Access VPN Solutions Using Tunneling Technology (1): Layer 2 Forwarding Case Study
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- Updated:
- March 13, 1999
Chapter: Configuring the NAS for Basic Dial Access
- Step 1—Configuring the Host Name, Enable Password, and Service Time Stamps
- Step 2—Configuring Local AAA
- Step 3—Configuring the LAN Interface
- Step 4—Commissioning the T1 Controllers
- Step 5—Configuring the Serial Channels to Let Modem Calls Come In
- Step 6—Configuring the Modems and Asynchronous Lines
- Step 7—Specifying the IP Address Pool and DNS Servers
- Step 8—Configuring the Group-Async Interface
Configuring the NAS for Basic Dial Access
Introduction
In this first task, the ISP:
•
Configures the Cisco AS5300 network access server (NAS) to support basic IP and modem services.
•Verifies that basic dial access works before the ISP starts forwarding PPP sessions to the enterprise customer's home gateway.
•Troubleshoots the NAS if there are problems.
shows the ISP's basic dial access topology. Clients using modems dial in to the NAS over four T1 PRI lines that are assigned to 555-0945.
Figure 8 Basic Dial Access Network Topology
After the ISP completes this task, basic dial access will function as follows:
•The client dials in to the NAS.
•The client and the NAS successfully complete PPP negotiation.
•The NAS assigns an IP address to the client.
•The client and NAS bidirectionally support IP services.
Configuring Basic Dial Access
To configure the NAS for basic dial access, the ISP completes the following steps:
•Step 1—Configuring the Host Name, Enable Password, and Service Time Stamps
•Step 3—Configuring the LAN Interface
•Step 4—Commissioning the T1 Controllers
•Step 5—Configuring the Serial Channels to Let Modem Calls Come In
•Step 6—Configuring the Modems and Asynchronous Lines
•Step 7—Specifying the IP Address Pool and DNS Servers
•Step 8—Configuring the Group-Async Interface
Step 1—Configuring the Host Name, Enable Password, and Service Time Stamps
In this step, the ISP:
•Assigns a host name to the NAS
•Sets up configuration privileges
•Turns on service time stamps
|
|
|
|---|---|
Router> enable |
Access privileged EXEC mode. |
Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. |
Access global configuration mode1 . |
Router(config)# hostname ISP_NAS |
Assign a host name to the access server. A host name distinguishes the NAS from other devices on the network. |
ISP_NAS(config)# enable secret letmein |
Enter a secret enable password, which secures privileged EXEC mode. An enable password allows you to prevent unauthorized configuration changes. Make sure to change letmein to your own secret password. |
ISP_NAS(config)# service password-encryption |
Encrypt passwords in the configuration file. |
ISP_NAS(config)# service timestamps debug datetime msec |
Apply millisecond time stamping to debug and logging output. These time stamps help identify debug output when there is a lot of activity on the router. |
1 If the logging output generated by the NAS interferes with your terminal screen, redisplay the current command line by using the Tab key. |
Step 2—Configuring Local AAA
In this step, the ISP:
•Enables the authentication, authorization, and accounting (AAA) access control system
•Creates a local username database
AAA provides the primary framework through which you set up access control on the NAS. Authentication identifies the client; authorization tells the client what it can do; accounting records what the client did do.
|
|
|
|---|---|
ISP_NAS(config)# aaa new-model
|
Initiate the AAA access control system. |
ISP_NAS(config)# aaa authentication ppp default local
|
Configure PPP authentication to use the local database. |
ISP_NAS(config)# username jane-admin password
jane-password
|
Create a local login database and username for yourself—the network administrator1 . Note |
ISP_NAS(config)# username jeremy password subaru
|
Create a local login username for the client. The username jeremy and password subaru are locally authenticated by the NAS. Later in the case study, jeremy is authenticated by the home gateway's CiscoSecure AAA server (not the NAS). |
1 Make sure you use your own username and password. |
Step 3—Configuring the LAN Interface
In this step, the ISP:
•Assigns an IP address to the Ethernet interface
•Brings up the interface
|
|
|
|---|---|
ISP_NAS(config)# interface ethernet 0 |
Configure the IP address and subnet mask on the Ethernet interface. Do not forget to use your own IP address and subnet mask. |
ISP_NAS(config-if)# no shutdown |
Bring up the interface. This command changes the state of the interface from administratively down to up1 . |
1 The term administratively down means that the interface is intentionally shut down by the administrator. The shutdown command is applied to the interface. |
Step 4—Commissioning the T1 Controllers
In this step, the ISP:
•Defines the ISDN switch type
•Commissions the T1 controllers to allow modem calls to come into the NAS. The ISP must specify the following information for each controller:
•Framing type
•Line code type
•Clock source
•Timeslot assignments
Step 5—Configuring the Serial Channels to Let Modem Calls Come In
In this step, the ISP:
•Configures the D channels to allow incoming voice calls to be routed to the integrated MICA modems. The D channel is the signaling channel.
•Uses the D channel to control the behavior of individual B channels
Step 6—Configuring the Modems and Asynchronous Lines
In this step, the ISP:
•Defines a range of modem lines
•Enables PPP clients to dial in, bypass the EXEC facility, and automatically start PPP.
Configure the modems and lines after the ISDN channels are operational. Each modem corresponds with a dedicated asynchronous line inside the access server. The modem speed 115200 bps and hardware flow control are default values for integrated modems.
Step 7—Specifying the IP Address Pool and DNS Servers
In this step, the ISP:
•Creates an IP addresses pool that contains one IP address
•Specifies a primary and secondary domain name server (DNS)
|
|
|
|---|---|
ISP_NAS(config)# ip local pool default 1.1.1.1 |
Create an IP pool containing one IP address to assign to one client1 . |
ISP_NAS(config)# async-bootp dns-server 171.68.10.70 171.68.10.140 |
Specify the domain name servers on the network, which can be used for clients dialing in with PPP. |
1 Later in the case study, the client is assigned an IP address from the local IP pool configured on the home gateway. The NAS, which is maintained by the ISP, does not assign IP addresses to the enterprise customer's clients when the network is configured as an access VPN. |
Step 8—Configuring the Group-Async Interface
In this step, the ISP:
•Creates a group-async interface
•Projects protocol characteristics to 96 asynchronous interfaces
The group-async interface is a template that controls the configuration of all the asynchronous interfaces inside the NAS. Asynchronous interfaces are lines running in PPP mode. An asynchronous interface uses the same number as its corresponding line. Configuring all the asynchronous interfaces as an async group saves you time by reducing the number of configuration steps.
!
Verifying Basic Dial Access
This section describes how to verify that the following end-to-end connections function as shown in :
•Step 1—Checking the NAS Running Configuration
•Step 4—Displaying Active Call Statistics on the NAS
•Step 6—Verifying That the Asynchronous Interface Is Up and That LCP Is Open
Figure 9 Basic Dial Access Network Topology
After you successfully test these connections, go to "Configuring the Access VPN to Work with Local AAA." If you experience problems, see "Troubleshooting Basic Dial Access."
Step 1—Checking the NAS Running Configuration
Enter the show running-config command in privileged EXEC mode to make sure that the NAS accepted the commands you entered:
ISP_NAS# show running-config
Building configuration...
Current configuration:
!
version 11.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ISP_NAS
!
aaa new-model
aaa authentication ppp default local
enable secret 5 $1$AXl/$27hOM6j51a5P76Enq.LCf0
!
!
username jeremy password 7 021511590A141A
username jane-admin password 7 0501090A6C5C4F1A0A1218000F
!
async-bootp dns-server 171.68.10.70 171.68.10.140
isdn switch-type primary-5ess
!
controller T1 0
framing esf
clock source line primary
linecode b8zs
pri-group timeslots 1-24
!
controller T1 1
framing esf
clock source line secondary
linecode b8zs
pri-group timeslots 1-24
!
controller T1 2
framing esf
clock source internal
linecode b8zs
pri-group timeslots 1-24
!
controller T1 3
framing esf
clock source internal
linecode b8zs
pri-group timeslots 1-24
!
!
interface Ethernet0
ip address 172.22.66.23 255.255.255.192
!
interface Serial0:23
no ip address
isdn switch-type primary-5ess
isdn incoming-voice modem
no cdp enable
!
interface Serial1:23
no ip address
isdn switch-type primary-5ess
isdn incoming-voice modem
no cdp enable
!
interface Serial2:23
no ip address
isdn switch-type primary-5ess
isdn incoming-voice modem
no cdp enable
!
interface Serial3:23
no ip address
isdn switch-type primary-5ess
isdn incoming-voice modem
no cdp enable
!
interface FastEthernet0
no ip address
shutdown
!
interface Group-Async1
ip unnumbered Ethernet0
encapsulation ppp
async mode interactive
peer default ip address pool default
ppp authentication chap pap
group-range 1 96
!
ip local pool default 1.1.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 172.22.66.1
!
line con 0
transport input none
line 1 96
autoselect during-login
autoselect ppp
modem InOut
line aux 0
line vty 0 4
!
end
Step 2—Dialing in to the NAS
From the client, dial in to the NAS. Use the PRI telephone number assigned to the NAS' T1 trunks. Sometimes the PRI telephone is called the hunt group number. shows the username, password, and PRI telephone entered in the Windows 95 dial-up networking utility.
