3.2.2.8 Lab – Troubleshoot PPPoE Answers

Aug 4, 2022 Last Updated: Aug 4, 2022 CCNA 4 Exam Answers, CCNA v6 No Comments
Tweet Share Pin it

3.2.2.8 Lab – Troubleshoot PPPoE (Instructor Version)

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

3.2.2.8 Lab - Troubleshoot PPPoE Answers 2

Addressing Table

Device Interface IP Address Subnet Mask Default Gateway
Cust1 G0/1 Learned via PPP Learned via PPP Learned via PPP
ISP G0/1 N/A N/A N/A

Objectives

Part 1: Build the Network
Part 2: Troubleshoot PPPoE on Cust1

Background / Scenario

ISPs sometimes use Point-to-Point Protocol over Ethernet (PPPoE) on DSL links to their customers. PPP supports the assignment of IP address information to a device at the remote end of a PPP link. More importantly, PPP supports CHAP authentication. ISPs can check accounting records to see if a customer’s bill has been paid, before letting them connect to the Internet.

In this lab, you will troubleshoot the Cust1 router for PPPoE configuration problems.

Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the correct interface identifiers.

Note: Ensure that the routers and switches have been erased and have no startup configurations. If you are unsure, contact your instructor.

Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.

Required Resources

  • 2 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
  • 2 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
  • Console cables to configure the Cisco IOS devices via the console ports
  • Ethernet cables as shown in the topology

Part 1: Build the Network

Step 1: Cable the network as shown in the topology.

Step 2: Initialize and reload the routers and switches.

Step 3: Copy the configurations on to routers.

a. Copy and paste the Cust1 configuration to the Cust1 router.

hostname Cust1  
enable secret class  
no aaa new-model  
no ip domain lookup  
interface GigabitEthernet0/1  
 no ip address  
 duplex auto  
 speed auto  
 pppoe enable group global  
 pppoe-client dial-pool-number 1  
 no shut  
interface Dialer1  
 mtu 1492  
 ip address negotiated  
 encapsulation ppp  
 dialer pool 1  
 ppp authentication chap callin  
 ppp chap hostname Cust1  
 ppp chap password 0 ciscoppp  
ip route 0.0.0.0 0.0.0.0 Dialer1  
banner motd ^C  
Unauthorized Access Prohibited.  
^C  
line con 0  
 password cisco  
 logging synchronous  
 login  
line aux 0  
line vty 0 4  
 password cisco  
 login  
end

b. Copy and paste the ISP configuration to the ISP router.

hostname ISP  
enable secret class  
username Cust1 password 0 ciscopppoe  
bba-group pppoe global  
 virtual-template 1  
interface GigabitEthernet0/1  
 no ip address  
 duplex auto  
 speed auto  
 pppoe enable group global  
 no shut  
interface Virtual-Template1  
 ip address 10.0.0.254 255.255.255.0  
 mtu 1492  
 peer default ip address pool PPPoEPOOL  
 ppp authentication chap callin  
ip local pool PPPoEPOOL 10.0.0.1 10.0.0.10  
ip forward-protocol nd  
banner motd ^C  
Unauthorized Access Prohibited.  
^C  
line con 0  
 password cisco  
 logging synchronous  
 login  
line vty 0 4  
 password cisco  
 login  
end

Note: Many of the ISP router PPPoE configuration commands are beyond the scope of the course.

c. Save the router configurations.

Part 2: Troubleshoot PPPoE on Cust1

In Part 2, you will troubleshoot PPPoE on the Cust 1 router. The privileged EXEC mode password is class, and console and vty passwords are cisco. The ISP has provided a username of Cust1 and a password of ciscopppoe for PPPoE CHAP authentication.

The following log messages should be appearing on your console session to Cust1:

Cust1#  
*Nov  5 22:53:46.999: %DIALER-6-BIND: Interface Vi2 bound to profile Di1  
*Nov  5 22:53:47.003: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up  
*Nov  5 22:53:47.035: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1  
*Nov  5 22:53:47.039: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down  
Cust1#

Step 1: Verify that IPv4 Address is assigned to the Cust1 Dialer interface.

