05-19-2010 10:32 AM
I'm sorry, I've closed previouse discussion - https://supportforums.cisco.com/message/3075308#3075308
The problem is actual yet.
Micronet voip gateway (SP5002) cant' up pppoe connection to CIsco 7206 vxr, after cisco uptime > 20 days.
I have attached wireshark dump.
IOS: c7200-advipservicesk9-mz.122-33.SRD4.bin
Config:
Current configuration : 12976 bytes
!
! Last configuration change at 16:14:26 KGST Tue May 18 2010 by tuxper
! NVRAM config last updated at 16:25:21 KGST Tue May 18 2010 by tuxper
!
version 12.2
service timestamps debug uptime
service timestamps log datetime msec localtime
service password-encryption
service counters max age 5
!
hostname Router_PPPoE
!
boot-start-marker
boot system disk2:c7200-advipservicesk9-mz.122-33.SRD4.bin
boot-end-marker
!
logging buffered 64000
no logging console
enable password 7 071D294A4D101F1F1E140C061C382D74716B
!
aaa new-model
!
!
aaa group server radius PPPOE-RADIUS-SERVER
server-private xxx.x.x.x auth-port 3812 acct-port 3813 key 7 yyyyyyyyy
!
aaa group server radius ISG-RADIUS-SERVER
server-private xx.x.x.x auth-port 4812 acct-port 4813 key 7 yyyyyyyyyy
!
aaa group server radius CISCO-AAA-SERVER
server-private xxx.x.x.x auth-port 2812 acct-port 2813 key 7 yyyyyyyyyyyyyy
!
aaa group server tacacs+ ACCT-TACACS-SERVER
server-private xx.x.x.x key 7 yyyyyyyyyyyyyyyyy
!
aaa authentication login default local group CISCO-AAA-SERVER
aaa authentication enable default group CISCO-AAA-SERVER enable
aaa authentication ppp PPPoE group PPPOE-RADIUS-SERVER
aaa authorization network PPPoE group PPPOE-RADIUS-SERVER
aaa authorization subscriber-service default local group ISG-RADIUS-SERVER
aaa accounting update periodic 1440
aaa accounting exec default start-stop group CISCO-AAA-SERVER
aaa accounting commands 1 default stop-only group ACCT-TACACS-SERVER
aaa accounting commands 15 default stop-only group ACCT-TACACS-SERVER
aaa accounting network PPPoE start-stop group PPPOE-RADIUS-SERVER
aaa accounting network ISG start-stop group ISG-RADIUS-SERVER
!
!
!
!
aaa server radius dynamic-author
client xxx.x.x.x server-key 7 yyyyyyyyyyyyy
auth-type all
ignore session-key
ignore server-key
!
aaa session-id common
clock timezone KGST 6
ip subnet-zero
ip source-route
!
!
!
!
ip cef
ip name-server xxxxxxxxx
ip name-server xxxxxxxxx
!
!
subscriber service password 7 xxxxxxxxxxxxxxxx
redirect server-group REDIR-SERVER
server ip xxx.xxx.xxx.xxx port 9999
!
multilink bundle-name authenticated
!
!
archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys
path ftp://xxxxxxxxxx@xxx.xxx.xxx.xxx.xx/bras7206-//xxxxxxxxxx@xxx.xxx.xxx.xxx.xx/bras7206-
write-memory
time-period 10080
username tuxper password 7 yyyyyyyyyyyy
username evrey password 7 yyyyyyyyyyyyy
!
!
!
!
!
!
bba-group pppoe global
virtual-template 1
sessions max limit 8000
sessions per-vlan limit 4000
!
!
interface Loopback0
ip address xx.xxx.xx.xx 255.255.255.255
!
interface GigabitEthernet0/1
description 7600_Uplink
ip address yy.yy.yy.yy 255.255.255.252
ip ospf network point-to-point
media-type rj45
speed 1000
duplex full
no negotiation auto
no cdp enable
!
interface GigabitEthernet0/2
description 7600_Uplink_pppoe_vlan
mtu 9000
no ip address
media-type rj45
speed auto
duplex auto
no negotiation auto
vlan-range dot1q 25 26
pppoe enable group global
exit-vlan-config
!
vlan-range dot1q 300 399
pppoe enable group global
exit-vlan-config
!
vlan-range dot1q 401 461
pppoe enable group global
exit-vlan-config
!
vlan-range dot1q 600 620
pppoe enable group global
exit-vlan-config
!
vlan-id dot1q 20
pppoe enable group global
exit-vlan-config
!
!
interface GigabitEthernet0/3
no ip address
shutdown
media-type rj45
speed auto
duplex auto
no negotiation auto
!
interface Virtual-Template1
description PPPoE
mtu 1492
ip unnumbered Loopback0
ppp authentication chap pap PPPoE
ppp authorization PPPoE
ppp accounting PPPoE
ppp eap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp ipcp dns zzz.zzz.zzz.zzz zzz.zzz.zzz.zzz
!
router ospf 1
router-id yyy.yy.yy.yy
log-adjacency-changes
summary-address ii.iii.ii.0 255.255.254.0
summary-address ttt.ttt.ttt.0 255.255.255.0
summary-address ttt.ttt.ttt.0 255.255.255.0
summary-address ttt.ttt.ttt.0 255.255.255.0
summary-address ttt.ttt.ttt.0 255.255.254.0
redistribute connected subnets
redistribute static subnets
network uuu.uuu.uuu.uuu 0.0.0.3 area 0
default-information originate
!
ip classless
!
!
no ip http server
no ip http secure-server
!line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
session-timeout 30
exec-timeout 60 0
length 0
international
line vty 5 15
!
ntp clock-period 17179974
ntp peer vvv.vvv.vvv.vvv
ntp peer vvv.vvvv.vvv.vvv
end
P.S. I'm ready to provide any needed information.
05-22-2010 07:02 AM
Hello?
Can anybody help me?
06-14-2010 04:28 AM
Hello Barat,
seems from the wireshark dump that the CPE is rejecting chap with MD5 authentification that the Cisco equipment is asking for...
You should check with your CPE vendor which authentification it requires and allow that on your virtual-template (or juste remove the ppp ms-chap refuse ppp ms-chap-v2 refuse commands from your virtual-template)
Johan
06-29-2010 08:31 PM
I made config like this:
interface Virtual-Template1
description PPPoE
mtu 1492
ip unnumbered Loopback0
ppp authentication chap pap ms-chap ms-chap-v2 PPPoE
ppp authorization PPPoE
ppp accounting PPPoE
ppp eap refuse
ppp ipcp dns xxx.xx.xx.xx tt.tt.tt.tt
!
But the problem is actual.
I installed new IOS: c7200-advipservicesk9-mz.122-33.SRE1.bin
But 21 days is over, and I have the same problem.
I don't understand anything.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide