Announcement

Collapse
No announcement yet.

Cisco 876 ISDN Dialer problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco 876 ISDN Dialer problem

    Hi,
    (Sorry for the long post, but I'm kinda stuck...)

    I have a HQ site able to bring up a Dialer connection to a remote site (Site-BB). It also works in reverse i.e. Site-BB can make the connection into HQ. Now I have a requirement to get a 3rd site connecting into Site-BB. But when I create a new Dialer interface on Site-BB router the original connection won't come up. If I remove interface dialer99 then the original can connect OK.

    Here are the details:

    !
    hostname Site-BB
    ip cef
    no ip bootp server
    isdn switch-type basic-net3
    !
    username SIte-HQ password xxxxxxxxxx
    !
    !
    interface BRI0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    encapsulation ppp
    dialer pool-member 2
    isdn switch-type basic-net3
    isdn point-to-point-setup
    !
    interface ATM0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    no atm ilmi-keepalive
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
    ip address 192.168.4.250 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    !
    interface Dialer0
    no ip address
    !
    interface Dialer1
    no ip address
    encapsulation ppp
    dialer pool 1
    dialer idle-timeout 20
    dialer string 0191730044
    dialer string 0191730066
    dialer-group 1
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname Site-BB
    ppp chap password xxxxxxxxx
    ppp pap sent-username Site-BB password xxxxxxx
    !
    interface Dialer3
    ip address 10.0.4.1 255.255.255.0
    encapsulation ppp
    dialer pool 2
    dialer string 0191730044
    dialer string 0191730066
    dialer-group 2
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname Site-BB
    ppp chap password xxxxx
    ppp pap sent-username Site-BB password xxxxxxxxxx
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer3
    ip route 192.168.1.1 255.255.255.255 192.168.4.254
    ip route 192.168.1.4 255.255.255.255 192.168.4.254
    ip route 192.168.1.5 255.255.255.255 192.168.4.254
    ip route 192.168.1.6 255.255.255.255 192.168.4.254
    ip route 192.168.1.105 255.255.255.255 Dialer3
    ip route 192.168.1.151 255.255.255.255 192.168.4.254
    ip route 192168.1.153 255.255.255.255 192.168.4.254
    ip http serve
    ip http authentication localip http secure-server
    p http timeout-policy idle 60 life 86400 requests 10000
    !
    ip nat inside source list 1 interface Dialer0 overload
    ip nat outside source static network 192.168.1.105 192.168.4.250 /32
    !
    ip access-list extended OutSIte-HQ
    remark out to SIte-HQ
    remark SDM_ACL Category=1
    remark out to HQ
    permit ip 192.168.4.0 0.0.0.255 10.0.4.0 0.0.0.255
    ip access-list extended inboundSIte-HQ
    remark inboundSIte-HQ
    remark SDM_ACL Category=1
    permit ip 10.0.4.0 0.0.0.255 192.168.4.0 0.0.0.255
    !
    logging trap debugging
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark SDM_ACL Category=3
    access-list 1 permit 192.168.4.0 0.0.0.255
    dialer-list 1 protocol ip permit
    dialer-list 2 protocol ip permit
    no cdp run
    !
    !
    control-plane
    !
    banner login ^CCCCCCCCCCCCCCCCCAuthorized access only!
    no inservice
    !
    end
    ______________

    So above works fine both ways; when I add the new details below for the new site - it stops working
    !
    username Site-BB password xxx
    !
    interface BRI0
    dialer pool-member 3
    ! (now BRI0 has pool-member 2 and 3)
    !
    !
    interface Dialer99
    description ISDN_to_New-site
    ip address 192.168.99.74 255.255.255.0
    encapsulation ppp
    dialer pool 3
    dialer string 0167115500
    dialer-group 2
    pulse-time 0
    ppp authentication chap pap callin
    ppp chap hostname Site-BB
    ppp chap password 0 xxx
    ppp pap sent-username Site-BB password 0xxx
    !
    !
    ip route 192.168.200.0 255.255.255.0 dialer99
    !___________________________________

    Obviously I now need to be able to have ISDN access Site-BB from both HQ-Site and New-site. Any help appreciated.