Figure 10 Windows 95 Dial-Up Networking Utility
As the call comes into the NAS, a LINK-3-UPDOWN message automatically appears on the NAS' terminal screen. In this example, the call comes in to the NAS on asynchronous interface 47. The asynchronous interface is up.
*Jan 1 21:22:18.410: %LINK-3-UPDOWN: Interface Async47, changed state to up
Note No debug commands are turned on to display this log message. Start troubleshooting the NAS if you do not see this message after 30 seconds of when the client first transmits the call.
Step 3—Pinging the NAS
Ping the NAS from the client. From the Windows 95 desktop:
(a) Click Start.
(b) Select Run.
(c) Enter ping 172.22.66.23. See .
(d) Click OK.
(e) Look at the ping terminal screen and verify that the NAS is sending ping reply packets to the client. See .
Figure 11
Windows 95 Ping Utility
Figure 12
Ping Reply Packets Sent from the NAS to the Client
Step 4—Displaying Active Call Statistics on the NAS
From the NAS, enter the show caller command and show caller user name command to verify that the client received an IP address. This example shows that Jeremy is using TTY line 47, asynchronous interface 47, and IP address 1.1.1.1. The network administrator jane-admin is using console 0.
ISP_NAS# show caller
Line User Service Active
con 0 jane-admin TTY 01:54:15
tty 47 jeremy Async 00:00:54
As47 jeremy PPP 00:00:50
ISP_NAS# show caller user jeremy
User: jeremy, line tty 47, service Async, active 00:01:49
TTY: Line 47, running PPP on As47, idle 00:00:00
Line: Baud rate (TX/RX) is 115200/115200, no parity, 1 stopbits, 8 databits
Status: Ready, Active, No Exit Banner, Async Interface Active
HW PPP Support Active
Capabilities: Hardware Flowcontrol In, Hardware Flowcontrol Out
Modem Callout, Modem RI is CD,
Line is permanent async interface, Integrated Modem
Modem State: Ready
Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch
00:10:00 never - never not set
User: jeremy, line As47, service PPP, active 00:01:45
PPP: LCP Open, CHAP (<- AAA), IPCP
IP: Local 172.22.66.23, remote 1.1.1.1
Counts: 29 packets input, 1690 bytes, 0 no buffer
0 input errors, 0 CRC, 0 frame, 0 overrun
12 packets output, 255 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
Note The show caller command was added to the Cisco IOS software at Release 11.3(5)AA. If your software version of software does not support the show caller command, use the show user command.
Step 5—Pinging the Client
From the NAS, ping Jeremy's PC at IP address 1.1.1.1:
ISP_NAS# ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.66.55, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 128/136/160 ms
Step 6—Verifying That the Asynchronous Interface Is Up and That LCP Is Open
From the NAS, enter the show interface async 47 command to verify that the interface is up, LCP is open, and no errors are reported:
ISP_NAS# show interface async 47
Async47 is up, line protocol is up
modem(slot/port)=1/46, state=CONNECTED
dsx1(slot/unit/channel)=0/0/0, status=VDEV_STATUS_ACTIVE_CALL.VDEV_STATUS_ALL.
Hardware is Async Serial
Interface is unnumbered. Using address of Ethernet0 (172.22.66.23)
MTU 1500 bytes, BW 115 Kbit, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive not set
DTR is pulsed for 5 seconds on reset
LCP Open
Open: IPCP
Last input 00:00:46, output 00:02:42, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/10, 0 drops; input queue 1/10, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
37 packets input, 2466 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
12 packets output, 255 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Troubleshooting Basic Dial Access
This section provides the ISP with a methodology for troubleshooting basic dial access as described in . Complete the following steps to perform basic dial-up fault isolation. The bolded lines of output indicate important information.
