Re: router 870 - debug shows dialer 1 success chap but atm0 fail - Page 2

John Peterson · ‎01-04-2012

Happy New Years Guys,

I have a cisco 870 router which I'm trying to connect to my ISP all the interfaces are in a up, up state. But I'm unable to ping any IP address on the internet.

When I do a debug ppp I can see that the username and password are correct with the dialer 1 interface as there is no errors and I can see success.

But when I shutdown the atm0 interface and then do a no shutdown I see a message called authentication failed.

How does the atm0 interface work with the dialer, what could be the problem?

Also I spoke to the ISP and they can't see any connection being made but the debug shows success. I also get a default gateway via the ISP but it is the incorrect default gateway as I can't ping the internet and the ISP confirms that the default gateway is incorrect.

Thanks

paolo bevilacqua · ‎01-05-2012

Post relevant config and "show ip route".

John Peterson · ‎01-05-2012

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

10.0.0.0/24 is subnetted, 1 subnets

C 10.0.35.0 is directly connected, Vlan1

46.0.0.0/32 is subnetted, 1 subnets

C 46.247.0.67 is directly connected, Dialer1

S* 0.0.0.0/0 is directly connected, Dialer1

!

ip cef

ip inspect name DEFAULT100 cuseeme

ip inspect name DEFAULT100 ftp

ip inspect name DEFAULT100 h323

ip inspect name DEFAULT100 icmp

ip inspect name DEFAULT100 netshow

ip inspect name DEFAULT100 rcmd

ip inspect name DEFAULT100 realaudio

ip inspect name DEFAULT100 rtsp

ip inspect name DEFAULT100 esmtp

ip inspect name DEFAULT100 sqlnet

ip inspect name DEFAULT100 streamworks

ip inspect name DEFAULT100 tftp

ip inspect name DEFAULT100 tcp

ip inspect name DEFAULT100 udp

ip inspect name DEFAULT100 vdolive

no ip bootp server

no ip domain lookup

!

archive

log config

hidekeys

!

ip tcp synwait-time 10

ip telnet source-interface Vlan1

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

ip mask-reply

no ip proxy-arp

ip mtu 1500

ip load-sharing per-packet

ip virtual-reassembly

atm route-bridged ip

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

arp timeout 300

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Virtual-Template1

no ip address

!

interface Vlan1

ip address 192.168.35.1 255.255.255.0

ip access-group 100 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Dialer1

ip unnumbered Vlan1

ip access-group 101 in

no ip unreachables

ip mtu 1492

ip inspect DEFAULT100 out

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip tcp adjust-mss 1446

dialer pool 1

dialer idle-timeout 0

dialer persistent

dialer-group 1

no cdp enable

ppp authentication pap chap callin

ppp chap hostname XXXXXXXXXXXXXXXXXXXXXX

ppp chap password XXXXXXXXXXXXXXXXXXXX

ppp pap sent-username XXXXXXXXXXXXXXXXXXXXX password XXXXXXXXXXXX

hold-queue 224 in

!

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 110 interface Dialer1 overload

!

dialer-list 1 protocol ip permit

no cdp run

!

control-plane

!

line con 0

login local

no modem enable

paolo bevilacqua · ‎01-05-2012

You have the correct route.

Remove ip inspect and access-group.

You don't need MSS adjust on dialer interface.

John Peterson · ‎01-05-2012

I have done that now I get a .70 route which is injected, where before it was .60

004144: *Mar 1 02:43:46.298: Di1 IPCP: Install route to 46.247.0.70

004145: *Mar 1 02:43:46.298: Vi2 IPCP: Add link info for cef entry 46.247.0.70

004146: *Mar 1 02:43:47.267: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up

paolo bevilacqua · ‎01-05-2012

It doesn't matter. The static default overrides the IPCP one. And if if it didn't whatever the value recevied, it wouldn't matter anyway, as long packets go out the correct interface.

John Peterson · ‎01-05-2012

ok but I can't ping out.

ping 8.8.8.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

So is it still not working.

paolo bevilacqua · ‎01-05-2012

try a traceroute.

All failing, complain to ISP.

John Peterson · ‎01-05-2012

traceroot fails,

I spoke to the ISP and they say that it is nothing wong on there side.

Does my config look correct?

Also where is the 46. route comming from?

Could it be a bug on the IOS?

paolo bevilacqua · ‎01-05-2012

Traceroute fails how ?

You can take further debugs, but more likely is a problem with ISP. You can prove that using another router, ot se bridge mode and terminate PPPoE on a PC.

John Peterson · ‎01-05-2012

I dont know why it fails.

I have tried a netgear and that it able to access the internet, but the cisco it not.

Is there anything wrong with the config, the debugs above show that the username and password are correct.

paolo bevilacqua · ‎01-05-2012

do

interface Dialer1

ip address negotiated

no ip mtu 1492

no ip access-group 101 in

no ip tcp adjust-mss

interface vlan1

no ip tcp adjust-mss

And remove all and any "ip inspect" commands.

John Peterson · ‎01-05-2012

i've did that no luck, also all router lights are green.

paolo bevilacqua · ‎01-05-2012

After done the commands above, send revised config.

John Peterson · ‎01-05-2012

!

ip cef

no ip bootp server

no ip domain lookup

!

archive

log config

hidekeys

!

ip tcp synwait-time 10

ip telnet source-interface Vlan1

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

ip mask-reply

no ip proxy-arp

ip mtu 1500

ip load-sharing per-packet

ip virtual-reassembly

atm route-bridged ip

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

arp timeout 300

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Virtual-Template1

no ip address

!

interface Vlan1

ip address 192.168.35.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

!

interface Dialer1

ip address negotiated

ip unnumbered Vlan1

no ip unreachables

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer idle-timeout 0

dialer persistent

dialer-group 1

no cdp enable

ppp authentication pap chap callin

ppp chap hostname XXXXXXXXXX

ppp chap password XXXXXXXXXXX

ppp pap sent-username XXXXXXXX password XXXXXXXX

hold-queue 224 in

!

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 110 interface Dialer1 overload

!

dialer-list 1 protocol ip permit

no cdp run

!

control-plane

!

line con 0

login local

no modem enable

paolo bevilacqua · ‎01-05-2012

Interesting stubborn case.

Please do

interface dialer1

no ip unnumbered Vlan1

access-list 110 permit 192.168.35.0 0.0.0.255 any

(that may change if you use VPN later)

and take debug ppp neg again.

You should see router get an Ip address finally, and things working.

router 870 - debug shows dialer 1 success chap but atm0 failed, why?