08-12-2014 11:28 PM - edited 03-04-2019 11:32 PM
Hi. We have a new 2911 ISR, running IOS 15.4(1)T, that we need to connect to our ISP. This is our first Cisco appliance and unfortunately none of us have any experience at all with Cisco products,so we're on a very steep learning curve... So apologies if I ask silly things. Any help in the form of suggestions or pointers to relevant documentation would be extremely welcome.
I’ve spent a week or so reading Cisco docs, Googling, and trawling through forums and trying various suggested configurations, but nothing has worked so far.
Our ISP has given us info like this:
Username: username@our-isp.com.au Password: xxxxxxxxxxxxx CE IP Address: 14.202.207.94/30 PE IP Address: 14.202.207.93/30
and I’m assuming we need to connect using PPPoE.
My current config looks like this:
version 15.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname cisco2911 ! boot-start-marker boot-end-marker ! ! enable secret 9 xxxxxxxx enable password xxxxxxxx ! no aaa new-model ! ! ip cef no ipv6 cef multilink bundle-name authenticated ! ! license udi pid CISCO2911/K9 sn FGL123456ZZ ! ! redundancy ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description ==> ISP-facing Interface <== no ip address duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 ! interface GigabitEthernet0/1 description ==> LAN-facing Interface <== ip address 192.168.0.3 255.255.248.0 duplex auto speed auto no mop enabled ! interface GigabitEthernet0/2 no ip address shutdown duplex auto speed auto ! interface Dialer1 ip address 14.202.207.94 255.255.255.252 ip mtu 1492 encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 ppp pap sent-username username@pig.tpg.com.au password 0 xxxxxx ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 Dialer1 ! ! snmp-server community public RO ! control-plane ! ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password xxxxxx login transport input telnet ssh transport output telnet ssh ! scheduler allocate 20000 1000 ! end
I’ve also tried issuing
terminal monitor debug ppp negotiation debug ppp authentication
and then shutdown/no shutdown the Dialer interface, but I don’t see anything that looks like debugging output — just “interface is down” / “interface is up” type messages.
Thanks in advance.
Solved! Go to Solution.
08-13-2014 12:32 AM
If this is PPPoE config you need under Dialer interface:
- encapsulation ppp
- ppp authentication pap (maybe even offer them chap, callin etc...)
- dialer-group 1
Under global config you need:
- dialer-list 1 protocol ip permit
After these changes, if this is PPPoE, you should see something hapening when using debugs which you mentioned...
BR,
Dragan
08-13-2014 12:32 AM
If this is PPPoE config you need under Dialer interface:
- encapsulation ppp
- ppp authentication pap (maybe even offer them chap, callin etc...)
- dialer-group 1
Under global config you need:
- dialer-list 1 protocol ip permit
After these changes, if this is PPPoE, you should see something hapening when using debugs which you mentioned...
BR,
Dragan
08-21-2014 12:37 AM
Hi Dragan,
Firstly, thanks for your reply, and sorry to have taken so long to get back to you. (I've been unwell and had most of the week off work...)
I've applied your suggestions to my config, and also turned on debugging for "pppoe errors" and "pppoe events". Now I have been able to see some debug output but all I get is
*Aug 21 07:31:01.419: padi timer expired *Aug 21 07:31:01.419: Sending PADI: Interface = GigabitEthernet0/0
over and over again.
I've also been in contact with tech support at my ISP who have confirmed that I should be connecting using PPPoE.
If you have any further suggestions for how I could troubleshoot this, I'd be very grateful!
Cheers,
Kevin
09-03-2014 07:01 AM
Hi Kevin,
Please try this:
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
Please remove two highlighted lines and put in place "ip address negotiated"
interface Dialer1
ip address negotiated
no ip address 10.248.221.114 255.255.255.252
no dialer string 1234
no dialer-group 1
Please set your internal tcp mass to 1452.
interface GigabitEthernet0/1
ip tcp adjust-mss 1452
Let me know, if this helps.
thanks
Rizwan Rafeek
09-03-2014 02:57 PM
Hi Rizwan,
I have this solved now — you must not have seen my latest comment. Sorry about that, and thanks for your suggestions.
Regards,
Kevin
02-18-2015 07:16 AM
Kevin, would you mind sharing the final working config for this. I've potentially got a situation where we will have to implement a variation of this as part of a configuration to create an IPSec tunnel with our WAN vendor. The IPSec is easy to do when the ISP presents a public block on their LAN interface to the client (our router), but for cost reasons we will have to sign up with an ISP service where the only way of getting even a single IP address will be to create a bridge between our router and the ISP and create a PPOE link without NAT
Thanks, John
02-19-2015 02:40 PM
Hi John,
As you'll see by my last comment on this issue, the problem was not with my PPPoE configuration but rather the fact that the connection to my ISP was not using PPPoE after all. So my current working config doesn't contain any PPPoE directives. Sorry I can't be more help — good luck.
Regards, Kevin
08-21-2014 12:53 AM
One other thing: if I turn on "dialer" debugging, I see a lot of these lines:
*Aug 21 07:45:05.019: Di1: No free dialer - starting fast idle timer *Aug 21 07:45:06.023: Di1: No free dialer - starting fast idle timer *Aug 21 07:45:12.063: Di1: No free dialer - starting fast idle timer
I have read that this happens when the physical interface is not in any dialer pool. I thought the "pppoe-client dial-pool-number 1" config took care of that, but maybe I'm misunderstanding here...
10-19-2017 01:04 AM
Hi ,
Followed your document and set up the PPPOE configuration on cisco 1941 router.
PPPOE link is up and able to ping 4.2.2.2 can browse https traffic.
strange thing is http traffic not working, but able to do telnet on port 80.
please advise why http websites not able to browse.
Regards,
Pavan
08-21-2014 10:06 PM
try the following commands in your config
dialer-list 1 protocol ip permit
interface Dialer0
ip address x.x.x.x y.y.y.y
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname username
ppp chap password 0 xxxxxx
ppp pap sent-username username@pig.tpg.com.au password 0 xxxxxx
and in the LAN interface need to add ip nat inside
then you have to add nat access-list and ant statement to work internet in the local machines.
08-21-2014 11:55 PM
Hi. Thanks for your help here.
I've tried your config suggestions, and some variations, but I still just get the same "padi timer expired" errors and nothing else. My originally quoted config has changed a bit, so I've attached my latest running config.
Meanwhile, I had been talking to my ISP tech support but they've gone quiet at the moment. Is it possible that the problem I'm having could be caused by a misconfiguration on the ISP end of the connection? Or would I see different errors in that case?
Thanks again for helping. Cheers,
Kevin
08-22-2014 10:21 PM
hi,
after these changes also if you are getting PADI error there should something need to do on the ISP side Either hardware or connectivity.
you can test in one method if it is ethernet interface from ISP.
you can configure broadband connection in your computer to check whether the connection is working or not.
thanks
cyril
08-28-2014 11:23 PM
I have it working now. Thank you very much to both Dragan and Cyril for your help and guidance. It turned out the problem was a communication error between the ISP and me. We have two connections supplied by the same ISP, one for internet, one for telephony. When talking to their support we were mistakenly talking about different connections — the PPPoE credentials I was given related to the telephony connection, whereas I was trying to configure the internet connection. Once the confusion was identified I was given the correct connection info (which is not PPPoE after all), and I've got basic connectivity up and running quite quickly after that...
My sincere apologies for the wild goose chase on these forums — and again, many thanks for those who tried to help. I have learned lots from you regardless.
Cheers,
Kevin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide