Solved

Configuring a Cisco 881 Router for PPPoE to a BT Openreach Fibre Modem

Posted on 2014-02-15
13
3,187 Views
Last Modified: 2014-02-16
Hi,

I have Fibre Broadband connection from Talk Talk for which they supplied me a BT Modem and a basic router. I want to change the router for my own Cisco 881 ISR. I have been doing some googling around and I understand that you need to configure PPPoE pass through so I can get this to work.

Currently my dialer interface is not getting an IP from the ISP and is stuck on "Internet address will be negotiated using IPCP". My configuration requires a username and password however the 1st line support at the ISP tell me that no password is required. Can anyone shed some light on what I am missing here?
0
Comment
Question by:V0LUME
  • 7
  • 6
13 Comments
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
I have a 1841 running on Infinity.

What's your config?

The password isn't required to authenticate to BT's RADIUS servers, however the config just needs a line with 'something' in it.  Whether it's correct or not is completely irrelevant - it's just used to get authorization from the RADIUS server.

Something like this is what you need for the Dialer interface to authenticate...

interface Dialer0
 mtu 1492
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 ppp authentication chap callin
 ppp chap hostname bthomehub@btbroadband.com
 ppp chap password 0 bthomehub@btbroadband.com
!

Open in new window

0
 

Author Comment

by:V0LUME
Comment Utility
Current config is this:

WHITENET-R1#show run  
Building configuration...

Current configuration : 1432 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WHITENET-R1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable password cisco
!
no aaa new-model
!
!
ip source-route
!
!
!        
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!        
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description PPPoE Interface
 no ip address
 duplex auto
 speed auto
 pppoe enable
 pppoe-client dial-pool-number 1
!
interface Vlan1
 description Internal LAN Interfaces 0-3
 ip address 192.168.1.12 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Dialer1
 mtu 1492
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 ppp authentication pap chap callin
 ppp chap hostname 01628627140@talktalk.net
 ppp chap password 0 H5R5M5T2F5
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface Dialer1 overload
!
ip access-list standard NAT
 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
!
control-plane
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
Ok, try adding this to the rest of the config...

interface Dialer1
 dialer-group 1

Open in new window

0
 

Author Comment

by:V0LUME
Comment Utility
ok, first I added the dialer-group 1 command but nothing happened so I removed the dialer pool 1 as I thought this might conflict with the dialer-group. Now I don't get anything from the debug ppp authentication.

Current config:

interface FastEthernet4
 description PPPoE Interface
 no ip address
 duplex auto
 speed auto
 pppoe enable
 pppoe-client dial-pool-number 1
!
interface Vlan1
 description Internal LAN Interfaces 0-3
 ip address 192.168.1.12 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Dialer1
 mtu 1492
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname bthomehub@btbroadband.com
 ppp chap password 0 bthomehub@btbroadband.com

Debug Output:

WHITENET-R1#
*Feb 16 13:14:47.267: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Feb 16 13:14:47.271: Vi1 PPP: Phase is DOWN, Setup
*Feb 16 13:14:47.271: Vi1 PPP: Using dialer call direction
*Feb 16 13:14:47.271: Vi1 PPP: Treating connection as a callout
*Feb 16 13:14:47.271: Vi1 PPP: Session handle[92000350] Session id[0]
*Feb 16 13:14:47.271: Vi1 PPP: Phase is ESTABLISHING, Active Open
*Feb 16 13:14:47.271: Vi1 PPP: Authorization required
*Feb 16 13:14:47.271: Vi1 PPP: No remote authentication for call-out
*Feb 16 13:14:47.271: Vi1 LCP: O CONFREQ [Closed] id 1 len 14
*Feb 16 13:14:47.271: Vi1 LCP:    MRU 1492 (0x010405D4)
*Feb 16 13:14:47.271: Vi1 LCP:    MagicNumber 0x12B773F6 (0x050612B773F6)
*Feb 16 13:14:47.271: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Feb 16 13:14:47.275: Vi1 LCP: I CONFREQ [REQsent] id 179 len 19
*Feb 16 13:14:47.275: Vi1 LCP:    MRU 1492 (0x010405D4)
*Feb 16 13:14:47.275: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
*Feb 16 13:14:47.275: Vi1 LCP:    MagicNumber 0x4A1D7DE5 (0x05064A1D7DE5)
*Feb 16 13:14:47.275: Vi1 LCP: O CONFACK [REQsent] id 179 len 19
*Feb 16 13:14:47.275: Vi1 LCP:    MRU 1492 (0x010405D4)
*Feb 16 13:14:47.275: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
*Feb 16 13:14:47.275: Vi1 LCP:    MagicNumber 0x4A1D7DE5 (0x05064A1D7DE5)
*Feb 16 13:14:47.279: Vi1 LCP: I CONFACK [ACKsent] id 1 len 14
*Feb 16 13:14:47.279: Vi1 LCP:    MRU 1492 (0x010405D4)
*Feb 16 13:14:47.279: Vi1 LCP:    MagicNumber 0x12B773F6 (0x050612B773F6)
*Feb 16 13:14:47.279: Vi1 LCP: State is Open
*Feb 16 13:14:47.279: Vi1 PPP: No authorization without authentication
*Feb 16 13:14:47.279: Vi1 PPP: Phase is AUTHENTICATING, by the peer
*Feb 16 13:14:47.283: Vi1 CHAP: I CHALLENGE id 1 len 31 from "npe001.slo"
*Feb 16 13:14:47.283: Vi1 CHAP: Using hostname from interface CHAP
*Feb 16 13:14:47.283: Vi1 CHAP: Using password from interface CHAP
*Feb 16 13:14:47.283: Vi1 CHAP: O RESPONSE id 1 len 46 from "bthomehub@btbroadband.com"
*Feb 16 13:14:47.311: Vi1 CHAP: I FAILURE id 1 len 43 msg is "CHAP authentication failure, unit 19221"
*Feb 16 13:14:47.311: Vi1 LCP: I TERMREQ [Open] id 180 len 4
*Feb 16 13:14:47.311: Vi1 LCP: O TERMACK [Open] id 180 len 4
*Feb 16 13:14:47.315: Vi1 PPP: Sending Acct Event[Down] id[126]
*Feb 16 13:14:47.315: Vi1 PPP: Phase is TERMINATING
*Feb 16 13:14:47.499: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1
*Feb 16 13:14:47.503: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
That's an authentication failure. If you try using the talktalk credentials you had in your original config and run the debug again see what happens.

