Solved: Re: Using RAS5350 to dial out to ISPs

agasfer2009 · ‎11-20-2009

I am trying to setup a system where an AS5350 would be used for dial out and internet access through ISPs which still provide dial up access for PCs.

So, I have a system configured and am trying to connect to Earthlink. The prob,me is that even LCP fails to negotiate:

*Jan 6 05:26:47.248: As2/85 PPP: Using dialer call direction

*Jan 6 05:26:47.248: As2/85 PPP: Treating connection as a callout

*Jan 6 05:26:47.248: As2/85 PPP: Session handle[130000EA] Session id[26]

*Jan 6 05:26:47.248: As2/85 PPP: Phase is ESTABLISHING, Active Open

*Jan 6 05:26:47.248: As2/85 PPP: Authorization required

*Jan 6 05:26:47.248: As2/85 PPP: No remote authentication for call-out

*Jan 6 05:26:47.248: As2/85 LCP: O CONFREQ [Closed] id 56 len 20

*Jan 6 05:26:47.248: As2/85 LCP: ACCM 0x000A0000 (0x0206000A0000)

*Jan 6 05:26:47.248: As2/85 LCP: MagicNumber 0x25DF15B5 (0x050625DF15B5)

*Jan 6 05:26:47.248: As2/85 LCP: PFC (0x0702)

*Jan 6 05:26:47.248: As2/85 LCP: ACFC (0x0802)

*Jan 6 05:26:47.408: As2/85 LCP: I CONFREQ [REQsent] id 1 len 39

*Jan 6 05:26:47.408: As2/85 LCP: VendorSpecific OUI (0x00040000)

*Jan 6 05:26:47.408: As2/85 LCP: MRU 1524 (0x010405F4)

*Jan 6 05:26:47.408: As2/85 LCP: ACCM 0x000A0000 (0x0206000A0000)

*Jan 6 05:26:47.408: As2/85 LCP: AuthProto PAP (0x0304C023)

*Jan 6 05:26:47.408: As2/85 LCP: PFC (0x0702)

*Jan 6 05:26:47.408: As2/85 LCP: ACFC (0x0802)

*Jan 6 05:26:47.408: As2/85 LCP: MRRU 1524 (0x110405F4)

*Jan 6 05:26:47.412: As2/85 LCP: EndpointDisc 3 00d0.5204.172d (0x13090300D05204172D)

*Jan 6 05:26:47.412: As2/85 LCP: O CONFREJ [REQsent] id 1 len 12

*Jan 6 05:26:47.412: As2/85 LCP: VendorSpecific OUI (0x00040000)

*Jan 6 05:26:47.412: As2/85 LCP: MRRU 1524 (0x110405F4)

*Jan 6 05:26:47.420: As2/85 LCP: I CONFACK [REQsent] id 56 len 20

*Jan 6 05:26:47.420: As2/85 LCP: ACCM 0x000A0000 (0x0206000A0000)

*Jan 6 05:26:47.420: As2/85 LCP: MagicNumber 0x25DF15B5 (0x050625DF15B5)

*Jan 6 05:26:47.420: As2/85 LCP: PFC (0x0702)

*Jan 6 05:26:47.420: As2/85 LCP: ACFC (0x0802)

*Jan 6 05:26:47.544: As2/85 LCP: I CONFREQ [ACKrcvd] id 2 len 31

*Jan 6 05:26:47.544: As2/85 LCP: MRU 1524 (0x010405F4)

*Jan 6 05:26:47.544: As2/85 LCP: ACCM 0x000A0000 (0x0206000A0000)

*Jan 6 05:26:47.544: As2/85 LCP: AuthProto PAP (0x0304C023)

*Jan 6 05:26:47.544: As2/85 LCP: PFC (0x0702)

*Jan 6 05:26:47.548: As2/85 LCP: ACFC (0x0802)

