Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Need help configuring 1841 Router with a WIC-ADSL1 Module

Hello folks...

I am new to using this forum so please bare with me...

I only know a little about programming a CISCO router but I know the config I setup is not working...

Here is what I want to do...

  • The ISP provides us with IP Addresses via DHCP. Our public address is NOT static so the interface on the DSL Module needs to be provisioned to get a DHCP address with a CLASS C License.
  • The IP address of the Router should be 10.0.0.10 subnet=255.255.255.0
  • The LAN Clients need receive their IP address via DHCP EXCEPT for a range of 100 addresses. The lan Clients only need about 40 DHCP addresses.
  • ONE of the Lan Clients (10.0.0.3) needs to have ports 25, 1723, and others forwarded to it.

Below is the config I am trying to use but I can't even ping the router from the LAN. What am I doing wrong?

Can anyone tell me how to fix this and can you send examples or even rewrite my config for me? I would be grateful!

Please advise...

Dale Allen

Everyone's tags (5)
41 REPLIES
Cisco Employee

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Dale,

Paste these commands directly to your router after being in the global configuration mode (you call it up using the configure terminal command):

ip routing

ip cef

interface FastEthernet0/0

ip route-cache

ip route-cache cef

duplex auto

end

I also have a question: Your ADSL PPP configuration is currently performed in the PPPoA style. There is also a more common approach used, the PPPoE. You have to verify with your ISP what kind of PPP is used, as these two encapsulations are not compatible nor interchangeable. Also, is the PVC 0/35 correct? Again, this must be verified against your ISP as there is no default setting.

After these changes, you should at least be able to receive an IP address automatically on your PC if connected to the Fa0/0 interface, and be able to ping the 10.0.0.10. If not, there are probably some physical problems with the connection - in that case, try using the show ip interface brief command and check whether the FastEthernet0/0 interface is reported as up/up. If not, there is a cabling problem.

Best regards,

Peter

New Member

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Thanks for writing back...

Now I can ping the Fast Ethernet interface and I can telnet into the router from the LAN side but I Cannot ping the Internet even from inside the router.

Here is additional information that might help you...

(BTW:  I am SURE it is PPPoA and not PPPoE.  And I am sure it is 0/35 because I got that off the router they give is for free...)

Please see attached.

Dale

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

hi dale,

you're not getting an IP via IPCP from your SP.

Dialer1                    unassigned      YES NVRAM  up                    up

check with your SP again for the VPI/VCI. you should have inserted the below on your ATM: pvc 0/X ilmi

Router(config-if)#pvc 0/X ?

  ilmi  Configure the management PVC for this interface

interface ATM0/0/0

no ip address

no ip mroute-cache

no atm ilmi-keepalive

dsl operating-mode auto

pvc 0/35

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

New Member

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

John:

That appears to be the case...  The ISP  won't help me very much because they say they will only support the Thomson  SpeedTouch Modem that is shipped/packaged with the Service.

However they did say that they are providing us our IP address over DHPC and they never heard of "IPCP". Keep in mind that just because they never heard of it before, does not mean that is not what they are using..

In any case, we don't seem to be getting an IP address from them.  What debug can I run that will show the process as it progresses if we are even "Dialing" out to even attempt to get an IP address from them? 

Please advise....


Dale Allen

Cisco Employee

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Hi Dale,

Please run the following debugs:

debug ppp negotiation

debug ppp authentication

and then shutdown/unshutdown the Dialer interface. Capture the output and post it here please. You must be either connected directly to the console, or if you telnet into the router, use the terminal monitor command to divert all console messages to your Telnet session.

Thank you!

Best regards,

Peter

New Member

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

First of all I want to thank you for the really great steps you have provided me with.. 

Can I ask you,  is it against the rules to offer you some cash for personal help?  Could I pay  you to get on my computer via Logmein and assist me faster than this forum or is that against someones rules? 

In any case, please see the attached file for the debug results....

Dale

New Member

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

*Aug 18 23:46:04.991: Vi2 DDR: Dialer statechange to up

*Aug 18 23:46:04.991: %DIALER-6-BIND: Interface Vi2 bound to profile Di1

*Aug 18 23:46:04.991: Vi2 PPP: Using dialer call direction

*Aug 18 23:46:04.991: Vi2 PPP: Treating connection as a callout

*Aug 18 23:46:04.991: Vi2 PPP: Phase is ESTABLISHING, Active Open

*Aug 18 23:46:04.991: Vi2 PPP: Authorization required

*Aug 18 23:46:04.991: Vi2 PPP: No remote authentication for call-out

*Aug 18 23:46:04.991: Vi2 LCP: O CONFREQ [Closed] id 131 len 10

*Aug 18 23:46:04.991: Vi2 LCP:    MagicNumber 0x136DAF25 (0x0506136DAF25)