•Step 1—Checking the ISDN Status
•Step 2—Troubleshooting PPP Negotiation
•Step 4—Checking the Error Status of the T1 Controllers
•Step 5—Troubleshooting the Modem Call State Machine
Figure 13
Troubleshooting Flow Diagram for Basic Dial Access
If you use a Telnet session to connect to the NAS, enable the terminal monitor command, which ensures that your EXEC session is receiving the logging and debug output from the NAS.
When you finish troubleshooting, enter the undebug all command to turn off all debug commands. Isolating debug output helps you efficiently build a network.
Step 1—Checking the ISDN Status
Enter the show isdn status command to confirm that Layer 1 is active and the display field MULTIPLE_FRAME_ESTABLISHED appears at Layer 2. This example shows that each serial interface is functioning properly:
ISP_NAS# show isdn status
Global ISDN Switchtype = primary-5ess
ISDN Serial0:23 interface
dsl 0, interface ISDN Switchtype = primary-5ess
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
1 Active Layer 3 Call(s)
Activated dsl 0 CCBs = 1
CCB:callid=11E, sapi=0, ces=0, B-chan=12, calltype=DATA
ISDN Serial1:23 interface
dsl 1, interface ISDN Switchtype = primary-5ess
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
1 Active Layer 3 Call(s)
Activated dsl 1 CCBs = 1
CCB:callid=12A, sapi=0, ces=0, B-chan=2, calltype=VOICE
ISDN Serial2:23 interface
dsl 2, interface ISDN Switchtype = primary-5ess
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
1 Active Layer 3 Call(s)
Activated dsl 2 CCBs = 1
CCB:callid=143, sapi=0, ces=0, B-chan=7, calltype=DATA
ISDN Serial3:23 interface
dsl 3, interface ISDN Switchtype = primary-5ess
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
4 Active Layer 3 Call(s)
Activated dsl 3 CCBs = 4
CCB:callid=160, sapi=0, ces=0, B-chan=14, calltype=VOICE
CCB:callid=162, sapi=0, ces=0, B-chan=17, calltype=VOICE
CCB:callid=167, sapi=0, ces=0, B-chan=22, calltype=VOICE
CCB:callid=168, sapi=0, ces=0, B-chan=23, calltype=VOICE
Total Allocated ISDN CCBs = 7
If Layer 1 is not active:
•Check the physical layer connectivity. Try using another port or cable.
•Check with your PRI provider.
If the display field MULTIPLE_FRAME_ESTABLISHED does not appear at Layer 2:
•Verify that the ISDN switch setting is correct.
•Enter the show controller command to verify that the controller is up without any alarms or errors. For an example, see "Step 4—Checking the Error Status of the T1 Controllers."
Note If you isolated the problem to Layers 1 or 2 and you think that you fixed it, go back to the verification steps and confirm that the problem is resolved. If the client still cannot dial in to the NAS, go to Step 2.
Step 2—Troubleshooting PPP Negotiation
Troubleshoot PPP negotiation by:
(a) Turning on the debug ppp negotiation command.
(b) Pinging the NAS from the client.
(c) Observing the debug output messages that appear on the NAS' terminal screen. If you do not see debug output, turn off the debug ppp negotiation command and go to Step 3.
It is important to understand what a successful debug PPP sequence looks like before you troubleshoot PPP negotiation. In this way, comparing a faulty PPP debug session against a successfully completed debug PPP sequence saves you time and effort.
Following is an example of a successful PPP sequence. See for a detailed description of the output fields.