    _____________________
    Here is the debug from Site-BB when HQ tries to make an ISDN connect when the new Dialer99 is configured;
    000100: *May 18 21:49:22.529 PCTime: ISDN BR0 Q931: RX <- SETUP pd = 8 callref = 0x3C
    Sending Complete
    Bearer Capability i = 0x8890
    Standard = CCITT
    Transfer Capability = Unrestricted Digital
    Transfer Mode = Circuit
    Transfer Rate = 64 kbit/s
    Channel ID i = 0x89
    Exclusive, B1
    Calling Party Number i = 0x2183, '0191705699'
    Plan:ISDN, Type:National
    Called Party Number i = 0xA1, '0114080855'
    Plan:ISDN, Type:National
    000101: *May 18 21:49:22.529 PCTime: ISDN BR0:1: Incoming call rejected, unbindable
    000102: *May 18 21:49:22.529 PCTime: ISDN BR0 **ERROR**: host_incoming_call: DIALER ERROR 0x1: b channel 0, call id 0xE
    000103: *May 18 21:49:23.565 PCTime: ISDN BR0 Q931: TX -> RELEASE_COMP pd = 8 callref = 0xBC
    Cause i = 0x8095 - Call rejected
    000104: *May 18 21:49:27.590 PCTime: ISDN BR0 Q931: RX <- SETUP pd = 8 callref = 0x3B
    Sending Complete
    Bearer Capability i = 0x8890
    Standard = CCITT
    Transfer Capability = Unrestricted Digital
    Transfer Mode = Circuit
    Transfer Rate = 64 kbit/s
    Channel ID i = 0x89
    Exclusive, B1
    Calling Party Number i = 0x2183, '0191705699'
    Plan:ISDN, Type:National
    Called Party Number i = 0xA1, '14080836'
    Plan:ISDN, Type:National
    000105: *May 18 21:49:27.594 PCTime: ISDN BR0:1: Incoming call rejected, unbindable
    000106: *May 18 21:49:27.594 PCTime: ISDN BR0 **ERROR**: host_incoming_call: DIALER ERROR 0x1: b channel 0, call id 0xF
    000107: *May 18 21:49:27.594 PCTime: ISDN BR0 Q931: TX -> RELEASE_COMP pd = 8 callref = 0xBB
    Cause i = 0x8095 - Call rejected
    000108: *May 18 21:49:28.594 PCTime: ISDN BR0 Q931: TX -> RELEASE_COMP pd = 8 callref = 0xBB
    Cause i = 0x8095 - Call rejected
    000109: *May 18 21:49:37.007 PCTime: ISDN BR0 Q931: RX <- SETUP pd = 8 callref = 0x3A
    Sending Complete
    Bearer Capability i = 0x8890
    Standard = CCITT
    Transfer Capability = Unrestricted Digital
    Transfer Mode = Circuit
    Transfer Rate = 64 kbit/s
    Channel ID i = 0x89
    Exclusive, B1
    Calling Party Number i = 0x2183, '0191705699'
    Plan:ISDN, Type:National
    Called Party Number i = 0xA1, '0114080855'
    Plan:ISDN, Type:National
    000110: *May 18 21:49:37.011 PCTime: ISDN BR0:1: Incoming call rejected, unbindable
    000111: *May 18 21:49:37.011 PCTime: ISDN BR0 **ERROR**: host_incoming_call: DIALER ERROR 0x1: b channel 0, call id 0x10
    000112: *May 18 21:49:37.015 PCTime: ISDN BR0 Q931: TX -> RELEASE_COMP pd = 8 callref = 0xBA
    Cause i = 0x8095 - Call rejected
    000113: *May 18 21:49:38.011 PCTime: ISDN BR0 Q931: TX -> RELEASE_COMP pd = 8 callref = 0xBA
    Cause i = 0x8095 - Call rejected
    000114: *May 18 21:49:39.555 PCTime: ISDN BR0 **ERROR**: CCBRI_Go: NO CCB Src->HOST call id 0x8011, event 0x5 ces 1
    000115: *May 18 21:49:42.164 PCTime: ISDN BR0 Q931: RX <- SETUP pd = 8 callref = 0x39
    Sending Complete

  • #2
    Re: Cisco 876 ISDN Dialer problem

    Found this on cisco's site in relation to your debug:


    000101: *May 18 21:49:22.529 PCTime: ISDN BR0:1: Incoming call rejected, unbindable


    1. Remember that there are four attempts to bind. Assuming that we have more than one dialer profile, the CLID and DNIS bind attempt fails and PPP authentication is not configured (pre-empting the possibility of the fourth test). The following debug dialer message will be generated on the called router.
    *Mar 1 11:59:36.521: ISDN BR0:1: Incoming call rejected, unbindable
    Solution: Configure ppp authentication chap | pap [callin] on the physical interface.
    2. If PPP authentication is enabled on the physical interface, then the fourth attempt to bind will proceed. The router will use the authenticated username to attempt to bind to one of the dialer interfaces in the dialer pool. If that attempt fails, the following debug will be seen on the called router:
    *Mar 1 12:03:32.227: BRI0:1:
    Authenticated host HQ-NAS with no matching dialer profile



