Solved: Re: No Internet connection via PPPoE (FTTH) - Page 2

krevero · ‎01-30-2024

Hey,

I have troubles to connect the internet from the router and the clients behind. The pppoe connection seems to be established, I got an ip address but no internet connection. Need help!

My configuration (ISR1100-6G):

version 17.9
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname xxxxx
!
boot-start-marker
boot system bootflash:packages.conf
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone CET 1 0
!
!
!
!
!
!
!
ip name-server 8.8.8.8 8.8.4.4
no ip domain lookup

!
ip dhcp pool xxx
network 172.20.100.0 255.255.255.0
default-router 172.20.100.1
dns-server 8.8.8.8
!
ip dhcp pool xxxx
network 172.20.110.0 255.255.255.0
default-router 172.20.110.1
dns-server 8.8.8.8
lease 0 12
!
ip dhcp pool xxx
network 172.20.120.0 255.255.255.0
default-router 172.20.120.1
dns-server 8.8.8.8
lease 0 12
!
ip dhcp pool xxx
network 172.20.130.0 255.255.255.0
default-router 172.20.130.1
dns-server 8.8.8.8
lease 0 12
!
ip dhcp pool xxx
network 172.20.140.0 255.255.255.0
default-router 172.20.140.1
dns-server 8.8.8.8
lease 0 12
!
ip dhcp pool xxx
network 172.20.150.0 255.255.255.0
default-router 172.20.150.1
dns-server 8.8.8.8
lease 0 12
!
ip dhcp pool xxx
network 172.20.160.0 255.255.255.0
default-router 172.20.160.1
dns-server 8.8.8.8
lease 0 12
!
ip dhcp pool xxx
network 172.20.170.0 255.255.255.0
default-router 172.20.170.1
dns-server 8.8.8.8
lease 0 12
!
ip dhcp pool Tesaro
network 172.20.180.0 255.255.255.0
default-router 172.20.180.1
dns-server 8.8.8.8
lease 0 12
!
!
!
login on-success log
!
!
subscriber templating
!
vtp version 1
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
!

!
crypto pki trustpoint SLA-TrustPoint
#######
!
crypto pki trustpoint TP-self-signed-996081189
####
!
!
crypto pki certificate chain SLA-TrustPoint
#####
quit
!
!
license ###
license ###
memory free low-watermark processor 62972
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
enable password 7 ####
!
username admin privilege 15 password 7 ###
!
redundancy
mode none
!
!
!
track 1 ip sla 1 reachability
!
!
interface GigabitEthernet0/0/0
description ISP
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.7
encapsulation dot1Q 7
ip nat outside
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/2
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3.100
encapsulation dot1Q 100
!
interface GigabitEthernet0/0/4
description Switch Uplink
ip address 172.20.100.1 255.255.255.0
ip nat inside
negotiation auto
spanning-tree portfast trunk
!
interface GigabitEthernet0/0/4.110
encapsulation dot1Q 110
ip address 172.20.110.1 255.255.255.0
!
interface GigabitEthernet0/0/4.120
encapsulation dot1Q 120
ip address 172.20.120.1 255.255.255.0
!
interface GigabitEthernet0/0/4.130
encapsulation dot1Q 130
ip address 172.20.130.1 255.255.255.0
!
interface GigabitEthernet0/0/4.140
encapsulation dot1Q 140
ip address 172.20.140.1 255.255.255.0
!
interface GigabitEthernet0/0/4.150
encapsulation dot1Q 150
ip address 172.20.150.1 255.255.255.0
!
interface GigabitEthernet0/0/4.160
encapsulation dot1Q 160
ip address 172.20.160.1 255.255.255.0
!
interface GigabitEthernet0/0/4.170
encapsulation dot1Q 170
ip address 172.20.170.1 255.255.255.0
!
interface GigabitEthernet0/0/4.180
encapsulation dot1Q 180
ip address 172.20.180.1 255.255.255.0
!
interface GigabitEthernet0/0/5
no ip address
shutdown
negotiation auto
!
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1442
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp mtu adaptive
ppp authentication chap callin
ppp chap hostname xxx@xxx
ppp chap password 7 xxx
ppp ipcp dns request
ppp ipcp route default
ppp ipcp address accept
!
interface Dialer2
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip nat inside source list 197 interface Dialer1 overload
ip nat inside source route-map track-primary-if interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip ssh version 2
!
!
!
ip sla 1
icmp-echo 8.8.8.8 source-interface Dialer2
ip sla schedule 1 life forever start-time now
ip access-list extended 197
10 permit ip any any
20 permit icmp any any
30 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
route-map track-primary-if permit 1
match ip address 197
match interface Dialer1
!
route-map track-secondary-if permit 1
match ip address 197
!