ISP_NAS# debug ppp negotiation
PPP protocol negotiation debugging is on
ISP_NAS# show debug
PPP:
PPP protocol negotiation debugging is on
ISP_NAS#
Mar 13 10:57:13.415: %LINK-3-UPDOWN: Interface Async1, changed state to up
Mar 13 10:57:15.415: As1 LCP: O CONFREQ [ACKrcvd] id 2 len 25
Mar 13 10:57:15.415: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)
Mar 13 10:57:15.415: As1 LCP: AuthProto CHAP (0x0305C22305)
Mar 13 10:57:15.415: As1 LCP: MagicNumber 0x1084F0A2 (0x05061084F0A2)
Mar 13 10:57:15.415: As1 LCP: PFC (0x0702)
Mar 13 10:57:15.415: As1 LCP: ACFC (0x0802)
Mar 13 10:57:15.543: As1 LCP: I CONFACK [REQsent] id 2 len 25
Mar 13 10:57:15.543: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)
Mar 13 10:57:15.543: As1 LCP: AuthProto CHAP (0x0305C22305)
Mar 13 10:57:15.543: As1 LCP: MagicNumber 0x1084F0A2 (0x05061084F0A2)
Mar 13 10:57:15.543: As1 LCP: PFC (0x0702)
Mar 13 10:57:15.547: As1 LCP: ACFC (0x0802)
Mar 13 10:57:16.919: As1 LCP: I CONFREQ [ACKrcvd] id 4 len 23
Mar 13 10:57:16.919: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)
Mar 13 10:57:16.919: As1 LCP: MagicNumber 0x001327B0 (0x0506001327B0)
Mar 13 10:57:16.919: As1 LCP: PFC (0x0702)
Mar 13 10:57:16.919: As1 LCP: ACFC (0x0802)
Mar 13 10:57:16.919: As1 LCP: Callback 6 (0x0D0306)
Mar 13 10:57:16.919: As1 LCP: O CONFREJ [ACKrcvd] id 4 len 7
Mar 13 10:57:16.919: As1 LCP: Callback 6 (0x0D0306)
Mar 13 10:57:17.047: As1 LCP: I CONFREQ [ACKrcvd] id 5 len 20
Mar 13 10:57:17.047: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)
Mar 13 10:57:17.047: As1 LCP: MagicNumber 0x001327B0 (0x0506001327B0)
Mar 13 10:57:17.047: As1 LCP: PFC (0x0702)
Mar 13 10:57:17.047: As1 LCP: ACFC (0x0802)
Mar 13 10:57:17.047: As1 LCP: O CONFACK [ACKrcvd] id 5 len 20
Mar 13 10:57:17.047: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)
Mar 13 10:57:17.047: As1 LCP: MagicNumber 0x001327B0 (0x0506001327B0)
Mar 13 10:57:17.047: As1 LCP: PFC (0x0702)
Mar 13 10:57:17.047: As1 LCP: ACFC (0x0802)
Mar 13 10:57:17.047: As1 LCP: State is Open
Mar 13 10:57:17.047: As1 PPP: Phase is AUTHENTICATING, by this end
Mar 13 10:57:17.047: As1 CHAP: O CHALLENGE id 1 len 28 from "ISP_NAS"
Mar 13 10:57:17.191: As1 CHAP: I RESPONSE id 1 len 30 from "jeremy"
Mar 13 10:57:17.191: As1 CHAP: O SUCCESS id 1 len 4
Mar 13 10:57:17.191: As1 PPP: Phase is UP
Mar 13 10:57:17.191: As1 IPCP: O CONFREQ [Closed] id 1 len 10
Mar 13 10:57:17.191: As1 IPCP: Address 172.22.66.23 (0x0306AC164217)
Mar 13 10:57:17.303: As1 IPCP: I CONFREQ [REQsent] id 1 len 40
Mar 13 10:57:17.303: As1 IPCP: CompressType VJ 15 slots CompressSlotID (0x020
6002D0F01)
Mar 13 10:57:17.303: As1 IPCP: Address 0.0.0.0 (0x030600000000)
Mar 13 10:57:17.303: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
Mar 13 10:57:17.303: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Mar 13 10:57:17.303: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
Mar 13 10:57:17.303: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Mar 13 10:57:17.303: As1 IPCP: O CONFREJ [REQsent] id 1 len 22
Mar 13 10:57:17.303: As1 IPCP: CompressType VJ 15 slots CompressSlotID (0x020
6002D0F01)
Mar 13 10:57:17.303: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Mar 13 10:57:17.303: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Mar 13 10:57:17.319: As1 CCP: I CONFREQ [Not negotiated] id 1 len 15
Mar 13 10:57:17.319: As1 CCP: MS-PPC supported bits 0x00000001 (0x12060000000
1)
Mar 13 10:57:17.319: As1 CCP: Stacker history 1 check mode EXTENDED (0x110500
0104)
Mar 13 10:57:17.319: As1 LCP: O PROTREJ [Open] id 3 len 21 protocol CCP
Mar 13 10:57:17.319: As1 LCP: (0x80FD0101000F12060000000111050001)
Mar 13 10:57:17.319: As1 LCP: (0x04)
Mar 13 10:57:17.319: As1 IPCP: I CONFACK [REQsent] id 1 len 10
Mar 13 10:57:17.319: As1 IPCP: Address 172.22.66.23 (0x0306AC164217)
Mar 13 10:57:18.191: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, cha
nged state to up
Mar 13 10:57:19.191: As1 IPCP: TIMEout: State ACKrcvd
