PPPoE on TZ 200
I had a customer call and say their CL DSL line was down. Troubleshooting I found their bridged modem was dead.
So, I ordered a new CL approved DSL Zyxel C3000Z modem, installed it, tested for internet connection, set it to Transparent Bridge, connected it to Port 1 on the TZ 200 and tried the internet from the internal subnet. No Joy.
:-)
My assumption was that as nothing had changed in the Sonicwall getting the modem working and bridged to the firewall back up everything would work.
Bad assumption.
:-)
I've combed through the PPPOE stuff on X1, tired reentering the PPOE creds and still no connection.
I see this sequence in the log:
Received PPPoE Active Discovery Offer
Sending PPPoE Active Discovery Request
Received PPPoE Active Discovery Session_confirmation
PPPoE discovery process complete
PPP: Starting PAP authentication
PPP: PAP Authentication failed - check username / password
PPPoE LCP Link Down
PPP message: Processing TERMINATE request
PPPoE terminated
TCP connection dropped
I've re-entered the PPPOE creds several times. I also verified the PPPOE creds were correct with CL twice.
Any ideas how I can get this PPPOE bridge working?
Your expert advice is much appreciated.
Thanks
Answers
This doesn't sound like a Sonicwall issue.
Test it with a different PPPoE client.
I am struggling to think how you could misconfigure a DSL bridge so that it would cause previously valid credentials to be rejected, but I know nothing about that model of Zyxel, so ???
How did you determine that the previous one was dead?
That would be my assumption too. So perhaps it was never the original DSL bridge that was at fault.
So what was the fix?
I headed out to try it today. I'll set my laptop up as the PPPoE client and Wireshark its attempt to connect / authenticate. I have high hopes.
I'll keep you posted.
Thanks
Well, another day another adventure. :-(
I setup a PPPoE connection on my laptop, plugged into the Ethernet cable that bridges the modem to the firewall, 'dialed' the PPPoE and the laptop connected instantly.
So, no problem with the PPPoE creds and no problem with the MAC address CL has cashed on their servers.
Plugged into the WAN port on the firewall, checked the configuration on X1 interface to confirm correct PPoE creds and clicked the Connect button. Same error.
(from Sonicwall logs)
PPPoE terminated
PPP message: Processing TERMINATE request
PPPoE LCP Link Down
PPP: PAP Authentication failed - check username / password
PPP: Starting PAP authentication
PPPoE discovery process complete
Received PPPoE Active Discovery Session_confirmation
Sending PPPoE Active Discovery Request
Received PPPoE Active Discovery Offer
Starting PPPoE discovery
Tried everything I could think of.
Manually assigned IP and DNS on X1, set X1 to pull IP and DNS from PPPoE connection, tried to sniff the PPPoE connection with Wireshark but could only see the laptop ip and the sonicwall ip.
Checked the PPPoE with the laptop again, worked fine. A little perplexed.
I see quite a few posts about PPPoE and VLAN tag 201 but I don't see that anywhere in the SW config. Could that be causing my auth fail errors?
Thanks for taking time out of your day to help!
Well, another day another adventure. :-(
I finally figured out how to capture the PPPoE packets between our SW and Centurylink and found Dropped packets about every 5 seconds. When I checked the details on those packets it was always:
——-
The Packet:
Time > - 07:03.7
Ingress > - X1*(i)
Egress > - --
Source IP > - --
Destination IP > - --
Ether Type > - PPPOE-DIS
Packet Type > - PADT
Ports[Src, Dst] > - --
Status > - DROPPED
Length [Actual] > - 60[60]
——-
The details:
Ether Type: PPPOE-DIS(0x8863), Src=[88:43:e1:06:f7:93], Dst=[00:17:c5:5e:3e:f3]
PPPOE Packet Header
version=17, code=PADT(167), session id=29738
Value:[0]
DROPPED, Drop Code: 128, Module Id: 53, (Ref.Id: _795_RRRqGaUykvej) 0:0)
——-
Researching led me to:
——-
Drop Code: 128 = IDP detection DROP_IP_IDP_SEND_SMTP_REPLY
——-
Which doesn't make any sense we don't have any SMTP stuff at this site so a SMTP_REPLY is out in left field.
It looks like Centurylink is sending back a malformed / weird reply to one of four GENERATED packets.
I've attached a text file with the packet's before and after the Dropped packet, to give some perspective.
The sharing of your Expertise is appreciated.
Thanks
I think you need to involve the provider and ask them why they are rejecting your login when you are certain that you are using the correct credentials.
VLANs are not a requirement of a PPPoE connection, generally speaking. I think if you'd had to configure your laptop NIC with a VLAN before the PPPoE login worked from there, you would have mentioned it, right? On that basis I would rule out VLANs as being the issue.
