|
|
In this first task, the ISP:
Figure 8 shows the ISP's basic dial access topology. Clients using modems dial in to the NAS over four T1 PRI lines that are assigned to 555-0945.
After the ISP completes this task, basic dial access will function as follows:
To configure the NAS for basic dial access, the ISP completes the following steps:
In this step, the ISP:
| Use this command | To do this |
|---|---|
Router>enable | Access privileged EXEC mode. |
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. | Access global configuration mode1. |
Router(config)# hostname ISP_NAS | Assign a host name to the access server. A host name distinguishes the NAS from other devices on the network. |
ISP_NAS(config)# enable secret letmein | Enter a secret enable password, which secures privileged EXEC mode. An enable password allows you to prevent unauthorized configuration changes. Make sure to change letmein to your own secret password. |
ISP_NAS(config)# service password-encryption | Encrypt passwords in the configuration file. |
ISP_NAS(config)# service timestamps debug datetime msec | Apply millisecond time stamping to debug and logging output. These time stamps help identify debug output when there is a lot of activity on the router. |
| 1If the logging output generated by the NAS interferes with your terminal screen, redisplay the current command line by using the Tab key. |
In this step, the ISP:
AAA provides the primary framework through which you set up access control on the NAS. Authentication identifies the client; authorization tells the client what it can do; accounting records what the client did do.
| Use this command | To do this |
|---|---|
ISP_NAS(config)# aaa new-model | Initiate the AAA access control system. |
ISP_NAS(config)# aaa authentication ppp default local | Configure PPP authentication to use the local database. |
ISP_NAS(config)# username jane-admin password jane-password | Create a local login database and username for yourself---the network administrator1. Note This step also prevents you from getting locked out of the access server. |
ISP_NAS(config)# username jeremy password subaru | Create a local login username for the client. The username jeremy and password subaru are locally authenticated by the NAS. Later in the case study, jeremy is authenticated by the home gateway's CiscoSecure AAA server (not the NAS). |
| 1Make sure you use your own username and password. |
In this step, the ISP:
| Use this command | To do this |
|---|---|
ISP_NAS(config)#interface ethernet 0 | Configure the IP address and subnet mask on the Ethernet interface. Do not forget to use your own IP address and subnet mask. |
ISP_NAS(config-if)#no shutdown | Bring up the interface. This command changes the state of the interface from administratively down to up1. |
| 1The term administratively down means that the interface is intentionally shut down by the administrator. The shutdown command is applied to the interface. |
In this step, the ISP:
| Use this command | To do this |
|---|---|
| Enter the telco switch type, which is 5ESS in this case study. An ISDN switch type that is specified in global configuration mode is automatically propagated into the individual serial interfaces (for example, interface serial 0:23, 1:23, 2:23, and 3:23). |
ISP_NAS(config)# controller t1 0 | Access controller configuration mode for the first T1 controller, which is number 0. The controller ports are numbered 0 through 3 on the quad T1/PRI card. |
ISP_NAS(config-controller)#framing esf | Enter the T1 framing type, which is extended super frame (ESF) in this case study. |
ISP_NAS(config-controller)#linecode b8zs | Enter the T1 line code type, which is B8ZS in this case study. |
ISP_NAS(config-controller)#clock source line primary | Configure the access server to get its primary clocking from the T1 line assigned to controller 0. Line clocking comes from the remote switch. |
ISP_NAS(config-controller)#pri-group timeslots 1-24 | Assign all 24 T1 timeslots as ISDNPRI channels. After you enter this command, a D-channel serial interface is instantly created (for example S0:23) as well as individual B-channel serial interfaces (for example S0:0, S0:1, S0:2, S0:3, and so on.). The D-channel interface functions like a dialer for all the 23 B channels using the controller. If this was an E1 interface, the PRI group range would be 1 to 31. The D-channel serial interfaces would be S0:15, S1:15, S2:15, and S3:15. |
ISP_NAS(config-controller)#exit | Exit back to global configuration mode. |
ISP_NAS(config#)controller t1 1 ISP_NAS(config-controller)#framing esf ISP_NAS(config-controller)#linecode b8zs ISP_NAS(config-controller)#clock source line secondary ISP_NAS(config-controller)#pri-group timeslots 1-24 ISP_NAS(config-controller)#exit | Configure the second controller, controller T11. Set the clocking to secondary. If the line clocking from controller T1 0 fails, the access server receives its clocking from controller T1 1. |
ISP_NAS(config#)controller t1 2 ISP_NAS(config-controller)#framing esf ISP_NAS(config-controller)#linecode b8zs ISP_NAS(config-controller)#clock source internal ISP_NAS(config-controller)#pri-group timeslots 1-24 ISP_NAS(config-controller)#exit ISP_NAS(config#)controller t1 3 ISP_NAS(config-controller)#framing esf ISP_NAS(config-controller)#linecode b8zs ISP_NAS(config-controller)#clock source internal ISP_NAS(config-controller)#pri-group timeslots 1-24 ISP_NAS(config-controller)#exit ISP_NAS(config#) | Configure the remaining two controllers. Set both clocking entries to internal because the primary and secondary clock sources have already been assigned. |
In this step, the ISP:
| Use this command | To do this |
|---|---|
ISP_NAS(config)#interface serial 0:23 | Access configuration mode for the D-channel serial interface that corresponds to controller T1 0. The behavior of serial 0:0 through serial 0:22 is controlled by the configuration instructions provided for serial 0:23. This concept is also true for the other remaining D-channel configurations. |
ISP_NAS(config-if)# isdn incoming-voice modem | Enable analog modem voice calls coming in through the B channels to be connected to the integrated modems. |
ISP_NAS(config-if)#exit | Exit back to global configuration mode. |
ISP_NAS(config)#interface serial 1:23 | Configure the three remaining Dchannels with the same ISDN incoming-voice modem setting. |
In this step, the ISP:
Configure the modems and lines after the ISDN channels are operational. Each modem corresponds with a dedicated asynchronous line inside the access server. The modem speed 115200 bps and hardware flow control are default values for integrated modems.
| Use this command | To do this |
|---|---|
| Enter the range of modem lines that you want to configure. The NAS used in this case study has 96 integrated MICA modems. |
| Enable PPP clients to dial in, bypass the EXEC facility, and automatically start PPP on the lines. The autoselect during-login command displays the username:password prompt as the modems connect. Note These two autoselect commands enable EXEC (shell) and PPP services on the same lines. |
| Support incoming and outgoing modem calls. |
In this step, the ISP:
| Use this command | To do this |
|---|---|
ISP_NAS(config)# ip local pool default 1.1.1.1 | Create an IP pool containing one IP address to assign to one client1. |
ISP_NAS(config)# async-bootp dns-server 171.68.10.70 171.68.10.140 | Specify the domain name servers on the network, which can be used for clients dialing in with PPP. |
In this step, the ISP:
The group-async interface is a template that controls the configuration of all the asynchronous interfaces inside the NAS. Asynchronous interfaces are lines running in PPP mode. An asynchronous interface uses the same number as its corresponding line. Configuring all the asynchronous interfaces as an async group saves you time by reducing the number of configuration steps.
!
| Use this command | To do this |
|---|---|
| Create the group-async interface. |
| Use the IP address defined on the Ethernet interface. |
| Enable PPP. |
| Configure interactive mode on the asynchronous interfaces. Interactive mode means that clients can dial in to the NAS and get a router prompt or PPP session. Dedicated mode means that only PPP sessions can be established on the NAS. Clients cannot dial in and get an EXEC (shell) session. |
| Configure CHAP and PAP authentication to be used on the interface during LCP negotiation. The access server first authenticates with CHAP. If CHAP is rejected by the client, PAP authentication is used. |
| Assign IP addresses to clients from the default IP address pool. |
| Specify the range of asynchronous interfaces to include in the group, which is usually equal to the number of modems in the access server. |
This section describes how to verify that the following end-to-end connections function as shown in Figure 9:
After you successfully test these connections, go to "Configuring the Access VPN to Work with Local AAA." If you experience problems, see "Troubleshooting Basic Dial Access."
Enter the show running-config command in privileged EXEC mode to make sure that the NAS accepted the commands you entered:
ISP_NAS# show running-config Building configuration... Current configuration: ! version 11.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ISP_NAS ! aaa new-model aaa authentication ppp default local enable secret 5 $1$AXl/$27hOM6j51a5P76Enq.LCf0 ! ! username jeremy password 7 021511590A141A username jane-admin password 7 0501090A6C5C4F1A0A1218000F ! async-bootp dns-server 171.68.10.70 171.68.10.140 isdn switch-type primary-5ess ! controller T1 0 framing esf clock source line primary linecode b8zs pri-group timeslots 1-24 ! controller T1 1 framing esf clock source line secondary linecode b8zs pri-group timeslots 1-24 ! controller T1 2 framing esf clock source internal linecode b8zs pri-group timeslots 1-24 ! controller T1 3 framing esf clock source internal linecode b8zs pri-group timeslots 1-24 ! ! interface Ethernet0 ip address 172.22.66.23 255.255.255.192 ! interface Serial0:23 no ip address isdn switch-type primary-5ess isdn incoming-voice modem no cdp enable ! interface Serial1:23 no ip address isdn switch-type primary-5ess isdn incoming-voice modem no cdp enable ! interface Serial2:23 no ip address isdn switch-type primary-5ess isdn incoming-voice modem no cdp enable ! interface Serial3:23 no ip address isdn switch-type primary-5ess isdn incoming-voice modem no cdp enable ! interface FastEthernet0 no ip address shutdown ! interface Group-Async1 ip unnumbered Ethernet0 encapsulation ppp async mode interactive peer default ip address pool default ppp authentication chap pap group-range 1 96 ! ip local pool default 1.1.1.1 ip classless ip route 0.0.0.0 0.0.0.0 172.22.66.1 ! line con 0 transport input none line 1 96 autoselect during-login autoselect ppp modem InOut line aux 0 line vty 0 4 ! end
From the client, dial in to the NAS. Use the PRI telephone number assigned to the NAS' T1 trunks. Sometimes the PRI telephone is called the hunt group number. Figure 10 shows the username, password, and PRI telephone entered in the Windows 95 dial-up networking utility.
As the call comes into the NAS, a LINK-3-UPDOWN message automatically appears on the NAS' terminal screen. In this example, the call comes in to the NAS on asynchronous interface 47. The asynchronous interface is up.
*Jan 1 21:22:18.410: %LINK-3-UPDOWN: Interface Async47, changed state to up
Ping the NAS from the client. From the Windows 95 desktop:
From the NAS, enter the show caller command and show caller user name command to verify that the client received an IP address. This example shows that Jeremy is using TTY line 47, asynchronous interface 47, and IP address 1.1.1.1. The network administrator jane-admin is using console 0.
ISP_NAS# show caller
Line User Service Active
con 0 jane-admin TTY 01:54:15
tty 47 jeremy Async 00:00:54
As47 jeremy PPP 00:00:50
ISP_NAS# show caller user jeremy
User: jeremy, line tty 47, service Async, active 00:01:49
TTY: Line 47, running PPP on As47, idle 00:00:00
Line: Baud rate (TX/RX) is 115200/115200, no parity, 1 stopbits, 8 databits
Status: Ready, Active, No Exit Banner, Async Interface Active
HW PPP Support Active
Capabilities: Hardware Flowcontrol In, Hardware Flowcontrol Out
Modem Callout, Modem RI is CD,
Line is permanent async interface, Integrated Modem
Modem State: Ready
Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch
00:10:00 never - never not set
User: jeremy, line As47, service PPP, active 00:01:45
PPP: LCP Open, CHAP (<- AAA), IPCP
IP: Local 172.22.66.23, remote 1.1.1.1
Counts: 29 packets input, 1690 bytes, 0 no buffer
0 input errors, 0 CRC, 0 frame, 0 overrun
12 packets output, 255 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
From the NAS, ping Jeremy's PC at IP address 1.1.1.1:
ISP_NAS# ping 1.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.22.66.55, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 128/136/160 ms
From the NAS, enter the show interface async 47 command to verify that the interface is up, LCP is open, and no errors are reported:
ISP_NAS# show interface async 47
Async47 is up, line protocol is up
modem(slot/port)=1/46, state=CONNECTED
dsx1(slot/unit/channel)=0/0/0, status=VDEV_STATUS_ACTIVE_CALL.VDEV_STATUS_ALL.
Hardware is Async Serial
Interface is unnumbered. Using address of Ethernet0 (172.22.66.23)
MTU 1500 bytes, BW 115 Kbit, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive not set
DTR is pulsed for 5 seconds on reset
LCP Open
Open: IPCP
Last input 00:00:46, output 00:02:42, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/10, 0 drops; input queue 1/10, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
37 packets input, 2466 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
12 packets output, 255 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
This section provides the ISP with a methodology for troubleshooting basic dial access as described in Figure 13. Complete the following steps to perform basic dial-up fault isolation. The bolded lines of output indicate important information.
If you use a Telnet session to connect to the NAS, enable the terminal monitor command, which ensures that your EXEC session is receiving the logging and debug output from the NAS.
When you finish troubleshooting, enter the undebug all command to turn off all debug commands. Isolating debug output helps you efficiently build a network.
Enter the show isdn status command to confirm that Layer 1 is active and the display field MULTIPLE_FRAME_ESTABLISHED appears at Layer 2. This example shows that each serial interface is functioning properly:
ISP_NAS# show isdn status
Global ISDN Switchtype = primary-5ess
ISDN Serial0:23 interface
dsl 0, interface ISDN Switchtype = primary-5ess
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
1 Active Layer 3 Call(s)
Activated dsl 0 CCBs = 1
CCB:callid=11E, sapi=0, ces=0, B-chan=12, calltype=DATA
ISDN Serial1:23 interface
dsl 1, interface ISDN Switchtype = primary-5ess
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
1 Active Layer 3 Call(s)
Activated dsl 1 CCBs = 1
CCB:callid=12A, sapi=0, ces=0, B-chan=2, calltype=VOICE
ISDN Serial2:23 interface
dsl 2, interface ISDN Switchtype = primary-5ess
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
1 Active Layer 3 Call(s)
Activated dsl 2 CCBs = 1
CCB:callid=143, sapi=0, ces=0, B-chan=7, calltype=DATA
ISDN Serial3:23 interface
dsl 3, interface ISDN Switchtype = primary-5ess
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
4 Active Layer 3 Call(s)
Activated dsl 3 CCBs = 4
CCB:callid=160, sapi=0, ces=0, B-chan=14, calltype=VOICE
CCB:callid=162, sapi=0, ces=0, B-chan=17, calltype=VOICE
CCB:callid=167, sapi=0, ces=0, B-chan=22, calltype=VOICE
CCB:callid=168, sapi=0, ces=0, B-chan=23, calltype=VOICE
Total Allocated ISDN CCBs = 7
If Layer 1 is not active:
If the display field MULTIPLE_FRAME_ESTABLISHED does not appear at Layer 2:
Troubleshoot PPP negotiation by:
(a) Turning on the debug ppp negotiation command.
(b) Pinging the NAS from the client.
(c) Observing the debug output messages that appear on the NAS' terminal screen. If you do not see debug output, turn off the debug ppp negotiation command and go to Step 3.
It is important to understand what a successful debug PPP sequence looks like before you troubleshoot PPP negotiation. In this way, comparing a faulty PPP debug session against a successfully completed debug PPP sequence saves you time and effort.
Following is an example of a successful PPP sequence. See Table 6 for a detailed description of the output fields.
ISP_NAS# debug ppp negotiation PPP protocol negotiation debugging is on ISP_NAS# show debug PPP: PPP protocol negotiation debugging is on ISP_NAS# Mar 13 10:57:13.415: %LINK-3-UPDOWN: Interface Async1, changed state to up Mar 13 10:57:15.415: As1 LCP: O CONFREQ [ACKrcvd] id 2 len 25 Mar 13 10:57:15.415: As1 LCP: ACCM 0x000A0000 (0x0206000A0000) Mar 13 10:57:15.415: As1 LCP: AuthProto CHAP (0x0305C22305) Mar 13 10:57:15.415: As1 LCP: MagicNumber 0x1084F0A2 (0x05061084F0A2) Mar 13 10:57:15.415: As1 LCP: PFC (0x0702) Mar 13 10:57:15.415: As1 LCP: ACFC (0x0802) Mar 13 10:57:15.543: As1 LCP: I CONFACK [REQsent] id 2 len 25 Mar 13 10:57:15.543: As1 LCP: ACCM 0x000A0000 (0x0206000A0000) Mar 13 10:57:15.543: As1 LCP: AuthProto CHAP (0x0305C22305) Mar 13 10:57:15.543: As1 LCP: MagicNumber 0x1084F0A2 (0x05061084F0A2) Mar 13 10:57:15.543: As1 LCP: PFC (0x0702) Mar 13 10:57:15.547: As1 LCP: ACFC (0x0802) Mar 13 10:57:16.919: As1 LCP: I CONFREQ [ACKrcvd] id 4 len 23 Mar 13 10:57:16.919: As1 LCP: ACCM 0x000A0000 (0x0206000A0000) Mar 13 10:57:16.919: As1 LCP: MagicNumber 0x001327B0 (0x0506001327B0) Mar 13 10:57:16.919: As1 LCP: PFC (0x0702) Mar 13 10:57:16.919: As1 LCP: ACFC (0x0802) Mar 13 10:57:16.919: As1 LCP: Callback 6 (0x0D0306) Mar 13 10:57:16.919: As1 LCP: O CONFREJ [ACKrcvd] id 4 len 7 Mar 13 10:57:16.919: As1 LCP: Callback 6 (0x0D0306) Mar 13 10:57:17.047: As1 LCP: I CONFREQ [ACKrcvd] id 5 len 20 Mar 13 10:57:17.047: As1 LCP: ACCM 0x000A0000 (0x0206000A0000) Mar 13 10:57:17.047: As1 LCP: MagicNumber 0x001327B0 (0x0506001327B0) Mar 13 10:57:17.047: As1 LCP: PFC (0x0702) Mar 13 10:57:17.047: As1 LCP: ACFC (0x0802) Mar 13 10:57:17.047: As1 LCP: O CONFACK [ACKrcvd] id 5 len 20 Mar 13 10:57:17.047: As1 LCP: ACCM 0x000A0000 (0x0206000A0000) Mar 13 10:57:17.047: As1 LCP: MagicNumber 0x001327B0 (0x0506001327B0) Mar 13 10:57:17.047: As1 LCP: PFC (0x0702) Mar 13 10:57:17.047: As1 LCP: ACFC (0x0802) Mar 13 10:57:17.047: As1 LCP: State is Open Mar 13 10:57:17.047: As1 PPP: Phase is AUTHENTICATING, by this end Mar 13 10:57:17.047: As1 CHAP: O CHALLENGE id 1 len 28 from "ISP_NAS" Mar 13 10:57:17.191: As1 CHAP: I RESPONSE id 1 len 30 from "jeremy" Mar 13 10:57:17.191: As1 CHAP: O SUCCESS id 1 len 4 Mar 13 10:57:17.191: As1 PPP: Phase is UP Mar 13 10:57:17.191: As1 IPCP: O CONFREQ [Closed] id 1 len 10 Mar 13 10:57:17.191: As1 IPCP: Address 172.22.66.23 (0x0306AC164217) Mar 13 10:57:17.303: As1 IPCP: I CONFREQ [REQsent] id 1 len 40 Mar 13 10:57:17.303: As1 IPCP: CompressType VJ 15 slots CompressSlotID (0x020 6002D0F01) Mar 13 10:57:17.303: As1 IPCP: Address 0.0.0.0 (0x030600000000) Mar 13 10:57:17.303: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) Mar 13 10:57:17.303: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) Mar 13 10:57:17.303: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) Mar 13 10:57:17.303: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) Mar 13 10:57:17.303: As1 IPCP: O CONFREJ [REQsent] id 1 len 22 Mar 13 10:57:17.303: As1 IPCP: CompressType VJ 15 slots CompressSlotID (0x020 6002D0F01) Mar 13 10:57:17.303: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) Mar 13 10:57:17.303: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) Mar 13 10:57:17.319: As1 CCP: I CONFREQ [Not negotiated] id 1 len 15 Mar 13 10:57:17.319: As1 CCP: MS-PPC supported bits 0x00000001 (0x12060000000 1) Mar 13 10:57:17.319: As1 CCP: Stacker history 1 check mode EXTENDED (0x110500 0104) Mar 13 10:57:17.319: As1 LCP: O PROTREJ [Open] id 3 len 21 protocol CCP Mar 13 10:57:17.319: As1 LCP: (0x80FD0101000F12060000000111050001) Mar 13 10:57:17.319: As1 LCP: (0x04) Mar 13 10:57:17.319: As1 IPCP: I CONFACK [REQsent] id 1 len 10 Mar 13 10:57:17.319: As1 IPCP: Address 172.22.66.23 (0x0306AC164217) Mar 13 10:57:18.191: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, cha nged state to up Mar 13 10:57:19.191: As1 IPCP: TIMEout: State ACKrcvd Mar 13 10:57:19.191: As1 IPCP: O CONFREQ [ACKrcvd] id 2 len 10 Mar 13 10:57:19.191: As1 IPCP: Address 172.22.66.23 (0x0306AC164217) Mar 13 10:57:19.315: As1 IPCP: I CONFACK [REQsent] id 2 len 10 Mar 13 10:57:19.315: As1 IPCP: Address 172.22.66.23 (0x0306AC164217) Mar 13 10:57:20.307: As1 IPCP: I CONFREQ [ACKrcvd] id 2 len 34 Mar 13 10:57:20.307: As1 IPCP: Address 0.0.0.0 (0x030600000000) Mar 13 