!
control-plane
!
!
!
line con 0
stopbits 1
line aux 0
line vty 0 4
length 0
transport input ssh
line vty 5 14
transport input ssh
!
ntp server ip ptbtime1.ptb.de
ntp server ip 0.de.pool.ntp.org prefer
!
!
!
!
!
!
end

----------------------------------------------------------

sh ip int brief (Dialer 1 is binded to Virtual-Access2)

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 unassigned YES NVRAM up up
GigabitEthernet0/0/0.7 unassigned YES manual up up
GigabitEthernet0/0/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/0/2 192.168.1.1 YES NVRAM up up
GigabitEthernet0/0/3 unassigned YES NVRAM administratively down down
GigabitEthernet0/0/4 172.20.100.1 YES NVRAM down down
Gi0/0/4.110 172.20.110.1 YES NVRAM down down
Gi0/0/4.120 172.20.120.1 YES NVRAM down down
Gi0/0/4.130 172.20.130.1 YES NVRAM down down
Gi0/0/4.140 172.20.140.1 YES NVRAM down down
Gi0/0/4.150 172.20.150.1 YES NVRAM down down
Gi0/0/4.160 172.20.160.1 YES NVRAM down down
Gi0/0/4.170 172.20.170.1 YES NVRAM down down
Gi0/0/4.180 172.20.180.1 YES NVRAM down down
GigabitEthernet0/0/5 unassigned YES NVRAM down down
Dialer1 87.148.xx.xxx YES IPCP up up
Dialer2 unassigned YES unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES NVRAM up up

-------------------------------------------------------

debug pppoe events

debug pppoe negotiation

clear interface dialer 1

*Jan 30 14:32:43.578: PPPoE : Shutting down client session
*Jan 30 14:32:43.579: PPPoE VLAN CoS (pppoe_send_padt)=>GigabitEthernet0/0/0.7 :: cos=0x0
*Jan 30 14:32:43.579: [0]PPPoE 11: O PADT R:ec13.db13.1cac L:c828.e555.4c21 Gi0/0/0.7
*Jan 30 14:32:43.581: PPPoE: Failed to add PPPoE switching subblock
*Jan 30 14:32:43.582: Vi2 PPP DISC: Authentication configuration changed
*Jan 30 14:32:43.582: Vi2 PPP: Sending Acct Event[Down] id[18]
*Jan 30 14:32:43.582: PPP: NET STOP send to AAA.
*Jan 30 14:32:43.582: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
*Jan 30 14:32:43.584: Vi2 PPP: Block vaccess from being freed [0x10]
*Jan 30 14:32:43.593: Di1 Deleted neighbor route from AVL tree: topoid 796304859762330381, address 62.155.xxx.xxx
*Jan 30 14:32:43.593: Di1 IPCP: Remove route to 62.155.xx.xx
*Jan 30 14:32:43.593: Di1 IPCP: Remove default route thru 62.155.xxx.xxx
*Jan 30 14:32:43.593: ppp_session_ntfy delete, topswidb Vi2, va Vi2, platform notify 0
*Jan 30 14:32:43.594: Vi2 IPCP: Event[DOWN] State[Open to Starting]
*Jan 30 14:32:43.594: Vi2 IPCP: Event[CLOSE] State[Starting to Initial]
*Jan 30 14:32:43.594: Vi2 LCP: Event[DOWN] State[Open to Starting]
*Jan 30 14:32:43.594: ppp_session_ntfy delete, topswidb Vi2, va Vi2, platform notify 0
*Jan 30 14:32:43.594: Vi2 PPP: Unlocked by [0x10] Still Locked by [0x0]
*Jan 30 14:32:43.594: Vi2 PPP: Free previously blocked vaccess
*Jan 30 14:32:43.594: Vi2 PPP: Phase is DOWN
*Jan 30 14:32:43.595: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down
*Jan 30 14:32:43.597: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Jan 30 14:32:43.597: Vi2 PPP: Sending cstate DOWN notification
*Jan 30 14:32:43.604: Vi2 PPP: Processing CstateDown message
*Jan 30 14:32:43.609: PPPoE: Unexpected Event!. PPPoE switching Subblockdestroy called