Regarding
https://www.sonicwall.com/support/knowledge-base/explanation-of-drop-code-and-module-id-values-in-packet-capture-output-sonicos-5-8-1-12/170503632886984/
Module ID 53 = PPPoE
Drop code 128 = The PPPOE module dropped the packet because it was non-IP
ARKWRIGHT,
"had to configure your laptop NIC with a VLAN before the PPPoE login worked from there, you would have mentioned it"
Right. VLAN never came up when I connected via PPPoE from my laptop.
SonicOS Enhanced 5.8.1.12-65o firmware
"Drop code 128 = The PPPOE module dropped the packet because it was non-IP"
Thank You for that link. I've spent hours searching the SW KB and never ran across a firmware resource before 6.2. I'm not exactly sure which version my firmware is but I know it's in the 5.xxx range, so this definition of Drop code 128 is very helpful. And the "dropped the packet because it was non-IP" makes a lot more sense in these circumstances.
As you can see, I found Packet Monitor so I can export pcap capture files and use Wireshark to dig into the actual PPPoE packets. Then, if I dig around in the Wireshark 'adaptor list' on my laptop I'll be able to find the right interface to capture PPPoE packets from there and compare packet contents from the two sources to find the difference.
Based on your "dropped the packet because it was non-IP" comment I looked around and found a really detailed explanation of all the TCP Packet format fields and it looks like the Data Payload field might have the information I'm looking for.
As you have probably surmised, I've messed around with TCP/IP but never had to dig down to this level in the packet details before. Usually, it's been plug in the cable, make sure the TCP/IP packets are whizzing around and everybody's happy.
Thanks for taking the time to help me out.
😀 😀
Arkwright,
Finally! community.sonicwall. is back online.
Phew.
An update:
Equipment:
Sonicwall TZ-200 SonicOS Enhanced 5.6.0.10-52o
Zyxel C3000Z modem.
Not really my equipment but all this involves a DSL connection to Centurylink.
Backstory:
My client's Centurylink modem died so I bought a newer Centurylink modem, configured the PPPoE with creds, installed it and bridged it to the Sonicwall.
Beings I hadn't touched the firewall I expected that I would install the new modem, bridge it over and it would just work. Bad expectation.
After a lot of research (fiddling around) I learned Windows has a built-in PPPoE client that I could use to test. Configured the Windows PPPoE client with creds, plugged in cable from modem, dialed the PPPoE and it connected instantly. So, no problem with creds or modem.
Crossed fingers, plugged in Sonicwall and no connection. Figured out how to use Packet Monitor to capture X1 packets, waited a few minutes for the SW to try connecting via PPPoE and found that it was dropping an IP packet every 5 seconds with Drop Code: 128, Module Id: 53.
Packet that's getting dropped.
Header Values:
Bytes captured: 60, Actual Bytes on the wire: 60
Packet Info(Time:07/01/2024 12:31:27.288):
in:X1*(interface), out:--, DROPPED, Drop Code: 128, Module Id: 53, (Ref.Id: _795_QQQpF`Txjudi), 0:0)
Ethernet Header:
Ether Type: PPPOE-DIS(0x8863), Src=[88:43:e1:06:f7:93], Dst=[00:17:c5:5e:3e:f3]
PPPOE Packet Header
version=17, code=PADT(167), session id=55497
Value:[0]
Hex and ASCII dump of the packet:
0017c55e 3ef38843 e106f793 886311a7 d8c90000 00000000 ...^>..C.....c..........
00000000 00000000 00000000 00000000 00000000 00000000 ........................
00000000 00000000 00000000 *............ *
Thought Hey, I can just sniff the successful laptop PPPoE connection, corollate the packets and see precisely what is working on the laptop but failing on the SW, but no joy.
What I've tried:
Spent hours in the chat/phone with Centurylink. Worked my way through 8 or 9 agents, finally verified the PPPoE creds, got Centurylink to update the MAC address for the new modem and confirmed the modem was online and I could browser the internet.
Verified the PPPoE client on the laptop can connect to Centurylink and I can browse the web.
Tried to sniff and found that I can see IP packets on the laptop ethernet but nothing that shows the PPPoE connection / authentication.
Factory reset the modem a couple of times, configured PPPoE and looked for the place to set VLAN to 201 but no joy.
Looked all over the SW to check if the VLAN 201 was configured on there. Couldn't find any VLAN stuff, but then I'm a Sonicwall noob.
Error: (not news to you)
Drop code 128 = The PPPOE module dropped the packet because it was non-IP
Module Id: 53(PPPOE).
Those are for version 5.8.1.12-65o and I have 5.6.0.10-52o.
Questions:
1.) Any ideas of how to troubleshoot this drop code error?
2.) Do you know anyway to captured PPPoE packets from a laptop PPPoE client to the PPPoE server? If so how.
Thanks Arkwright. You've been a big help.