Mar 13 10:57:19.191: As1 IPCP: O CONFREQ [ACKrcvd] id 2 len 10
Mar 13 10:57:19.191: As1 IPCP: Address 172.22.66.23 (0x0306AC164217)
Mar 13 10:57:19.315: As1 IPCP: I CONFACK [REQsent] id 2 len 10
Mar 13 10:57:19.315: As1 IPCP: Address 172.22.66.23 (0x0306AC164217)
Mar 13 10:57:20.307: As1 IPCP: I CONFREQ [ACKrcvd] id 2 len 34
Mar 13 10:57:20.307: As1 IPCP: Address 0.0.0.0 (0x030600000000)
Mar 13 10:57:20.307: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
Mar 13 10:57:20.307: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Mar 13 10:57:20.307: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
Mar 13 10:57:20.307: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Mar 13 10:57:20.307: As1 IPCP: O CONFREJ [ACKrcvd] id 2 len 16
Mar 13 10:57:20.307: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Mar 13 10:57:20.307: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Mar 13 10:57:20.419: As1 IPCP: I CONFREQ [ACKrcvd] id 3 len 22
Mar 13 10:57:20.419: As1 IPCP: Address 0.0.0.0 (0x030600000000)
Mar 13 10:57:20.419: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
Mar 13 10:57:20.419: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
Mar 13 10:57:20.419: As1 IPCP: O CONFNAK [ACKrcvd] id 3 len 22
Mar 13 10:57:20.419: As1 IPCP: Address 1.1.1.1 (0x030601010101)
Mar 13 10:57:20.419: As1 IPCP: PrimaryDNS 171.68.10.70 (0x8106AB440A46)
Mar 13 10:57:20.419: As1 IPCP: SecondaryDNS 171.68.10.140 (0x8306AB440A8C)
Mar 13 10:57:20.543: As1 IPCP: I CONFREQ [ACKrcvd] id 4 len 22
Mar 13 10:57:20.543: As1 IPCP: Address 1.1.1.1 (0x030601010101)
Mar 13 10:57:20.547: As1 IPCP: PrimaryDNS 171.68.10.70 (0x8106AB440A46)
Mar 13 10:57:20.547: As1 IPCP: SecondaryDNS 171.68.10.140 (0x8306AB440A8C)
Mar 13 10:57:20.547: As1 IPCP: O CONFACK [ACKrcvd] id 4 len 22
Mar 13 10:57:20.547: As1 IPCP: Address 1.1.1.1 (0x030601010101)
Mar 13 10:57:20.547: As1 IPCP: PrimaryDNS 171.68.10.70 (0x8106AB440A46)
Mar 13 10:57:20.547: As1 IPCP: SecondaryDNS 171.68.10.140 (0x8306AB440A8C)
Mar 13 10:57:20.547: As1 IPCP: State is Open
Mar 13 10:57:20.551: As1 IPCP: Install route to 1.1.1.1
Table 6
Time Stamps and Descriptions for Debug PPP Negotiation Events
Failed authentication is a common occurrence. Misconfigured or mismatched usernames and passwords create error messages in debug output.
The following example shows that the username sam-admin does not have permission to dial in to the NAS, which does not have a local username configured for this user. To fix the problem, use the username name password password command to add the username sam-admin to the NAS' local AAA database:
Mar 13 11:01:42.399: As2 LCP: State is Open
Mar 13 11:01:42.399: As2 PPP: Phase is AUTHENTICATING, by this end
Mar 13 11:01:42.399: As2 CHAP: O CHALLENGE id 1 len 28 from "ISP_NAS"
Mar 13 11:01:42.539: As2 CHAP: I RESPONSE id 1 len 30 from "sam-admin"
Mar 13 11:01:42.539: As2 CHAP: Unable to validate Response. Username sam-admin not found
Mar 13 11:01:42.539: As2 CHAP: O FAILURE id 1 len 26 msg is "Authentication fail
ure"
Mar 13 11:01:42.539: As2 PPP: Phase is TERMINATING
The following example shows that the username sam-admin is configured on the NAS. However, the password comparison failed. To fix this problem, use the username name password password command to specify sam-admin's correct login password:
Mar 13 11:04:06.843: As3 LCP: State is Open
Mar 13 11:04:06.843: As3 PPP: Phase is AUTHENTICATING, by this end
Mar 13 11:04:06.843: As3 CHAP: O CHALLENGE id 1 len 28 from "ISP_NAS"
Mar 13 11:04:06.987: As3 CHAP: I RESPONSE id 1 len 30 from "sam-admin"
Mar 13 11:04:06.987: As3 CHAP: O FAILURE id 1 len 25 msg is "MD/DES compare failed"
Mar 13 11:04:06.987: As3 PPP: Phase is TERMINATING
Note If you isolated the problem to PPP negotiation and you think that you fixed it, go back to the verification steps and confirm that the problem is resolved. If you are still having problems, go to Step 3.