The Dialer virtual interface did not receive an IP address.

Cust1# show ip interface brief  
Interface                  IP-Address      OK? Method Status                Protocol  
Embedded-Service-Engine0/0 unassigned      YES unset  administratively down down      
GigabitEthernet0/0         unassigned      YES unset  administratively down down      
GigabitEthernet0/1         unassigned      YES unset  up                    up        
Serial0/0/0                unassigned      YES unset  administratively down down      
Serial0/0/1                unassigned      YES unset  administratively down down      
Dialer1                    unassigned      YES manual up                    up        
Virtual-Access1            unassigned      YES unset  up                    up        
Virtual-Access2            unassigned      YES unset  down                  down

Step 2: Debug PPP to determine if the problem is with authentication.

a. Turn on debug for PPP authentication.

Cust1# debug ppp authentication  
PPP authentication debugging is on  
Cust1#  
*Nov  5 23:09:00.283: %DIALER-6-BIND: Interface Vi2 bound to profile Di1  
*Nov  5 23:09:00.287: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up  
*Nov  5 23:09:00.287: Vi2 PPP: Using dialer call direction  
*Nov  5 23:09:00.287: Vi2 PPP: Treating connection as a callout  
*Nov  5 23:09:00.287: Vi2 PPP: Session handle[8A000036] Session id[54]  
*Nov  5 23:09:00.315: Vi2 PPP: No authorization without authentication  
*Nov  5 23:09:00.315: Vi2 CHAP: I CHALLENGE id 1 len 24 from "ISP"  
*Nov  5 23:0  
Cust1#9:00.315: Vi2 PPP: Sent CHAP SENDAUTH Request  
*Nov  5 23:09:00.315: Vi2 PPP: Received SENDAUTH Response FAIL  
*Nov  5 23:09:00.315: Vi2 CHAP: Using hostname from interface CHAP  
*Nov  5 23:09:00.315: Vi2 CHAP: Using password from interface CHAP  
*Nov  5 23:09:00.315: Vi2 CHAP: O RESPONSE id 1 len 26 from "Cust1"  
*Nov  5 23:09:00.315: Vi2 CHAP: I FAILURE id 1 len 25 msg is "Authentication failed"  
*Nov  5 23:09:00.315: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1  
*Nov  5 23:09:00.319: %LINK-3  
Cust1#-UPDOWN: Interface Virtual-Access2, changed state to down  
Cust1#

b. End debug mode.

Cust1# u all
All possible debugging has been turned off
Cust1#

Step 3: Verify that the PPPoE username and password matches what was given by the ISP.

a. Display the running configuration; apply a filter to display only the Dialer section. Verify that the username and password matches what was provided by the ISP.

Cust1# show run | section Dialer
interface Dialer1
 mtu 1492
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 ppp authentication chap callin
 ppp chap hostname Cust1
 ppp chap password 0 ciscoppp
ip route 0.0.0.0 0.0.0.0 Dialer1

b. The problem appears to be with the password. Enter Global configuration mode and fix the ppp password.

Cust1# conf t  
Enter configuration commands, one per line.  End with CNTL/Z.  
Cust1(config)# interface Dialer1  
Cust1(config-if)# ppp chap password ciscopppoe  
Cust1(config-if)# end  
Cust1#  
*Nov  5 23:42:07.343: %SYS-5-CONFIG_I: Configured from console by console  
Cust1#  
*Nov  5 23:42:25.039: %DIALER-6-BIND: Interface Vi2 bound to profile Di1  
*Nov  5 23:42:25.043: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up  
Cust1#  
*Nov  5 23:42:25.063: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2,  
changed state to up

Step 4: Verify PPPoE connectivity.

a. Verify that this change resolved the problem and that an IP address has been assigned to the Dialer1 interface.

Cust1# show ip interface brief  
Interface                  IP-Address      OK? Method Status                Protocol  
Embedded-Service-Engine0/0 unassigned      YES unset  administratively down down      
GigabitEthernet0/0         unassigned      YES unset  administratively down down      
GigabitEthernet0/1         unassigned      YES unset  up                    up        
Serial0/0/0                unassigned      YES unset  administratively down down      
Serial0/0/1                unassigned      YES unset  administratively down down      
Dialer1                    10.0.0.1        YES IPCP   up                    up        
Virtual-Access1            unassigned      YES unset  up                    up        
Virtual-Access2            unassigned      YES unset  up                    up

b. Display the routing table to verify a route to the ISP router.

Cust1# show ip route  
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP  
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area   
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2  
       E1 - OSPF external type 1, E2 - OSPF external type 2  
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2  
       ia - IS-IS inter area, * - candidate default, U - per-user static route  
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP  
       a - application route  
       + - replicated route, % - next hop override

Gateway of last resort is 0.0.0.0 to network 0.0.0.0  
  
S*    0.0.0.0/0 is directly connected, Dialer1  
      10.0.0.0/32 is subnetted, 2 subnets  
C        10.0.0.1 is directly connected, Dialer1  
C        10.0.0.254 is directly connected, Dialer1

c. Display information about the active PPPoE sessions.

Cust1# show pppoe session  
     1 client session   
  
Uniq ID  PPPoE  RemMAC          Port                    VT  VA         State  
           SID  LocMAC                                      VA-st      Type  
    N/A      1  30f7.0da3.1641  Gi0/1                   Di1 Vi2        UP        
                30f7.0da3.0da1                              UP

Step 5: Adjust the maximum segment size on the physical interface.

The PPPoE header adds an additional 8 bytes to each segment. To prevent TCP sessions from being dropped, the maximum segment size (MSS) needs to be adjusted to its optimum value on the physical interface.

a. Display G0/1s configuration setting to see if the MSS has been adjusted.

Cust1# show run interface g0/1
Building configuration...

Current configuration : 136 bytes
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
end

b. Adjust the MSS to its optimum value of 1452 bytes.

Cust1(config)# interface g0/1
Cust1(config-if)# ip tcp adjust-mss 1452
Cust1(config-if)# end

Reflection

Explain why the TCP segment size needs to be adjusted for PPPoE.
________________________________________________________
Answers will vary. The default segment size for Ethernet is 1500. The header information takes up 40 bytes of the segment, leaving 1460 bytes for payload (data). PPPoE requires an additional 8 bytes for its header, so the payload needs to be reduced by 8 bytes to accommodate for the PPPoE header, bringing the optimum maximum segment size down to 1452 bytes.

Router Interface Summary Table

Router Interface Summary
Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
2811 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
2900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface.

Device Configs

Router Cust1

Cust1# show run
Building configuration...

Current configuration : 1433 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cust1
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
ip tcp adjust-mss 1452
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
!
interface Dialer1
mtu 1492
ip address negotiated
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname Cust1
ppp chap password 0 ciscopppoe
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
control-plane
!
banner motd ^C
Unauthorized Access Prohibited.
^C
!
line con 0
password 7 14141B180F0B
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 05080F1C2243
login
transport input all
!
scheduler allocate 20000 1000
!
end

Router ISP

ISP# show run
Building configuration...

Current configuration : 1485 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
username Cust1 password 0 ciscopppoe
!
bba-group pppoe global
virtual-template 1
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
ip tcp adjust-mss 1452
duplex auto
speed auto
pppoe enable group global
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
!
interface Virtual-Template1
ip address 10.0.0.254 255.255.255.0
mtu 1492
peer default ip address pool PPPoEPOOL
ppp authentication chap callin
!
ip local pool PPPoEPOOL 10.0.0.1 10.0.0.10
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
control-plane
!
banner motd ^C
Unauthorized Access Prohibited.
^C
!
line con 0
password 7 14141B180F0B
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 05080F1C2243
login
transport input all
!
scheduler allocate 20000 1000
!
end
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x