*Jan 30 14:33:03.806: Sending PADI: Interface = GigabitEthernet0/0/0.7
*Jan 30 14:33:03.806: PPPoE VLAN CoS (pppoe_client_send_padi)=>GigabitEthernet0/0/0.7 :: cos=0x0
*Jan 30 14:33:03.897: PPPoE 0: I PADO R:ec13.db13.1cac L:c828.e555.4c21 7 Gi0/0/0.7
*Jan 30 14:33:05.854: PPPOE: we've got our pado and the pado timer went off
*Jan 30 14:33:05.854: OUT PADR from PPPoE Session
*Jan 30 14:33:05.854: PPPoE VLAN CoS (pppoe_client_send_padr)=>GigabitEthernet0/0/0.7 :: cos=0x0
*Jan 30 14:33:05.864: PPPoE 11: I PADS R:ec13.db13.1cac L:c828.e555.4c21 7 Gi0/0/0.7
*Jan 30 14:33:05.864: IN PADS from PPPoE Session
*Jan 30 14:33:05.866: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Jan 30 14:33:05.866: PPPoE: Virtual Access interface obtained.
*Jan 30 14:33:05.866: [0]PPPoE 11: data path set to PPPoE Client
*Jan 30 14:33:05.869: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Jan 30 14:33:05.870: Vi2 PPP: Sending cstate UP notification
*Jan 30 14:33:05.870: Vi2 PPP: Processing CstateUp message
*Jan 30 14:33:05.871: PPP: Alloc Context [7F7EDA2A42F8]
*Jan 30 14:33:05.871: ppp5 PPP: Phase is ESTABLISHING
*Jan 30 14:33:05.871: Vi2 PPP: Using dialer call direction
*Jan 30 14:33:05.871: Vi2 PPP: Treating connection as a callout
*Jan 30 14:33:05.871: Vi2 PPP: Session handle[84000005] Session id[5]
*Jan 30 14:33:05.871: Vi2 LCP: Event[OPEN] State[Initial to Starting]
*Jan 30 14:33:05.871: Vi2 PPP: No remote authentication for call-out
*Jan 30 14:33:05.871: Vi2 LCP: O CONFREQ [Starting] id 1 len 14
*Jan 30 14:33:05.871: Vi2 LCP: MRU 1492 (0x010405D4)
*Jan 30 14:33:05.871: Vi2 LCP: MagicNumber 0x290A3451 (0x0506290A3451)
*Jan 30 14:33:05.871: Vi2 LCP: Event[UP] State[Starting to REQsent]
*Jan 30 14:33:05.881: Vi2 LCP: I CONFREQ [REQsent] id 198 len 18
*Jan 30 14:33:05.881: Vi2 LCP: MRU 1492 (0x010405D4)
*Jan 30 14:33:05.881: Vi2 LCP: AuthProto PAP (0x0304C023)
*Jan 30 14:33:05.881: Vi2 LCP: MagicNumber 0x430AA9D8 (0x0506430AA9D8)
*Jan 30 14:33:05.881: Vi2 LCP: O CONFNAK [REQsent] id 198 len 9
*Jan 30 14:33:05.881: Vi2 LCP: AuthProto CHAP (0x0305C22305)
*Jan 30 14:33:05.881: Vi2 LCP: Event[Receive ConfReq-] State[REQsent to REQsent]
*Jan 30 14:33:05.881: Vi2 LCP: I CONFACK [REQsent] id 1 len 14
*Jan 30 14:33:05.881: Vi2 LCP: MRU 1492 (0x010405D4)
*Jan 30 14:33:05.881: Vi2 LCP: MagicNumber 0x290A3451 (0x0506290A3451)
*Jan 30 14:33:05.881: Vi2 LCP: Event[Receive ConfAck] State[REQsent to ACKrcvd]
*Jan 30 14:33:05.889: Vi2 LCP: I CONFREQ [ACKrcvd] id 199 len 19
*Jan 30 14:33:05.889: Vi2 LCP: MRU 1492 (0x010405D4)
*Jan 30 14:33:05.889: Vi2 LCP: AuthProto CHAP (0x0305C22305)
*Jan 30 14:33:05.889: Vi2 LCP: MagicNumber 0x430AA9D8 (0x0506430AA9D8)
*Jan 30 14:33:05.889: Vi2 LCP: O CONFACK [ACKrcvd] id 199 len 19
*Jan 30 14:33:05.889: Vi2 LCP: MRU 1492 (0x010405D4)
*Jan 30 14:33:05.889: Vi2 LCP: AuthProto CHAP (0x0305C22305)
*Jan 30 14:33:05.889: Vi2 LCP: MagicNumber 0x430AA9D8 (0x0506430AA9D8)
*Jan 30 14:33:05.889: Vi2 LCP: Event[Receive ConfReq+] State[ACKrcvd to Open]
*Jan 30 14:33:05.896: Vi2 PPP: Queue CHAP code[1] id[66]
*Jan 30 14:33:05.918: Vi2 PPP: Phase is AUTHENTICATING, by the peer
*Jan 30 14:33:05.918: Vi2 CHAP: Redirect packet to Vi2