Step 3—Troubleshooting ISDN
Troubleshoot ISDN if no debug output appeared when you tried debugging PPP negotiation. Turn on ISDN Q.931 debugging and verify that no other debug commands are enabled:
ISP_NAS# debug isdn q931
ISDN Q931 packets debugging is on
ISP_NAS# show debug
ISDN:
ISDN Q931 packets debugging is on
Send a PPP modem call into the NAS. As the call enters the access server, the following successful call setup messages appear on the NAS' terminal screen. Refer to for a detailed description of the output fields.
ISP_NAS#
Mar 13 11:06:01.715: ISDN Se0:23: RX <- SETUP pd = 8 callref = 0x02AD
Mar 13 11:06:01.715: Bearer Capability i = 0x8090A2
Mar 13 11:06:01.719: Channel ID i = 0xA98381
Mar 13 11:06:01.719: Progress Ind i = 0x8283 - Origination address is no
n-ISDN
Mar 13 11:06:01.719: Calling Party Number i = '!', 0x83, '4089548021'
Mar 13 11:06:01.719: Called Party Number i = 0xC1, '5550945'
Mar 13 11:06:01.719: ISDN Se0:23: TX -> CALL_PROC pd = 8 callref = 0x82AD
Mar 13 11:06:01.719: Channel ID i = 0xA98381
Mar 13 11:06:01.719: ISDN Se0:23: TX -> ALERTING pd = 8 callref = 0x82AD
Mar 13 11:06:01.867: ISDN Se0:23: TX -> CONNECT pd = 8 callref = 0x82AD
Mar 13 11:06:01.895: ISDN Se0:23: RX <- CONNECT_ACK pd = 8 callref = 0x02AD
Mar 13 11:06:33.619: %LINK-3-UPDOWN: Interface Async4, changed state to up
Mar 13 11:06:38.903: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async4, cha
nged state to up
If this debug output is not displayed on your terminal screen, confirm that the client is dialing the correct telephone number. If the number is correct, troubleshoot the problem with your PRI provider. If you are still having problems, go to Step 4.
Table 7
Time Stamps and Descriptions for Debug ISDN Q.931 Events
Step 4—Checking the Error Status of the T1 Controllers
Enter the show controller t1 command to display the error status of the T1 controllers. A properly functioning T1 0 controller displays "T1 0 is up" and "No alarms detected." The following example shows four T1 controllers in good working condition:
ISP_NAS# show controller t1
T1 0 is up.
Applique type is Channelized T1
No alarms detected.
Version info of slot 0: HW: 4, Firmware: 16, PLD Rev: 0
Manufacture Cookie Info:
EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x42,
Board Hardware Version 1.32, Item Number 800-2540-2,
Board Revision A0, Serial Number 11488142,
PLD/ISP Version 0.0, Manufacture Date 10-Nov-1998.
Framing is ESF, Line Code is B8ZS, Clock Source is Line Primary.
Data in current interval (748 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 30 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
T1 1 is up.
Applique type is Channelized T1
No alarms detected.
Version info of slot 0: HW: 4, Firmware: 16, PLD Rev: 0
Manufacture Cookie Info:
EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x42,
Board Hardware Version 1.32, Item Number 800-2540-2,
Board Revision A0, Serial Number 11488142,
PLD/ISP Version 0.0, Manufacture Date 10-Nov-1998.
Framing is ESF, Line Code is B8ZS, Clock Source is Line Secondary
.
Data in current interval (751 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 30 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
T1 2 is up.
Applique type is Channelized T1
No alarms detected.
Version info of slot 0: HW: 4, Firmware: 16, PLD Rev: 0
Manufacture Cookie Info:
EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x42,
Board Hardware Version 1.32, Item Number 800-2540-2,
Board Revision A0, Serial Number 11488142,
PLD/ISP Version 0.0, Manufacture Date 10-Nov-1998.