*Jan 6 05:26:47.548: As2/85 LCP: EndpointDisc 3 00d0.5204.172d (0x13090300D05204172D)

*Jan 6 05:26:47.548: As2/85 LCP: O CONFNAK [ACKrcvd] id 2 len 9

*Jan 6 05:26:47.548: As2/85 LCP: AuthProto CHAP (0x0305C22305)

*Jan 6 05:26:47.680: As2/85 LCP: I CONFREQ [ACKrcvd] id 2 len 31

*Jan 6 05:26:47.684: As2/85 LCP: MRU 1524 (0x010405F4)

*Jan 6 05:26:47.684: As2/85 LCP: ACCM 0x000A0000 (0x0206000A0000)

*Jan 6 05:26:47.684: As2/85 LCP: AuthProto PAP (0x0304C023)

*Jan 6 05:26:47.684: As2/85 LCP: PFC (0x0702)

*Jan 6 05:26:47.684: As2/85 LCP: ACFC (0x0802)

*Jan 6 05:26:47.684: As2/85 LCP: EndpointDisc 3 00d0.5204.172d (0x13090300D05204172D)

*Jan 6 05:26:47.684: As2/85 LCP: O CONFNAK [ACKrcvd] id 2 len 9

*Jan 6 05:26:47.684: As2/85 LCP: AuthProto CHAP (0x0305C22305)

*Jan 6 05:26:47.808: As2/85 LCP: I CONFREQ [ACKrcvd] id 2 len 31

*Jan 6 05:26:47.808: As2/85 LCP: MRU 1524 (0x010405F4)

*Jan 6 05:26:47.808: As2/85 LCP: ACCM 0x000A0000 (0x0206000A0000)

*Jan 6 05:26:47.808: As2/85 LCP: AuthProto PAP (0x0304C023)

*Jan 6 05:26:47.808: As2/85 LCP: PFC (0x0702)

*Jan 6 05:26:47.808: As2/85 LCP: ACFC (0x0802)

*Jan 6 05:26:47.808: As2/85 LCP: EndpointDisc 3 00d0.5204.172d (0x13090300D05204172D)

*Jan 6 05:26:47.808: As2/85 LCP: O CONFNAK [ACKrcvd] id 2 len 9

*Jan 6 05:26:47.808: As2/85 LCP: AuthProto CHAP (0x0305C22305)

*Jan 6 05:26:47.932: As2/85 LCP: I CONFREQ [ACKrcvd] id 2 len 31

*Jan 6 05:26:47.932: As2/85 LCP: MRU 1524 (0x010405F4)

*Jan 6 05:26:47.932: As2/85 LCP: ACCM 0x000A0000 (0x0206000A0000)

*Jan 6 05:26:47.932: As2/85 LCP: AuthProto PAP (0x0304C023)

*Jan 6 05:26:47.932: As2/85 LCP: PFC (0x0702)

*Jan 6 05:26:47.932: As2/85 LCP: ACFC (0x0802)

*Jan 6 05:26:47.936: As2/85 LCP: EndpointDisc 3 00d0.5204.172d (0x13090300D05204172D)

*Jan 6 05:26:47.936: As2/85 LCP: O CONFNAK [ACKrcvd] id 2 len 9

*Jan 6 05:26:47.936: As2/85 LCP: AuthProto CHAP (0x0305C22305)

*Jan 6 05:26:48.060: As2/85 LCP: I CONFREQ [ACKrcvd] id 2 len 31

*Jan 6 05:26:48.060: As2/85 LCP: MRU 1524 (0x010405F4)

*Jan 6 05:26:48.060: As2/85 LCP: ACCM 0x000A0000 (0x0206000A0000)

*Jan 6 05:26:48.060: As2/85 LCP: AuthProto PAP (0x0304C023)

*Jan 6 05:26:48.060: As2/85 LCP: PFC (0x0702)

*Jan 6 05:26:48.060: As2/85 LCP: ACFC (0x0802)

