No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

USG6300 can not connect to ISP via PPPoE

Publication Date:  2015-05-29 Views:  86 Downloads:  0
Issue Description

A customer replaced firewalls of other vendor with Huawei USG6300, and he configured USG6300 as PPPoE client. After finished configuration, USG6300 can’t connect to ISP via PPPoE. But the previous firewall can connect to ISP.

The software version is V100R001C20SPC700, but this issue is not regarding software version.

The related configuration is as follows:

dialer-rule 1 ip permit

 

interface Dialer0

 link-protocol ppp

 ppp chap user hon89539

 ppp chap password cipher xxxx

 ppp pap local-user hon89539 password cipher xxxx

 ppp ipcp dns admit-any

 ip address ppp-negotiate

 dialer user hon89539@pig.yy.com

 dialer-group 1

 dialer bundle 1

 

interface GigabitEthernet1/0/0

 pppoe-client dial-bundle-number 1 ipv4

 

This is the topology:

Alarm Information
None
Handling Process

(1)    Check the configuration, compare it to configuration example in product documentation, and can’t find any error.

(2)    Ask the customer to double check the user name and password. And he replied that both were correct.

(3)    Since the previous firewall can work. So we push the previous firewall back on the network and capture data packet while it dialed up. From the captured data packet, we can see that the username is “hon89539@pig.yy.com” and password is “tpg12345”, and they are different from those the customer provided before.

At this, we discussed with the customer again, and he finally found that the provided wrong password to us.

(4)    We changed the dial password in USG6300, and supposed this should work. But still, we can’t dialer using USG6300. Then we capture data packets for USG6300, and compared to the packets for the previous firewall.

We found that for previous firewall, when it sent PPP LCP configuration request to ISP, there was only “Magic number” in option item.

 But for USG6300, in option item, there was “Authentication protocol” sub-item besides "Magic Number"

As PPPoE Client, when USG6300 sent such authentication request in configuration request to ISP, ISP(PPPoE Server) will reject such request. But why USG6300 will carry such request?

Double check the configuration, and found that the configured was changed by the customer, “ppp authentication-mode pap ” was added. Then we got feedback from the customer that during last troubleshooting he added such command. If this command is added, USG6300 will send authentication request to PPPoE Server.

interface Dialer0

link-protocol ppp

ppp authentication-mode pap  //undo this command.

ppp pap local-user hon89539@pig.xxx.com password cipher xxxx

ppp ipcp dns admit-any

ip address ppp-negotiate

dialer user hon89539@pig.xxx.com

dialer-group 1

dialer bundle 1

 

 

 

Root Cause

1.     The customer provided wrong password for dial up as PPPoE client.

2.     The customer added “ppp authentication-mode pap ” in PPPoE client(USG6300).

Solution

1.     Change the password to a correct one.

2.     Delete the command “ppp authentication-mode pap ” in USG6300

Suggestions

When you configure USG firewall as PPPoE client, make sure that the user name and password are correct.

When USG firewall works as PPPoE client, normally you can’t configure this command “ppp authentication-mode ” .

END