|
[H/W] PPPoE Configuration IssueHello Community, My first posting here. Its difficult to explain, but we're attempting to connect users to the Internet using PPPoE. However, whenever I attempt to ping google while connected to our ISP I get the message Cannot place call, no dialer string set. Can someone please take a look at our configs and let me know if there is something obvious that I have missed out. I have attached the debugs of pppoe and the logs Cheers |
|
|
a) what make / model of device is this?
b) please post up your full config -- minus passwords and other sensitive information
Otherwise, are your users able to connect to the internet / are you able to ping google INSPITE of this error message?
Regards |
|
|
|
Thanks for responding.. The configs are attached |
|
|
to carltonp
If you can, please post your output(s) using the "[code] [/code]" tags rather than a ZIP / text file. I've reposted your config for all, and snipped out a few more passwords / sensitive bits jmeu-oman01#term len 0 jmeu-oman01#show run Building configuration...
Current configuration : 8972 bytes ! ! Last configuration change at 14:24:08 GST Wed Aug 20 2014 by admin version 15.2 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname jmeu-oman01 ! boot-start-marker boot-end-marker ! ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 warnings enable secret 4 [SNIP] ! aaa new-model ! ! aaa authentication login default group tacacs+ local aaa authorization exec default group tacacs+ if-authenticated ! ! ! ! ! aaa session-id unique clock timezone GST 4 0 ! crypto pki trustpoint TP-self-signed-1274327352 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1274327352 revocation-check none rsakeypair TP-self-signed-1274327352 ! ! crypto pki certificate chain TP-self-signed-1274327352 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31323734 33323733 3532301E 170D3133 31323035 32323235 35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32373433 32373335 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B3FD D3EE289D 96FCEB3D D9212B8A DA80B285 F2696D3C 7B21B7A2 C0DE7EA4 69CA5029 7C11D3D7 4DAEFFE4 8C334C16 0B2EB3DF 5ED5E987 CEE6A554 6E038232 69D94C11 0A0165C8 FEF65874 E6F390DF A3640026 25485DEC FD7B73BB 18EC3324 D870FE4B 450F3276 263E5542 59977B33 99ECE056 B24E1A8D 6B12033B DCC5B2AB AE630203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 14D3136C E94A9FFA D74D2891 8F184D1C 9B476FE1 15301D06 03551D0E 04160414 D3136CE9 4A9FFAD7 4D28918F 184D1C9B 476FE115 300D0609 2A864886 F70D0101 05050003 8181002D 2DAC8E46 EB3773FD 64B7E3BC B1928447 1AF83AE6 5BD8CFC0 D9CC926F CE55E773 C93D5F22 CE3B61AA A3F5F23D DF30D68C 269E45B7 D87B9918 4ACD9146 FBE16452 088FC84A 5640D8FD 2B8079AB BC183A41 305B238A AC8169E7 080F050D 16E75F04 126FD340 F83E3BA0 A25A0C77 126BA3D0 4EFEE5E1 D73E21E7 8B3DC2FC 0D70C2 quit no ip source-route ip cef ! ! ! !
! ip dhcp excluded-address 10.18.36.1 10.18.36.99 ip dhcp excluded-address 10.18.36.200 10.18.36.254 ! ip dhcp pool LAN import all network 10.18.36.0 255.255.255.0 default-router 10.18.36.1 dns-server xx.xx.xx.xx 172.30.5.242 domain-name process.johnsonmatthey.com ! ! ! no ip domain lookup ip domain name routers.matthey.com ip name-server 172.30.5.240 ip name-server 192.168.1.253 no ipv6 cef ! ! ! ! ! multilink bundle-name authenticated vpdn enable ! ! ! ! ! ! ! license udi pid CISCO891-K9 sn [SNIP] ! ! username [SNIP] privilege 15 secret 5 [SNIP] username [SNIP] privilege 15 secret 5 [SNIP] username [SNIP] privilege 15 secret 5 [SNIP] username [SNIP] privilege 15 secret 4 [SNIP] username [SNIP] privilege 15 password 7 [SNIP] ! redundancy ! ! ! ! ! ip tcp synwait-time 10 ! ! crypto isakmp policy 1 authentication pre-share crypto isakmp key [SNIP]address xx.xx.xx.xx crypto isakmp key [SNIP]address xx.xx.xx.xx ! ! crypto ipsec transform-set JM-ts1 ah-sha-hmac esp-3des mode tunnel ! ! ! crypto map JMEU-VPN 1 ipsec-isakmp set peer xx.xx.xx.xx set transform-set JM-ts1 match