• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6301
  • Last Modified:

Cisco 1721 ADSL Config problems

Hello. I'm trying to setup a Cisco 1721 router with IOS 12.2(15)T8 with a ADSL wIC card. I've setup the configuration but cannot get it running, can someone please have a look at the config and see if they can tell me where they think the problem could lie? I've setup a cheap little D-Link ADSL modem and it runs fine (downloads at about 55-60k/sec) so the line itself is OK.

I'm not sure about the '0' in the ppp chap password 0 qwerty, I've entered it twice now and it puts the '0' in itself.

The ADSL connection is PPPoA, with static IP addresses. VPI is 0, VCI is 38 (am I correct in thinking that this is the same as the pvc values?)

Here is a sh run:

Current configuration : 1150 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cndhq-adsl
!
logging queue-limit 100
enable secret 5 $1$d2lY$/HIFP6Wqv/2Yq8Gph4VZ.1
!
ip subnet-zero
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 speed auto
!
interface Dialer0
 ip address 217.43.76.120 255.255.255.248
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callout
 ppp chap hostname cndhq-adsl@lon1-aj1e.demonadsl.co.uk
 ppp chap password 0 magnetic
!
ip nat pool cnd 217.43.76.121 217.43.76.121 netmask 255.255.255.248
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.0 255.255.255.0 FastEthernet0
no ip http server
!
access-list 1 permit any
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
 password qwerty
 login
line vty 5 15
 password qwerty
 login
!
end

Here is ppp debugging:

*Mar  5 19:56:50.055: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Mar  5 19:56:50.055: %DIALER-6-BIND: Interface Vi2 bound to profile Di0
*Mar  5 19:56:50.055: Vi2 PPP: Using dialer call direction
*Mar  5 19:56:50.055: Vi2 PPP: Treating connection as a callout
*Mar  5 19:56:50.055: Vi2 PPP: Authorization NOT required
*Mar  5 19:56:50.999: %LINK-3-UPDOWN: Interface ATM0, changed state to up
*Mar  5 19:56:51.999: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to up
*Mar  5 19:56:52.079: Vi2 CHAP: O CHALLENGE id 21 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:56:52.083: Vi2 CHAP: I CHALLENGE id 113 len 41 from "RASH2NRP3.Manchester"
*Mar  5 19:56:52.087: Vi2 CHAP: Using hostname from interface CHAP
*Mar  5 19:56:52.087: Vi2 CHAP: Using password from interface CHAP
*Mar  5 19:56:52.087: Vi2 CHAP: O RESPONSE id 113 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:56:56.131: Vi2 PPP: Authorization NOT required
*Mar  5 19:56:58.155: Vi2 CHAP: O CHALLENGE id 22 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:56:58.163: Vi2 CHAP: I CHALLENGE id 175 len 41 from "RASH2NRP3.Manchester"
*Mar  5 19:56:58.163: Vi2 CHAP: Using hostname from interface CHAP
*Mar  5 19:56:58.163: Vi2 CHAP: Using password from interface CHAP
*Mar  5 19:56:58.163: Vi2 CHAP: O RESPONSE id 175 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:57:02.179: Vi2 PPP: Authorization NOT required

I'm kind of guessing that it shouldn't be returning PPP: Authorization not required but I don't know how to fix it!

Thanks for any help.
0
paulo123
Asked:
paulo123
4 Solutions
 
NicBreyCommented:
> ppp authentication chap callout
>ppp chap hostname cndhq-adsl@lon1-aj1e.demonadsl.co.uk
>ppp chap password 0 magnetic

If you do not want to use PPP authentication, just remove the lines above.
0
 
paulo123Author Commented:
I'm trying to use CHAP authentication, as per the ISPs instructions. It just gives me the above output when I do a debug ppp. If I remove PPP authentication altogether it still gives the 'authentication not required' messages, but also has 'No remote authentication for call out' and 'Unable to authenticate for peer'.
0
 
NicBreyCommented:
Yes, your VPI/VCI is correct

>ip route 192.168.0.0 255.255.255.0 FastEthernet0
You can remove this line. The router knows all connected networks and will have it in the routing tables without it.

Other than that, I can't see anything wrong with your configuration.

Have you confirmed that your provider has everything in place on their side.
You are connecting, but have layer 2 issues with the authentication. Perhaps they have a config error on their side.

Here is a link that might help

http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_guide09186a008017e735.html#64915

0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
drev001Commented:
Try using pap authentication as well. It will select the correct method if both are present, I always put both in. Use this:

ppp pap sent-username cndhq-adsl@lon1-aj1e.demonadsl.co.uk password magnetic

I don't believe you need this line either:

ppp authentication chap callout


0
 
td_milesCommented:
This isn't going to help you get it working, but to answer one of your sub-questions:

>>I'm not sure about the '0' in the ppp chap password 0 qwerty, I've entered it twice now and it puts the '0' in itself

The '0' indicates the type of encryption being used to store the password. A value of zero means no encryption (ie. plaintext). If you look further up to where your "enable secret" is, you'll see that it has a '5' in front of it to indicate what encryption the password is done with ('5' = MD5 hash).

ref: http://www.cisco.com/warp/public/701/64.html

To turn on encryption of passwords, use the command "service password-encryption" (if you look in your config, you'll see that you have it disabled with "no service password-encryption").

ref: http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/cs/csprts/csprts5/cspasswd.htm
0
 
steven_alilovicCommented:
All you nat and Dailer lists look fine. Try changing the ppp authentication chap callout to
ppp authentication chap callin.

Check this link out http://www.cisco.com/warp/public/131/ppp_callin_hostname.html


interface Ethernet0
ip address 192.168.0.1 255.255.255.0
 ip nat inside
 speed auto
!    
!
! See notes above about the correct VPI/VCI numbers (PVC)
!    
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !        
 dsl operating-mode auto
!        
interface Dialer0
 ip address negotiated
 ip nat outside
 encapsulation ppp
 dialer pool 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname USERNAME@isp
 ppp chap password PASSWORD
!
0
 
paulo123Author Commented:
Adding ppp pap sent-username cndhq-adsl@lon1-aj1e.demonadsl.co.uk password magnetic to the config and removing ppp authentication chap callout worked fine! Thanks for everyones help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now