Re: Need help with PPP configuration

SagaLore · ‎03-18-2003

Our firm is having problems with users that need to dial into the network. It seems they are having trouble accessing servers - even though the dialup session is supposed to assign the client's TCP/IP settings from the local DHCP server, we are forced to add at least the DNS servers manually so they can access the network properly.

I have a feeling the routers are not configured correctly for this. Here is an example of a router configuration:

!

version 12.0

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

!

hostname TESTrouter

!

no logging console

aaa new-model

aaa authentication login default tacacs+

aaa authentication login consoles tacacs+ line

aaa authentication ppp default tacacs+

aaa authorization exec default tacacs+ none

aaa authorization network default tacacs+

aaa accounting exec default start-stop tacacs+

aaa accounting network default start-stop tacacs+

enable secret ***erased***

!

ip subnet-zero

ip domain-name parente.dom

ip name-server 120.1.10.3

async-bootp dns-server 120.1.10.3 120.1.25.5

async-bootp nbns-server 120.1.10.8

!

interface Ethernet0

description INTERNAL LAN

ip address 120.1.55.1 255.255.255.0

no ip directed-broadcast

!

interface Serial0

description SERIAL PORT USED FOR SUB-INTERFACE (FRAME-RELAY

no ip address

no ip directed-broadcast

encapsulation frame-relay

!

interface Serial0.1 point-to-point

description TO SOME-PLACE

ip address 120.1.56.2 255.255.255.0

no ip directed-broadcast

no ip mroute-cache

frame-relay interface-dlci 100

!

interface Serial1

no ip address

no ip directed-broadcast

shutdown

!

interface Group-Async1

ip unnumbered Ethernet0

ip helper-address 120.1.55.16

no ip directed-broadcast

encapsulation ppp

no ip route-cache

ip tcp header-compression passive

no ip mroute-cache

dialer in-band

dialer idle-timeout 999999

async dynamic address

async mode interactive

peer default ip address dhcp

no fair-queue

no cdp enable

ppp authentication pap chap

group-range 1 8

!

router eigrp 1

network 120.1.0.0

no auto-summary

!

ip local pool wellsboro-dialin 120.1.55.2 120.1.55.10

ip nat translation timeout never

ip nat translation tcp-timeout never

ip nat translation udp-timeout never

ip nat translation finrst-timeout never

ip nat translation syn-timeout never

ip nat translation dns-timeout never

ip nat translation icmp-timeout never

ip classless

ip route 0.0.0.0 0.0.0.0 120.1.56.1

!

tacacs-server host 120.1.10.7

tacacs-server host 120.1.25.5

tacacs-server timeout 60

tacacs-server key ***erased***

snmp-server community parentenet RO

snmp-server community parentenet1 RW

!

line con 0

password ***erased***

login authentication consoles

transport input none

line 1 8

autoselect during-login

autoselect ppp

modem InOut

modem autoconfigure discovery

transport input all

speed 115200

flowcontrol hardware

line aux 0

password ***erased***

login authentication consoles

transport input all

line vty 0 4

password ***erased***

login authentication consoles

!

ntp clock-period 17180232

ntp server 120.1.10.1

end

And here is the result of IPConfig when dialed into this:

PPP adapter TESTOFFICE:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

Physical Address. . . . . . . . . : 00-53-45-00-00-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 120.1.55.108

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 120.1.55.108

DNS Servers . . . . . . . . . . . : 120.1.10.3

120.1.25.5

Primary WINS Server . . . . . . . : 120.1.10.8

Secondary WINS Server . . . . . . : 120.1.10.8

NetBIOS over Tcpip. . . . . . . . : Disabled

I'm not very knowledgeable about PPP, but I'm hoping there's away to get the IPConfig to look like this (if possible):

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

Physical Address. . . . . . . . . : 00-53-45-00-00-00

Dhcp Enabled. . . . . . . . . . . : Yes

IP Address. . . . . . . . . . . . : 120.1.55.108

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 120.1.55.1

DNS Servers . . . . . . . . . . . : 120.1.10.3

120.1.25.5

Primary WINS Server . . . . . . . : 120.1.10.3

NetBIOS over Tcpip. . . . . . . . : Enabled

???

thanks for any help

makchitale · ‎03-18-2003

The config looks good...The first output is what we will typically see for a ppp dialup client & the second is for a client connected on the LAN.

On the PPP dialup output, the netmask will be either /32 or a classful mask depending on the clinet Win OS....we do not negotiate mask in PPP.

Default GW will always be self address as there is no way to negotiate the GW during ppp nego. However in LAN connection it's possible.

You mentioned that you need to add the DNS servers manually for network connectivity, based on the as5300 configs, the dns should be downloaded during ipcp....Can you ping your network servers on ip address? Maybe we have a dns issue.

Can suggest a few debugs to troubleshoot this issue, mainly "deb ppp nego" will indicate whether the dns info is passed on or not.

Thanks, Mak.

SagaLore · ‎03-18-2003

Okay that's what I figured, for the subnet mask and gateway. The second ipconfig is what we get on the LAN, and I was hoping to mimick that... my goal is to have the laptops function on the network the same when they're on dialup.

Yes we can ping. The first IPConfig shows that tcp/ip is getting the right dns servers but it seems that there is something missing for them to function correctly... perhaps it isn't registering on the domain properly... the connection specific domain suffix isn't showing up like it should either...

Is there a way to have the PPP session pull ALL of it's settings from the local DHCP server, rather than from the router? How do we turn on Netbios over TCP/IP... and why am I getting 2 WINS servers of the same IP...