cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1956
Views
0
Helpful
6
Replies

Cisco 877W doesn't see PADO frame from AC

Victor086
Level 1
Level 1

Hello,

I have a problem establishing PPPoE session with COMSTAR provider. There is no problem to establish PPPoE session from winXP notebook directly, but when I try to establish it from router there is no luck. I tried to configure my router in two different ways:

First, I enable pppoe-client dial-pool-number 10 on VLAN interface like this:

interface FastEthernet3

switchport access vlan 30

pppoe enable group global

interface Vlan30

no ip address

pppoe enable group global

pppoe-client dial-pool-number 10

interface Dialer10

ip address negotiated

......

This config works fine for about 4 month, then one day it disconnects and there is no luck anymore.

When I SPAN traffic from FastEthernet3 and run Wireshark, I see PADI frame from my router with debug pppoe events and in Wirwshark, but no PADO from AC.

when I do not use VLAN interface, and alter configuration like this:

interface FastEthernet3

pppoe enable group global

pppoe-client dial-pool-number 10

I cannot see my PADI with Wireshark, only with debug pppoe events. But I see PADO from AC with Wireshark, while my router doesn't see it.

debug pppoe events

debug pppoe packets:

*Jul 30 08:19:42:  Sending PADI: Interface = FastEthernet3

*Jul 30 08:19:42: pppoe_send_padi:

         FF FF FF FF FF FF 00 1C 57 F3 EF 85 88 63 11 09

         00 00 00 0C 01 01 00 00 01 03 00 04 85 44 26 18 ...

PADO in wireshark:

0000  00 1c 57 f3 ef 85 d0 d0  fd 50 82 81 88 63 11 07   ..W..... .P...c..

0010  00 00 00 3e 01 01 00 00  01 03 00 04 85 44 26 18   ...>.... .....D&.

0020  01 02 00 1a 63 31 30 30  32 2d 73 72 30 32 2d 4d   ....c100 2-sr02-M

0030  41 47 49 53 54 52 39 2d  65 6e 2d 73 67 63 01 04   AGISTR9- en-sgc..

0040  00 10 48 70 ff a8 99 00  b3 66 b7 db 64 21 1c 33   ..Hp.... .f..d!.3

0050  be d7 

I am running c870-advipservicesk9-mz.124-24.T5.bin IOS.

ISP techsupport refuses to help, because PPPoE session from winXP directly can be established successfully, and says it is my router's problem.

Can anybody help me with it? What else can I try to do?

6 Replies 6

Juan Perez
Level 1
Level 1

Victor,

Could you please send us the current show run, show vlan-switch and show ip int brief. It should have worked with the first provided configuration (using FE3 switchport and enabling VLAN for PPPoE), but I would remove "pppoe enable group global" from under FE interface:

interface FastEthernet3

switchport access vlan 30

interface Vlan30

no ip address

pppoe enable group global

pppoe-client dial-pool-number 10

interface Dialer10

ip address negotiated

Now, have you verified if external modem is set to "bridge" mode?

There is no external modem at all. I have ethernet connection to provider equipment.

I know that the first provided configuration should work. It worked for about four months. Then something happens and it fails to connect. I suppose it's ISP configuration issue, but ISP techsupport refuses to help with it. 

Now I change ISP because I cannot use such service.

Hi Victor,

That is weird. Have you tried getting your PC's MAC and configuring it under your FE interface (MAC spoofing)? This will let us know if your ISP is kind of doing layer 2 security over this connection:

interface FastEthernet3

mac-address xxxx.xxxx.xxxx

Regards.

I tried to configure my router's MAC address (source MAC address of PADI frame) under my PC's network adapter and it connects fine. I could see full PPPoE session establishment in wireshark with router's MAC address as a source from my side.

I tried to make frames tagged (VLAN 30) and untagged (VLAN 1), I could see in wireshark 802.1q header for VLAN 30 and no 802.1q header for VLAN 1.

There's definitely no layer 2 security on this connection.

The strangest thing is that it works with default windows pppoe client and doesn't work with cisco pppoe client. As I can see from PADO frame mac address, ISP's AC is also cisco device (mac d0d0.fd50.8281).

Hi Victor,

Unfortunately there is no much we can do from our side if ISP is not helping at all, wondering if they are receiving our PADI when using VLAN interface scenario, or if there was a config/IOS change made at the Agg device recently or at the moment problem started. You can also try with 12.4(24)T4 since there are some known issues with T5.

Regards.

ISP's engineers told that if I can establish connection from my PC there is a problem with my router. That's not ISP's problem. They don't make any customer equipment's configuration, so I can do anything I want. They won't make any assistance for me from ISP's side to make things clear.

I see no more things I can try from my side, so I forced to change ISP.