Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4438
Views
5
Helpful
4
Replies

PPPOE Problem - ASA 5505

Rodrigo Gurriti
Level 3
Level 3

‎12-13-2010 11:00 AM - edited ‎03-11-2019 12:21 PM

Hello,

I'm having troublem with my PPPOE connection, here is my config:

interface Vlan2
nameif outside
security-level 0

pppoe client vpdn group NAME
ip address pppoe setroute

......

mtu outside 1492

.....

vpdn group NAME request dialout pppoe
vpdn group NAME localname XXXXXX
vpdn group NAME ppp authentication mschap

vpdn username XXXXXX password YYYYYYYYY store-local


Here is the debug

PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:f866.f2ca.ee7d Type:0x8863=PPPoE-Discovery
PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12
PPPoE: Type:0101:SVCNAME-Service Name Len:0
PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
PPPoE: 00000003
PPPoE: PPPoE:(Rcv) Dest:f866.f2ca.ee7d Src:0011.6b91.c1a9 Type:0x8863=PPPoE-Discovery
PPPoE: Ver:1 Type:1 Code:07=PADO Sess:0 Len:49
PPPoE: Type:0102:ACNAME-AC Name Len:20
PPPoE: gw-cel01.xxxxxxxxxx.com.br

PPPoE: Type:0101:SVCNAME-Service Name Len:0
PPPoE: Type:0101:SVCNAME-Service Name Len:1
PPPoE: *

PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
PPPoE: 00000003
PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:4
PPPoE: 802DF5C4
PPPoE: PADO

PPPoE: send_padr:(Snd) Dest:0011.6b91.c1a9 Src:f866.f2ca.ee7d Type:0x8863=PPPoE-Discovery
PPPoE: Ver:1 Type:1 Code:19=PADR Sess:0 Len:49
PPPoE: Type:0102:ACNAME-AC Name Len:20
PPPoE: gw-cel01.xxxxxxxxxx.com.br

PPPoE: Type:0101:SVCNAME-Service Name Len:0
PPPoE: Type:0101:SVCNAME-Service Name Len:1
PPPoE: *

PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
PPPoE: 00000003
PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:4
PPPoE: 802DF5C4
PPPoE: PPPoE:(Rcv) Dest:f866.f2ca.ee7d Src:0011.6b91.c1a9 Type:0x8863=PPPoE-Discovery
PPPoE: Ver:1 Type:1 Code:65=PADS Sess:32909 Len:44
PPPoE: Type:0102:ACNAME-AC Name Len:20
PPPoE: gw-cel01.xxxxxxxxxx.com.br

PPPoE: Type:0101:SVCNAME-Service Name Len:0
PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
PPPoE: 00000003
PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:4
PPPoE: 802DF5C4
PPPoE: PADS

PPPoE: IN PADS from PPPoE tunnel

PPPoE: Opening PPP link and starting negotiations.

PPPoE: PPPoE:(Rcv) Dest:f866.f2ca.ee7d Src:0011.6b91.c1a9 Type:0x8863=PPPoE-Discovery
PPPoE: Ver:1 Type:1 Code:A7=PADT Sess:32909 Len:18
PPPoE: Type:0203:GENERICERR-Generic Error Len:14
PPPoE: session closed

PPPoE: PADT

PPPoE: Shutting down client session

When I try do this PPPOE on my desktop works just fine, one thing i noticied is that on the computer the pppoe was done using mschapV2

Labels:
0 Helpful
4 Replies 4

Maykol Rojas
Cisco Employee
Cisco Employee

‎12-13-2010 07:23 PM

Hello,

Seems like the modem you are connecting has some sort of sticky mac-address, Ive seen this issue before, when you are going to do the test, can you power cycle the unit and then connect it to the ASA? Or Else, have the ISP on the line to tell you if the mac address they are receiving is correct and they dont have the one on the computer hardcoded on the modem?