    Also:
    interface Dialer99
    description ISDN_to_New-site
    ip address 192.168.99.74 255.255.255.0
    encapsulation ppp
    dialer pool 3 BRI0 is a member of dialer-pool 2 so how can dialer 99 request any B channels if the dialer is set for dialer-pool 3. Either change the dialer99 to use dial pool 2 or add dialer pool-member 3 to your BRI0
    dialer string 0167115500
    dialer-group 2
    pulse-time 0
    ppp authentication chap pap callin
    ppp chap hostname Site-BB
    ppp chap password 0 xxx
    ppp pap sent-username Site-BB password 0xxx
    Last edited by auglan; 7th June 2012, 17:36.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: Cisco 876 ISDN Dialer problem

      The problem at the moment is that as soon as I enter the new Dialer99 interface settings the previously working HO router connection (to Dialer3) doesn't connect. Then if I remove interface Dialer99 - presto the connection to D3 works.

      Originally posted by auglan View Post
      Found this on cisco's site in relation to your debug:


      000101: *May 18 21:49:22.529 PCTime: ISDN BR0:1: Incoming call rejected, unbindable


      1. Remember that there are four attempts to bind. Assuming that we have more than one dialer profile, the CLID and DNIS bind attempt fails and PPP authentication is not configured (pre-empting the possibility of the fourth test). The following debug dialer message will be generated on the called router.
      *Mar 1 11:59:36.521: ISDN BR0:1: Incoming call rejected, unbindable
      Solution: Configure ppp authentication chap | pap [callin] on the physical interface.
      2. If PPP authentication is enabled on the physical interface, then the fourth attempt to bind will proceed. The router will use the authenticated username to attempt to bind to one of the dialer interfaces in the dialer pool. If that attempt fails, the following debug will be seen on the called router:
      *Mar 1 12:03:32.227: BRI0:1:
      Authenticated host HQ-NAS with no matching dialer profile



      Also:
      interface Dialer99
      description ISDN_to_New-site
      ip address 192.168.99.74 255.255.255.0
      encapsulation ppp
      dialer pool 3 BRI0 is a member of dialer-pool 2 so how can dialer 99 request any B channels if the dialer is set for dialer-pool 3. Either change the dialer99 to use dial pool 2 or add dialer pool-member 3 to your BRI0
      dialer string 0167115500
      dialer-group 2
      pulse-time 0
      ppp authentication chap pap callin
      ppp chap hostname Site-BB
      ppp chap password 0 xxx
      ppp pap sent-username Site-BB password 0xxx

      Comment


      • #4
        Re: Cisco 876 ISDN Dialer problem

        I understand but did you read what I posted initially and try it?




        1. Remember that there are four attempts to bind. Assuming that we have more than one dialer profile, the CLID and DNIS bind attempt fails and PPP authentication is not configured (pre-empting the possibility of the fourth test). The following debug dialer message will be generated on the called router.
        *Mar 1 11:59:36.521: ISDN BR0:1: Incoming call rejected, unbindable

        Solution: Configure ppp authentication chap | pap [callin] on the physical interface.
        2. If PPP authentication is enabled on the physical interface, then the fourth attempt to bind will proceed. The router will use the authenticated username to attempt to bind to one of the dialer interfaces in the dialer pool. If that attempt fails, the following debug will be seen on the called router:
        *Mar 1 12:03:32.227: BRI0:1:
        Authenticated host HQ-NAS with no matching dialer profile
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: Cisco 876 ISDN Dialer problem

          Thanks. OK, so I need to -
          Configure ppp authentication chap | pap [callin] on the physical interface and fix the dialer pool number issue. Is that correct?

          Originally posted by auglan View Post
          I understand but did you read what I posted initially and try it?


          1. Remember that there are four attempts to bind. Assuming that we have more than one dialer profile, the CLID and DNIS bind attempt fails and PPP authentication is not configured (pre-empting the possibility of the fourth test). The following debug dialer message will be generated on the called router.
          *Mar 1 11:59:36.521: ISDN BR0:1: Incoming call rejected, unbindable

          Solution: Configure ppp authentication chap | pap [callin] on the physical interface.
          2. If PPP authentication is enabled on the physical interface, then the fourth attempt to bind will proceed. The router will use the authenticated username to attempt to bind to one of the dialer interfaces in the dialer pool. If that attempt fails, the following debug will be seen on the called router:
          *Mar 1 12:03:32.227: BRI0:1:
          Authenticated host HQ-NAS with no matching dialer profile

          Comment


          • #6
            Re: Cisco 876 ISDN Dialer problem

            I would apply authentication to the BRI first. Then test and watch debugs. Do one step at at ime.
            CCNA, CCNA-Security, CCNP
            CCIE Security (In Progress)

            Comment


            • #7
              Re: Cisco 876 ISDN Dialer problem

              I have applied the authentication; I gave most of this working now but just can't get the finalpiece working - site headoffice dialer 73 to site-bb over ISDN - the ISDN connection is being established but appears to go down. Debugs and configs attached below. A prize if anyone can show me where the problem is. I can't change headoffice config as that Dialer template is in use for multiple existing sites - I can change the remote site config if needed.

