Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco 1721 ADSL Config problems

Posted on 2003-12-04
7
6,186 Views
Last Modified: 2012-06-21
Hello. I'm trying to setup a Cisco 1721 router with IOS 12.2(15)T8 with a ADSL wIC card. I've setup the configuration but cannot get it running, can someone please have a look at the config and see if they can tell me where they think the problem could lie? I've setup a cheap little D-Link ADSL modem and it runs fine (downloads at about 55-60k/sec) so the line itself is OK.

I'm not sure about the '0' in the ppp chap password 0 qwerty, I've entered it twice now and it puts the '0' in itself.

The ADSL connection is PPPoA, with static IP addresses. VPI is 0, VCI is 38 (am I correct in thinking that this is the same as the pvc values?)

Here is a sh run:

Current configuration : 1150 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cndhq-adsl
!
logging queue-limit 100
enable secret 5 $1$d2lY$/HIFP6Wqv/2Yq8Gph4VZ.1
!
ip subnet-zero
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 speed auto
!
interface Dialer0
 ip address 217.43.76.120 255.255.255.248
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callout
 ppp chap hostname cndhq-adsl@lon1-aj1e.demonadsl.co.uk
 ppp chap password 0 magnetic
!
ip nat pool cnd 217.43.76.121 217.43.76.121 netmask 255.255.255.248
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.0 255.255.255.0 FastEthernet0
no ip http server
!
access-list 1 permit any
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
 password qwerty
 login
line vty 5 15
 password qwerty
 login
!
end

Here is ppp debugging:

*Mar  5 19:56:50.055: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Mar  5 19:56:50.055: %DIALER-6-BIND: Interface Vi2 bound to profile Di0
*Mar  5 19:56:50.055: Vi2 PPP: Using dialer call direction
*Mar  5 19:56:50.055: Vi2 PPP: Treating connection as a callout
*Mar  5 19:56:50.055: Vi2 PPP: Authorization NOT required
*Mar  5 19:56:50.999: %LINK-3-UPDOWN: Interface ATM0, changed state to up
*Mar  5 19:56:51.999: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to up
*Mar  5 19:56:52.079: Vi2 CHAP: O CHALLENGE id 21 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:56:52.083: Vi2 CHAP: I CHALLENGE id 113 len 41 from "RASH2NRP3.Manchester"
*Mar  5 19:56:52.087: Vi2 CHAP: Using hostname from interface CHAP
*Mar  5 19:56:52.087: Vi2 CHAP: Using password from interface CHAP
*Mar  5 19:56:52.087: Vi2 CHAP: O RESPONSE id 113 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:56:56.131: Vi2 PPP: Authorization NOT required
*Mar  5 19:56:58.155: Vi2 CHAP: O CHALLENGE id 22 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:56:58.163: Vi2 CHAP: I CHALLENGE id 175 len 41 from "RASH2NRP3.Manchester"
*Mar  5 19:56:58.163: Vi2 CHAP: Using hostname from interface CHAP
*Mar  5 19:56:58.163: Vi2 CHAP: Using password from interface CHAP
*Mar  5 19:56:58.163: Vi2 CHAP: O RESPONSE id 175 len 60 from "cndhqs-adsl@lon1-aj1e.demonadsl.co.uk"
*Mar  5 19:57:02.179: Vi2 PPP: Authorization NOT required

I'm kind of guessing that it shouldn't be returning PPP: Authorization not required but I don't know how to fix it!

Thanks for any help.
0
Comment
Question by:paulo123
7 Comments
 
LVL 7

Expert Comment

by:NicBrey
ID: 9874793
> ppp authentication chap callout
>ppp chap hostname cndhq-adsl@lon1-aj1e.demonadsl.co.uk
>ppp chap password 0 magnetic

If you do not want to use PPP authentication, just remove the lines above.
0
 

Author Comment

by:paulo123
ID: 9874885
I'm trying to use CHAP authentication, as per the ISPs instructions. It just gives me the above output when I do a debug ppp. If I remove PPP authentication altogether it still gives the 'authentication not required' messages, but also has 'No remote authentication for call out' and 'Unable to authenticate for peer'.
0
 
LVL 7

Assisted Solution

by:NicBrey
NicBrey earned 50 total points
ID: 9875020
Yes, your VPI/VCI is correct

>ip route 192.168.0.0 255.255.255.0 FastEthernet0
You can remove this line. The router knows all connected networks and will have it in the routing tables without it.

Other than that, I can't see anything wrong with your configuration.

Have you confirmed that your provider has everything in place on their side.
You are connecting, but have layer 2 issues with the authentication. Perhaps they have a config error on their side.

Here is a link that might help

http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_guide09186a008017e735.html#64915

0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 9

Accepted Solution

by:
drev001 earned 150 total points
ID: 9877422
Try using pap authentication as well. It will select the correct method if both are present, I always put both in. Use this:

ppp pap sent-username cndhq-adsl@lon1-aj1e.demonadsl.co.uk password magnetic

I don't believe you need this line either:

ppp authentication chap callout


0
 
LVL 13

Assisted Solution

by:td_miles
td_miles earned 25 total points
ID: 9878721
This isn't going to help you get it working, but to answer one of your sub-questions:

>>I'm not sure about the '0' in the ppp chap password 0 qwerty, I've entered it twice now and it puts the '0' in itself

The '0' indicates the type of encryption being used to store the password. A value of zero means no encryption (ie. plaintext). If you look further up to where your "enable secret" is, you'll see that it has a '5' in front of it to indicate what encryption the password is done with ('5' = MD5 hash).

ref: http://www.cisco.com/warp/public/701/64.html

To turn on encryption of passwords, use the command "service password-encryption" (if you look in your config, you'll see that you have it disabled with "no service password-encryption").

ref: http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/cs/csprts/csprts5/cspasswd.htm
0
 
LVL 2

Assisted Solution

by:steven_alilovic
steven_alilovic earned 25 total points
ID: 9878967
All you nat and Dailer lists look fine. Try changing the ppp authentication chap callout to
ppp authentication chap callin.

Check this link out http://www.cisco.com/warp/public/131/ppp_callin_hostname.html


interface Ethernet0
ip address 192.168.0.1 255.255.255.0
 ip nat inside
 speed auto
!    
!
! See notes above about the correct VPI/VCI numbers (PVC)
!    
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !        
 dsl operating-mode auto
!        
interface Dialer0
 ip address negotiated
 ip nat outside
 encapsulation ppp
 dialer pool 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname USERNAME@isp
 ppp chap password PASSWORD
!
0
 

Author Comment

by:paulo123
ID: 10183095
Adding ppp pap sent-username cndhq-adsl@lon1-aj1e.demonadsl.co.uk password magnetic to the config and removing ppp authentication chap callout worked fine! Thanks for everyones help.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question