T-DSL und Cisco 1721

[zimbo123]

Hallo zusammen,

ich habe ein kleines Prob beim konfigurieren eines Cisco1721 für T-DSL beim debuggen von ppp auth und dialer bekomme ich folgende Meldung:

DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Mar 1 01:05:35.907: Vi1 PPP: Using dialer call direction
*Mar 1 01:05:35.907: Vi1 PPP: Treating connection as a callout
*Mar 1 01:05:35.907: Vi1 PPP: Authorization required
*Mar 1 01:05:35.911: Vi1 PPP: No remote authentication for call-out
*Mar 1 01:05:35.911: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state t
o up
*Mar 1 01:05:35.911: Vi1 DDR: Dialer statechange to up
*Mar 1 01:05:36.267: Vi1 PPP: No authorization without authentication
*Mar 1 01:05:36.267: Vi1 PAP: Using hostname from interface PAP
*Mar 1 01:05:36.267: Vi1 PAP: Using password from interface PAP
*Mar 1 01:05:36.267: Vi1 PAP: O AUTH-REQ id 1 len 55 from "xxxxx#0001@t-online.de"
*Mar 1 01:05:36.499: Vi1 PAP: I AUTH-NAK id 1 len 52 msg is "0030 PSOLD001 0857
704833 session limit exceeded"
*Mar 1 01:05:36.555: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1
*Mar 1 01:05:36.559: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state t
o down


Meine Config sieht wie folgt aus:


version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1721
!
boot-start-marker
boot-end-marker
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
ip name-server 194.25.2.129
!
ip cef
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
!
!
interface BRI0
no ip address
shutdown
!
interface Ethernet0
description T-DSL
no ip address
ip nat outside
half-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0
description LAN
ip address 172.20.1.1 255.255.255.0
ip nat inside
speed 100
full-duplex
!
interface Dialer1
ip address negotiated
ip access-group 100 in
ip mtu 1492
ip nat outside
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer remote-name cisco1721
dialer idle-timeout 900
dialer string 0191011
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxx#0001@t-online.de password xxxx!
router rip
version 2
redistribute static
passive-interface Dialer1
network 172.20.0.0
no auto-summary
!
ip nat inside source list 1 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
access-list 100 remark ACL fuer Internet
access-list 100 deny udp any any eq netbios-dgm
access-list 100 deny tcp any any eq 139
access-list 100 deny udp any eq netbios-ns any
access-list 100 deny tcp any any eq 1863
access-list 100 deny udp any any eq 4000
access-list 100 deny udp any eq netbios-dgm any
access-list 100 deny udp any eq netbios-ss any
access-list 100 deny udp any range snmp snmptrap any
access-list 100 deny udp any range bootps bootpc any
access-list 100 deny tcp any eq 137 any
access-list 100 deny tcp any eq 138 any
access-list 100 deny tcp any eq 139 any
access-list 100 permit udp any any eq ntp
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
access-list 100 permit udp any any eq domain
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq ftp-data
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any any eq smtp
access-list 100 permit tcp any any eq pop3
access-list 100 permit ip 172.20.1.0 0.0.0.255 any
access-list 100 deny ip any any log
dialer-list 1 protocol ip permit

Was mache ich falsch?
Vielen Dank für Eure Hilfe.


Gruß

Zimbo

[xymos]

hi,

In der Config sind ein paar sachen die "komisch" ..;-)
Ich orientiere mich mal an meiner config und versuche nachzubessern.
haste du einen static ip oder dynamisch ?


haben diese einträge einen hintergrund ? (wenn nicht, dann raus)

router rip
version 2
redistribute static
passive-interface Dialer1
network 172.20.0.0