Cheers

Mike

Mike

Rodrigo Gurriti
Level 3
Level 3
In response to Maykol Rojas

‎12-14-2010 03:34 AM

Maykol,

Thank you for your reply, I tried looking for a modem but apparently I don't have one, the company that provides access to Internet on this building keeps a single modem for the whole building. I called them up and scheduled a visit to sort this out.

I've done a couple times this type connection on real ISPs and I had no problem,  but this one gave me a headache.

I have a the "Active Discovery Phase" with PADI/PADO/PADR/PADS completed with out a problem, I get assigned a session ID just fine.

When the "PPP Session Phase" negotiation happens it fails.

I'll talk to the ISP and I'll let you know what happened

Thank you

PS.

An other document i found shows that the Active Discovery Phase is completed with out a problem:

Ref: http://bellsouthpwp.net/j/d/jdloop/adsl/shastabbg/

2.1.1 The PPPoE Active Discovery Initiation (PADI) packet

The host sends the PADI packet with the Ethernet DESTINATION_ADDR set to the broadcast address. The CODE field is set to 0x09 and the SESSION_ID must  be set to 0x0000. The PADI packet must contain exactly one tag of TAG_TYP Service-Name, indicating the service the host is requesting; it may contain any number of other TAG types. An entire PADI packet (including the PPPoE header) must not exceed 1484 octets so as to leave sufficient room for a relay agent to add a Relay-Session-Id tag.

2.1.2 The PPPoE Active Discovery Offer (PADO) packet

When the Access Concentrator receives a PADI that it can serve, it replies by sending a PADO packet. The Ethernet DESTINATION_ADDR is the unicast address of the host that sent the PADI. The CODE field is set to 0x07 and the  SESSION_ID must be set to 0x0000. The PADO packet must contain one AC-Name tag containing the Acces Concentrator’s name, a Service-Name tag identical to the one in the PADI; it may also contain any number of other Service-Name tags indicating other services that the Access Concentrator offers. If the Access Concentrator cannot serve the PADI it must not respond with a PADO.

2.1.3 The PPPoE Active Discovery Request (PADR) packet

Because the PADI was broadcast, the host may receive more than one PADO. The host looks through the PADO packets it receives and chooses one. The choice can  be based on the AC-Name or the services offered. The host then sends one PADR packet to the Access Concentrator that it has chosen. The DESTINATION_ADDR field is set to the unicast Ethernet address of the Access Concentrator that sent the PADO. The CODE field is set to 0x19 and the  SESSION_ID must be set to 0x0000. The PADR packet must contain exactly one tag of TAG_TYPE Service-Name, indicating the service the host is requesting; it may also contain any number of other tag types.

2.1.4 The PPPoE Active Discovery Session-confirmation (PADS) packet

When the Access Concentrator receives a PADR packet, it prepares to begin a PPP session. It generates a unique SESSION_ID for the PPPoE session and replies to the host with a PADS packet. The DESTINATION_ADDR field is the unicast Ethernet address of the host that sent the PADR. The CODE field is set to 0x65 and the SESSION_ID must be set to the unique value generated for this PPPoE session.  The PADS packet contains exactly one TAG of TAG_TYPE Service-Name,     indicating the service under which Access Concentrator has accepted the PPPoE session; it may also contain any number of other TAG types. If the Access Concentrator does not like the Service-Name in the PADR, then it must reply with a PADS containing a TAG of TAG_TYPE Service-Name-Error (and any number of other TAG types). In this case the SESSION_ID must be set to 0x0000.

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to Rodrigo Gurriti

‎12-14-2010 04:58 AM

Hello,

Sounds great, let me know.

Mike.

Mike
0 Helpful

Rodrigo Gurriti
Level 3
Level 3
In response to Maykol Rojas

‎12-20-2010 05:10 AM

Mike,

Tried but did not work.

The PPPOE session was done on a server not on a modem.

This was a building ISP and they've told me that they have problems doing PPPOE with Cisco gear.

I'll have to switch ISP, We'll hire a real ISP to provide Internet access to get this fixed

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card