Check PPPoE connection on Wan2

comas17 · ‎10-27-2015

Hi all we have a Fortigate 60C already running configured witn ISP A (wan1). Interface addressing mode is configured to "Manual" Now we want to configure another connection (with another ISP) and we have connected to wan2. Interface addressing mode is configured as PPPoE. We have inserted into "Unnumbered IP" the static/public IP address sent us by our ISP In interfaces page I can see Status icon as green (arrow up) and also Link Status icon green (arrow up) but if I double click wan2 and go to "edit interface" status is displayed as "failed" (red icon) Which is right ? I suspect that really the status is failed as I do not have, for example, any route (static or dynamic) configured as I was expecting ? What could be the problem ? I have already checked username and password, etc Thank you

gschmitt · ‎10-27-2015

Try leaving the unnumbered IP as 0.0.0.0

Try setting the Distance on the Interface the same (or lower) distance than your wan1 default route

If this fails enter this in the cli and capture the output:

diag debug reset

diag debug enable

diag debug application pppoed -1

comas17 · ‎10-27-2015

I tried to reinsert all parameters and I left 0.0.0.0 unnumbered ip and now connection seems to be ok

I put a distance higher than the current already configured wan1 route (I will change later). I've seen in routing monitor 2 new routes; what I don't understand is that the interface is "ppp1" and distance is 0 (in pppoe configuration I put 20 as distance)

Is there anything wrong ?

Thank you

Toshi_Esumi · ‎10-27-2015

Just to comment on one portion; the Link status in the GUI or CLI, like in "get sys int phy", is the wan2's ethernet interface status connected to your vendor modem. PPPoE status still fails if username/password doesn't match with your vendor's setting.

Toshi_Esumi · ‎10-27-2015

That sounds like a bug to me. What version are you running? I configured below on an FG60D v5.2.3 build0670 and connected to an ADSL modem, then get a proper distance 10 on the routing table as I configured.

FGT60D4614041307 # sh sys int config system interface

<snip> edit "wan1" set vdom "root" set mode pppoe set distance 10 set allowaccess ping https ssh set type physical set snmp-index 2 set username "telekenexixc@qwest.net" set password ENC eycUZBehWrGtVP9pMZDjxB24nYE4bvjVSs59xhqmex3SmF153fi9tRzUOduCbOgEl1Jqq+T18N/OLhC1u4JeQC/C6SEbMtpxfM+Df1tQcDpBrY+eQmL33nvXe3OoDB++tdBoTFXnA8kJl4nfMI4Qsje4IlHs08w5QVV3drrpQGwLUHDjqmLC7cZIxQ5wGqRB3ROlDA== next <snip>

FGT60D4614041307 # get router info routing-t database Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area > - selected route, * - FIB route, p - stale info S *> 0.0.0.0/0 [10/0] via 63.231.10.66, ppp1 C *> 63.231.10.66/32 is directly connected, ppp1 C *> 192.168.1.0/24 is directly connected, internal C *> 209.181.137.224/32 is directly connected, ppp1

Toshi_Esumi · ‎10-27-2015

Oops, I forgot to mask our username.

joseraymundo · ‎10-27-2015

You must set the username and password of your ISP and put the modem in bridge mode so you can assign public IP SIP

gschmitt · ‎10-28-2015

Remove Username AND the encrypted password now, there is an edit function!