You'll need to shut and no shut the Dialer interface when you try.
0
 

Author Comment

by:V0LUME
Comment Utility
the Talk Talk Credentials are from a brochure dated 2007. The error is still the same with this in it.

Updated config:

interface Dialer1
 mtu 1492
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname 01628627140@talktalk.net
 ppp chap password 0 H5R5M5T2F5

Debug:

WHITENET-R1#
*Feb 16 14:55:00.499: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Feb 16 14:55:00.499: Vi1 PPP: Using dialer call direction
*Feb 16 14:55:00.499: Vi1 PPP: Treating connection as a callout
*Feb 16 14:55:00.499: Vi1 PPP: Session handle[C900038C] Session id[0]
*Feb 16 14:55:00.499: Vi1 PPP: Authorization required
*Feb 16 14:55:00.499: Vi1 PPP: No remote authentication for call-out
*Feb 16 14:55:00.503: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Feb 16 14:55:00.639: Vi1 PPP: No authorization without authentication
*Feb 16 14:55:00.647: Vi1 CHAP: I CHALLENGE id 1 len 31 from "npe001.slo"
*Feb 16 14:55:00.647: Vi1 CHAP: Using hostname from interface CHAP
*Feb 16 14:55:00.647: Vi1 CHAP: Using password from interface CHAP
*Feb 16 14:55:00.647: Vi1 CHAP: O RESPONSE id 1 len 45 from "01628627140@talktalk.net"
*Feb 16 14:55:00.887: Vi1 CHAP: I FAILURE id 1 len 43 msg is "CHAP authentication failure, unit 26658"
*Feb 16 14:55:01.347: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1
*Feb 16 14:55:01.351: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
OK just give their support a ring and ask what the username should be.
0
 

Author Comment

by:V0LUME
Comment Utility
just rang the ISP again and spoke to support person number 4. They confirmed once again there is no password they can give me. They said to call Cisco!

I really want to get an ISR or ASA at my house so I can start doing some more advanced stuff in my lab. I have a Cisco 2900 at the office if that might work better?
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
Its a username you're after - they'll accept any password that's why there isn't one.

tell them that you're seeing an authentication failure from the router so it has to be a user/pass issue.
0
 

Author Comment

by:V0LUME
Comment Utility
trust me I have already tried that 4 times! I have explained the authentication errors. They said that it doesn't need authentication because they allow access to the telephone number it is assigned to.

Do you use BT as an ISP or do use one of their partners?
I wondered if I actually spoke to BT they might know more. Talk Talk seem to have no clue.
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
Comment Utility
Ok try this then...

default interface FastEthernet4
interface FastEthernet4
 description PPPoE Interface
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 mtu 1492
 duplex auto
 speed auto
!
no ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
ip nat inside source list NAT interface FastEthernet4 overload

Open in new window

0
 

Author Comment

by:V0LUME
Comment Utility
DHCP option worked! Thanks Craig. Had a few other issues to sort out such as DHCP on the LAN, Wireless, DNS etc, but all working now. Cheers James
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
No probs James glad to help :-)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now