*Jan 30 14:33:05.918: Vi2 CHAP: I CHALLENGE id 66 len 26 from "JUNOS"
*Jan 30 14:33:05.919: Vi2 LCP: State is Open
*Jan 30 14:33:05.919: Vi2 CHAP: Using hostname from interface CHAP
*Jan 30 14:33:05.919: Vi2 CHAP: Using password from interface CHAP
*Jan 30 14:33:05.931: Vi2 CHAP: O RESPONSE id 66 len 61 from "xxx@xxx"
*Jan 30 14:33:06.056: Vi2 CHAP: I SUCCESS id 66 len 4
*Jan 30 14:33:06.056: Vi2 PPP: Phase is FORWARDING, Attempting Forward
*Jan 30 14:33:06.057: Vi2 PPP: Phase is ESTABLISHING, Finish LCP
*Jan 30 14:33:06.057: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
*Jan 30 14:33:06.058: Vi2 PPP: No AAA accounting method list
*Jan 30 14:33:06.058: Vi2 PPP: Phase is UP
*Jan 30 14:33:06.059: Vi2 IPCP: Protocol configured, start CP. state[Initial]
*Jan 30 14:33:06.059: Vi2 IPCP: Event[OPEN] State[Initial to Starting]
*Jan 30 14:33:06.059: Vi2 IPCP: O CONFREQ [Starting] id 1 len 22
*Jan 30 14:33:06.059: Vi2 IPCP: Address 0.0.0.0 (0x030600000000)
*Jan 30 14:33:06.059: Vi2 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*Jan 30 14:33:06.059: Vi2 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*Jan 30 14:33:06.060: Vi2 IPCP: Event[UP] State[Starting to REQsent]
*Jan 30 14:33:06.066: Vi2 IPCP: I CONFREQ [REQsent] id 32 len 10
*Jan 30 14:33:06.066: Vi2 IPCP: Address 62.155.xxx.xxx (0x03063E9BF3CE)
*Jan 30 14:33:06.066: Vi2 IPCP: Accept the peer address 62.155.xxx.xxx
*Jan 30 14:33:06.066: Vi2 IPCP: O CONFACK [REQsent] id 32 len 10
*Jan 30 14:33:06.066: Vi2 IPCP: Address 62.155.xxx.xxx (0x03063E9BF3CE)
*Jan 30 14:33:06.066: Vi2 IPCP: Event[Receive ConfReq+] State[REQsent to ACKsent]
*Jan 30 14:33:06.066: Vi2 IPCP: I CONFNAK [ACKsent] id 1 len 22
*Jan 30 14:33:06.066: Vi2 IPCP: Address 80.xx.xx.xx (0x0306508B5E3D)
*Jan 30 14:33:06.066: Vi2 IPCP: PrimaryDNS 37.50.8.60 (0x81062532083C)
*Jan 30 14:33:06.066: Vi2 IPCP: SecondaryDNS 37.50.8.61 (0x83062532083D)
*Jan 30 14:33:06.066: Vi2 IPCP: O CONFREQ [ACKsent] id 2 len 22
*Jan 30 14:33:06.066: Vi2 IPCP: Address 80.xx.xx.xx (0x0306508B5E3D)
*Jan 30 14:33:06.066: Vi2 IPCP: PrimaryDNS 37.50.8.60 (0x81062532083C)
*Jan 30 14:33:06.066: Vi2 IPCP: SecondaryDNS 37.50.8.61 (0x83062532083D)
*Jan 30 14:33:06.067: Vi2 IPCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]
*Jan 30 14:33:06.230: Vi2 IPCP: I CONFACK [ACKsent] id 2 len 22
*Jan 30 14:33:06.230: Vi2 IPCP: Address 80.xx.xx.xx (0x0306508B5E3D)
*Jan 30 14:33:06.230: Vi2 IPCP: PrimaryDNS 37.50.8.60 (0x81062532083C)
*Jan 30 14:33:06.230: Vi2 IPCP: SecondaryDNS 37.50.8.61 (0x83062532083D)
*Jan 30 14:33:06.230: Vi2 IPCP: Event[Receive ConfAck] State[ACKsent to Open]
*Jan 30 14:33:06.238: Vi2 IPCP: State is Open
*Jan 30 14:33:06.238: Di1 IPCP: Install negotiated IP interface address 80.xxx.xx.xx
*Jan 30 14:33:06.241: PPPoE : ipfib_encapstr prepared
*Jan 30 14:33:06.281: Di1 IPCP: Install default route thru 62.155.xx.xx
*Jan 30 14:33:06.281: Di1 Added to neighbor route AVL tree: topoid 796304859762330381, address 62.155.xx.xx
*Jan 30 14:33:06.281: Di1 IPCP: Install route to 62.155.xx.xx
*Jan 30 14:33:06.281: PPPoE : ipfib_encapstr prepared
*Jan 30 14:33:06.285: %SYS-5-CONFIG_P: Configured programmatically by process DDR Timers from console as admin on console