*Jan 6 05:26:48.060: As2/85 LCP: EndpointDisc 3 00d0.5204.172d (0x13090300D05204172D)

*Jan 6 05:26:48.060: As2/85 LCP: O CONFNAK [ACKrcvd] id 2 len 9

*Jan 6 05:26:48.060: As2/85 LCP: AuthProto CHAP (0x0305C22305)

*Jan 6 05:26:48.192: As2/85 LCP: I CONFREQ [ACKrcvd] id 2 len 31

*Jan 6 05:26:48.192: As2/85 LCP: MRU 1524 (0x010405F4)

*Jan 6 05:26:48.192: As2/85 LCP: ACCM 0x000A0000 (0x0206000A0000)

*Jan 6 05:26:48.192: As2/85 LCP: AuthProto PAP (0x0304C023)

*Jan 6 05:26:48.192: As2/85 LCP: PFC (0x0702)

*Jan 6 05:26:48.192: As2/85 LCP: ACFC (0x0802)

*Jan 6 05:26:48.192: As2/85 LCP: EndpointDisc 3 00d0.5204.172d (0x13090300D05204172D)

*Jan 6 05:26:48.192: As2/85 LCP: O CONFREJ [ACKrcvd] id 2 len 8

*Jan 6 05:26:48.192: As2/85 LCP: AuthProto PAP (0x0304C023)

*Jan 6 05:26:48.320: As2/85 LCP: I TERMREQ [ACKrcvd] id 3 len 4

*Jan 6 05:26:48.320: As2/85 LCP: O TERMACK [ACKrcvd] id 3 len 4

*Jan 6 05:26:48.320: As2/85 PPP: Authorization required

*Jan 6 05:26:48.324: As2/85 PPP: No remote authentication for call-out

my PPP debugging skill are very rusty, one thing which seems very suspicious is that the ISP keeps sending requests with the same ID (set to 2) until it drops the connection. Is this expected?

I attached the config. Never mind that it's naive, I am just trying to establish one ppp connection using 'ping 192.168.1.2' from the 5350 console, this triggers the dialout attempt and the shown above LCP failure. It looks like I am missing the way to configure the authentication from the RAS to the ISP, but I can't figure out the way to do it.

Any hints will be highly appreciated,

thank you in advance,

Vadim

paolo bevilacqua · ‎11-22-2009

Router trigger dialers on backup condition, dialer watch, or traffic going out an interface.

Thank you for the nice rating and good luck!

View solution in original post

paolo bevilacqua · ‎11-21-2009

They want PAP, but your router is insisting on CHAP.

agasfer2009 · ‎11-21-2009

Yes, I figured that much, but setting 'ppp authentication pap' in the interface profile was causing problems when the ISP was required to authenticate with the RAS, which was clearly not the right thing to expect.

So, the solution turned out to be adding

ppp pap sent-username password 0

to the interface profile.

I wonder if anyone can tell me what are the ways to trigger the dialout action. I understand that I can create a route and associate it with this interface so attempts to access the destination net would trigger a dialout. I wonder if there is any other way to have the RAS dial and establish PPP connection before the actual traffic starts.

TIA,

Vadim

paolo bevilacqua · ‎11-22-2009

Router trigger dialers on backup condition, dialer watch, or traffic going out an interface.

Thank you for the nice rating and good luck!

agasfer2009 · ‎11-22-2009

I actually have a follow up question (not sure what's the rules here - am I supposed to open a separate topic?). So, I have the outgoing ppp connection established, and I have the box configured such that the ISP provides the IP address/mask of the interface and the DNS server address.

Is there a way to scrape this information from the box CLI once the connection is up? (For now the only way to get this info I see is to watch the NPCP negotiations debugs).

paolo bevilacqua · ‎11-22-2009

To scrape ???

Please explain what problem are you trying to solve.

agasfer2009 · ‎11-22-2009

Maybe 'scrape' is not an accepted term here.