!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1721
!
boot-start-marker
boot-end-marker
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
!
!
!
ip cef
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
!
!
interface BRI0
no ip address
shutdown
!
interface Ethernet0
description T-DSL
no ip address
half-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0
description LAN
ip address 172.20.1.1 255.255.255.0
ip nat inside
speed 100
full-duplex
!
interface Dialer1
ip address negotiated
ip access-group 100 in
ip mtu 1492
ip nat outside
encapsulation ppp
no ip proxy arp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer remote-name cisco1721
dialer idle-timeout 900
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap hostname xxxx#0001@t-online.de
ppp pap password xxxx! (versuche auch mal chap zu nutzen)
router rip
version 2
redistribute static
passive-interface Dialer1
network 172.20.0.0
no auto-summary
ppp ipcp dns request
!
ip nat inside source list 1 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
access-list 100 remark ACL fuer Internet
access-list 100 deny udp any any eq netbios-dgm
access-list 100 deny tcp any any eq 139
access-list 100 deny udp any eq netbios-ns any
access-list 100 deny tcp any any eq 1863
access-list 100 deny udp any any eq 4000
access-list 100 deny udp any eq netbios-dgm any
access-list 100 deny udp any eq netbios-ss any
access-list 100 deny udp any range snmp snmptrap any
access-list 100 deny udp any range bootps bootpc any
access-list 100 deny tcp any eq 137 any
access-list 100 deny tcp any eq 138 any
access-list 100 deny tcp any eq 139 any
access-list 100 permit udp any any eq ntp
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
access-list 100 permit udp any any eq domain
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq ftp-data
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any any eq smtp
access-list 100 permit tcp any any eq pop3
access-list 100 permit ip 172.20.1.0 0.0.0.255 any
access-list 100 deny ip any any log
dialer-list 1 protocol ip permit

Was mache ich falsch?
Vielen Dank für Eure Hilfe.


Gruß

Zimbo

[thorgood]

Hallo Zimbo,

lasse die drei einfach weg

dialer remote-name cisco1721
dialer idle-timeout 900
dialer string 0191011


und die Anmeldung so

ppp authentication chap pap callin
ppp chap hostname 000000000000000000000000#0001@t-online.de
ppp chap password xxxx
ppp pap sent-username 000000000000000000000000#0001@t-online.de password xxxx

[zimbo123]

danke für die Hilfe, aber es funkt immer noch nicht.
Ich bekomme immer noch die gleichen Fehler.

Di1 DDR: Cannot place call, no dialer string set.
%DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Mar 1 00:45:49.475: PPPoE: Virtual Access interface obtained.
*Mar 1 00:45:49.475: PPPoE : encap string prepared
*Mar 1 00:45:49.479: [0]PPPoE 3315: data path set to Virtual Acess
*Mar 1 00:45:49.479: Vi1 PPP: No remote authentication for call-out
*Mar 1 00:45:49.483: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state t
o up.
*Mar 1 00:45:49.483: Vi1 DDR: Dialer statechange to up
*Mar 1 00:45:49.835: Vi1 PPP: No authorization without authentication
*Mar 1 00:45:50.163: PPPoE 3315: I PADT R:0090.1a10.147b L:0004.dc0c.b59a Et0
*Mar 1 00:45:50.163: PPPoE : Shutting down client session
*Mar 1 00:45:50.163: [0]PPPoE 3315: O PADT R:0090.1a10.147b L:0004.dc0c.b59a E
t0
*Mar 1 00:45:50.163: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1
*Mar 1 00:45:50.167: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state t
o down
*Mar 1 00:45:50.487: Di1 DDR: Cannot place call, no dialer string set.

Ich habe den RIP-Eintrag entfernt, aus dem Dialer die 3 Zeilen entfernt und zusätzlich die CHAP-Authen aktiviert.


version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1721
!
boot-start-marker
boot-end-marker
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
ip name-server 194.25.2.129
!
ip cef
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
!
!
interface BRI0
no ip address
shutdown
!
interface Ethernet0
description T-DSL
no ip address
ip nat outside
shutdown
half-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0
description LAN
ip address 172.20.1.1 255.255.255.0
ip nat inside
speed 100
full-duplex
!
interface Dialer1
ip address negotiated
ip access-group 100 in
ip mtu 1492
ip nat outside
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap hostname xxxxxxx#0001@t-online.de
ppp chap password xxxxxxx
ppp pap sent-username xxxxxxxx#0001@t-online.de password xxxx
!
ip nat inside source list 1 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
access-list 100 remark ACL fuer Internet
access-list 100 deny udp any any eq netbios-dgm
access-list 100 deny tcp any any eq 139
access-list 100 deny udp any eq netbios-ns any
access-list 100 deny tcp any any eq 1863
access-list 100 deny udp any any eq 4000
access-list 100 deny udp any eq netbios-dgm any
access-list 100 deny udp any eq netbios-ss any
access-list 100 deny udp any range snmp snmptrap any
access-list 100 deny udp any range bootps bootpc any
access-list 100 deny tcp any eq 137 any
access-list 100 deny tcp any eq 138 any
access-list 100 deny tcp any eq 139 any
access-list 100 permit udp any any eq ntp
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
access-list 100 permit udp any any eq domain
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq ftp-data
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any any eq smtp
access-list 100 permit tcp any any eq pop3
access-list 100 permit ip 172.20.1.0 0.0.0.255 any
access-list 100 deny ip any any log
dialer-list 1 protocol ip permit

Ich finde einfach nicht den Fehler.
Danke für die Hilfe.

