Failure connecting a Cisco 871 ISR on PPPoE/ADSL

I have a new Cicso 871 Integrated Services Router, fresh out of the box.  I need to run this router at the edge as a PPPoE client.  

It seems fairly straightforward, I purchase a single static from my ISP, however it's necessary to configure the routers WAN interface as a PPPoE/DHCP client as the IP numbers are handed down post PPP authentication.  

Working within Cisco SDM which shipped with the router, I can build the PPPoE dialer in the GUI and initiate/test the connection.  

I select PPPoE Dialer under 'configure->interface->Create Connection'
Select 'enable PPPoE encapsulation'
Select 'Dynamic (DHCP Client)'
Select 'PAP Auth. type' and enter the account credentials
Enable 'PAT' and select VLAN1 as the interface to be translated
Select 'Test connectivity after configuring' and click 'finish'

Then the connection test begins,  the connection fails however.  When I try to enter the IP numbers as statics the router refuses the subnet mask as invalid.  That doesn't work for PPPoE anyway but it's one of the things I tried and I mention it because I suspect that when configured as a PPPoE/DHCP client the router is feeling a certain amount of disdain for that 32bit subnet mask.  I've read around here that the 32 bit subnet mask is fairly standard for an ISPs PPPoE implementation so I wonder why this router doesn't accept the IP numbers passed down to it after PPP authentication.

As you can see from the output after testing the connection below, the failure is occuring at the point where IP numbers are being assigned to the WAN interface, please correct me if I'm wrong.
Test Activity Details

Activity Status
Checking interface status...  Up  
    Interface physical status :Up  
    Line protocol status :Up  
Checking for DNS settings...  Successful  
    DNS lookup set :Yes  
    Statically configured DNS servers :  
    Dynamically imported DNS servers :None  
Checking interface IP address..  Failed  
    Interface IP address :Not assigned/received  
    Interface IP address Type :Dynamic  
Checking PPPoE tunnel...  Up  
    Session ID :14390  
    Dialer Interface :Di0  
    Port :Fa4  
    Virtual Access Identifier :Vi1  
    Virtual Access Status :UP  
Troubleshooting Results Failure Reason(s) Recommended Action(s)
No IP address for the interface has been obtained. The interface is configured to obtain an IP address through DHCP. The remote end may not be configured with a DHCP server or the DHCP pool may be empty.  Please contact your ISP or WAN administrator and check if the server has been configured to lease IP address to the clients connection through DHCP. Retest connection.  

If there is anything to do with the ISP's end of things they're not admitting it to me, and are now to the point where I can purchase their CCNAs support at a premium or I can take a walk.  My account at the ISP works like a champ using an off the shelf Linksys WRT54G.

The ISP shows me as successfully authenticated on their end, it's simply applying the IP numbers associated with that PPP account that is unsuccessful.  Pinging from the router is unsuccessful either by name or IP number, obviously enough.  I'm sure I must be doing something wrong, I can't figure out what that may be.  Hopefully someone here has seen or encountered this sort of problem under similar circumstances and can shed some light on the matter for me.  If necessary I can provide a show run or anything else someone may be interested in viewing.

Thank you much in advance to anyone who may be able of point me in the right direction here.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Try this little config as a test.

Erase the config on at the command line "write erase" then reboot the router. Still at command line (config cable) on reboot, do not use the quick config startup.

Enter Enable mode and copy the config below changing the username and password as required.

If your ISP tells you that you need to do the PAP, and not the CHAP, type of authentication then you'll have to replace the lines:

ppp authentication chap callinppp chap hostname <username>ppp chap password <password>

with only these two:
ppp authentication pap callinppp pap sent-username <username> password <password>

Then, plug a laptop/pc into Ethernet0 on the router and the ISP into Ethernet1. DHCP is running in this config so you will get an IP on the laptop.

At command line, type "sh ip int brief", this will show the interface statistics and hopefully, you will find that the DIALER1 has an IP assigned by the ISP, and you can get internet access on the laptop/pc.


ip dhcp excluded-address
ip dhcp pool LOCALPOOL
import all
vpdn enable
vpdn-group office
protocol pppoe
interface Ethernet0
ip address
ip nat inside
ip tcp adjust-mss 1492
no cdp enable
hold-queue 32 in
hold-queue 100 out
no shut
interface Ethernet1
no ip address
ip nat outside
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
no shut
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname <username>
ppp chap password <password>
no shut
ip nat inside source route-map nonat interface Dialer1 overload
ip classless
ip route Dialer1
no ip http server
ip pim bidir-enable
access-list 1 permit
access-list 102 permit ip any
route-map nonat permit 10
match ip address 102

Open in new window


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CthragSardiusAuthor Commented:
Hello BBRazz and thanks for your reply and for your config.  I have actually solved this problem within the last couple of hours, although I do believe your config would have been functional with the exception of specifying PAP rather than CHAP as an authentication type, which I hadn't specified at all either way.

As it stands my problem was that despite the fact that I had verified with level 2 support at the ISP to create my PPPoE client using basic DHCP settings, including step by step screen shots of that process being sent to them, the correct method is in fact to use negotiated IP (called Easy IP in Cisco SDM)

That and a couple of problems finding it's next hop later and my device was properly connected.  I really should have caught this but frankly my cisco mojo is several years stale and I hardly recall but the simplest tasks.

Once I had that online I found that digging around for command syntax and adding port forwarding and such to be much more effective than the SDM GUI, which turned out to be a little less than stellar in my honest opinion.  

A lesson for Cisco noobies if anything, learn your way around that CLI and you'll be a happier less frustrated person who works fewer hours and has space for supper at a proper time!

It's my first post here and I'm a recent join so I'm not sure how to conduct myself with regards to points.

If you found the resolution yourself, and the post was of no real help, you dont need to assign points. Unless you want to :)
CthragSardiusAuthor Commented:
The fact is BBRazz's build would have put the device online faster than the ISP techs did feeding me bogus settings.  That's not really entirely fair, once I had adequate escalation they got it right, it just took a long time to get there.  Regardless thanks again BBRRazz, much appreciated.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.