krevero · ‎01-30-2024

3 - CWA is a default route for Central Web Authenication - WLC --> nothing to worry about.

4 - No, the second ip is the default route/Next hop for the pppoe connection, which is provided by the isp.

even when i shut and no shut the interface. I will get this gateway/route. You can see that in the debug

*Jan 30 14:33:06.238: Di1 IPCP: Install negotiated IP interface address 80.xxx.xx.xx
*Jan 30 14:33:06.241: PPPoE : ipfib_encapstr prepared
*Jan 30 14:33:06.281: Di1 IPCP: Install default route thru 62.155.xx.xx
*Jan 30 14:33:06.281: Di1 Added to neighbor route AVL tree: topoid 796304859762330381, address 62.155.xx.xx
*Jan 30 14:33:06.281: Di1 IPCP: Install route to 62.155.xx.xx

MHM Cisco World · ‎01-30-2024

4 - No, the second ip is the default route/Next hop for the pppoe connection, which is provided by the isp.

indeed it if ISP use LO with this Public IP under virtual-template
NOW

ping 8.8.8.8 source ip 80.xxx.xx.xx <<- this ping must success if this IP received from ISP
please config this ping success
MHM

krevero · ‎01-30-2024

ping 8.8.8.8 source 80.139.xx.xx
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 80.139.xx.xx
.....
Success rate is 0 percent (0/5)

ping 8.8.8.8 source dialer 1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 80.139.xx.xx
.....
Success rate is 0 percent (0/5)

ping 8.8.8.8 source gigabitEthernet 0/0/0.7
% Invalid source interface - IP not enabled or interface is down

not sure about the last ping, do I need to enable ip on gi0/0/0.7?

