Network Topology
Not involved
Problem Description
There are three PPPOE dial-up lines on the external network outgoing interfaces on site, and the device serves as PPPOE client. After the test, dialer2 port dialing is normal; dialer1 and dialer3 fail to dial.
Process Analysis
1. The device is used as a PPPoE client device. Check the relevant configuration of the device and no problem is found;
2. It is recommended that when dialing on the faulty interface alone, feedback debugging information such as debugging pppoe-client and debugging ppp all;
Judging from the feedback debug information, the client failed during chap authentication. The specific information is as follows:
Virtual-Access2 Input CHAP(c223) Pkt, Len 38
State SendResponse, code FAILURE(04), id 1, Len 34
Message: 22103000: Product not ordered!
*Sep 14 15:35:19:898 2020 Router PPP/7/CHAP_EVENT_0: -Slot=2;
PPP Event:
Virtual-Access2 CHAP Receive Failure Event
State SendResponse
*Sep 14 15:35:19:898 2020 Router PPP/7/AUTH_ERROR_0: -Slot=2;
PPP Error:
Virtual-Access2 CHAP: Client authentication failed No. 1 !
*Sep 14 15:35:19:899 2020 Router PPP/7/CHAP_STATE_0: -Slot=2;
PPP State Change:
Virtual-Access2 CHAP: SendResponse --> ClientFailed
*Sep 14 15:35:19:899 2020 Router PPP/7/FSM_EVENT_0: -Slot=2;
3. Judging from the debug results displayed in step 2, it is suspected that there is a problem with the username or password for chap authentication. It is recommended that the on-site engineer check with the operator to verify, or directly connect the PC to the external network interface for dial-up testing. The on-site engineer reported that there was no problem with confirming the user name and password, and that he had previously used a PC to directly connect to an external network cable to test PPPoE dial-up, and there was no problem;
4. If it is confirmed on-site that the account and password on the device are not configured incorrectly but the authentication fails, it is probably because the operator's authentication server has bound the mac address of the first dial-up online device. It is recommended to add "mac-address XXXX-XXXX-XXXX" (replace it with the mac address of the terminal that dialed successfully) under the physical port where dial-up is configured. , and then test dialing again.
Subsequent on-site verification with the operator confirmed that the public network side had restricted MAC address binding. After the public network side equipment was adjusted, the test was normal.
Solution
There is a problem on the operator's side. The operator's authentication server binds the mac address of the first dial-up device. As a result, when replacing other client devices for dialing, it prompts that the authentication failed. The problem is solved after adjustment on the operator's side.