V0LUME
asked on
Configuring a Cisco 881 Router for PPPoE to a BT Openreach Fibre Modem
Hi,
I have Fibre Broadband connection from Talk Talk for which they supplied me a BT Modem and a basic router. I want to change the router for my own Cisco 881 ISR. I have been doing some googling around and I understand that you need to configure PPPoE pass through so I can get this to work.
Currently my dialer interface is not getting an IP from the ISP and is stuck on "Internet address will be negotiated using IPCP". My configuration requires a username and password however the 1st line support at the ISP tell me that no password is required. Can anyone shed some light on what I am missing here?
I have Fibre Broadband connection from Talk Talk for which they supplied me a BT Modem and a basic router. I want to change the router for my own Cisco 881 ISR. I have been doing some googling around and I understand that you need to configure PPPoE pass through so I can get this to work.
Currently my dialer interface is not getting an IP from the ISP and is stuck on "Internet address will be negotiated using IPCP". My configuration requires a username and password however the 1st line support at the ISP tell me that no password is required. Can anyone shed some light on what I am missing here?
ASKER
Current config is this:
WHITENET-R1#show run
Building configuration...
Current configuration : 1432 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WHITENET-R1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable password cisco
!
no aaa new-model
!
!
ip source-route
!
!
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description PPPoE Interface
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface Vlan1
description Internal LAN Interfaces 0-3
ip address 192.168.1.12 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
ppp authentication pap chap callin
ppp chap hostname 01628627140@talktalk.net
ppp chap password 0 H5R5M5T2F5
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface Dialer1 overload
!
ip access-list standard NAT
permit 192.168.1.0 0.0.0.255
!
!
!
!
!
!
control-plane
WHITENET-R1#show run
Building configuration...
Current configuration : 1432 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WHITENET-R1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable password cisco
!
no aaa new-model
!
!
ip source-route
!
!
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description PPPoE Interface
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface Vlan1
description Internal LAN Interfaces 0-3
ip address 192.168.1.12 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
ppp authentication pap chap callin
ppp chap hostname 01628627140@talktalk.net
ppp chap password 0 H5R5M5T2F5
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface Dialer1 overload
!
ip access-list standard NAT
permit 192.168.1.0 0.0.0.255
!
!
!
!
!
!
control-plane
Ok, try adding this to the rest of the config...
interface Dialer1
dialer-group 1
ASKER
ok, first I added the dialer-group 1 command but nothing happened so I removed the dialer pool 1 as I thought this might conflict with the dialer-group. Now I don't get anything from the debug ppp authentication.
Current config:
interface FastEthernet4
description PPPoE Interface
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface Vlan1
description Internal LAN Interfaces 0-3
ip address 192.168.1.12 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname bthomehub@btbroadband.com
ppp chap password 0 bthomehub@btbroadband.com
Debug Output:
WHITENET-R1#
*Feb 16 13:14:47.267: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Feb 16 13:14:47.271: Vi1 PPP: Phase is DOWN, Setup
*Feb 16 13:14:47.271: Vi1 PPP: Using dialer call direction
*Feb 16 13:14:47.271: Vi1 PPP: Treating connection as a callout
*Feb 16 13:14:47.271: Vi1 PPP: Session handle[92000350] Session id[0]
*Feb 16 13:14:47.271: Vi1 PPP: Phase is ESTABLISHING, Active Open
*Feb 16 13:14:47.271: Vi1 PPP: Authorization required
*Feb 16 13:14:47.271: Vi1 PPP: No remote authentication for call-out
*Feb 16 13:14:47.271: Vi1 LCP: O CONFREQ [Closed] id 1 len 14
*Feb 16 13:14:47.271: Vi1 LCP: MRU 1492 (0x010405D4)
*Feb 16 13:14:47.271: Vi1 LCP: MagicNumber 0x12B773F6 (0x050612B773F6)
*Feb 16 13:14:47.271: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Feb 16 13:14:47.275: Vi1 LCP: I CONFREQ [REQsent] id 179 len 19
*Feb 16 13:14:47.275: Vi1 LCP: MRU 1492 (0x010405D4)