10:57:20.307: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) Mar 13 10:57:20.307: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) Mar 13 10:57:20.307: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) Mar 13 10:57:20.307: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) Mar 13 10:57:20.307: As1 IPCP: O CONFREJ [ACKrcvd] id 2 len 16 Mar 13 10:57:20.307: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) Mar 13 10:57:20.307: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) Mar 13 10:57:20.419: As1 IPCP: I CONFREQ [ACKrcvd] id 3 len 22 Mar 13 10:57:20.419: As1 IPCP: Address 0.0.0.0 (0x030600000000) Mar 13 10:57:20.419: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) Mar 13 10:57:20.419: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) Mar 13 10:57:20.419: As1 IPCP: O CONFNAK [ACKrcvd] id 3 len 22 Mar 13 10:57:20.419: As1 IPCP: Address 1.1.1.1 (0x030601010101) Mar 13 10:57:20.419: As1 IPCP: PrimaryDNS 171.68.10.70 (0x8106AB440A46) Mar 13 10:57:20.419: As1 IPCP: SecondaryDNS 171.68.10.140 (0x8306AB440A8C) Mar 13 10:57:20.543: As1 IPCP: I CONFREQ [ACKrcvd] id 4 len 22 Mar 13 10:57:20.543: As1 IPCP: Address 1.1.1.1 (0x030601010101) Mar 13 10:57:20.547: As1 IPCP: PrimaryDNS 171.68.10.70 (0x8106AB440A46) Mar 13 10:57:20.547: As1 IPCP: SecondaryDNS 171.68.10.140 (0x8306AB440A8C) Mar 13 10:57:20.547: As1 IPCP: O CONFACK [ACKrcvd] id 4 len 22 Mar 13 10:57:20.547: As1 IPCP: Address 1.1.1.1 (0x030601010101) Mar 13 10:57:20.547: As1 IPCP: PrimaryDNS 171.68.10.70 (0x8106AB440A46) Mar 13 10:57:20.547: As1 IPCP: SecondaryDNS 171.68.10.140 (0x8306AB440A8C) Mar 13 10:57:20.547: As1 IPCP: State is Open Mar 13 10:57:20.551: As1 IPCP: Install route to 1.1.1.1
| Time Stamp | Description |
|---|---|
10:57:15.415 | Outgoing configuration request (O CONFREQ). The NAS sends an outgoing PPP configuration request packet to the client. |
10:57:15.543 | Incoming configuration acknowledgment (I CONFACK). The client acknowledges the NAS' PPP request. |
10:57:16.919 | Incoming configuration request (I CONFREQ). The client wants to negotiate the callback protocol. |
10:57:16.919 | Outgoing configuration reject (O CONFREJ). The NAS rejects the callback option. |
10:57:17.047 | Incoming configuration request (I CONFREQ). The client requests a new set of options. Notice that Microsoft Callback is not requested this time. |
10:57:17.047 | Outgoing configuration acknowledgment (O CONFACK). The NAS accepts the new set of options. |
10:57:17.047 | PPP LCP negotiation is completed successfully (LCP: State is Open). Both sides have acknowledged (CONFACK) the other side's configuration request (CONFREQ). |
10:57:17.047 to 10:57:17.191 | PPP authentication is completed successfully. After LCP negotiates, authentication starts. Authentication must take place before any network protocols, such as IP, are delivered. Both sides authenticate with the method negotiated during LCP. The Cisco AS5300 is authenticating the client using CHAP. |
10:57:20.551 | The state is open for IP Control Protocol (IPCP). A route is negotiated and installed for the IPCP peer, which is assigned IP address 1.1.1.1. |
Failed authentication is a common occurrence. Misconfigured or mismatched usernames and passwords create error messages in debug output.
