Wednesday, January 30, 2013

Troubleshooting PPP Internet Connection On A Cisco Router

 
Troubleshooting PPP Internet Connection On A Cisco Router
 
The Point-to-Point Protocol is one of the most popular protocols around used by engineers, ISPs and companies around the globe for authentication of remote users & router equipment.
 
The most common application of PPP is your ISP dialup account, whether it be ADSL, ISDN or even the good old analog modems - PPP is found in all of these connectivity methods.
 
PPP is a non-proprietary protocol, which also explains its wide adoption by vendors around the world.
Example Scenario
 
In this example, we'll be dealing with the PPP connection to our ISP. We are using a Cisco 2811 ISR router equipped with an HWIC-ADSLI card, which means we are connecting via ADSL and therefore using a virtual Dialer interface configured with our ISP account.
 
 
 
We will examine how to verify the connection to our ISP account and explain the steps that should be followed in case we are unable to connect. There are many reasons why a router might not be able to log in to the ISP account so we will cover the most common problems, which include: Incorrect username, incorrect password, invalid IP address & invalid authentication configuration.
 
Troubleshooting these possibilities will provide you with enough experience and information to help you deal with other similar problems that can occur during the ppp negotiation process.
 
Remember, the goal here is to cover these problematic cases, but most importantly - gear you up with enough experience and troubleshooting skills to help you tackle similar situations.
Incorrect Username or Password
 
This is a typical errors. You've mismatched the username and password, therefore unable to connect to the ISP account.
 
Under normal operation, you wouldn't be able to detect that your router is unable to connect to your ISP account. The results (e.g no Internet connection) will surely start making you wonder and start searching until you find out what's happening.
 
A quick check on the Dialer0 interface will confirm that there is a problem, as you notice there is no IP address assigned to it:
 
  • R1# show ip interface brief
  • Interface IP-Address OK? Method Status Protocol
  • FastEthernet0/0 10.0.0.240 YES NVRAM up up
  • Service-Engine0/0 192.168.1.1 YES TFTP up up
  • FastEthernet0/1 192.168.1.1 YES NVRAM up up
  • Virtual-Access1 unassigned YES unset up up
  • Virtual-Template1 10.0.0.240 YES TFTP down down
  • Virtual-Access2 unassigned YES unset down down
  • Virtual-Template2 10.0.0.240 YES TFTP down down
  • Virtual-Access3 unassigned YES unset up up
  • Dialer0 unassigned YES IPCP up up
  • R1#
 
To check whether there is an issue with the ISP account and get a deeper insight to the source of the problem, issue the following debug command:
 
*Apr 25 20:03:23.731: Vi3 CHAP: O RESPONSE id 188 len 39 from "firewallcx@otenet.gr"
 
This debugging provides quite a bit of information during the authentication process and we've only included a portion of it. We don't want to analyse everything here, because later on we will deal with all this information without choice :)
 
In our lab, we've deliberately set an incorrect password to force these errors, and unfortunately the ISP response is not being specific on where the problem is. The response 'user unknown' tells us that either our username, firewallcx@otenet.gr, or password is incorrect.
 
At this point, we at least know one of the two is causing the problem.
 
You can check your username by viewing the dialer configuration and try re-inserting your password, just in case you mistyped it the first time. If this gives the same result, then obviously the account credentials you've got are incorrect.
 
Thankfully most ISPs have a customer web-portal that allows them to log into their account and change usernames and passwords. If you've got this capability, use it. If not, a quick call to your ISP will prove most useful.
 
Lastly, if you would like to check you have inserted the correct account password, issue the following command and copy the type 7 password value from the dialer configuration:
 
ppp chap hostname firewallcx@otenet.gr
 
Next, visit our Cisco type 7 password cracker page and insert the hashed password so it can reveal it:
 
 
 
 
 

No comments:

Post a Comment