*Aug 18 23:46:06.987: %LINK-3-UPDOWN: Interface Dialer1, changed state to up

*Aug 18 23:46:04.991: Vi2 DDR: Dialer statechange to up

*Aug 18 23:46:04.991: %DIALER-6-BIND: Interface Vi2 bound to profile Di1

*Aug 18 23:46:04.991: Vi2 PPP: Using dialer call direction

*Aug 18 23:46:04.991: Vi2 PPP: Treating connection as a callout

*Aug 18 23:46:04.991: Vi2 PPP: Phase is ESTABLISHING, Active Open

*Aug 18 23:46:04.991: Vi2 PPP: Authorization required

*Aug 18 23:46:04.991: Vi2 PPP: No remote authentication for call-out

*Aug 18 23:46:04.991: Vi2 LCP: O CONFREQ [Closed] id 131 len 10

*Aug 18 23:46:04.991: Vi2 LCP:    MagicNumber 0x136DAF25 (0x0506136DAF25)

*Aug 18 23:46:06.987: %LINK-3-UPDOWN: Interface Dialer1, changed state to up

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

could  you  please  send  output of  "sh  queuing int  atm0/0/0"?

New Member

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

In addition to this information, please see the attached file...

Thanks in advance...

Dale

dma#sh queueing interface dialer1
Interface Dialer1 queueing strategy: fair
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 42 kilobits/sec

dma#sh queueing interface atm0/0/0
  Interface ATM0/0/0 VC 0/35
  Queueing strategy: fifo
  Output queue 0/40, 0 drops per VC

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Hi Dale,

Does Internet work using the Thomsom Speed Touch modem/router?

Either you should demand your ISP with a working config that applies to Cisco routers or hire a reputable IT vendor should you have the cash to spare.

Sent from Cisco Technical Support iPhone App

New Member

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Thanks John for writing back....

Yes the SpeedTouch connects but it has problems even after replacing it 3 times.  The ISP tells me to leave it plugged directly into the wall and don't use a UPS.  Thats NOT A solution for me because we lose power here a lot (for short periods at a time) and I need it to stay up and running all the time.

I did some digging and I found that the ISP was totally incorrect.  He said we were authenticating using CHAP however I looked at a log on the SPEEDTOUCH and I have listed the log output FROM THE SpeedTouch below...  I believe this sheds new light on our problem...

Special note is how the SPEEDTOUCH seems to RECEIVE a call first and how it says it is using PAP instead of CHAP.

Please review this log and give me some feedback...   AND BTW:  I bought a SmartNet Contract for the unit today.

Thanks again for all your time and attention... Now here is the log... 

(Note to you:  The dates in the event log are not correct because the router is not configured for NTP...)

Device:   Name       TG782
Serial #   1004NTT6Q


Device Configuration:
        Region     Puerto Rico
       
Provider   Basic

Service    Routed PPP   Description: Routed Connection.

Routed Internet Connection:
       
VPI/VCI    0.35
       
Connection Type PPP over ATM (PPPoA)


Internet Account Settings:
       
User Name  CP1004NTT6Q
       
Password   ********


Time  Message

Jan 1 08:41:16 PPP link up (Internet) [64.237.144.116]
Jan 1 08:41:15 PPP PAP Authenticate Ack received
Jan 1 08:41:15 PPP PAP Authenticate Request sent
Jan 1 08:41:00 xDSL linestate up (ITU-T G.992.5; downstream: 5118 kbit/s, upstream: 508 kbit/s; output Power Down: 19.0 dBm, Up: 12.0 dBm; line Attenuation Down: 16.0 dB, Up: 5.5 dB; snr Margin Down: 27.5 dB, Up: 29.5 dB)
Jan 1 08:38:52 PPP link down (Internet) [64.237.147.115]
Jan 1 08:38:10 xDSL linestate down
Jan 1 08:24:08 PPP link up (Internet) [64.237.147.115]
Jan 1 08:24:08 PPP PAP Authenticate Ack received
Jan 1 08:24:07 PPP PAP Authenticate Request sent
Jan 1 08:23:47 xDSL linestate up (ITU-T G.992.5; downstream: 5118 kbit/s, upstream: 508 kbit/s; output Power Down: 19.0 dBm, Up: 12.0 dBm; line Attenuation Down: 16.0 dB, Up: 5.5 dB; snr Margin Down: 27.5 dB, Up: 29.5 dB)
Jan 1 08:02:56 PPP link down (Internet) [65.23.231.32]
Jan 1 08:02:16 xDSL linestate down
Jan 1 05:25:32 PPP link up (Internet) [65.23.231.32]
Jan 1 05:25:32 PPP PAP Authenticate Ack received
Jan 1 05:25:31 PPP PAP Authenticate Request sent
Jan 1 05:25:18 xDSL linestate up (ITU-T G.992.5; downstream: 5118 kbit/s, upstream: 508 kbit/s; output Power Down: 19.0 dBm, Up: 12.0 dBm; line Attenuation Down: 16.0 dB, Up: 5.5 dB; snr Margin Down: 27.5 dB, Up: 29.5 dB)
Jan 1 05:14:23 PPP link down (Internet) [64.237.151.220]
Jan 1 08:38:52 PPP link down (Internet) [64.237.147.115]
Jan 1 08:38:10 xDSL linestate down
Jan 1 08:24:08 PPP link up (Internet) [64.237.147.115]
Jan 1 08:24:08 PPP PAP Authenticate Ack received
Jan 1 08:24:07 PPP PAP Authenticate Request sent