The following example shows that the username sam-admin does not have permission to dial in to the NAS, which does not have a local username configured for this user. To fix the problem, use the username name password password command to add the username sam-admin to the NAS' local AAA database:
Mar 13 11:01:42.399: As2 LCP: State is Open Mar 13 11:01:42.399: As2 PPP: Phase is AUTHENTICATING, by this end Mar 13 11:01:42.399: As2 CHAP: O CHALLENGE id 1 len 28 from "ISP_NAS" Mar 13 11:01:42.539: As2 CHAP: I RESPONSE id 1 len 30 from "sam-admin" Mar 13 11:01:42.539: As2 CHAP: Unable to validate Response. Username sam-admin not found Mar 13 11:01:42.539: As2 CHAP: O FAILURE id 1 len 26 msg is "Authentication fail ure" Mar 13 11:01:42.539: As2 PPP: Phase is TERMINATING
The following example shows that the username sam-admin is configured on the NAS. However, the password comparison failed. To fix this problem, use the username name password password command to specify sam-admin's correct login password:
Mar 13 11:04:06.843: As3 LCP: State is Open Mar 13 11:04:06.843: As3 PPP: Phase is AUTHENTICATING, by this end Mar 13 11:04:06.843: As3 CHAP: O CHALLENGE id 1 len 28 from "ISP_NAS" Mar 13 11:04:06.987: As3 CHAP: I RESPONSE id 1 len 30 from "sam-admin" Mar 13 11:04:06.987: As3 CHAP: O FAILURE id 1 len 25 msg is "MD/DES compare failed" Mar 13 11:04:06.987: As3 PPP: Phase is TERMINATING
Troubleshoot ISDN if no debug output appeared when you tried debugging PPP negotiation. Turn on ISDN Q.931 debugging and verify that no other debug commands are enabled:
ISP_NAS# debug isdn q931 ISDN Q931 packets debugging is on ISP_NAS# show debug ISDN: ISDN Q931 packets debugging is on
Send a PPP modem call into the NAS. As the call enters the access server, the following successful call setup messages appear on the NAS' terminal screen. Refer to Table 7 for a detailed description of the output fields.
ISP_NAS# Mar 13 11:06:01.715: ISDN Se0:23: RX <- SETUP pd = 8 callref = 0x02AD Mar 13 11:06:01.715: Bearer Capability i = 0x8090A2 Mar 13 11:06:01.719: Channel ID i = 0xA98381 Mar 13 11:06:01.719: Progress Ind i = 0x8283 - Origination address is no n-ISDN Mar 13 11:06:01.719: Calling Party Number i = '!', 0x83, '4089548021' Mar 13 11:06:01.719: Called Party Number i = 0xC1, '5550945' Mar 13 11:06:01.719: ISDN Se0:23: TX -> CALL_PROC pd = 8 callref = 0x82AD Mar 13 11:06:01.719: Channel ID i = 0xA98381 Mar 13 11:06:01.719: ISDN Se0:23: TX -> ALERTING pd = 8 callref = 0x82AD Mar 13 11:06:01.867: ISDN Se0:23: TX -> CONNECT pd = 8 callref = 0x82AD Mar 13 11:06:01.895: ISDN Se0:23: RX <- CONNECT_ACK pd = 8 callref = 0x02AD Mar 13 11:06:33.619: %LINK-3-UPDOWN: Interface Async4, changed state to up Mar 13 11:06:38.903: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async4, cha nged state to up
If this debug output is not displayed on your terminal screen, confirm that the client is dialing the correct telephone number. If the number is correct, troubleshoot the problem with your PRI provider. If you are still having problems, go to Step 4.
| Time Stamp | Description |
|---|---|
11:06:01.715 | The NAS receives (RX) the ISDN setup message for an incoming call. Call characteristics appear. |
11:06:01.719 | The NAS transmits (TX) a call-proceeding message. The NAS has not answered the call as yet. |
11:06:01.867 | The NAS transmits a connect message and answers the call. |
11:06:01.895 | The NAS receives a connect acknowledgment, and the connection is established. |
Enter the show controller t1 command to display the error status of the T1 controllers. A properly functioning T1 0 controller displays "T1 0 is up" and "No alarms detected." The following example shows four T1 controllers in good working condition:
ISP_NAS# show controller t1
T1 0 is up.
Applique type is Channelized T1
No alarms detected.
Version info of slot 0: HW: 4, Firmware: 16, PLD Rev: 0
Manufacture Cookie Info:
EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x42,
Board Hardware Version 1.32, Item Number 800-2540-2,
Board Revision A0, Serial Number 11488142,
PLD/ISP Version 0.0, Manufacture Date 10-Nov-1998.
Framing is ESF, Line Code is B8ZS, Clock Source is Line Primary.
Data in current interval (748 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 30 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
T1 1 is up.
Applique type is Channelized T1
No alarms detected.
Version info of slot 0: HW: 4, Firmware: 16, PLD Rev: 0
Manufacture Cookie Info:
EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x42,
Board Hardware Version 1.32, Item Number 800-2540-2,
Board Revision A0, Serial Number 11488142,
PLD/ISP Version 0.0, Manufacture Date 10-Nov-1998.
Framing is ESF, Line Code is B8ZS, Clock Source is Line Secondary
.
Data in current interval (751 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 30 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
T1 2 is up.
Applique type is Channelized T1
No alarms detected.
