Solved

Cisco 1721 ADSL Config problems

Posted on 2003-12-04
7
6,182 Views
Last Modified: 2012-06-21
Hello. I'm trying to setup a Cisco 1721 router with IOS 12.2(15)T8 with a ADSL wIC card. I've setup the configuration but cannot get it running, can someone please have a look at the config and see if they can tell me where they think the problem could lie? I've setup a cheap little D-Link ADSL modem and it runs fine (downloads at about 55-60k/sec) so the line itself is OK.

I'm not sure about the '0' in the ppp chap password 0 qwerty, I've entered it twice now and it puts the '0' in itself.

The ADSL connection is PPPoA, with static IP addresses. VPI is 0, VCI is 38 (am I correct in thinking that this is the same as the pvc values?)

Here is a sh run:

Current configuration : 1150 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cndhq-adsl
!
logging queue-limit 100
enable secret 5 $1$d2lY$/HIFP6Wqv/2Yq8Gph4VZ.1
!
ip subnet-zero
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 speed auto
!
interface Dialer0
 ip address 217.43.76.120 255.255.255.248
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callout
 ppp chap hostname cndhq-adsl@lon1-aj1e.demonadsl.co.uk
 ppp chap password 0 magnetic
!
ip nat pool cnd 217.43.76.121 217.43.76.121 netmask 255.255.255.248
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.0 255.255.255.0 FastEthernet0
no ip http server
!
access-list 1 permit any
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
 password qwerty
 login
line vty 5 15
 password qwerty
 login
!
end

Here is ppp debugging:

*Mar  5 19:56:50.055: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Mar  5 19:56:50.055: %DIALER-6-BIND: Interface Vi2 bound to profile Di0
*Mar  5 19:56:50.055: Vi2 PPP: Using dialer call direction
*Mar  5 19:56:50.055: Vi2 PPP: Treating connection as a callout
*Mar  5 19:56:50.055: Vi2 PPP: Authorization NOT required
*Mar  5 19:56:50.999: %LINK-3-UPDOWN: Interface ATM0, changed state to up
*Mar  5 19:56:51.999: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to up
*Mar  5 19:56:52.079: Vi2 CHAP: O CHALLENGE id 21 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:56:52.083: Vi2 CHAP: I CHALLENGE id 113 len 41 from "RASH2NRP3.Manchester"
*Mar  5 19:56:52.087: Vi2 CHAP: Using hostname from interface CHAP
*Mar  5 19:56:52.087: Vi2 CHAP: Using password from interface CHAP
*Mar  5 19:56:52.087: Vi2 CHAP: O RESPONSE id 113 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:56:56.131: Vi2 PPP: Authorization NOT required
*Mar  5 19:56:58.155: Vi2 CHAP: O CHALLENGE id 22 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:56:58.163: Vi2 CHAP: I CHALLENGE id 175 len 41 from "RASH2NRP3.Manchester"
*Mar  5 19:56:58.163: Vi2 CHAP: Using hostname from interface CHAP
*Mar  5 19:56:58.163: Vi2 CHAP: Using password from interface CHAP
*Mar  5 19:56:58.163: Vi2 CHAP: O RESPONSE id 175 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:57:02.179: Vi2 PPP: Authorization NOT required

I'm kind of guessing that it shouldn't be returning PPP: Authorization not required but I don't know how to fix it!

Thanks for any help.
0
Comment
Question by:paulo123
7 Comments
 
LVL 7

Expert Comment

by:NicBrey
ID: 9874793
> ppp authentication chap callout
>ppp chap hostname cndhq-adsl@lon1-aj1e.demonadsl.co.uk
>ppp chap password 0 magnetic

If you do not want to use PPP authentication, just remove the lines above.
0
 

Author Comment

by:paulo123
ID: 9874885
I'm trying to use CHAP authentication, as per the ISPs instructions. It just gives me the above output when I do a debug ppp. If I remove PPP authentication altogether it still gives the 'authentication not required' messages, but also has 'No remote authentication for call out' and 'Unable to authenticate for peer'.
0
 
LVL 7

Assisted Solution

by:NicBrey
NicBrey earned 50 total points
ID: 9875020
Yes, your VPI/VCI is correct

>ip route 192.168.0.0 255.255.255.0 FastEthernet0
You can remove this line. The router knows all connected networks and will have it in the routing tables without it.

Other than that, I can't see anything wrong with your configuration.

Have you confirmed that your provider has everything in place on their side.
You are connecting, but have layer 2 issues with the authentication. Perhaps they have a config error on their side.

Here is a link that might help

http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_guide09186a008017e735.html#64915

0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 9

Accepted Solution

by:
drev001 earned 150 total points
ID: 9877422
Try using pap authentication as well. It will select the correct method if both are present, I always put both in. Use this:

ppp pap sent-username cndhq-adsl@lon1-aj1e.demonadsl.co.uk password magnetic

I don't believe you need this line either:

ppp authentication chap callout


0
 
LVL 13

Assisted Solution

by:td_miles
td_miles earned 25 total points
ID: 9878721
This isn't going to help you get it working, but to answer one of your sub-questions:

>>I'm not sure about the '0' in the ppp chap password 0 qwerty, I've entered it twice now and it puts the '0' in itself

The '0' indicates the type of encryption being used to store the password. A value of zero means no encryption (ie. plaintext). If you look further up to where your "enable secret" is, you'll see that it has a '5' in front of it to indicate what encryption the password is done with ('5' = MD5 hash).

ref: http://www.cisco.com/warp/public/701/64.html

To turn on encryption of passwords, use the command "service password-encryption" (if you look in your config, you'll see that you have it disabled with "no service password-encryption").

ref: http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/cs/csprts/csprts5/cspasswd.htm
0
 
LVL 2

Assisted Solution

by:steven_alilovic
steven_alilovic earned 25 total points
ID: 9878967
All you nat and Dailer lists look fine. Try changing the ppp authentication chap callout to
ppp authentication chap callin.

Check this link out http://www.cisco.com/warp/public/131/ppp_callin_hostname.html


interface Ethernet0
ip address 192.168.0.1 255.255.255.0
 ip nat inside
 speed auto
!    
!
! See notes above about the correct VPI/VCI numbers (PVC)
!    
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !        
 dsl operating-mode auto
!        
interface Dialer0
 ip address negotiated
 ip nat outside
 encapsulation ppp
 dialer pool 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname USERNAME@isp
 ppp chap password PASSWORD
!
0
 

Author Comment

by:paulo123
ID: 10183095
Adding ppp pap sent-username cndhq-adsl@lon1-aj1e.demonadsl.co.uk password magnetic to the config and removing ppp authentication chap callout worked fine! Thanks for everyones help.
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Join & Write a Comment

Suggested Solutions

Article by: IanTh
Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now