MHM Cisco World · ‎01-30-2024

ping 8.8.8.8 source dialer 1 <<- ping after remove ip nat outside from dialer 1
MHM

krevero · ‎01-30-2024

unfortunately the same result:

ping 8.8.8.8 source dialer 1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 80.139.xx.xx
.....
Success rate is 0 percent (0/5)

sh run int dialer 1
interface Dialer1
mtu 1492
ip address negotiated
encapsulation ppp
ip tcp adjust-mss 1400
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp mtu adaptive
ppp authentication chap callin
ppp chap hostname xxxxx@t-online.de
ppp chap password 7 xxxx
ppp ipcp dns request
ppp ipcp address accept
end

Some more information

sh int dialer 1
Dialer1 is up, line protocol is up
Hardware is Unknown
Internet address is 80.139.xx.xx/32
MTU 1492 bytes, BW 56 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Closed, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi2
Last input 00:00:02, output 00:00:02, output hang never
Last clearing of "show interface" counters 07:25:14
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 42 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
8005 packets input, 253415 bytes
8316 packets output, 256456 bytes
Bound to:
Virtual-Access2 is up, line protocol is up
Hardware is Virtual Access interface
Internet address will be negotiated using IPCP
MTU 1492 bytes, BW 56 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP
PPPoE vaccess, cloned from Dialer1
Vaccess status 0x44, loopback not set
Keepalive set (10 sec)
Interface is bound to Di1 (Encapsulation PPP)
Last input 00:00:05, output never, output hang never
Last clearing of "show interface" counters 03:03:15
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
3287 packets input, 102408 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
3385 packets output, 102503 bytes, 0 underruns
Output 0 broadcasts (0 IP multicasts)
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions

MHM Cisco World · ‎01-30-2024

Ping again after remove ip nat outside from GigabitEthernet0/0/0.7

MHM

krevero · ‎01-30-2024

still not working..

MHM Cisco World · ‎01-31-2024

R#show ppp interface virtual-access x

check the DNS you get from ISP and ping it
it can ISP have policy drop request to 8.8.8.8

MHM

Georg Pauwen · ‎01-30-2024

Hello,

who is your ISP ? You are using Vlan 7 for the ISP connection, is there a reason for that ?

interface GigabitEthernet0/0/0.7
encapsulation dot1Q 7
ip nat outside
pppoe enable group global
pppoe-client dial-pool-number 1

krevero · ‎01-30-2024

it is Telekom (Germany) and vlan 7 is mandetory

Georg Pauwen · ‎01-30-2024

Hello,

thanks for the info. Telekom indeed requires Vlan 7. I don't know if you understand German, or if you are in Germany, but the problem might be with authentication. I can translate the below if need be:

Protocol: PPPoE
PAP/CHAP username: AnschlusskennungZugangsnummerMitbenutzernummer@t-online.de
PAP/CHAP password: Zugangskenntwort

If your access code (Zugangsnummer) has less than 12 digits, read the below:

https://telekomhilft.telekom.de/t5/Festnetz-Internet/PPPOE-Einwahl-ueber-einen-Router-herstellen/ta-p/3654990

krevero · ‎01-30-2024

I’m in Germany and understand german as well. the pppoe session is established in my point of view. I would not get an ip address and the pppoe authentication debug (from the beginning) is successful.

Georg Pauwen · ‎01-30-2024

Hello,

that's right. I just mentioned it to be sure. At this point, I would erase the entire config (wr erase), reload the router, and start from scratch with just the bare, basic config below. Something is interfering.