*Feb 16 13:14:47.275: Vi1 LCP: AuthProto CHAP (0x0305C22305)
*Feb 16 13:14:47.275: Vi1 LCP: MagicNumber 0x4A1D7DE5 (0x05064A1D7DE5)
*Feb 16 13:14:47.275: Vi1 LCP: O CONFACK [REQsent] id 179 len 19
*Feb 16 13:14:47.275: Vi1 LCP: MRU 1492 (0x010405D4)
*Feb 16 13:14:47.275: Vi1 LCP: AuthProto CHAP (0x0305C22305)
*Feb 16 13:14:47.275: Vi1 LCP: MagicNumber 0x4A1D7DE5 (0x05064A1D7DE5)
*Feb 16 13:14:47.279: Vi1 LCP: I CONFACK [ACKsent] id 1 len 14
*Feb 16 13:14:47.279: Vi1 LCP: MRU 1492 (0x010405D4)
*Feb 16 13:14:47.279: Vi1 LCP: MagicNumber 0x12B773F6 (0x050612B773F6)
*Feb 16 13:14:47.279: Vi1 LCP: State is Open
*Feb 16 13:14:47.279: Vi1 PPP: No authorization without authentication
*Feb 16 13:14:47.279: Vi1 PPP: Phase is AUTHENTICATING, by the peer
*Feb 16 13:14:47.283: Vi1 CHAP: I CHALLENGE id 1 len 31 from "npe001.slo"
*Feb 16 13:14:47.283: Vi1 CHAP: Using hostname from interface CHAP
*Feb 16 13:14:47.283: Vi1 CHAP: Using password from interface CHAP
*Feb 16 13:14:47.283: Vi1 CHAP: O RESPONSE id 1 len 46 from "bthomehub@btbroadband.com "
*Feb 16 13:14:47.311: Vi1 CHAP: I FAILURE id 1 len 43 msg is "CHAP authentication failure, unit 19221"
*Feb 16 13:14:47.311: Vi1 LCP: I TERMREQ [Open] id 180 len 4
*Feb 16 13:14:47.311: Vi1 LCP: O TERMACK [Open] id 180 len 4
*Feb 16 13:14:47.315: Vi1 PPP: Sending Acct Event[Down] id[126]
*Feb 16 13:14:47.315: Vi1 PPP: Phase is TERMINATING
*Feb 16 13:14:47.499: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1
*Feb 16 13:14:47.503: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
Current config:
interface FastEthernet4
description PPPoE Interface
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface Vlan1
description Internal LAN Interfaces 0-3
ip address 192.168.1.12 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname bthomehub@btbroadband.com
ppp chap password 0 bthomehub@btbroadband.com
Debug Output:
WHITENET-R1#
*Feb 16 13:14:47.267: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Feb 16 13:14:47.271: Vi1 PPP: Phase is DOWN, Setup
*Feb 16 13:14:47.271: Vi1 PPP: Using dialer call direction
*Feb 16 13:14:47.271: Vi1 PPP: Treating connection as a callout
*Feb 16 13:14:47.271: Vi1 PPP: Session handle[92000350] Session id[0]
*Feb 16 13:14:47.271: Vi1 PPP: Phase is ESTABLISHING, Active Open
*Feb 16 13:14:47.271: Vi1 PPP: Authorization required
*Feb 16 13:14:47.271: Vi1 PPP: No remote authentication for call-out
*Feb 16 13:14:47.271: Vi1 LCP: O CONFREQ [Closed] id 1 len 14
*Feb 16 13:14:47.271: Vi1 LCP: MRU 1492 (0x010405D4)
*Feb 16 13:14:47.271: Vi1 LCP: MagicNumber 0x12B773F6 (0x050612B773F6)
*Feb 16 13:14:47.271: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Feb 16 13:14:47.275: Vi1 LCP: I CONFREQ [REQsent] id 179 len 19
*Feb 16 13:14:47.275: Vi1 LCP: MRU 1492 (0x010405D4)
*Feb 16 13:14:47.275: Vi1 LCP: AuthProto CHAP (0x0305C22305)
*Feb 16 13:14:47.275: Vi1 LCP: MagicNumber 0x4A1D7DE5 (0x05064A1D7DE5)
*Feb 16 13:14:47.275: Vi1 LCP: O CONFACK [REQsent] id 179 len 19
*Feb 16 13:14:47.275: Vi1 LCP: MRU 1492 (0x010405D4)
*Feb 16 13:14:47.275: Vi1 LCP: AuthProto CHAP (0x0305C22305)
*Feb 16 13:14:47.275: Vi1 LCP: MagicNumber 0x4A1D7DE5 (0x05064A1D7DE5)
*Feb 16 13:14:47.279: Vi1 LCP: I CONFACK [ACKsent] id 1 len 14
*Feb 16 13:14:47.279: Vi1 LCP: MRU 1492 (0x010405D4)
*Feb 16 13:14:47.279: Vi1 LCP: MagicNumber 0x12B773F6 (0x050612B773F6)
*Feb 16 13:14:47.279: Vi1 LCP: State is Open
*Feb 16 13:14:47.279: Vi1 PPP: No authorization without authentication
*Feb 16 13:14:47.279: Vi1 PPP: Phase is AUTHENTICATING, by the peer
*Feb 16 13:14:47.283: Vi1 CHAP: I CHALLENGE id 1 len 31 from "npe001.slo"
*Feb 16 13:14:47.283: Vi1 CHAP: Using hostname from interface CHAP
*Feb 16 13:14:47.283: Vi1 CHAP: Using password from interface CHAP
*Feb 16 13:14:47.283: Vi1 CHAP: O RESPONSE id 1 len 46 from "bthomehub@btbroadband.com
*Feb 16 13:14:47.311: Vi1 CHAP: I FAILURE id 1 len 43 msg is "CHAP authentication failure, unit 19221"
*Feb 16 13:14:47.311: Vi1 LCP: I TERMREQ [Open] id 180 len 4
*Feb 16 13:14:47.311: Vi1 LCP: O TERMACK [Open] id 180 len 4
*Feb 16 13:14:47.315: Vi1 PPP: Sending Acct Event[Down] id[126]
*Feb 16 13:14:47.315: Vi1 PPP: Phase is TERMINATING
*Feb 16 13:14:47.499: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1
*Feb 16 13:14:47.503: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
That's an authentication failure. If you try using the talktalk credentials you had in your original config and run the debug again see what happens.