New Member

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

OPPS!

I read the log incorrectly....

Jan 1 08:24:08 PPP PAP Authenticate Ack received

Jan 1 08:24:07 PPP PAP Authenticate Request sent

Jan 1 08:24:08 PPP PAP Authenticate Ack received
Jan 1 08:24:07 PPP PAP Authenticate Request sent

It seems to send first then receive....

Dale

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Hi Dale,

Thanks for this info! Unfortunately, your config is left on my laptop. Will review it again soon if your using the right aunthentication protocol.

In the meantime, since you've got a

Smartnet contract, why not open a TAC case?

Sent from Cisco Technical Support iPhone App

New Member

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

I can't open a case for two more long weeks. It takes that long to get the contract

Dale

Sent from my iPhone

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

hi dale,

got the opportunity to look again on your config, you seem to have used both authentication protocol - CHAP and PAP. looking at your thomson ST  modem logs, it uses PAP. kindly make the necessary changes in using only PAP  (verify this info with your ISP).

interface Dialer1

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

ppp chap hostname CP1004NTT6Q

ppp chap password 0 CP1004NTT6Q

ppp pap sent-username CP1004NTT6Q password 0 CP1004NTT6Q

-----

should look like this

ppp authentication pap callin

ppp pap sent-username password

Cisco Employee

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Hi John,

To my best knowledge, this change would not accomplish anything. The particular kind of PPP authentication is not enforced by a node willing to authenticate itself, rather, it is requested by the neighboring node that wants to authenticate its peer.

Dale's configuration is currently simply prepared to answer to both CHAP and PAP authentication requests, but it does not enforce any. If the remote end requires PAP during the LCP phase, Dale's router will use PAP. If the remote end negotiates CHAP during the LCP, the Dale's router will run CHAP. It is as simple as that.

The ppp authentication pap callin command is actually quite dangerous in this situation. What it means is that "I will want the other end to authenticate to myself but only if it is calling me, not if I am calling it". Note the problems related to this command:

  • We are requested the remote end to authenticate to us, in other words, we want the ISP to authenticate itself. That is a totally opposite direction of authentication than that which should take place.
  • We do not know any username nor password that the ISP should use to prove its identity to us. The username/password combination that is configured on the interface is our credential, not ISP's. If the ISP was indeed to authenticate to us, we would have to record its credentials using the username password global configuration command.
  • The callin parameter tells Dale's router to authenticate the ISP only if it calls us. Note that this direction of PPP connection creation never occurs on DSL lines. It is valid for dialed lines and callback scenarios, but never in a stable provider environment.

What is interesting is that precisely this kind of configuration seems to persist all around. I see it all the time configured on client devices and I wonder where does it come from. To me, it appears to be patently wrong. I guess I have seen it somewhere in some Cisco configuration example that got it wrong in the first place, and it is simply being propagated further and further.

Please correct if I am wrong here!

Best regards,

Peter

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

hi peter,

the 2 lines which i provided are required for PAP to work. the optional "callin" keyword is up to OP to add if one or the other works for his connection.

this kind of set up is very common with our 1841s with the same ADSL WIC module. it's also common with PPPoE and PPPoA setup.

Cisco Employee

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Hi John,

Hmmm... I am sorry but I still do not agree with your reasoning.

the 2 lines which i provided are required for PAP to work.

This depends on the direction of the authentication. I maintain that these two lines are not required if Dale's router should authenticate to the ISP and not vice versa. The ppp authentication pap command will request that the other party authenticates to us. It does not influence whether we agree on a particular type of authentication requested from the other party. If we wanted to refuse a particular authentication type we would use the ppp pap refuse or ppp chap refuse commands, but it is always the other party that requires authentication from us.

Quoting from the IOS Security Command Reference for 12.4T at

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_p2.html#wp1032515

When you enable Password Authentication Protocol  (PAP), Challenge Handshake Authentication Protocol (CHAP), or Extensible  Authentication Protocol (EAP) authentication (or all three methods),  the local router requires the remote device to prove its identity before  allowing data traffic to flow.

