Troubleshooting PPPoE on PIX

Posted on November 24, 2010

0



This document is not up to date as the firewall is PIX. Maybe the ASA codes have the same command as this old PIX. I did not have time to test it.

Use the following commands to check your PPPoE interface:

  • show ip address outside pppoe
  • show vpdn session pppoe
  • show vpdn pppinterface
  • show vpdn group

Here is an example what are the outputs for the commands above.

pixfirewall(config)# show ip address outside pppoe

PPPoE Assigned IP addr: 50.50.50.82 255.255.255.255 on Interface: outside

Remote IP addr: 50.50.50.1

pixfirewall(config)# show vpdn tunnel pppoe
PPPoE Tunnel Information (Total tunnels=1 sessions=1)
Tunnel id 0, 1 active sessions
time since change 2891 secs
Remote MAC Address 00:12:80:CB:45:08
481 packets sent, 481 received, 5956 bytes sent, 22126 received
pixfirewall(config)#
pixfirewall(config)# show vpdn session pppoe
PPPoE Session Information (Total tunnels=1 sessions=1)
Remote MAC is 00:12:80:CB:45:08
Session state is SESSION_UP
Time since event change 1420046 secs, interface outside
PPP interface id is 1
485 packets sent, 485 received, 6004 bytes sent, 22310 received
pixfirewall(config)#
pixfirewall(config)# show vpdn pppinterface
PPP virtual interface id = 1
PPP authentication protocol is PAP
Server ip address is 50.50.50.1
Our ip address is 50.50.50.82
Transmitted Pkts: 487, Received Pkts: 487, Error Pkts: 0
MPPE key strength is None
MPPE_Encrypt_Pkts: 0, MPPE_Encrypt_Bytes: 0
MPPE_Decrypt_Pkts: 0, MPPE_Decrypt_Bytes: 0
Rcvd_Out_Of_Seq_MPPE_Pkts: 0
pixfirewall(config)#
pixfirewall(config)# show vpdn group
vpdn group test request dialout pppoe
vpdn group test localname wr8
vpdn group test ppp authentication pap
pixfirewall(config)#

Debugging PPPoE:

If you have problems with PPPoE, you can enable the following debugging and look for the tipical PADI – PADO – PADR – PADS sequence in the debug output.

pixfirewall(config)# debug pppoe event
pixfirewall(config)# debug pppoe error

Here is an example output for the 2 PPPoE debug commands.

