US Telco Support > AT&T > AT&T Southeast > PPPOE Auth Fail (Cisco 1721 with ATT DSL)

PPPOE Auth Fail (Cisco 1721 with ATT DSL)

You should start your own thread for this

reply to beast99
Have you checked the dsl line stats

reply to beast99
In interface ATM0 you have pvc 0/35. You don't say what ATT service area you are in. Have you verified 0/35 to be correct?

reply to beast99
I didn't go through your whole config but noticed right of that your VPI is incorrect,
ATT uses 8/35

Let me know if you still need help, I have a 1721 on ATT.

reply to beast99
Here is my config, I have a bit on here but you can ignore the inspect statements and the control plane if you want.

I have a qos policy for VoIP and some port redirects in there too.

!
version 12.4
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime
service password-encryption
!
hostname ZEB_1721
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret ##############
!
aaa new-model
!
!
aaa authentication login default local
!
aaa session-id common
memory-size iomem 25
clock timezone EDT -5
clock summer-time Eastern recurring 2 Sun Mar 2:00 2 Sun Nov 2:00
ip cef
!
!
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name FIREWALL tcp
ip inspect name FIREWALL udp
ip inspect name FIREWALL cuseeme
ip inspect name FIREWALL ftp
ip inspect name FIREWALL h323
ip inspect name FIREWALL rcmd
ip inspect name FIREWALL realaudio
ip inspect name FIREWALL streamworks
ip inspect name FIREWALL vdolive
ip inspect name FIREWALL sqlnet
ip inspect name FIREWALL tftp
ip inspect name FIREWALL sip
ip inspect name FIREWALL rtsp
ip inspect name FIREWALL pptp
ip inspect name FIREWALL https
ip inspect name FIREWALL icmp
ip inspect name FIREWALL esmtp
ip inspect name FIREWALL http
ip inspect name FIREWALL telnet
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip domain name ###########.com
ip name-server 199.2.252.10
vpdn enable
!
!
!
!
!
username admin privilege 15 password ############
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map match-all telnet-class
match access-group name CONTROL-PLANE-PROTECT
class-map match-any VOICE
match protocol sip
match dscp ef
match dscp cs6
match access-group name VOIP-MATCH
class-map match-all TELNET-CLASS
!
!
policy-map TELNET-POLICY
class telnet-class
police 80000 conform-action transmit exceed-action drop
policy-map VOIP_POLICY
class VOICE
priority 200
set dscp ef
class class-default
fair-queue
random-detect
!
!
!
!
!
interface ATM0
bandwidth 512
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode ansi-dmt
!
interface ATM0.1 point-to-point
no ip mroute-cache
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
ip address 10.0.0.2 255.255.255.0
ip access-group lan-network in
ip nat inside
ip virtual-reassembly
ip route-cache policy
no ip mroute-cache
speed auto
hold-queue 100 out
!
interface Dialer1
mtu 1492
bandwidth 400
ip address negotiated
ip access-group border in
ip verify unicast reverse-path
no ip unreachables
ip inspect FIREWALL in
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
ip tcp adjust-mss 1250
tx-ring-limit 5
tx-queue-limit 5
dialer pool 1
no cdp enable
ppp authentication chap callin
ppp chap hostname #########@att.net
ppp chap password ################
service-policy output VOIP_POLICY
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 10.0.0.6 80 interface Dialer1 80
ip nat inside source static tcp 10.0.0.6 1723 interface Dialer1 1723
ip nat inside source static tcp 10.0.0.6 443 interface Dialer1 443
ip nat inside source static tcp 10.0.0.6 25 interface Dialer1 25
ip nat inside source static tcp 10.0.0.10 5060 interface Dialer1 5060
ip nat inside source static tcp 10.0.0.6 3389 interface Dialer1 3389
!
ip access-list extended CONTROL-PLANE-PROTECT
deny tcp 10.0.0.0 0.0.0.255 any eq telnet
permit tcp any any eq telnet
ip access-list extended FORCE-FIREWALL
deny ip any any
ip access-list extended VOIP-MATCH
permit ip any host 10.0.0.34
permit ip any host 10.0.0.10
ip access-list extended border
remark this prevents spoofed ip from entering
deny ip 72.151.89.160 0.0.0.7 any
deny ip 192.168.0.0 0.0.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 127.0.0.0 0.255.255.255 any log
remark This prevents DOS to Broadcast address
deny icmp any host 72.151.89.167
remark This prevents MULTICAST leaks
deny ip any 224.0.0.0 15.255.255.255
remark The following blocks exploit Exploit.JS.BO.D from being installed
deny ip any 209.86.66.88 0.0.0.7 log
permit tcp any host 72.151.89.162 eq smtp log
permit tcp any host 72.151.89.162 eq www
permit tcp any host 72.151.89.162 eq 443
permit tcp any host 72.151.89.162 eq 3389
permit tcp any host 72.151.89.162 eq 1723
permit tcp any host 72.151.89.162 eq ftp
deny tcp any host 72.151.89.162
permit udp 72.151.89.160 0.0.0.7 host 72.151.89.162 eq tftp
deny udp any any eq 1434 log
permit tcp any host 72.151.89.163 eq www
deny tcp any host 72.151.89.163
remark 64 Next line stops SLAMMER VIRUS
permit ip host 205.244.201.221 any
permit ip any any
ip access-list extended lan-network
permit tcp 10.0.0.0 0.0.0.255 any
permit udp 10.0.0.0 0.0.0.255 any
permit icmp 10.0.0.0 0.0.0.255 any
deny ip any any
!
logging history size 40
logging facility local0
logging source-interface FastEthernet0
logging 72.151.89.162
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 5 permit any
access-list 6 permit any
access-list 10 permit 72.151.89.160 0.0.0.7
access-list 10 permit 205.244.200.0 0.0.1.255
access-list 10 permit 10.0.0.0 0.0.0.255
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 20 permit 72.151.89.163
access-list 30 permit 72.151.89.162
access-list 102 permit ip host 72.151.89.162 any
access-list 102 permit ip host 205.244.201.221 any
access-list 102 permit ip host 72.151.89.161 any
dialer-list 1 protocol ip permit
!
control-plane
service-policy input TELNET-POLICY
!
banner motd C
************************************************************************

**WARNING!**
HQ Network Gateway Router
Unauthorized access to this network is strictly forbidden.
All connections are logged, legal action will be taken against violators.

************************************************************************

!
line con 0
line aux 0
line vty 0 4
access-class 10 in
exec-timeout 30 0
password ################
transport input all
!
no scheduler max-task-time
sntp server 132.163.4.101
sntp broadcast client
end

I just noticed this thread, and I think the primary reason your config works (aside from possibly the OP's pvc statement being wrong *), and the OP's does not is because of your "interface ATM0.1 point-to-point" section.

The OP's use of the "encapsulation aal5snap" inside the "interface ATM0" section is I think theoretically correct for PPPoE, but I have never seen an IOS based Cisco router that did not do PPPoE the way you set it up using the statements in your "interface ATM0.1 point-to-point" section.

*We really don't know where the OP lives, so his 0/35 may not actually be wrong, People from CA, TX, and other non-BellSouth areas post in here all the time under the assumption that AT&T is actually the monolith that it aspires to be. I almost made a post showing the OP how to do a PPPoA connection (since he was having problems with a PPPoE connection). But unless beast99 actually lives in the legacy BellSouth area that would be pointless, so I will wait to see if any of the suggestions made work (and I know where the OP lives) before doing that.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.