Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
emre076
New Contributor II

PPPoE not reconnecting. only after reboot

Hi all

 

i have a fortigate 61F with version 7.0.6 running in a remote branch

i have setup wan2 connection in PPPoE mode

as a temporary measurement i login to the switch over the public internet (on wan2 gui access enabled)

to configure the device.

 

it happened a few times that i get locked out because the fw loses its pppoe connection

and the only way to re-establish a connection is to reboot the fw.

and my question is

why do i need to reboot it? doesn't it auto reconnect?

how can i troubleshoot the interrupting?

 

 

-------Edit-------

 

after contacting the ISP support they told me that the session breaks because of user-requested breaks.

so the fortigate probably sends message to terminate the session or something like that.

 

ISP response:

At the moment, the session is active on the cisco since 10.10, according to the session history, we see that sessions from the Fortinet MAC addres in the logs, there are mostly User-Request breaks, either it periodically restarts itself, or your equipment spontaneously performs this. On the branch above, we do not fix restrictions. There are no errors on the port, there are no losses to the concentrator. You need to double-check the router. Unfortunately, we can't help you set up this router.

 

i've setup wan2 with PPPoE settings. so i dont use a virtual interface.

 

this is the config:

FGT (wan2) # show full
config system interface
    edit "wan2"
        set vdom "root"
        set vrf 0
        set fortilink disable
        set mode pppoe
        set distance 5
        set priority 1
        set dhcp-relay-interface-select-method auto
        set dhcp-relay-service disable
        set allowaccess ping https ssh http fgfm
        set fail-detect disable
        set arpforward enable
        set broadcast-forward disable
        set bfd global
        set l2forward disable
        set icmp-send-redirect enable
        set icmp-accept-redirect enable
        set reachable-time 30000
        set vlanforward disable
        set stpforward disable
        set ips-sniffer-mode disable
        set ident-accept disable
        set ipmac disable
        set subst disable
        set substitute-dst-mac 00:00:00:00:00:00
        set status up
        set netbios-forward disable
        set wins-ip 0.0.0.0
        set type physical
        set netflow-sampler disable
        set sflow-sampler disable
        set src-check enable
        set sample-rate 2000
        set polling-interval 20
        set sample-direction both
        set explicit-web-proxy disable
        set explicit-ftp-proxy disable
        set proxy-captive-portal disable
        set tcp-mss 0
        set inbandwidth 0
        set outbandwidth 0
        set egress-shaping-profile ''
        set ingress-shaping-profile ''
        set disconnect-threshold 0
        set spillover-threshold 0
        set ingress-spillover-threshold 0
        set weight 0
        set external disable
        set trunk disable
        set description ''
        set alias ''
        set l2tp-client disable
        set security-mode none
        set device-identification disable
        set lldp-reception vdom
        set lldp-transmission vdom
        set estimated-upstream-bandwidth 0
        set estimated-downstream-bandwidth 0
        set measured-upstream-bandwidth 0
        set measured-downstream-bandwidth 0
        set bandwidth-measure-time 0
        set monitor-bandwidth enable
        set vrrp-virtual-mac disable
        set role wan
        set snmp-index 2
        set preserve-session-route disable
        set auto-auth-extension-device disable
        set ap-discover enable
        set switch-controller-mgmt-vlan 4094
        set switch-controller-igmp-snooping-proxy disable
        set switch-controller-igmp-snooping-fast-leave disable
        set swc-first-create 0
        config ipv6
            set ip6-mode static
            set nd-mode basic
            set ip6-address ::/0
            unset ip6-allowaccess
            set icmp6-send-redirect enable
            set ra-send-mtu enable
            set ip6-reachable-time 0
            set ip6-retrans-time 0
            set ip6-hop-limit 0
            set dhcp6-prefix-delegation disable
            set dhcp6-information-request disable
            set vrrp-virtual-mac6 disable
            set vrip6_link_local ::
            set ip6-send-adv disable
            set autoconf disable
            set dhcp6-relay-service disable
        end
        set dhcp-relay-request-all-server disable
        set dhcp-client-identifier ''
        set dhcp-renew-time 0
        set ipunnumbered 0.0.0.0
        set username xxx
        set password xxx
        set idle-timeout 0
        set disc-retry-timeout 20
        set padt-retry-timeout 5
        set service-name ''
        set ac-name ''
        set lcp-echo-interval 5
        set lcp-max-echo-fails 3
        set defaultgw enable
        set dns-server-override enable
        set dns-server-protocol cleartext
        set auth-type chap
        set pptp-client disable
        set speed 100full
        set mtu-override enable
        set mtu 1492
        set wccp disable
        set drop-overlapped-fragment disable
        set drop-fragment disable

 

i hope that someone can tell me what to adjust.

Network Engineer
Network Engineer
5 REPLIES 5
jintrah_FTNT
Staff
Staff

Hi,

By default, it should retry attempts to connect back.

You can look at this two commands; set disc-retry-timeout <value in sec> set padt-retry-timeout 1 <value in sec> . I think if you adjust the discovery retry and monitor, you will see improvements. But you need to find out why your PPPoE neg is not working. eg diag debug reset diag debug enable diag debug application pppoed -1 and when finish, reset and disable diag debug.

 

best regards,

Jin

emre076

Hi

i've updated my post with new information and the cause of the disconnection

could you take a look?

Network Engineer
Network Engineer
sagha

Hi emre076, 


I would suggest running pppoe debugs: 

 

diag debug reset

diag debug enable

diag debug application pppoed -1 

 

Look for lcp echo requests and see if there are echo replies to every requests. Normally it should auto connect and you should be able to get it back. 

 

       set lcp-echo-interval 5
       set lcp-max-echo-fails 3

 

Above setting determines if the session should be disconnected. If three echo-replies fail, you will have a disconnection.

 

Best would be to provide the debug output and we can further see it then. 

 

Thank you. 

Shahan

emre076
New Contributor II

okay thanks i will try

Network Engineer
Network Engineer
ezhupa
Staff
Staff

As mentioned by default it should retry to connect back. 

In the below link you have the cli reference:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/495735/pppoe-addressing-mode-on-an-inter...

The values though should match the ones with your ISP, so you should talk with them also. 

 

another solution, if you have just started to implement PPPoE, would be to follow the below kb to configure "config system pppoe-interface"

https://community.fortinet.com/t5/FortiGate/Technical-Tip-pppoe-interface-configuration/ta-p/209005

cli reference 

https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/682734/system-pppoe-interface

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors