Guest

Asymmetric Digital Subscriber Line (ADSL)

Configuring a Cisco 1700/2600/3600 ADSL WIC as a PPPoE Client With NAT

Cisco - Configuring a Cisco 1700/2600/3600 ADSL WIC as a PPPoE Client With NAT

Document ID: 12964

Updated: Jun 26, 2006

   Print

Introduction

The Cisco 1700, 2600, and 3600 Series Routers support the Asymmetric Digital Subscriber Line (ADSL) WAN Interface Card (WIC). All three platforms are configured essentially the same. However, there are differences in hardware and in the Cisco IOS® Software Release that is required for each one. Throughout this document, the Cisco 1700, 2600, and 3600 are called the “Cisco ADSL WIC.”

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco 6400 UAC-NRP IOS Software Release 12.1(3)DC1

  • Cisco 6400 UAC-NSP IOS Software Release 12.1(3)DB

  • Cisco 6130 DSLAM-NI2 IOS Software Release 12.1(5)DA

To support the ADSL WIC on the Cisco 2600/3600, this hardware is required:

2600 3600
Chassis WIC slots NM-1FE1R2W
NM-2W NM-1FE2W
  NM-2FE2W
  NM-2W

Important: For the Cisco 3600, this hardware does not support the ADSL WIC:

  • NM-1E1R2W

  • NM-1E2W

  • NM-2E2W

To support the ADSL WIC, at least these Cisco IOS Software Releases are required:

  • Cisco IOS Software Release 12.1(5)YB (Plus versions only) on the Cisco 2600/3600

  • Cisco IOS Software Release IOS 12.1(3)XP or later (Plus versions or ADSL feature set only) on the Cisco 1700. The ADSL feature set is identified by “y7” in the image name. For example, c1700-sy7-mz.121-3.XP.bin.

  • When you download the image for the Cisco 1700, make sure that you select the image name of 1700. Do not download a 1720 or a 1750 image. These features do not support the ADSL WIC.

To support Point-to-Point Protocol over Ethernet (PPPoE), you must have the ADSL+PLUS feature set. The ADSL-only feature set does not support PPPoE on the Cisco 1700.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Background Information

In Cisco IOS Software Release 12.1(3)XG, a PPPoE client feature is introduced for the Cisco ADSL WIC. This feature allows the PPPoE functionality to be moved to the router. Multiple PCs can be installed behind the Cisco ADSL WIC. Before their traffic is sent to the PPPoE session, it can be encrypted, filtered, and so forth. Also, Network Address Translation (NAT) can run.

This document shows a PPPoE client configured on the Asynchronous Transfer Mode (ATM) interface (the DSL interface) of the Cisco ADSL WIC.

The configuration on the Cisco 6400 node route processor (NRP) can also be used on another router used as an aggregator and with an ATM interface.

Configure

This section provides information to configure the features described in this document.

Note: To find additional information about the commands in this document, use the Command Lookup Tool (registered customers only) .

Network Diagram

This document uses this network setup:

wicadsl_pppoe_client.gif

Configurations

PPPoE is configured on the Cisco ADSL WIC with the virtual private dial-up network (VPDN) commands. Ensure that you configure these commands first.

Note: For information about how to change the size of the maximum transmission unit (MTU), refer to Troubleshooting MTU Size in PPPoE Dialin Connectivity.

This document uses these configurations:

Cisco ADSL WIC
!
vpdn enable
no vpdn logging
!
vpdn-group pppoe
  request-dialin

!--- You are the PPPoE client that asks to establish a session
!--- with the aggregation unit (6400 NRP). These VPDN commands
!--- are not needed with Cisco IOS Software Release 12.2(13)T
!--- or later.

   protocol pppoe
!

!--- Internal Ethernet network.

!
interface FastEthernet0
 ip address 10.92.1.182 255.255.255.0
 ip nat inside

!--- DSL interface.

!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 bundle-enable
 dsl operating-mode auto
 hold-queue 224 in

!--- All defaults.
!--- PPPoE runs on top of AAL5SNAP. However, the
!--- encap aal5snap command is not used.

!
interface ATM0.1 point-to-point
 pvc 1/1
  pppoe-client dial-pool-number 1

!--- pvc 1/1 is an example value that must be changed to match
!--- the value used by the ISP.

 !

!--- The PPPoE client code ties into a dialer interface upon
!--- which a virtual-access interface is cloned.

!
interface Dialer1
 ip address negotiated
 ip mtu 1492

!--- Ethernet MTU default = 1500 (1492 + PPPoE headers = 1500)

 ip nat outside
 encapsulation ppp
 dialer pool 1

!--- Ties to the ATM interface.

 ppp authentication chap callin
 ppp chap hostname <username>
 ppp chap password <password>
!

!--- The ISP instructs you about the type of authentication
!--- to use.
!--- To change from PPP Challenge Handshake Authentication
!--- Protocol (CHAP) to PPP Password Authentication Protocol
!--- (PAP), replace these three lines:
!---    ppp authentication chap callin
!---    ppp chap hostname <username>
!---    ppp chap password <password>
!--- with these two lines:
!---    ppp authentication pap callin
!---    ppp pap sent-username <username> password <password>
!--- For NAT, overload on the Dialer1 interface and add a
!--- default route out, because the dialer IP address can
!--- change.

ip nat inside source list 1 interface Dialer1 overload 
ip classless 
ip route 0.0.0.0 0.0.0.0 dialer1 
no ip http server 
! 
access-list 1 permit 10.92.1.0 0.0.0.255 

!--- For NAT. 

! 

Cisco 6400
Cisco 6400 ***
local ppp user

!--- You can also use aaa.

username <username> password <password>

!--- Begin with the VPDN commands. Notice that you bind the
!--- PPPoE here to a virtual-template, instead of on the ATM
!--- interface. You can not (at this time) use more than one 
!--- virtual-template (or VPDN group) for PPPoE beginning with
!--- the VPDN commands.

vpdn enable
no vpdn logging
!
vpdn-group pppoe
 accept-dialin

!--- PPPoE server mode.

  protocol pppoe
  virtual-template 1
!
!
interface ATM0/0/0
 no ip address
 no atm ilmi-keepalive
 hold-queue 500 in

!--- The binding to the virtual-template interface is
!--- configured in the VPDN group.

!
interface ATM0/0/0.182 point-to-point
 pvc 1/82
  encapsulation aal5snap

!--- This needs the command on the server side.

  protocol pppoe
 !
!

!--- Virtual-template is used instead of dialer interface.

!
interface Virtual-Template1
 ip unnumbered Loopback10
 ip mtu 1492
 peer default ip address pool ippool
 ppp authentication chap
!
!
interface Loopback10
 ip address 8.8.8.1 255.255.255.0
!
ip local pool ippool 9.9.9.1 9.9.9.5

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

Use this section to troubleshoot your configuration.

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

Note: Refer to Important Information on Debug Commands before you use debug commands.

Debug the PPPoE Client

To debug the PPPoE client on the Cisco ADSL WIC or Cisco 6400, you must consider the protocol stack. You can start at the bottom to troubleshoot.

  1. DSL Physical Layer:

    Make sure the line is up and trained.

    show interface atm0
    ATM0 is up, line protocol is up
      Hardware is PQUICC_SAR (with Alcatel ADSL Module)
    
    show dsl interface atm0
    
    !--- Look for “Showtime” in the first few lines.
    
    ATU-R (DS)
    ATU-C (US)
    Modem Status:    Showtime (DMTDSL_SHOWTIME)
    
  2. ATM Layer:

    If the ATM interface is up, issue the debug atm packet command to see if anything comes in from the ISP.

    Note: You do not see outgoing packets with this command because of the way the packets are processed.

    You need to see output similar to this, with the same Type, SAP, CTL, and OUI fields that show that the incoming ATM packet is AAL5SNAP:

    debug atm packet
    03:21:32: ATM0(I):
    VCD:0x2 VPI:0x1 VCI:0x1 Type:0x0 SAP:AAAA CTL:03 OUI:0080C2 TYPE:0007 Length:0x30
    03:21:32: 0000 0050 7359 35B7 0001 96A4 84AC 8864 1100 0001 000E C021 09AB 000C 0235
    03:21:32: 279F 0000 0000
    03:21:32:
  3. Ethernet Layer:

    Complete Ethernet frames are in the AAL5SNAP packets. There is no debug Ethernet packet command. However, you need to perform some VPDN debugs (PPPoE debugs for Cisco IOS Software Release 12.2(13)T or later) to see the PPPoE frames.

    For reference, an Ethernet frame which is a PPPoE frame contains one of these two Ethertypes:

    • 0x8863 Ethertype = PPPoE control packet (handles the PPPoE session)

    • 0x8864 Ethertype = PPPoE data packet (contains PPP packets)

    One important note is that there are two sessions in PPPoE. The PPPoE session, which is a VPDN L2TP type session, and the PPP session. In order to establish PPPoE, you have a PPPoE session establishment phase and a PPP session establishment phase.

    Termination usually involves a PPP termination phase and a PPPoE termination phase.

    The PPPoE establishment phase identifies the PPPoE client and server (the MAC addresses) and assigns a session ID. After that is complete, the normal PPP establishment occurs just like any other PPP connection.

    To debug, use VPDN PPPoE debugs (PPPoE debugs for Cisco IOS Software Release 12.2(13)T or later) to determine if the PPPoE connect phase is successful.

    #debug vpdn pppoe-events (debug pppoe events)
    06:17:58: Sending PADI: vc=1/1
    
    !--- A broadcast Ethernet frame (in this case encapsulated in ATM)
    !--- requests a PPPoE server, “Are there any PPPoE servers out there?”
    
    06:18:00:  PPPOE: we've got our pado and the pado timer went off
    
    !--- This is a unicast reply from a PPPoE server
    !--- (very similar to a DHCP offer).
    
    06:18:00: OUT PADR from PPPoE tunnel
    
    !--- This is a unicast reply that accepts the offer.
    
    06:18:00: IN PADS from PPPoE tunnel
    
    !--- This is a confirmation and completes the establishment.
    
    

    The PPP establishment begins as any other PPP initiation. After the PPPoE session is established, issue show vpdn commands (show pppe session for Cisco IOS Software Release 12.2(13)T or later) to get the status.

    # show vpdn (show pppoe session)
    %No active L2TP tunnels
    %No active L2F tunnels
    
    PPPoE Tunnel and Session Information Total tunnels 1 sessions 1
    
    PPPoE Tunnel Information
    
    Session count: 1
    
    PPPoE Session Information
    SID      RemMAC          LocMAC      Intf    VASt   OIntf   VC
    1    0050.7359.35b7  0001.96a4.84ac  Vi1     UP     AT0     11
    

    Get packet count information via the show vpdn session all (show pppoe session all) command.

    show vpdn session all (show pppoe session all)
    %No active L2TP tunnels
    %No active L2F tunnels
    
    PPPoE Session Information Total tunnels 1 sessions 1
    
    session id: 1
    local MAC address: 0001.96a4.84ac, remote MAC address: 0050.7359.35b7
    virtual access interface: Vi1, outgoing interface: AT0, vc: 1/1
        1656 packets sent, 1655 received, 24516 bytes sent, 24486 received
    

    Other debug commands:

    • debug vpdn pppoe-data (debug pppoe data)

    • debug vpdn pppoe-errors (debug pppoe errors)

    • debug vpdn pppoe-packets (debug pppoe packets)

  4. PPP Layer:

    After the PPPoE session is established, the PPP debugs are the same for any other PPP establishment.

    The same debug ppp negotiation and debug ppp authentication commands are used. This is sample output.

    Note: In this sample, the hostname is “client1.” The name of the remote Cisco 6400 is “nrp-b.”

    06:36:03: Vi1 PPP: Treating connection as a callout
    06:36:03: Vi1 PPP: Phase is ESTABLISHING, Active Open [0 sess, 1 load]
    06:36:03: Vi1 PPP: No remote authentication for call-out
    06:36:03: Vi1 LCP: O CONFREQ [Closed] id 1 len 10
    06:36:03: Vi1 LCP:    MagicNumber 0x03013D43 (0x050603013D43)
    06:36:03: Vi1 LCP: I CONFACK [REQsent] id 1 len 10
    06:36:03: Vi1 LCP:    MagicNumber 0x03013D43 (0x050603013D43)
    06:36:05: Vi1 LCP: I CONFREQ [ACKrcvd] id 2 len 15
    06:36:05: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
    06:36:05: Vi1 LCP:    MagicNumber 0x65E315E5 (0x050665E315E5)
    06:36:05: Vi1 LCP: O CONFACK [ACKrcvd] id 2 len 15
    06:36:05: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
    06:36:05: Vi1 LCP:    MagicNumber 0x65E315E5 (0x050665E315E5)
    06:36:05: Vi1 LCP: State is Open
    06:36:05: Vi1 PPP: Phase is AUTHENTICATING, by the peer [0 sess, 1 load]
    06:36:05: Vi1 CHAP: I CHALLENGE id 9 len 26 from "nrp-b"
    06:36:05: Vi1 CHAP: Using alternate hostname client1
    06:36:05: Vi1 CHAP: Username nrp-b not found
    06:36:05: Vi1 CHAP: Using default password
    06:36:05: Vi1 CHAP: O RESPONSE id 9 len 28 from "client1"
    06:36:05: Vi1 CHAP: I SUCCESS id 9 len 4
    06:36:05: Vi1 PPP: Phase is FORWARDING [0 sess, 1 load]
    06:36:05: Vi1 PPP: Phase is AUTHENTICATING [0 sess, 1 load]
    06:36:05: Vi1 PPP: Phase is UP [0 sess, 1 load]
    06:36:05: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10
    06:36:05: Vi1 IPCP:    Address 0.0.0.0 (0x030600000000)
    06:36:05: Vi1 CDPCP: O CONFREQ [Closed] id 1 len 4
    06:36:05: Vi1 IPCP: I CONFREQ [REQsent] id 1 len 10
    06:36:05: Vi1 IPCP:    Address 8.8.8.1 (0x030608080801)
    06:36:05: Vi1 IPCP:    Address 8.8.8.1 (0x030608080801)
    06:36:05: Vi1 IPCP:    Address 9.9.9.2 (0x030609090902)
    06:36:05: Vi1 IPCP: O CONFREQ [ACKsent] id 2 len 10
    06:36:05: Vi1 IPCP:    Address 9.9.9.2 (0x030609090902)
    06:36:05: Vi1 LCP: I PROTREJ [Open] id 3 len 10 protocol CDPCP (0x820701010004)
    06:36:05: Vi1 CDPCP: State is Closed
    06:36:05: Vi1 IPCP: I CONFACK [ACKsent] id 2 len 10
    06:36:05: Vi1 IPCP:    Address 9.9.9.2 (0x030609090902)
    06:36:05: Vi1 IPCP: State is Open
    06:36:05: Di1 IPCP: Install negotiated IP interface address 9.9.9.2
    06:36:05: Di1 IPCP: Install route to 8.8.8.1
    06:36:06: %LINEPROTO-5-UPDOWN: Line protocol on
    Interface Virtual-Access1, changed state to up

Debug the PPPoE Server

To debug the Cisco 6400 (the PPPoE server), use the same bottom-up procedure that is used for the Cisco ADSL WIC (the client). The difference is in the DSL physical layer, where you need to check the DSLAM.

  1. DSL Physical Layer:

    To check the DSL physical layer, you need to see the DSL statistics on the DSLAM. For Cisco DSLAMs, issue the show dsl interface command.

  2. ATM Layer:

    On the Cisco 6400 side, you can also issue a debug atm packet command. Enable the Cisco 6400 for a specific PVC.

    debug atm packet interface atm 0/0/0.182 vc 1/82
    

    You need to see output similar to this, with the same Type, SAP, CTL, and OUI fields that show that the incoming ATM packet is AAL5SNAP:

    4d04h: ATM0/0/0.182(I):
    VCD:0x3 VPI:0x1 VCI:0x52 Type:0x900 SAP:AAAA CTL:03 OUI:0080C2 TYPE:0007 Length:0x30
    4d04h: 0000 0001 96A4 84AC 0050 7359 35B7 8864 1100 0001 000E C021 0A2E 000C 65E3
    4d04h: 15E5 0000 0000

    Note: You do not see outgoing packets with this command because of the way the packets are processed.

  3. Ethernet Layer:

    The same VPDN show commands and debugs used on the Cisco ADSL WIC can be used on the Cisco 6400 to look at the PPPoE establishment.

    # debug vpdn pppoe-events (debug pppoe events)
    4d04h: IN PADI from PPPoE tunnel
    
    4d04h: OUT PADO from PPPoE tunnel
    
    4d04h: IN PADR from PPPoE tunnel
    
    4d04h: PPPoE: Create session
    4d04h: PPPoE: VPN session created.
    
    4d04h: OUT PADS from PPPoE tunnel
    
    # show vpdn
    %No active L2TP tunnels
    %No active L2F tunnels
    
    PPPoE Tunnel and Session Information Total tunnels 1 sessions 1
    
    PPPoE Tunnel Information
    
    Session count: 1
    
    PPPoE Session Information
    SID        RemMAC          LocMAC       Intf    VASt   OIntf        VC
    1       0001.96a4.84ac  0050.7359.35b7  Vi4     UP     AT0/0/0 1    82
    
    # show vpdn session all
    
    nrp-b# show vpdn session all
    %No active L2TP tunnels
    %No active L2F tunnels
    
    PPPoE Session Information Total tunnels 1 sessions 1
    
    session id: 1
    local MAC address: 0050.7359.35b7, remote MAC address: 0001.96a4.84ac
    virtual access interface: Vi4, outgoing interface: AT0/0/0, vc: 1/82
        30 packets sent, 28 received, 422 bytes sent, 395 received
    

    Other debug commands:

    • debug vpdn pppoe-data (debug pppoe data)

    • debug vpdn pppoe-errors (debug pppoe errors)

    • debug vpdn pppoe-packets (debug pppoe packets)

  4. PPP Layer:

    This is PPP debug output from the Cisco 6400 that corresponds to the earlier debug from the Cisco ADSL WIC:

    debug ppp negotiation and debug ppp authentication
    4d04h: Vi2 PPP: Treating connection as a dedicated line
    4d04h: Vi2 PPP: Phase is ESTABLISHING, Active Open [0 sess, 1 load]
    4d04h: Vi2 LCP: O CONFREQ [Closed] id 1 len 15
    4d04h: Vi2 LCP:    AuthProto CHAP (0x0305C22305)
    4d04h: Vi2 LCP:    MagicNumber 0x65F62814 (0x050665F62814)
    4d04h: Vi2 LCP: I CONFREQ [REQsent] id 1 len 10
    4d04h: Vi2 LCP:    MagicNumber 0x03144FF9 (0x050603144FF9)
    4d04h: Vi2 LCP: O CONFACK [REQsent] id 1 len 10
    4d04h: Vi2 LCP:    MagicNumber 0x03144FF9 (0x050603144FF9)
    4d04h: Vi3 LCP: I ECHOREQ [Open] id 60 len 8 magic 0xA60C0000
    4d04h: Vi3 LCP: O ECHOREP [Open] id 60 len 8 magic 0x51A0BEF6
    4d04h: Vi2 LCP: TIMEout: State ACKsent
    4d04h: Vi2 LCP: O CONFREQ [ACKsent] id 2 len 15
    4d04h: Vi2 LCP:    AuthProto CHAP (0x0305C22305)
    4d04h: Vi2 LCP:    MagicNumber 0x65F62814 (0x050665F62814)
    4d04h: Vi2 LCP: I CONFACK [ACKsent] id 2 len 15
    4d04h: Vi2 LCP:    AuthProto CHAP (0x0305C22305)
    4d04h: Vi2 LCP:    MagicNumber 0x65F62814 (0x050665F62814)
    4d04h: Vi2 LCP: State is Open
    4d04h: Vi2 PPP: Phase is AUTHENTICATING, by this end [0 sess, 1 load]
    4d04h: Vi2 CHAP: O CHALLENGE id 10 len 26 from "nrp-b"
    4d04h: Vi2 CHAP: I RESPONSE id 10 len 28 from "client1"
    4d04h: Vi2 PPP: Phase is FORWARDING [0 sess, 1 load]
    4d04h: Vi2 PPP: Phase is AUTHENTICATING [0 sess, 1 load]
    4d04h: Vi2 CHAP: O SUCCESS id 10 len 4
    4d04h: Vi2 PPP: Phase is UP [0 sess, 1 load]
    4d04h: Vi2 IPCP: O CONFREQ [Closed] id 1 len 10
    4d04h: Vi2 IPCP:    Address 8.8.8.1 (0x030608080801)
    4d04h: Vi2 IPCP: I CONFREQ [REQsent] id 1 len 10
    4d04h: Vi2 IPCP:    Address 0.0.0.0 (0x030600000000)
    4d04h: Vi2 IPCP: Pool returned 9.9.9.2
    4d04h: Vi2 IPCP: O CONFNAK [REQsent] id 1 len 10
    4d04h: Vi2 IPCP:    Address 9.9.9.2 (0x030609090902)
    4d04h: Vi2 CDPCP: I CONFREQ [Not negotiated] id 1 len 4
    4d04h: Vi2 LCP: O PROTREJ [Open] id 3 len 10 protocol CDPCP (0x820701010004)
    4d04h: Vi2 IPCP: I CONFACK [REQsent] id 1 len 10
    4d04h: Vi2 IPCP:    Address 8.8.8.1 (0x030608080801)
    4d04h: Vi2 IPCP: I CONFREQ [ACKrcvd] id 2 len 10
    4d04h: Vi2 IPCP:    Address 9.9.9.2 (0x030609090902)
    4d04h: Vi2 IPCP: O CONFACK [ACKrcvd] id 2 len 10
    4d04h: Vi2 IPCP:    Address 9.9.9.2 (0x030609090902)
    4d04h: Vi2 IPCP: State is Open
    4d04h: Vi2 IPCP: Install route to 9.9.9.2
    4d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface
    Virtual-Access2, changed state to up

Related Information

Updated: Jun 26, 2006
Document ID: 12964