              Originally posted by auglan View Post
              I would apply authentication to the BRI first. Then test and watch debugs. Do one step at at ime.
              Attached Files

              Comment


              • #8
                Re: Cisco 876 ISDN Dialer problem

                I would have a look at:


                debug ppp authentication

                and


                debug ppp negotiation


                Also this may be a problem:

                interface BRI1/0
                no ip address
                no ip redirects
                no ip unreachables
                no ip proxy-arp
                encapsulation ppp
                dialer pool-member 2
                dialer pool-member 3
                isdn switch-type basic-net3
                ppp authentication chap pap callin


                The "callin' keyword says that when the HQ calls in the site router will challenge with chap. This means the site router will only authenticate on incoming calls. Typically the callin keyword is used on "Access Servers" for 1 way authentication. I would remove it and try again.
                CCNA, CCNA-Security, CCNP
                CCIE Security (In Progress)

                Comment


                • #9
                  Re: Cisco 876 ISDN Dialer problem

                  Added debug attachments below ...
                  What I can do: connect isdn from new-site to remote (site-bb)
                  connect isdn form remote (site-bb) to headoffice
                  What I cannot do (and need) is to connect isdn from headoffice to site-bb


                  Originally posted by auglan View Post
                  I would have a look at:


                  debug ppp authentication

                  and


                  debug ppp negotiation


                  Also this may be a problem:

                  interface BRI1/0
                  no ip address
                  no ip redirects
                  no ip unreachables
                  no ip proxy-arp
                  encapsulation ppp
                  dialer pool-member 2
                  dialer pool-member 3
                  isdn switch-type basic-net3
                  ppp authentication chap pap callin


                  The "callin' keyword says that when the HQ calls in the site router will challenge with chap. This means the site router will only authenticate on incoming calls. Typically the callin keyword is used on "Access Servers" for 1 way authentication. I would remove it and try again.
                  Attached Files

                  Comment


                  • #10
                    Re: Cisco 876 ISDN Dialer problem

                    It's gotta be an authentication issue. It looks to me that HO is getting challenged by remote and HO is responding and getting a success inbound but it looks like form the debug that HO is never getting a response to its challenge. If you look at the 2 debugs side by side you will see what im talking about. Did you remove the "callin" keyword from the remote site?


                    This is debug from HO to remote.

                    1d22h: Se1/0:30 PPP: Phase is AUTHENTICATING, by both
                    1d22h: Se1/0:30 CHAP: O CHALLENGE id 62 len 31 from "headoffice"
                    1d22h: Se1/0:30 CHAP: I CHALLENGE id 181 len 30 from "edinburgh"
                    1d22h: Se1/0:30 CHAP: O RESPONSE id 181 len 31 from "headoffice"
                    1d22h: Se1/0:30 CHAP: I SUCCESS id 181 len 4

                    1d22h: ISDN Se1/0:15: RX <- DISCONNECT pd = 8 callref = 0x806C
                    1d22h: Cause i = 0x8090 - Normal call clearing
                    1d22h: Progress Ind i .= 0x8288 - In-band info or appropriate now available
                    1d22h: %ISDN-6-CONNECT: Interface Serial1/0:30 is now connected to 01181292744
                    1d22h: %LINK-3-UPDOWN: Interface Serial1/0:30, changed state to down
                    1d22h: Se1/0:30 PPP: Phase is TERMINATING
                    1d22h: Se1/0:30 LCP: State is Closed
                    1d22h: Se1/0:30 PPP: Phase is DOWN


                    And Debug from new site to remote:

                    6w2d: Se1/0:30 PPP: Phase is AUTHENTICATING, by both [0 sess, 0 load]
                    6w2d: Se1/0:30 CHAP: O CHALLENGE id 12 len 28 from "new-site"
                    6w2d: Se1/0:30 CHAP: I CHALLENGE id 180 len 30 from "edinburgh"
                    6w2d: Se1/0:30 CHAP: O RESPONSE id 180 len 28 from "new-site"
                    6w2d: Se1/0:30 CHAP: I SUCCESS id 180 len 4
                    6w2d: Se1/0:30 CHAP: I RESPONSE id 12 len 30 from "edinburgh"
                    6w2d: Se1/0:30 CHAP: O SUCCESS id 12 len 4
                    6w2d: Se1/0:30 PPP: Phase is UP [0 sess, 0 load]
                    CCNA, CCNA-Security, CCNP
                    CCIE Security (In Progress)

                    Comment

                    Working...
                    X