Solved

Cisco 1721 ADSL Config problems

Posted on 2003-12-04
7
6,183 Views
Last Modified: 2012-06-21
Hello. I'm trying to setup a Cisco 1721 router with IOS 12.2(15)T8 with a ADSL wIC card. I've setup the configuration but cannot get it running, can someone please have a look at the config and see if they can tell me where they think the problem could lie? I've setup a cheap little D-Link ADSL modem and it runs fine (downloads at about 55-60k/sec) so the line itself is OK.

I'm not sure about the '0' in the ppp chap password 0 qwerty, I've entered it twice now and it puts the '0' in itself.

The ADSL connection is PPPoA, with static IP addresses. VPI is 0, VCI is 38 (am I correct in thinking that this is the same as the pvc values?)

Here is a sh run:

Current configuration : 1150 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cndhq-adsl
!
logging queue-limit 100
enable secret 5 $1$d2lY$/HIFP6Wqv/2Yq8Gph4VZ.1
!
ip subnet-zero
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 speed auto
!
interface Dialer0
 ip address 217.43.76.120 255.255.255.248
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callout
 ppp chap hostname cndhq-adsl@lon1-aj1e.demonadsl.co.uk
 ppp chap password 0 magnetic
!
ip nat pool cnd 217.43.76.121 217.43.76.121 netmask 255.255.255.248
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.0 255.255.255.0 FastEthernet0
no ip http server
!
access-list 1 permit any
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
 password qwerty
 login
line vty 5 15
 password qwerty
 login
!
end

Here is ppp debugging:

*Mar  5 19:56:50.055: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Mar  5 19:56:50.055: %DIALER-6-BIND: Interface Vi2 bound to profile Di0
*Mar  5 19:56:50.055: Vi2 PPP: Using dialer call direction
*Mar  5 19:56:50.055: Vi2 PPP: Treating connection as a callout
*Mar  5 19:56:50.055: Vi2 PPP: Authorization NOT required
*Mar  5 19:56:50.999: %LINK-3-UPDOWN: Interface ATM0, changed state to up
*Mar  5 19:56:51.999: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to up
*Mar  5 19:56:52.079: Vi2 CHAP: O CHALLENGE id 21 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:56:52.083: Vi2 CHAP: I CHALLENGE id 113 len 41 from "RASH2NRP3.Manchester"
*Mar  5 19:56:52.087: Vi2 CHAP: Using hostname from interface CHAP
*Mar  5 19:56:52.087: Vi2 CHAP: Using password from interface CHAP
*Mar  5 19:56:52.087: Vi2 CHAP: O RESPONSE id 113 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:56:56.131: Vi2 PPP: Authorization NOT required
*Mar  5 19:56:58.155: Vi2 CHAP: O CHALLENGE id 22 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:56:58.163: Vi2 CHAP: I CHALLENGE id 175 len 41 from "RASH2NRP3.Manchester"
*Mar  5 19:56:58.163: Vi2 CHAP: Using hostname from interface CHAP
*Mar  5 19:56:58.163: Vi2 CHAP: Using password from interface CHAP
*Mar  5 19:56:58.163: Vi2 CHAP: O RESPONSE id 175 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:57:02.179: Vi2 PPP: Authorization NOT required

I'm kind of guessing that it shouldn't be returning PPP: Authorization not required but I don't know how to fix it!

Thanks for any help.
0
Comment
Question by:paulo123
7 Comments
 
LVL 7

Expert Comment

by:NicBrey
ID: 9874793
> ppp authentication chap callout
>ppp chap hostname cndhq-adsl@lon1-aj1e.demonadsl.co.uk
>ppp chap password 0 magnetic

If you do not want to use PPP authentication, just remove the lines above.
0
 

Author Comment

by:paulo123
ID: 9874885
I'm trying to use CHAP authentication, as per the ISPs instructions. It just gives me the above output when I do a debug ppp. If I remove PPP authentication altogether it still gives the 'authentication not required' messages, but also has 'No remote authentication for call out' and 'Unable to authenticate for peer'.
0
 
LVL 7

Assisted Solution

by:NicBrey
NicBrey earned 50 total points
ID: 9875020
Yes, your VPI/VCI is correct

>ip route 192.168.0.0 255.255.255.0 FastEthernet0
You can remove this line. The router knows all connected networks and will have it in the routing tables without it.

Other than that, I can't see anything wrong with your configuration.

Have you confirmed that your provider has everything in place on their side.
You are connecting, but have layer 2 issues with the authentication. Perhaps they have a config error on their side.

Here is a link that might help

http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_guide09186a008017e735.html#64915

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 9

Accepted Solution

by:
drev001 earned 150 total points
ID: 9877422
Try using pap authentication as well. It will select the correct method if both are present, I always put both in. Use this:

ppp pap sent-username cndhq-adsl@lon1-aj1e.demonadsl.co.uk password magnetic

I don't believe you need this line either:

ppp authentication chap callout


0
 
LVL 13

Assisted Solution

by:td_miles
td_miles earned 25 total points
ID: 9878721
This isn't going to help you get it working, but to answer one of your sub-questions:

>>I'm not sure about the '0' in the ppp chap password 0 qwerty, I've entered it twice now and it puts the '0' in itself

The '0' indicates the type of encryption being used to store the password. A value of zero means no encryption (ie. plaintext). If you look further up to where your "enable secret" is, you'll see that it has a '5' in front of it to indicate what encryption the password is done with ('5' = MD5 hash).

ref: http://www.cisco.com/warp/public/701/64.html

To turn on encryption of passwords, use the command "service password-encryption" (if you look in your config, you'll see that you have it disabled with "no service password-encryption").

ref: http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/cs/csprts/csprts5/cspasswd.htm
0
 
LVL 2

Assisted Solution

by:steven_alilovic
steven_alilovic earned 25 total points
ID: 9878967
All you nat and Dailer lists look fine. Try changing the ppp authentication chap callout to
ppp authentication chap callin.

Check this link out http://www.cisco.com/warp/public/131/ppp_callin_hostname.html


interface Ethernet0
ip address 192.168.0.1 255.255.255.0
 ip nat inside
 speed auto
!    
!
! See notes above about the correct VPI/VCI numbers (PVC)
!    
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !        
 dsl operating-mode auto
!        
interface Dialer0
 ip address negotiated
 ip nat outside
 encapsulation ppp
 dialer pool 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname USERNAME@isp
 ppp chap password PASSWORD
!
0
 

Author Comment

by:paulo123
ID: 10183095
Adding ppp pap sent-username cndhq-adsl@lon1-aj1e.demonadsl.co.uk password magnetic to the config and removing ppp authentication chap callout worked fine! Thanks for everyones help.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now