GRuß

Zimbo

[xymos]

hi,


übernehme mal so:

und vorallem neheme das shutdown raus !!!!!

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1721
!
boot-start-marker
boot-end-marker
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
!
!
!
ip cef
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
!
!
interface BRI0
no ip address
shutdown
!
interface Ethernet0
description T-DSL
no ip address
ip nat inside
half-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0
description LAN
ip address 172.20.1.1 255.255.255.0
ip nat inside
speed 100
full-duplex
!
interface Dialer1
ip address negotiated
ip access-group 100 in
ip mtu 1492
ip nat outside
encapsulation ppp
no ip proxy arp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp chap hostname xxxxxxx#0001@t-online.de
ppp chap password xxxxxxx
!
ip nat inside source list 1 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
access-list 100 remark ACL fuer Internet
access-list 100 deny udp any any eq netbios-dgm
access-list 100 deny tcp any any eq 139
access-list 100 deny udp any eq netbios-ns any
access-list 100 deny tcp any any eq 1863
access-list 100 deny udp any any eq 4000
access-list 100 deny udp any eq netbios-dgm any
access-list 100 deny udp any eq netbios-ss any
access-list 100 deny udp any range snmp snmptrap any
access-list 100 deny udp any range bootps bootpc any
access-list 100 deny tcp any eq 137 any
access-list 100 deny tcp any eq 138 any
access-list 100 deny tcp any eq 139 any
access-list 100 permit udp any any eq ntp
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
access-list 100 permit udp any any eq domain
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq ftp-data
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any any eq smtp
access-list 100 permit tcp any any eq pop3
access-list 100 permit ip 172.20.1.0 0.0.0.255 any
access-list 100 deny ip any any log
dialer-list 1 protocol ip permit

cheers

-xymos.

[thorgood]

Hallo Zimbo,

die Zeile muss lauten:

ppp authentication chap pap callin


und dein Interface Ethernet0 darf nicht down sein, also:

interface Ethernet0
no shutdown

thorgood

[zimbo123]

besten dank, ich komme jetzt mit den Router ins www.
ich kann vom Router aus die DNS-Server anpingen, aber keine www-seiten. Vom Client aus geht nix, kann jediglich den Router anpingen.
Warum? Sind die ACL's falsch?
Die LAN-Seite ist OK, weil ich sonst mit einem anderem Router ins WWW gehe. Der andere ist aber ausgestellt, wenn der Cisco an ist.
Ich brauche noch einmal bitte Eure Hilfe.
BEsten Dank im voraus.

GRuß

Zimbo

[xymos]

hi,


nimm mal das raus:

no ip domain lookup
ip name-server 194.25.2.129

und füge im dialer das hinzu:

ppp ipcp dns request
no ip proxy arp
ip tcp adjust-mss 1452

-xymos.

[zimbo123]

das wars leider auch nicht.
die namensauflösung vom router klappt jetzt eingeschränkt.
habe folgendes gemacht:

ip domain-lookup
ip name-server 194.25.2.129

im Dialer

ppp ipcp dns request
no ip proxy arp
ip tcp adjust-mss 1452

in den ACL's habe ich folgende Zeile hinzugefügt:
access-list 100 permit udp any any eq domain

komischerweise sagt er mir aber das der 53 (dns) über udp geblockt wird.
Langsam verstehe ich gar nix mehr.
Vom Client aus kann ich weder einen DNS-Server anpingen, noch eine www-domäne.

Ich bin völlig ratlos langsam.

Danke

Gruß

Zimbo

[xymos]

hi,


poste mal deine aktuelle config ;-)

"ip name-server 194.25.2.129" brauchst du nicht, denn "ppp ipcp dns request fordert einen DNS Server" von deinem ISP an.

mit "ip domain-lookup" fungiert dein router als DNS Server.

trage mal als gateway/DNS die IP deines routers ein (im System)

cheeers

-xymos.