Framing is ESF, Line Code is B8ZS, Clock Source is Internal.
Data in current interval (755 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 30 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
T1 3 is up.
Applique type is Channelized T1
No alarms detected.
Version info of slot 0: HW: 4, Firmware: 16, PLD Rev: 0
Manufacture Cookie Info:
EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x42,
Board Hardware Version 1.32, Item Number 800-2540-2,
Board Revision A0, Serial Number 11488142,
PLD/ISP Version 0.0, Manufacture Date 10-Nov-1998.
Framing is ESF, Line Code is B8ZS, Clock Source is Internal.
Data in current interval (757 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 30 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
If counters increase on a specific T1 controller, look closely at the error statistics. Focus on the current interval that is indented under the display field "Data in current interval."
Error counters are recorded over a 24-hour period in 15-minute intervals. You must specify a specific controller number to see this detailed information. Enter the clear controller t1 number command before you look for current error statistics. Error counters stop increasing when the controller is configured correctly.
Step 5—Troubleshooting the Modem Call State Machine
Troubleshoot the modem's call state machine (CSM) by using the debug modem csm command. Troubleshoot the CSM if you do not see PPP debug output, and the show isdn status command and debug isdn q931 command demonstrate good working status:
ISP_NAS# debug modem csm
Modem Management Call Switching Module debugging is on
ISP_NAS# show debug
Modem Management:
Modem Management Call Switching Module debugging is on
Send a PPP modem call into the NAS. Transition states in the debug output signify that everything is operating properly. If you do not see transition states, look at the disconnect reason for the modem. For example, enter the show modem log 1/4 command.
See the following example of successful debug output for the debug modem csm command:
ISP_NAS#
Mar 13 11:13:12.487: EVENT_FROM_ISDN::dchan_idb=0x60EA108C, call_id=0x1D, ces=0x
1bchan=0x0, event=0x1, cause=0x0
Mar 13 11:13:12.487: VDEV_ALLOCATE: slot 1 and port 4 is allocated.
Mar 13 11:13:12.487: EVENT_FROM_ISDN:(001D): DEV_INCALL at slot 1 and port 4
Mar 13 11:13:12.487: CSM_PROC_IDLE: CSM_EVENT_ISDN_CALL at slot 1, port 4
Mar 13 11:13:12.487: Mica Modem(1/4): Configure(0x1 = 0x0)
Mar 13 11:13:12.487: Mica Modem(1/4): Configure(0x23 = 0x0)
Mar 13 11:13:12.487: Mica Modem(1/4): Call Setup
Mar 13 11:13:12.611: Mica Modem(1/4): State Transition to Call Setup
Mar 13 11:13:12.611: Mica Modem(1/4): Went offhook
Mar 13 11:13:12.611: CSM_PROC_IC1_RING: CSM_EVENT_MODEM_OFFHOOK at slot 1, port 4
Mar 13 11:13:12.631: EVENT_FROM_ISDN::dchan_idb=0x60EA108C, call_id=0x1D, ces=0x1 bchan=0x0, event=0x4, cause=0x0
Mar 13 11:13:12.631: EVENT_FROM_ISDN:(001D): DEV_CONNECTED at slot 1 and port 4
Mar 13 11:13:12.631: CSM_PROC_IC4_WAIT_FOR_CARRIER: CSM_EVENT_ISDN_CONNECTED at slot 1, port 4
Mar 13 11:13:12.631: Mica Modem(1/4): Link Initiate
Mar 13 11:13:13.751: Mica Modem(1/4): State Transition to Connect
Mar 13 11:13:18.903: Mica Modem(1/4): State Transition to Link
ISP_NAS#
Mar 13 11:13:37.051: Mica Modem(1/4): State Transition to Trainup
Mar 13 11:13:38.731: Mica Modem(1/4): State Transition to EC Negotiating
Mar 13 11:13:39.387: Mica Modem(1/4): State Transition to Steady State
Mar 13 11:13:42.007: %LINK-3-UPDOWN: Interface Async5, changed state to up
Mar 13 11:13:46.751: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async5, cha
nged state to up
Mar 13 11:14:41.803: Mica Modem(1/4): State Transition to Steady State Speedshif ting
Mar 13 11:14:44.139: Mica Modem(1/4): State Transition to Steady State
Mar 13 11:17:30.475: %SYS-5-CONFIG_I: Configured from console by vty0 (171.68.20
1.22)
Note If you are still experiencing problems, contact your escalation support personnel.
Feedback