servers.shtml

Ask your provider what DNS server to use.

For configuring the DNS server on the router

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00800c525f.shtml

3) providing us with the value of * * PVC(VPI/VCI) that is 0/50, *

This is the ATM PVC to be used if your WAN interface was directly the ADSL link: in your case this info is already configured on the ADSL modem so don't worry about this it is right that is not used in your router in this scenario.

I would remove the mmi config I don't think relates to your scenario.

Hope to help

Giuseppe

alaeldien Mon, 10/20/2008 - 20:51

Hellow

i've configured the router with DNS of the ISP, the problem is still exist, and i can not see the out put of the debug while its on.

my scenario is like this:

the pppoe session has been established

but it seem to be problem with NAT

the LAN interface nated as inside

the WAN interface nated out side

the dialer interface also out side

so how it could be wrong. please advice.

thanks

Alaeldien

alaeldien Tue, 10/21/2008 - 02:06

hellow sir

idid some change and here is the issue

***************************************

falcon-wimax#ping 64.233.183.104

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 64.233.183.104, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 264/271/280 ms

falcon-wimax#ping http://www.google.com

Translating "www.google.com"...domain server (194.170.1.7)

% Unrecognized host or address, or protocol not running.

it's a DNS issue can you deal with it

thanks

Alaeldien

Giuseppe Larosa Tue, 10/21/2008 - 04:48

Hello Ala,

I tested in a branch router with IPSec and without NAT I have the same problems you have showed me even using www.google.com

I would suggest you to use a PC connected on the internal LAN and to try to surf with it

Hope to help

Giuseppe

alaeldien Wed, 10/22/2008 - 20:51

hello sir

we are done. it's all about wrong parameters from ISP.so good job has been done by you thanks alot

Giuseppe Larosa Wed, 10/22/2008 - 23:18

Hello Ala,

I'm happy that now everything works well with this PPPoE session.

Best Regards

Giuseppe

p.s. : you can address me as Giuseppe that is my name it is a normal practice here in the forums.

I've realized only now that you kept to use sir: very polite of you.

Giuseppe Larosa Tue, 10/21/2008 - 03:22

Hello Ala,

about NAT I think it should be configured only on LAN interface and dialer not the WAN interface because it has no L3 config.

Hope to help

Giuseppe

alaeldien Tue, 10/21/2008 - 22:18

hello sir

i reomoved the NAT declaration in WAN interface, but it's still, i can ping from the router to any ip address, not by host name, none of my PCs in LAN can ping either by name or host name.

??????

please take last look into the config file.

ya one more thing i can not see the out put of debug even after enabling the terminal monitor

advice please

Alaeldien

alaeldien Wed, 10/22/2008 - 00:24

Hellow sir

finally ican said that we almost did it

the router is working fine i can ping by both host name or ip address, but still ihave problem ???

i can not ping any ip address or host name from any pc in the LAN

and i think some how it's related to the ACL

so i used class c ip address

192.168.1.1 255.255.255.0

and i implement ACL as follows

access-list 100 permit ip 192.168.1.0 0.255.255.255 any

is it ok? if yes what might be wrong/

thank you.

Alaeldien

alaeldien Wed, 10/29/2008 - 01:53

hello Giuseppe

the internet connection is fine as but i can not access the secure sites like hotmail,gmail and even i can not access my inhouse mail

this is the ACL that i've implemented

access-list 100 permit ip any any

access-list 100 permit ip 0.0.0.0 255.255.255.0 any

dialer-list 100 protocol ip permit

could you examine them and tell me what might be wrong.

thanks

Alaedien

Giuseppe Larosa Wed, 10/29/2008 - 12:50

Hello Ala,

nice to hear you.

the first line

access-list 100 permit ip any any

permits all ip traffic

second line is then useless and also wrong

where do you use acl 100 ?

Do you use it for NAT ?

Hope to help

Giuseppe

Actions

This Discussion