address Encrypt-jmeu-london-colo01 crypto map JMEU-VPN 2 ipsec-isakmp set peer xx.xx.xx.xx set transform-set JM-ts1 match address Encrypt-jmeu-london-colo02 ! ! ! ! ! interface Loopback0 ip address 10.9.252.75 255.255.255.255 no ip unreachables no ip proxy-arp ip flow ingress ! interface Tunnel1 description Tunnel to jmeu-london-colo01 bandwidth 2048 backup interface Tunnel2 ip address 10.9.248.82 255.255.255.252 no ip unreachables no ip proxy-arp ip hello-interval eigrp 65100 10 ip hold-time eigrp 65100 180 ip flow ingress no ip route-cache cef ip tcp adjust-mss 1340 keepalive 8 6 tunnel source 188.135.12.101 tunnel destination xx.xx.xx.xx crypto map JMEU-VPN ! interface Tunnel2 description Tunnel to jmeu-london-colo02 bandwidth 2048 ip address 10.9.248.86 255.255.255.252 no ip unreachables no ip proxy-arp ip hello-interval eigrp 65100 10 ip hold-time eigrp 65100 180 ip flow ingress no ip route-cache cef ip tcp adjust-mss 1340 keepalive 8 6 tunnel source 188.135.12.101 tunnel destination xx.xx.xx.xx crypto map JMEU-VPN ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface FastEthernet4 no ip address ! interface FastEthernet5 no ip address ! interface FastEthernet6 no ip address ! interface FastEthernet7 no ip address ! interface FastEthernet8 description Internet router ADD FILTER LIST no ip address no ip unreachables no ip proxy-arp ip flow ingress ip tcp adjust-mss 1452 duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 no cdp enable crypto map JMEU-VPN ! interface GigabitEthernet0 description Connect to Oman ISP no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress duplex auto speed auto no cdp enable crypto map JMEU-VPN ! interface GigabitEthernet0.711 encapsulation dot1Q 711 ip flow ingress pppoe enable group global pppoe-client dial-pool-number 1 no cdp enable crypto map JMEU-VPN ! interface Vlan1 description Oman LAN ip address 10.18.36.1 255.255.255.0 ip tcp adjust-mss 1452 ! interface Async1 no ip address encapsulation slip ! interface Dialer1 bandwidth 2048 ip address negotiated ip mtu 1488 ip virtual-reassembly in encapsulation ppp dialer pool 1 dialer idle-timeout 0 dialer persistent dialer-group 1 ppp authentication pap chap callin ppp chap hostname [SNIP] ppp chap password 7 [SNIP] ppp pap sent-username [SNIP] password 7 [SNIP] no cdp enable crypto map JMEU-VPN ! ! router eigrp 65100 network 10.0.0.0 redistribute static metric 1500 1000 255 1 1500 route-map allow-static-routes ! ip forward-protocol nd ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 5 life 86400 requests 10000 ! ! ip route 0.0.0.0 0.0.0.0 Dialer1 ip route xx.xx.xx.xx 255.255.255.255 83.230.38.209 name Royston_DSL ip route xx.xx.xx.xx. 255.255.255.255 Dialer1 name London_DSL ip route xx.xx.xx.xx 255.255.255.255 Dialer1 name jmeu-london-colo01 ip route xx.xx.xx.xx 255.255.255.255 Dialer1 name jmeu-london-colo02 ip route xx.xx.xx.xx 255.255.255.255 83.230.38.209 name Royston_Visitors ip tacacs source-interface Loopback0 ! ip access-list extended Encrypt-jmeu-london-colo01 permit gre host 188.135.12.101 host xx.xx.xx.xx ip access-list extended Encrypt-jmeu-london-colo02 permit gre host 188.135.12.101 host xx.xx.xx.xx ip access-list extended Permitted-Inbound-Internet permit icmp any any remark london-colo01 permit ahp host xx.xx.xx.xx host 188.135.12.101 permit esp host xx.xx.xx.xx host 188.135.12.101 permit udp host xx.xx.xx.xx host 188.135.12.101 eq isakmp permit gre host xx.xx.xx.xx host 188.135.12.101 remark london-colo02 permit ahp host xx.xx.xx.xx host 188.135.12.101 permit esp host xx.xx.xx.xx host 188.135.12.101 permit udp host xx.xx.xx.xx host 188.135.12.101 eq isakmp permit gre host xx.xx.xx.xx host 188.135.12.101 remark Remote Access permit tcp host xx.xx.xx.xx any eq telnet permit tcp host xx.xx.xx.xx any eq 22 permit tcp host xx.xx.xx.xx any eq telnet permit tcp host 213.123.131.197 any eq 22 permit tcp host 81.136.157.45 any eq telnet permit tcp host 81.136.157.45 any eq 