version 17.9
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname xxxxx
!
boot-start-marker
boot system bootflash:packages.conf
boot-end-marker
!
aaa new-model
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
clock timezone CET 1 0
!
ip name-server 8.8.8.8 8.8.4.4
no ip domain lookup
!
ip dhcp pool xxx
network 172.20.100.0 255.255.255.0
default-router 172.20.100.1
dns-server 8.8.8.8
!
ip dhcp pool xxxx
network 172.20.110.0 255.255.255.0
default-router 172.20.110.1
dns-server 8.8.8.8
lease 0 12
!
ip dhcp pool xxx
network 172.20.120.0 255.255.255.0
default-router 172.20.120.1
dns-server 8.8.8.8
lease 0 12
!
ip dhcp pool xxx
network 172.20.130.0 255.255.255.0
default-router 172.20.130.1
dns-server 8.8.8.8
lease 0 12
!
ip dhcp pool xxx
network 172.20.140.0 255.255.255.0
default-router 172.20.140.1
dns-server 8.8.8.8
lease 0 12
!
ip dhcp pool xxx
network 172.20.150.0 255.255.255.0
default-router 172.20.150.1
dns-server 8.8.8.8
lease 0 12
!
ip dhcp pool xxx
network 172.20.160.0 255.255.255.0
default-router 172.20.160.1
dns-server 8.8.8.8
lease 0 12
!
ip dhcp pool xxx
network 172.20.170.0 255.255.255.0
default-router 172.20.170.1
dns-server 8.8.8.8
lease 0 12
!
ip dhcp pool Tesaro
network 172.20.180.0 255.255.255.0
default-router 172.20.180.1
dns-server 8.8.8.8
lease 0 12
!
login on-success log
!
subscriber templating
!
vtp version 1
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
!
crypto pki trustpoint SLA-TrustPoint
#######
!
crypto pki trustpoint TP-self-signed-996081189
####
!
crypto pki certificate chain SLA-TrustPoint
#####
quit
!
license ###
license ###
memory free low-watermark processor 62972
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
enable password 7 ####
!
username admin privilege 15 password 7 ###
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
description ISP
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.7
encapsulation dot1Q 7
ip nat outside
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/2
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3.100
encapsulation dot1Q 100
!
interface GigabitEthernet0/0/4
description Switch Uplink
ip address 172.20.100.1 255.255.255.0
ip nat inside
negotiation auto
spanning-tree portfast trunk
!
interface GigabitEthernet0/0/4.110
encapsulation dot1Q 110
ip address 172.20.110.1 255.255.255.0
!
interface GigabitEthernet0/0/4.120
encapsulation dot1Q 120
ip address 172.20.120.1 255.255.255.0
!
interface GigabitEthernet0/0/4.130
encapsulation dot1Q 130
ip address 172.20.130.1 255.255.255.0
!
interface GigabitEthernet0/0/4.140
encapsulation dot1Q 140
ip address 172.20.140.1 255.255.255.0
!
interface GigabitEthernet0/0/4.150
encapsulation dot1Q 150
ip address 172.20.150.1 255.255.255.0
!
interface GigabitEthernet0/0/4.160
encapsulation dot1Q 160
ip address 172.20.160.1 255.255.255.0
!
interface GigabitEthernet0/0/4.170
encapsulation dot1Q 170
ip address 172.20.170.1 255.255.255.0
!
interface GigabitEthernet0/0/4.180
encapsulation dot1Q 180
ip address 172.20.180.1 255.255.255.0
!
interface GigabitEthernet0/0/5
no ip address
shutdown
negotiation auto
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1442
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp mtu adaptive
ppp authentication chap callin
ppp chap hostname xxx@xxx
ppp chap password 7 xxx
ppp ipcp dns request
ppp ipcp route default
ppp ipcp address accept
!
interface Dialer2
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip ssh version 2
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 172.20.100.0 0.0.0.255

!
dialer-list 1 protocol ip permit
!
control-plane
!
line con 0
stopbits 1
line aux 0
line vty 0 4
length 0
transport input ssh
line vty 5 14
transport input ssh
!
ntp server ip ptbtime1.ptb.de
ntp server ip 0.de.pool.ntp.org prefer
!
end

krevero · ‎01-30-2024

i was thinking about that too. So I've done that, but still no connection to the internet.

Georg Pauwen · ‎01-31-2024

Hello,

utterly annoying indeed. Which public IP address are you getting ? I want to test if I can ping that address...

EDIT: Since you use IPCP for the default route, try and remove the static default route, which is not needed:

--> no ip route 0.0.0.0 0.0.0.0 Dialer1