In other words, using the plain ppp authentication pap on Dale's router would cause Dale's router to send PPP PAP Request to the ISP, and Dale's router would expect a PAP Response from ISP, then compare the received username and password to the local username database. Is this what we want - to authenticate the ISP to us? Surely not! The authentication should go the other way around!

Let me also quote the Linux manpage about pppd that puts it quite nicely:

The  PPP  protocol, being symmetrical, allows both peers to require the

other to authenticate itself.  In that case, two separate and  indepen‐

dent  authentication exchanges will occur.  The two exchanges could use

different authentication protocols, and in principle,  different  names

could be used in the two exchanges.

So, if I request authentication from the other party, it has absolutely no effect whether I will have to authenticate myself to the other party as well, and what kind of authentication that will be.

The configuration as used and suggested by you works because, just by a happy coincidence, a DSL connection is not treated as incoming PPP call, and thus the command ppp authentication pap callin actually has no effect - as if you never entered it at all. I am very sure that if you removed the callin keyword, your clients would not be able to connect as they would request PAP authentication from the ISP's access concentrators. That would require setting up local username databases on your clients' routers so that the username/password of the ISP access concentrators could be verified against it.

Best regards,

Peter

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Hi Peter,

Very interesting points indeed! I wish I was wrong.

With due respect, I'd gladly drop off this thread and leave it up to you since you have more expertise

Sent from Cisco Technical Support iPhone App

Cisco Employee

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Hello John,

No, no, please do not leave this thread! All your suggestions are welcome!

Regarding this particular configuration snippet I  originally commented, I am simply going against a popular but incorrect  belief I am seeing far too often. Being a teacher, I have a strong  propensity to point out inaccuracies and put things into their correct  place - not as a nitpicker I would like to hope, but rather out of my  desire to help people understand and use things correctly. I apologize  if I embarassed you by my argument or if I was in any way inappropriate.

You are most welcome here, and I definitely want you to continue submitting suggestions how to help solve Dale's problem.

Best regards,

Peter

New Member

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Folks:

Attached you will find the SH CONTROLLERS ATM/0/0/0 output that is NOT truckated..

Please let me know what you see...

Thanks


Dale Allen

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Hello  Dale  if  it's  pppoe  over  ATM,  then  apply  below  config,

interface ATM0/0/0

no ip address

no ip mroute-cache

no atm ilmi-keepalive

pvc 0/35  <<<  Verify  this  value  with  ISP

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

protocol  ppp  dialer  <<<  Add this  one

!

Regards,

Jyoti

Cisco Employee

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Hello Jyoti,

I am not sure about that addition you have suggested. It is still PPPoA, not PPPoE. If PPPoE was to be configured, the configuration would be

interface ATM0/0/0

pvc 0/35

pppoe-client dialer-pool-member 1

i.e. it would need to reference PPPoE explicitly.

Best regards,

Peter

New Member

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

It is NOT PPPoE. It IS PPPoA.


Dale

New Member

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

I HAVE verified this value...

pvc 0/35 <<< Verify this value with ISP

Thanks

Dale Allen

Cisco Employee

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Dale,

According to your outputs you have provided us with, the PPP on the other side simply does not respond. You are trying to bring up a PPP link and the other side sits there totally quiet.

I suggest verifying that your DSL interface has correctly trained to the DSLAM - use the commands

show controllers atm 0/0/0

show controllers dsl 0/0/0

and post the results here please. If the modem is trained correctly then I surmise that your provider probably uses PPPoEoA instead of PPPoA (if they don't know that they are using IPCP which they are then I also doubt their competency in distinguishing PPPoA from PPPoEoA).

Best regards,

Peter

New Member

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Thanks for writing back and for your attention...

I don't think I got all of the data but here is what I did get...(See attached) . 

And there is no command for show controllers DSL

Dale

New Member

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Couple of quick questions...

How do you shut off Term Monitor ? 

How do you inccrese the buffer to help hold more output from show controllers or show tech support?

Please advise,,,

Dale

Cisco Employee

Re: Need help configuring 1841 Router with a WIC-ADSL1 Module

Dale,

If you want to capture the output, the best way to do it is to use your HyperTerminal or PuTTY function to log everything into a file. This way, you do not need to change the logging buffer size.

Your show controllers atm output is sadly truncated so I am not able to see the most important part of the output whch I was interested in.

The terminal monitor can be deactivated using the no terminal monitor command - however, this is usable only on Telnet and SSH sessions. The console port still receives the logging output. It can be deactivated, but by a different command, and it is something I would rather not do at the moment.

So please try to use the logging function in your terminal emulator software to capture the entire output of the necessary commands and be so kind to post it here.

An additional info: I have sent you a private message - click on the Account link up at the top of the page. Please check it. Thanks!

Best regards,

Peter

3260
Views
5
Helpful
41
Replies