You'll need to shut and no shut the Dialer interface when you try.
You'll need to shut and no shut the Dialer interface when you try.
ASKER
the Talk Talk Credentials are from a brochure dated 2007. The error is still the same with this in it.
Updated config:
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname 01628627140@talktalk.net
ppp chap password 0 H5R5M5T2F5
Debug:
WHITENET-R1#
*Feb 16 14:55:00.499: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Feb 16 14:55:00.499: Vi1 PPP: Using dialer call direction
*Feb 16 14:55:00.499: Vi1 PPP: Treating connection as a callout
*Feb 16 14:55:00.499: Vi1 PPP: Session handle[C900038C] Session id[0]
*Feb 16 14:55:00.499: Vi1 PPP: Authorization required
*Feb 16 14:55:00.499: Vi1 PPP: No remote authentication for call-out
*Feb 16 14:55:00.503: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Feb 16 14:55:00.639: Vi1 PPP: No authorization without authentication
*Feb 16 14:55:00.647: Vi1 CHAP: I CHALLENGE id 1 len 31 from "npe001.slo"
*Feb 16 14:55:00.647: Vi1 CHAP: Using hostname from interface CHAP
*Feb 16 14:55:00.647: Vi1 CHAP: Using password from interface CHAP
*Feb 16 14:55:00.647: Vi1 CHAP: O RESPONSE id 1 len 45 from "01628627140@talktalk.net"
*Feb 16 14:55:00.887: Vi1 CHAP: I FAILURE id 1 len 43 msg is "CHAP authentication failure, unit 26658"
*Feb 16 14:55:01.347: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1
*Feb 16 14:55:01.351: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
Updated config:
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname 01628627140@talktalk.net
ppp chap password 0 H5R5M5T2F5
Debug:
WHITENET-R1#
*Feb 16 14:55:00.499: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Feb 16 14:55:00.499: Vi1 PPP: Using dialer call direction
*Feb 16 14:55:00.499: Vi1 PPP: Treating connection as a callout
*Feb 16 14:55:00.499: Vi1 PPP: Session handle[C900038C] Session id[0]
*Feb 16 14:55:00.499: Vi1 PPP: Authorization required
*Feb 16 14:55:00.499: Vi1 PPP: No remote authentication for call-out
*Feb 16 14:55:00.503: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Feb 16 14:55:00.639: Vi1 PPP: No authorization without authentication
*Feb 16 14:55:00.647: Vi1 CHAP: I CHALLENGE id 1 len 31 from "npe001.slo"
*Feb 16 14:55:00.647: Vi1 CHAP: Using hostname from interface CHAP
*Feb 16 14:55:00.647: Vi1 CHAP: Using password from interface CHAP
*Feb 16 14:55:00.647: Vi1 CHAP: O RESPONSE id 1 len 45 from "01628627140@talktalk.net"
*Feb 16 14:55:00.887: Vi1 CHAP: I FAILURE id 1 len 43 msg is "CHAP authentication failure, unit 26658"
*Feb 16 14:55:01.347: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1
*Feb 16 14:55:01.351: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
OK just give their support a ring and ask what the username should be.
ASKER
just rang the ISP again and spoke to support person number 4. They confirmed once again there is no password they can give me. They said to call Cisco!
I really want to get an ISR or ASA at my house so I can start doing some more advanced stuff in my lab. I have a Cisco 2900 at the office if that might work better?
I really want to get an ISR or ASA at my house so I can start doing some more advanced stuff in my lab. I have a Cisco 2900 at the office if that might work better?
Its a username you're after - they'll accept any password that's why there isn't one.
tell them that you're seeing an authentication failure from the router so it has to be a user/pass issue.
tell them that you're seeing an authentication failure from the router so it has to be a user/pass issue.
ASKER
trust me I have already tried that 4 times! I have explained the authentication errors. They said that it doesn't need authentication because they allow access to the telephone number it is assigned to.
Do you use BT as an ISP or do use one of their partners?
I wondered if I actually spoke to BT they might know more. Talk Talk seem to have no clue.
Do you use BT as an ISP or do use one of their partners?
I wondered if I actually spoke to BT they might know more. Talk Talk seem to have no clue.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
DHCP option worked! Thanks Craig. Had a few other issues to sort out such as DHCP on the LAN, Wireless, DNS etc, but all working now. Cheers James
No probs James glad to help :-)
What's your config?
The password isn't required to authenticate to BT's RADIUS servers, however the config just needs a line with 'something' in it. Whether it's correct or not is completely irrelevant - it's just used to get authorization from the RADIUS server.
Something like this is what you need for the Dialer interface to authenticate...
Open in new window