Re: Cisco 1721 PPPoE with Dynamic IP, NAT and DHCP

darrylrogers · ‎05-11-2011

I suspect I've missed something simple, but I've tried all day to make this work. The provider said to use PVC 0/35 and PAP. The provider does not see a login attempt in the Radius logs.

Here is my config:

Building configuration...

Current configuration : 1713 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxx

enable password xxx

!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.70.0 192.168.70.99
ip dhcp excluded-address 192.168.70.200 192.168.70.254
!
ip dhcp pool mypool
   network 192.168.70.0 255.255.255.0
   dns-server 156.154.70.16 156.154.71.16
   default-router 192.168.70.244
   lease 7
!
!
no ip domain lookup
ip name-server 156.154.70.16
vpdn enable
!
vpdn-group pppoe
!
!
!
!
!
!
!
!
!
!
interface ATM0
description connected to WAN

no ip address
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.1 point-to-point
no snmp trap link-status
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
description connected to LAN
ip address 192.168.70.244 255.255.255.0
ip nat inside
ip virtual-reassembly
speed auto
full-duplex
no cdp enable
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username xxx password 0 xxx
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 192.168.70.0 0.0.0.255
!
control-plane
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password xxx
login
!
no process cpu extended
no process cpu autoprofile hog
end

Here is what I get:

debug pppoe events
PPPoE protocol events debugging is on
xxxRouter#
*Mar 1 03:34:46.131: padi timer expired
*Mar 1 03:34:46.131: Sending PADI: vc=0/35
*Mar 1 03:35:18.387: padi timer expired
*Mar 1 03:35:18.387: Sending PADI: vc=0/35

ATM packets debugging is on
Displaying all ATM packets
xxxRouter#
*Mar 1 03:33:41.579: ATM0.1(O):
VCD:0xC VPI:0x0 VCI:0x23 DM:0x100 SAP:AAAA CTL:03 OUI:0080C2 TYPE:0007 Length:0x4A

show interface atm0
ATM0 is up, line protocol is up
Hardware is DSLSAR (with Alcatel ADSL Module)
Description: connected to NuqNet
MTU 4470 bytes, sub MTU 4470, BW 128 Kbit, DLY 4000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ATM, loopback not set
Encapsulation(s): AAL5 AAL2, PVC mode
23 maximum active VCs, 256 VCs per VP, 1 current VCCs
VC Auto Creation Disabled.
VC idle disconnect time: 300 seconds
Last input never, output 00:00:16, output hang never
Last clearing of "show interface" counters never
Input queue: 0/224/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: Per VC Queueing
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     135 packets input, 11205 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     163 packets output, 11410 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 output buffer failures, 0 output buffers swapped out

show dsl interface atm0
ATM0
Alcatel 20150 chipset information
                ATU-R (DS)                      ATU-C (US)
Modem Status:    Showtime (DMTDSL_SHOWTIME)
DSL Mode:        ITU G.992.1 (G.DMT) Annex A
ITU STD NUM:     0x01                            0x1
Vendor ID:       'ALCB'                          'IFTN'
Vendor Specific: 0x0000                          0x71BD
Vendor Country: 0x00                            0xB5
Capacity Used:   92%                             95%
Noise Margin:     7.5 dB                          6.0 dB
Output Power:    20.0 dBm                        11.5 dBm
Attenuation:     63.5 dB                         31.5 dB
Defect Status:   None                            None
Last Fail Code: None
Selftest Result: 0x00
Subfunction:     0x15
Interrupts:      1335 (0 spurious)
PHY Access Err: 0
Activations:     1
LED Status:      ON
LED On Time:     100
LED Off Time:    100
Init FW:         embedded
Operation FW:    embedded
SW Version:      3.8131
FW Version:      0x1A04

                 Interleave             Fast    Interleave              Fast
Speed (kbps):          3360                0           128                 0
Cells:                  276                0       1322813                 0
Reed-Solomon EC:          0                0             8                 0
CRC Errors:               0                0             0                 0
Header Errors:            0                0             0                 0
Bit Errors:               0                0
BER Valid sec:            0                0
BER Invalid sec:          0                0

LOM Monitoring : Disabled

DMT Bits Per Bin
00: 0 0 0 0 0 0 0 0 0 2 2 3 3 3 3 3
10: 3 4 4 4 4 4 4 4 4 4 4 4 3 2 0 0
20: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2
30: 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 4
40: 3 4 4 4 4 4 4 4 4 4 4 5 5 4 5 5
50: 5 2 5 6 6 6 6 6 6 6 5 6 6 6 6 6
60: 6 6 6 6 6 6 7 6 7 7 7 7 7 7 7 7
70: 7 7 7 7 7 6 7 6 6 6 7 7 7 7 7 7
80: 7 7 7 7 7 7 6 7 7 7 7 7 7 6 7 7
90: 7 7 7 7 7 6 5 4 6 7 7 7 7 7 7 7
A0: 7 7 7 7 7 7 7 5 7 7 7 7 7 7 6 6
B0: 6 6 6 6 5 4 6 6 5 6 6 6 6 6 6 5
C0: 5 5 5 5 5 4 4 4 4 4 4 4 4 4 3 4
D0: 3 4 4 3 4 4 4 4 3 2 4 4 4 4 4 3
E0: 4 3 3 4 4 4 4 4 4 4 3 4 4 4 4 4
F0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

DSL: Training log buffer capability is not enabled

stuclark · ‎05-12-2011

Hi Darryl,

It looks like PPPoE discovery is failing, so the router never gets to PPP negotiation/authentication which is why their radius server doesn't see an authentication attempt.

It looks like your DSL line trained up ok, and the router is trying to initiate a session by sending a PADI frame on the PVC, but the router is not receiving the PADR from the provider to continue PPPoE discovery:

*Mar 1 03:34:46.131: padi timer expired
*Mar 1 03:34:46.131: Sending PADI: vc=0/35
*Mar 1 03:35:18.387: padi timer expired
*Mar 1 03:35:18.387: Sending PADI: vc=0/35

The discovery phase must finish before PPP negotiation and then authentication will kick off. You can read more about this phase here:

http://www.cisco.com/en/US/docs/ios/12_1t/12_1t1/feature/guide/dtpppoe.html#wp1026959

Since we're not seeing a PADR come back from the provider's PPPoE aggregation device, are you certain this is supposed to be a PPPoE over ATM connection, and not just straight PPP over ATM termination? If indeed it is supposed to be PPPoE over ATM, then it might help for the provider to know that you're not seeing a PADR come back from them. This would certainly explain why they aren't seeing the auth attempt in their radius logs.

You may also want to check "show atm pvc 0/35" to see if you see *anything* come in on the PVC. If not, that would at least be one more thing you can report to them - that the router is sending a PADI to initiate the session, but you're not seeing anything come back. Just a few possibilities of what could contribute to this are using the wrong PVC, an ATM switching path issue, or a config issue on the aggregation side.

Hope this helps!

-Stu

darrylrogers · ‎05-12-2011

Stuart,

Thank you for your response. I have forwarded your message to the provider.

One other thing, I did connect a Speedstream 5100 aDSL modem/router and I was able to get it to work. It showed 0/35, so I think that's right.

Thanks again,

Darryl