I need to be able to find out the IP configuration parameters (interface address, subnet mask and DNS servers' addresses) as issued by the ISP when the PPP connection was brought up.

So, say I have a 5350 with 20 PPP sessions running to 20 different ISPs, how do I find out all these IP parameters for all active PPP connections.

paolo bevilacqua · ‎11-22-2009

You can write a script that telnet to the router and issues the show commands.

Note, there is no subnet mask with PPP negotiated address.

Still not clear what you're actually trying to do, as you did not explain.

Please remember to rate useful posts with the scrollbox below.

agasfer2009 · ‎11-22-2009

That's exactly my question: what show commands are there to list all active PPP connections and their negotiated IP parameters?

Sorry if this is an obvious RTFM kind of question - I tried and could not fine anything.

paolo bevilacqua · ‎11-23-2009

show ip interface brief

show ip name-server

agasfer2009 · ‎11-23-2009

p.bevilacqua, thanks a lot for your replies.

p.bevilacqua wrote:

show ip interface brief

show ip name-server

Indeed,

show ip interface brief | exclude unassigned

shows all active interfaces and their assigned IP addresses. My problem however is that

show ip-name server

command shows all DNS server addresses known to the system. Is there a way to associate them with the particular PPP interface?

Another issue I have is that I know the IP address assigned by the ISP to my end of the ppp connection, but how do I know the address on the other end (I want to be able to make the other end's address to be a gateway for certain routes).

Or maybe a better question to ask is "how do I make sure that certain destinations are accessed through certain PPP interfaces?"

Thank you again,

paolo bevilacqua · ‎11-23-2009

There is no command to show which interface assigned which DNS server.

You can know the address on the other side with show ip route connected, these are the /32.

Still not sure what you're trying to do with this.

agasfer2009 · ‎11-23-2009

p.bevilacqua wrote:

There is no command to show which interface assigned which DNS server.

You can know the address on the other side with show ip route connected, these are the /32.

Still not sure what you're trying to do with this.

Basically I am trying to create a system where some IP experiments could be run with directing traffic to different interfaces, and the ISP dial up is a perfect setting for this.

It looks like I am almost there and I really appreciate your help (BTW, why does it complain that I am not rating the answers - I presume these reminders are included automatically).

So, I have a system with two ISP connections up:

ras5350#show ip interface brief | exclude unassigned

Interface IP-Address OK? Method Status Protocol

Dialer1 66.81.243.116 YES IPCP up up

Dialer2 66.2.20.6 YES IPCP up up

FastEthernet0/0 10.245.12.173 YES NVRAM up up

ras5350#show ip route connected

69.0.0.0/32 is subnetted, 1 subnets

C 69.19.217.21 is directly connected, Dialer1

66.0.0.0/32 is subnetted, 2 subnets

C 66.2.20.6 is directly connected, Dialer2

C 66.81.243.116 is directly connected, Dialer1

67.0.0.0/32 is subnetted, 1 subnets

C 67.95.10.27 is directly connected, Dialer2

10.0.0.0/26 is subnetted, 1 subnets

C 10.245.12.128 is directly connected, FastEthernet0/0

ras5350#show ip route connected | include directly

C 69.19.217.21 is directly connected, Dialer1

C 66.2.20.6 is directly connected, Dialer2

C 66.81.243.116 is directly connected, Dialer1

C 67.95.10.27 is directly connected, Dialer2

C 10.245.12.128 is directly connected, FastEthernet0/0

ras5350#

what puzzles me is that the endpoints of the PPP connection are on different IP subnets. Aren't they supposed to be on the same subnet?

paolo bevilacqua · ‎11-23-2009

No, RAS PPP address can be anything and do not matter.

If you want to experiment with routing, get some cheap router and connect them in lab.

Multiple dial-up interfaces is not a real situation and is not in any certification.