|
If experiencing PPPoE network connectivity issues, general recommendations are to follow these troubleshooting steps to diagnose and fix the problem:
- Verifying the PPPoE configuration:
Ensure that the PPPoE configuration settings are applied correctly on the FortiGate device. This includes verifying the username, password, and other related settings.
- Check the network connection:
Ensure that there are no network issues affecting communication between PPPoE clients and servers. Verify that cables, interfaces, and physical connections are intact and in good working order.
- Run Continuous Debug and Sniffer Logs:
Continue to debug and sniff logs for new events to gain further insight into the issue. This will help capture more data and better understand the behavior of the PPPoE connection:
Debug Commands:
diag debug duration 0
diag debug console timestamp enable
diag debug app pppoed -1
diag debug app ppp -1
diag debug enable
To stop the debug:
diag debug disable
Sniffer Logs:
diagnose sniffer packet <interface> 'ether[0x0c:2] == 0x8864 or ether[0x0c:2] == 0x8863' 6
diagnose sniffer packet <interface> 'not stp and not ip and not ip6' 6
The above filters do capture normal traffic within the PPPoE tunnel as well. To exclude this traffic and focus only on 'PPPoE control messages (PADx)' and 'PPP (LCP, PAP/CHAP, etc.)', use the following filter:
diagnose sniffer packet <interface> 'pppoes and (ppp proto 0xc021 or ppp proto 0xc023 or ppp proto 0xc025 or ppp proto 0xc223)' 6
c021 : Link Control Protocol
c023 : Password Authentication Protocol
c025 : Link Quality Report
c223 : Challenge Handshake Authentication Protocol
If the issue is due to the outages that occur when the PPPoE user receives no response to LCP (Link Control Protocol) Echo Requests from the server and results in an error message such as 'PPP daemon exited' or similar symptoms indicating a connection loss, it is possible to notice the below error on the debug output.
YYYY-MM-DD HH:MM:SS PPP send: LCP Echo_Request id(92) len(8) [Magic_Number a7474422]
YYYY-MM-DD HH:MM:SS [lcp_ha_sync_echo_id:2488] sync echo id 10589 to 'all'
YYYY-MM-DD HH:MM:SS PPP send: LCP Echo_Request id(93) len(8) [Magic_Number a7474422]
YYYY-MM-DD HH:MM:SS [lcp_ha_sync_echo_id:2488] sync echo id 10590 to 'all'
YYYY-MM-DD HH:MM:SS PPP send: LCP Echo_Request id(94) len(8) [Magic_Number a7474422]
YYYY-MM-DD HH:MM:SS [lcp_ha_sync_echo_id:2488] sync echo id 10591 to 'all'
YYYY-MM-DD HH:MM:SS No response to 3 echo-requests <--
YYYY-MM-DD HH:MM:SS Serial link appears to be disconnected.
The firewall disconnects the connection after receiving no response from the PPPoE server for 3 echo-requests due to the 'lcp-max-echo-fails' setting (default is 3).
It is possible to adjust this value based on the network and server requirements using the following command.
config system pppoe-interface
edit <name>
set lcp-max-echo-fails {integer} <default is 3>
next
end
-
Check the PPPoE server:
If the problem persists even after adjusting the above settings on FortiGate and reviewing the logs to confirm there are no issues with FortiGate, the problem may be with the PPPoE server. The server is not responding to Echo Requests or is experiencing internal problems. Proceed to verify the server to resolve server-side issues.
|