Version info of slot 0: HW: 4, Firmware: 16, PLD Rev: 0
Manufacture Cookie Info:
EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x42,
Board Hardware Version 1.32, Item Number 800-2540-2,
Board Revision A0, Serial Number 11488142,
PLD/ISP Version 0.0, Manufacture Date 10-Nov-1998.
Framing is ESF, Line Code is B8ZS, Clock Source is Internal.
Data in current interval (755 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 30 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
T1 3 is up.
Applique type is Channelized T1
No alarms detected.
Version info of slot 0: HW: 4, Firmware: 16, PLD Rev: 0
Manufacture Cookie Info:
EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x42,
Board Hardware Version 1.32, Item Number 800-2540-2,
Board Revision A0, Serial Number 11488142,
PLD/ISP Version 0.0, Manufacture Date 10-Nov-1998.
Framing is ESF, Line Code is B8ZS, Clock Source is Internal.
Data in current interval (757 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 30 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
If counters increase on a specific T1 controller, look closely at the error statistics. Focus on the current interval that is indented under the display field "Data in current interval."
Error counters are recorded over a 24-hour period in 15-minute intervals. You must specify a specific controller number to see this detailed information. Enter the clear controller t1 number command before you look for current error statistics. Error counters stop increasing when the controller is configured correctly.
Troubleshoot the modem's call state machine (CSM) by using the debug modem csm command. Troubleshoot the CSM if you do not see PPP debug output, and the show isdn status command and debug isdn q931 command demonstrate good working status:
ISP_NAS# debug modem csm Modem Management Call Switching Module debugging is on ISP_NAS# show debug Modem Management: Modem Management Call Switching Module debugging is on
Send a PPP modem call into the NAS. Transition states in the debug output signify that everything is operating properly. If you do not see transition states, look at the disconnect reason for the modem. For example, enter the show modem log 1/4 command.
See the following example of successful debug output for the debug modem csm command:
ISP_NAS# Mar 13 11:13:12.487: EVENT_FROM_ISDN::dchan_idb=0x60EA108C, call_id=0x1D, ces=0x 1bchan=0x0, event=0x1, cause=0x0 Mar 13 11:13:12.487: VDEV_ALLOCATE: slot 1 and port 4 is allocated. Mar 13 11:13:12.487: EVENT_FROM_ISDN:(001D): DEV_INCALL at slot 1 and port 4 Mar 13 11:13:12.487: CSM_PROC_IDLE: CSM_EVENT_ISDN_CALL at slot 1, port 4 Mar 13 11:13:12.487: Mica Modem(1/4): Configure(0x1 = 0x0) Mar 13 11:13:12.487: Mica Modem(1/4): Configure(0x23 = 0x0) Mar 13 11:13:12.487: Mica Modem(1/4): Call Setup Mar 13 11:13:12.611: Mica Modem(1/4): State Transition to Call Setup Mar 13 11:13:12.611: Mica Modem(1/4): Went offhook Mar 13 11:13:12.611: CSM_PROC_IC1_RING: CSM_EVENT_MODEM_OFFHOOK at slot 1, port 4 Mar 13 11:13:12.631: EVENT_FROM_ISDN::dchan_idb=0x60EA108C, call_id=0x1D, ces=0x1 bchan=0x0, event=0x4, cause=0x0 Mar 13 11:13:12.631: EVENT_FROM_ISDN:(001D): DEV_CONNECTED at slot 1 and port 4 Mar 13 11:13:12.631: CSM_PROC_IC4_WAIT_FOR_CARRIER: CSM_EVENT_ISDN_CONNECTED at slot 1, port 4 Mar 13 11:13:12.631: Mica Modem(1/4): Link Initiate Mar 13 11:13:13.751: Mica Modem(1/4): State Transition to Connect Mar 13 11:13:18.903: Mica Modem(1/4): State Transition to Link ISP_NAS# Mar 13 11:13:37.051: Mica Modem(1/4): State Transition to Trainup Mar 13 11:13:38.731: Mica Modem(1/4): State Transition to EC Negotiating Mar 13 11:13:39.387: Mica Modem(1/4): State Transition to Steady State Mar 13 11:13:42.007: %LINK-3-UPDOWN: Interface Async5, changed state to up Mar 13 11:13:46.751: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async5, cha nged state to up Mar 13 11:14:41.803: Mica Modem(1/4): State Transition to Steady State Speedshif ting Mar 13 11:14:44.139: Mica Modem(1/4): State Transition to Steady State Mar 13 11:17:30.475: %SYS-5-CONFIG_I: Configured from console by vty0 (171.68.20 1.22)
Posted: Tue May 4 18:55:08 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.