pixfirewall(config)# sh interface
interface ethernet0 “outside” is up, line protocol is up
Hardware is i82559 ethernet, address is 0013.7f6d.4beb
IP address 50.50.50.83, subnet mask 255.255.255.255
MTU 1492 bytes, BW 100000 Kbit full duplex
14990260 packets input, 3826603448 bytes, 0 no buffer
Received 14954607 broadcasts, 0 runts, 0 giants
115896 input errors, 1 CRC, 1 frame, 115894 overrun, 1 ignored, 0 abort
6374 packets output, 477058 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
8 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/128)
output queue (curr/max blocks): hardware (0/2) software (0/1)
interface ethernet1 “inside” is up, line protocol is up
Hardware is i82559 ethernet, address is 0013.7f6d.4bee
MTU 1500 bytes, BW 100000 Kbit full duplex
14955792 packets input, 3823096216 bytes, 0 no buffer
Received 14955792 broadcasts, 0 runts, 0 giants
116124 input errors, 0 CRC, 0 frame, 116124 overrun, 0 ignored, 0 abort
2 packets output, 120 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/157)
output queue (curr/max blocks): hardware (0/1) software (0/1)
pixfirewall(config)#
pixfirewall(config)# ip address outside pppoe setroute
speixfnidr_ewpalal(cdoin:f(igS)n#d ) Dest:ffff.ffff.ffff Src:0013.7f6d.4beb Type:0x8863=PPPoE-Discovery
Ver:1 Type:1 Code:09=PADI Sess:0 Len:12
Type:0101:SVCNAME-Service Name Len:0
Type:0103:HOSTUNIQ-Host Unique Tag Len:4 00000004
PPPoE:(Rcv) Dest:0013.7f6d.4beb Src:0012.80cb.4508 Type:0x8863=PPPoE-Discovery
Ver:1 Type:1 Code:07=PADO Sess:0 Len:44
Type:0101:SVCNAME-Service Name Len:0
Type:0103:HOSTUNIQ-Host Unique Tag Len:4 00000004
Type:0102:ACNAME-AC Name Len:8 7204-ISP
Type:0104:ACCOOKIE-AC Cookie Len:16 68516E78 F499010D D4D3D3F7 84017B1D
PPPoE: PADO
send_padr:(Snd) Dest:0012.80cb.4508 Src:0013.7f6d.4beb Type:0x8863=PPPoE-Discovery
Ver:1 Type:1 Code:19=PADR Sess:0 Len:44
Type:0101:SVCNAME-Service Name Len:0
Type:0103:HOSTUNIQ-Host Unique Tag Len:4 00000004
Type:0102:ACNAME-AC Name Len:8 7204-ISP
Type:0104:ACCOOKIE-AC Cookie Len:16 68516E78 F499010D D4D3D3F7 84017B1D
PPPoE:(Rcv) Dest:0013.7f6d.4beb Src:001a.a18f.1f74 Type:0x8863=PPPoE-Discovery
Ver:1 Type:1 Code:07=PADO Sess:0 Len:45
Type:0101:SVCNAME-Service Name Len:0
Type:0103:HOSTUNIQ-Host Unique Tag Len:4 00000004
Type:0102:ACNAME-AC Name Len:9 wr17-1801
Type:0104:ACCOOKIE-AC Cookie Len:16 7FAD81B7 203ACB7F DFE50D2D C4FEE607
PPPoE: PADO
PPPoE: Unsolicited PADO, Invalid session state
PPPoE:(Rcv) Dest:0013.7f6d.4beb Src:0012.80cb.4508 Type:0x8863=PPPoE-Discovery
Ver:1 Type:1 Code:65=PADS Sess:98 Len:44
Type:0101:SVCNAME-Service Name Len:0
Type:0103:HOSTUNIQ-Host Unique Tag Len:4 00000004
Type:0102:ACNAME-AC Name Len:8 7204-ISP
Type:0104:ACCOOKIE-AC Cookie Len:16 68516E78 F499010D D4D3D3F7 84017B1D
PPPoE: PADS
IN PADS from PPPoE tunnel
PPPoE: Opening PPP link and starting negotiations.
PPP virtual access open, ifc = 0
Xmit Link Control Protocol pkt, Action code is: Config Request, len is: 6
Pkt dump: 05060a09e181
LCP Option: MAGIC_NUMBER, len: 6, data: 0a09e181
Rcvd Link Control Protocol pkt, Action code is: Config Request, len is: 10
Pkt dump: 010405d405064ad7155b
LCP Option: Max_Rcv_Units, len: 4, data: 05d4
LCP Option: MAGIC_NUMBER, len: 6, data: 4ad7155b
Xmit Link Control Protocol pkt, Action code is: Config ACK, len is: 10
Pkt dump: 010405d405064ad7155b
LCP Option: Max_Rcv_Units, len: 4, data: 05d4
LCP Option: MAGIC_NUMBER, len: 6, data: 4ad7155b
Rcvd Link Control Protocol pkt, Action code is: Config ACK, len is: 6
Pkt dump: 05060a09e181
LCP Option: MAGIC_NUMBER, len: 6, data: 0a09e181
Xmit Link Control Protocol pkt, Action code is: Echo Request, len is: 4
Pkt dump: 0a09e181
Rcvd IP Control Protocol pkt, Action code is: Config Request, len is: 6
Pkt dump: 030632323201
IPCP Option: Config IP, IP = 50.50.50.1
Xmit IP Control Protocol pkt, Action code is: Config Request, len is: 6
Pkt dump: 030600000000
IPCP Option: Config IP, IP = 0.0.0.0
Xmit IP Control Protocol pkt, Action code is: Config ACK, len is: 6
Pkt dump: 030632323201
IPCP Option: Config IP, IP = 50.50.50.1
Rcvd Link Control Protocol pkt, Action code is: Echo Reply, len is: 4
Pkt dump: 4ad7155b
Rcvd IP Control Protocol pkt, Action code is: Config NAK, len is: 6
Pkt dump: 030632323253
IPCP Option: Config IP, IP = 50.50.50.83
Xmit IP Control Protocol pkt, Action code is: Config Request, len is: 6
Pkt dump: 030632323253
IPCP Option: Config IP, IP = 50.50.50.83
Rcvd IP Control Protocol pkt, Action code is: Config ACK, len is: 6
Pkt dump: 030632323253
IPCP Option: Config IP, IP = 50.50.50.83
Rcvd Link Control Protocol pkt, Action code is: Echo Request, len is: 8
Pkt dump: 4ad7155b0a09e181
Xmit Link Control Protocol pkt, Action code is: Echo Reply, len is: 8
Pkt dump: 0a09e1810a09e181
Rcvd Link Control Protocol pkt, Action code is: Echo Request, len is: 8
Pkt dump: 4ad7155b0a09e181
Xmit Link Control Protocol pkt, Action code is: Echo Reply, len is: 8
Pkt dump: 0a09e1810a09e181
Xmit Link Control Protocol pkt, Action code is: Echo Request, len is: 4
Pkt dump: 0a09e181
Rcvd Link Control Protocol pkt, Action code is: Echo Reply, len is: 4
Pkt dump: 4ad7155b
pixfirewall(config)# undeb all
Advertisement
Posted in: ASA, Cisco, Security, Troubleshootings