[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 615
  • Last Modified:

Cisco 871 establishes PPPoE connection but receives no DHCP address

I have a newly installed Cisco 871. We have DSL installed and have a DSL modem in bridged mode. We can put a latop on the connection and create a PPPoE connections and it immediately establshes and comes up.

The Cisco however will never seem to get a DHCP address. When we test the connection in the SDM it shows the PPPoE established, but fails to get a DHCP address.

I have included the running config to see if there is something I have missed ...



Building configuration...

Current configuration : 6272 bytes
!
! Last configuration change at 11:37:33 PCTime Fri Jun 2 2006 by adm1n
! NVRAM config last updated at 10:26:09 PCTime Fri Jun 2 2006 by cisco
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname 871Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$vMlY$BAOyYA3u.Xv23wqspK8b00
!
username adm1n privilege 15 secret 5 $1$23K/$zgHHNjM8aFeg86o1q4Z8G1
clock timezone PCTime -5
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
aaa session-id common
ip subnet-zero
no ip source-route
ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.151 192.168.1.254
!
ip dhcp pool sdm-pool1
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 4.2.2.2
   default-router 192.168.1.1
!
!
ip inspect audit-trail
ip inspect dns-timeout 15
ip inspect tcp finwait-time 15
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name USER.com
ip name-server 4.2.2.2
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
bridge irb
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0
 no ip address
 no cdp enable
!
interface FastEthernet1
 no ip address
 no cdp enable
!
interface FastEthernet2
 no ip address
 no cdp enable
!
interface FastEthernet3
 no ip address
 no cdp enable
!
interface FastEthernet4
 description External Interface$FW_OUTSIDE$$ES_WAN$$ETH-WAN$
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 pppoe enable
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface Dot11Radio0
 no ip address
 !
 ssid USER-Wireless
    authentication open
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 no cdp enable
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
 no ip address
 bridge-group 1
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address dhcp client-id FastEthernet4
 ip access-group 102 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip inspect SDM_LOW out
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname USER@earthlink.net
 ppp chap password 7 05090A1A22445E
 ppp pap sent-username USER@earthlink.net password 7 0306571E050731
!
interface BVI1
 description $ES_LAN$$FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1412
!
ip classless
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended sdm_bvi1_in
 remark SDM_ACL Category=1
 permit ip any any
ip access-list extended sdm_dialer0_out
 remark SDM_ACL Category=1
 permit ip any any
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny   any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit udp any eq bootps any eq bootpc
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit ip any any
access-list 100 permit icmp any any unreachable
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 deny   ip 192.168.1.0 0.0.0.255 any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip any any log
access-list 103 remark VTY Access-class list
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.1.0 0.0.0.255 any
access-list 103 deny   ip any any
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login authentication local_authen
 no modem enable
 transport preferred all
 transport output telnet
line aux 0
 login authentication local_authen
 transport preferred all
 transport output telnet
line vty 0 4
 access-class 103 in
 authorization exec local_author
 login authentication local_authen
 transport preferred all
 transport input telnet ssh
 transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
0
robertbranch
Asked:
robertbranch
1 Solution
 
calmilesCommented:
Try removing:

access-list 102 deny   ip any any log
0
 
plemieux72Commented:
Removing "access-list 102 deny   ip any any log" will not do anything besides stopping logging for packets matching this command because all access lists have a hidden "deny any any" at the end.

Instead do this:

no access-list 102
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 permit icmp any any packet-too-big
access-list 102 deny   ip any any log

All the other deny commands are not needed because any packets not in the NAT translation table from CBAC (the IOS firewall) and not matching access list 102 will match the last deny any any and will be dropped.

However, here is what you really need to enable IPCP (DHCP on PPPoE):

int d0
 no ip address dhcp client-id FastEthernet4
 ip address negotiated
 ppp ipcp dns request
 ppp ipcp wins request

0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now