22 ! logging source-interface Loopback0 logging host 192.168.1.122 dialer-list 1 protocol ip permit no cdp run ! snmp-server community [SNIP] RO snmp-server enable traps tty ! tacacs-server host 192.168.1.222 tacacs-server timeout 20 tacacs-server directed-request tacacs-server key 7 [SNIP] ! ! ! control-plane ! ! ! ! mgcp profile default ! ! ! ! ! banner login ^C ----------------------------------------------------------------------- Property of Johnson Matthey jmeu-oman01 ----------------------------------------------------------------------- ^C ! line con 0 logging synchronous line 1 modem InOut speed 115200 flowcontrol hardware line aux 0 line vty 0 4 privilege level 15 logging synchronous transport input telnet ssh line vty 5 15 privilege level 15 transport input telnet ssh ! scheduler max-task-time 5000 ntp server 172.30.5.240 ntp server 172.30.4.102 ! end My immediate question is you seem to be doing a standard DSL / PPPOE config, what's with the following lines on your Gi0.711 quote: interface GigabitEthernet0.711 encapsulation dot1Q 711 ip flow ingress pppoe enable group global pppoe-client dial-pool-number 1 no cdp enable crypto map JMEU-VPN
Also still looking for your response to the following said by HELLFIRE:Otherwise, are your users able to connect to the internet / are you able to ping google INSPITE of this error message? Regards |
|
|
pppoe enable group global pppoe-client dial-pool-number 1
The above commands are required to enable pppoe.
Hellfire, users aren't able to connect to the internet.... I can't ping google... |
|
|
to carltonp
My standard guide for configuring / troubleshooting xDSL configurations, but it's written more for ISRs with an inbuilt RJ11 interface... Question, how is your 891 wired into your DSL service exactly? ie. 891 Gi0.711 -> ??? -> ??? -> ??? -> your ISP Regards |
|
cramer Premium Member join:2007-04-10 Raleigh, NC Westell 6100 Cisco PIX 501
|
to carltonp
said by carltonp:we're attempting to connect users to the Internet using PPPoE So you are trying to be the pppoe server? Your config looks like a pppoe client setup. The server side is done with vpdn and virtual templates. Cisco has many example configs for doing this. |
|
|
We're not trying to be the pppoe server. |
|
·Frontier FiberOp..
|
ppp authentication pap chap callin
ppp chap hostname [SNIP]
ppp chap password 7 [SNIP]
ppp pap sent-username [SNIP] password 7 [SNIP]
Do you know if the ISP supports encrypting PPP password via Vigenere cipher in addition to CHAP? Why not try this? ppp authentication pap chap callin
ppp chap hostname [SNIP]
ppp chap password 0 [SNIP]
ppp pap sent-username [SNIP] password 0 [SNIP]
|
|
|
to carltonp
So what about this, just out of curiousity? said by HELLFIRE:how is your 891 wired into your DSL service exactly? ie. 891 Gi0.711 -> ??? -> ??? -> ??? -> your ISP From your other thread, I'm making a *WAG here but your 891 wires into some 'box' that turns an RJ45 cable into RJ11 cable; said 'box' can't / isn't configured to do the PPPoE so you need to do it on the Gi0.711 interface, am I right? *Wild A** Guess Regards |
|
|
Hellfire,
Totally correct.
Why do you ask?
Cheers |
|
|
to carltonp
...more personal curiosity... it's a config / setup I've never seen before. Learn something new every day Regards |
|
·Frontier FiberOp..
|
Back when I had Verizon DSL, I used a Westell Wirespeed 2100; remember those? . I'd always set it to bridge mode, and at the time I used a NetGear RT314; remember those as well? Good times.... |
|
cramer Premium Member join:2007-04-10 Raleigh, NC |
to tired_runner
type 7 and type 0 are the same thing. The router isn't sending the raw type 7 password via pap -- it reverse it and sends plain text. |
|
|
to tired_runner
...don't remind me... I come from those magical days between 14.4K dialup (and family feuds about someone else NOT picking up the phone while you're dialed in) to the early heydays of DOCSIS1.0 and ADSL1. Regards |
|