Solved: One other thing: if I turn on

Kevin Barker · ‎08-12-2014

Hi. We have a new 2911 ISR, running IOS 15.4(1)T, that we need to connect to our ISP. This is our first Cisco appliance and unfortunately none of us have any experience at all with Cisco products,so we're on a very steep learning curve... So apologies if I ask silly things. Any help in the form of suggestions or pointers to relevant documentation would be extremely welcome.

I’ve spent a week or so reading Cisco docs, Googling, and trawling through forums and trying various suggested configurations, but nothing has worked so far.

Our ISP has given us info like this:

Username:      username@our-isp.com.au
Password:       xxxxxxxxxxxxx
CE IP Address:  14.202.207.94/30
PE IP Address:  14.202.207.93/30

and I’m assuming we need to connect using PPPoE.

My current config looks like this:

version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco2911
!
boot-start-marker
boot-end-marker
!
!
enable secret 9 xxxxxxxx
enable password xxxxxxxx
!
no aaa new-model
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
license udi pid CISCO2911/K9 sn FGL123456ZZ
!
!
redundancy
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description ==> ISP-facing Interface <==
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
 description ==> LAN-facing Interface <==
 ip address 192.168.0.3 255.255.248.0
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/2
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Dialer1
 ip address 14.202.207.94 255.255.255.252
 ip mtu 1492
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 ppp pap sent-username username@pig.tpg.com.au password 0 xxxxxx
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
snmp-server community public RO
!
control-plane
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password xxxxxx
 login
 transport input telnet ssh
 transport output telnet ssh
!
scheduler allocate 20000 1000
!
end

I’ve also tried issuing

terminal monitor
debug ppp negotiation
debug ppp authentication

and then shutdown/no shutdown the Dialer interface, but I don’t see anything that looks like debugging output — just “interface is down” / “interface is up” type messages.

Thanks in advance.

Dragan Ilic · ‎08-13-2014

If this is PPPoE config you need under Dialer interface:

- encapsulation ppp

- ppp authentication pap (maybe even offer them chap, callin etc...)

- dialer-group 1

Under global config you need:

- dialer-list 1 protocol ip permit

After these changes, if this is PPPoE, you should see something hapening when using debugs which you mentioned...

BR,

Dragan

HTH,
Dragan

View solution in original post

Dragan Ilic · ‎08-13-2014

If this is PPPoE config you need under Dialer interface:

- encapsulation ppp

- ppp authentication pap (maybe even offer them chap, callin etc...)

- dialer-group 1

Under global config you need:

- dialer-list 1 protocol ip permit

After these changes, if this is PPPoE, you should see something hapening when using debugs which you mentioned...

BR,

Dragan

HTH,
Dragan

Kevin Barker · ‎08-21-2014

Hi Dragan,

Firstly, thanks for your reply, and sorry to have taken so long to get back to you. (I've been unwell and had most of the week off work...)

I've applied your suggestions to my config, and also turned on debugging for "pppoe errors" and "pppoe events". Now I have been able to see some debug output but all I get is

*Aug 21 07:31:01.419:  padi timer expired

*Aug 21 07:31:01.419:  Sending PADI: Interface = GigabitEthernet0/0

over and over again.

I've also been in contact with tech support at my ISP who have confirmed that I should be connecting using PPPoE.

If you have any further suggestions for how I could troubleshoot this, I'd be very grateful!

Cheers,

Kevin

rizwanr74 · ‎09-03-2014

Hi Kevin,

Please try this:

interface GigabitEthernet0/0

no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1

Please remove two highlighted lines and put in place "ip address negotiated"

interface Dialer1
ip address negotiated

no ip address 10.248.221.114 255.255.255.252
no dialer string 1234
no dialer-group 1

Please set your internal tcp mass to 1452.

interface GigabitEthernet0/1

ip tcp adjust-mss 1452

Let me know, if this helps.

thanks

Rizwan Rafeek

Kevin Barker · ‎09-03-2014

Hi Rizwan,

I have this solved now — you must not have seen my latest comment. Sorry about that, and thanks for your suggestions.

Regards,

Kevin

john.viel · ‎02-18-2015

Kevin, would you mind sharing the final working config for this. I've potentially got a situation where we will have to implement a variation of this as part of a configuration to create an IPSec tunnel with our WAN vendor. The IPSec is easy to do when the ISP presents a public block on their LAN interface to the client (our router), but for cost reasons we will have to sign up with an ISP service where the only way of getting even a single IP address will be to create a bridge between our router and the ISP and create a PPOE link without NAT

Thanks, John

Kevin Barker · ‎02-19-2015

Hi John,

As you'll see by my last comment on this issue, the problem was not with my PPPoE configuration but rather the fact that the connection to my ISP was not using PPPoE after all. So my current working config doesn't contain any PPPoE directives. Sorry I can't be more help — good luck.

Regards, Kevin

Kevin Barker · ‎08-21-2014

One other thing: if I turn on "dialer" debugging, I see a lot of these lines:

*Aug 21 07:45:05.019: Di1: No free dialer - starting fast idle timer
*Aug 21 07:45:06.023: Di1: No free dialer - starting fast idle timer
*Aug 21 07:45:12.063: Di1: No free dialer - starting fast idle timer

I have read that this happens when the physical interface is not in any dialer pool. I thought the "pppoe-client dial-pool-number 1" config took care of that, but maybe I'm misunderstanding here...

pavan.rambatla@gmail.com · ‎10-19-2017

Hi ,

Followed your document and set up the PPPOE configuration on cisco 1941 router.

PPPOE link is up and able to ping 4.2.2.2 can browse https traffic.

strange thing is http traffic not working, but able to do telnet on port 80.

please advise why http websites not able to browse.

Regards,

Pavan

zeuscyril · ‎08-21-2014

try the following commands in your config

dialer-list 1 protocol ip permit

interface Dialer0
ip address x.x.x.x y.y.y.y
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname username
ppp chap password 0 xxxxxx

ppp pap sent-username username@pig.tpg.com.au password 0 xxxxxx

and in the LAN interface need to add ip nat inside

then you have to add nat access-list and ant statement to work internet in the local machines.

Kevin Barker · ‎08-21-2014

Hi. Thanks for your help here.

I've tried your config suggestions, and some variations, but I still just get the same "padi timer expired" errors and nothing else. My originally quoted config has changed a bit, so I've attached my latest running config.

Meanwhile, I had been talking to my ISP tech support but they've gone quiet at the moment. Is it possible that the problem I'm having could be caused by a misconfiguration on the ISP end of the connection? Or would I see different errors in that case?

Thanks again for helping. Cheers,

Kevin

zeuscyril · ‎08-22-2014

hi,

after these changes also if you are getting PADI error there should something need to do on the ISP side Either hardware or connectivity.

you can test in one method if it is ethernet interface from ISP.

you can configure broadband connection in your computer to check whether the connection is working or not.

thanks

cyril

Kevin Barker · ‎08-28-2014

I have it working now. Thank you very much to both Dragan and Cyril for your help and guidance. It turned out the problem was a communication error between the ISP and me. We have two connections supplied by the same ISP, one for internet, one for telephony. When talking to their support we were mistakenly talking about different connections — the PPPoE credentials I was given related to the telephony connection, whereas I was trying to configure the internet connection. Once the confusion was identified I was given the correct connection info (which is not PPPoE after all), and I've got basic connectivity up and running quite quickly after that...

My sincere apologies for the wild goose chase on these forums — and again, many thanks for those who tried to help. I have learned lots from you regardless.

Cheers,

Kevin

Configure PPPoE on Cisco 2911