From: Shaun Nicholson (Shaun.Nicholson@xxxxxx)
Date: Wed Jan 03 2001 - 18:21:53 GMT-3
Ok I found why I was having some issues and you may want to take note of this g
uys and girls.
Its an easy mistake to make as I found out but makes sense once I thought about
it.
When you use the ppp chap hostname command remember to use the new hostname in
the map statements on the other end of the link.
I know its commom sense but I forgot and you get the link up but encapsulation
fails as the other end does not know how to get back to your new host name PPP
works great and passes all the debugs but its the hostname thats incorrect.
Config bellow
r1
username r1 password 0 cisco
username r2 password 0 cisco
username what password 0 cisco
username test password 0 cisco
interface BRI0
ip address 148.100.10.1 255.255.255.0
no ip directed-broadcast
encapsulation ppp
ip ospf demand-circuit
dialer idle-timeout 60
dialer map ip 148.100.10.2 name r2 broadcast 2222 -should be- dialer map ip 14
8.100.10.2 name test broadcast 2222
dialer-group 1
isdn switch-type basic-ni
isdn spid1 30162572300101
isdn spid2 30162572310101
no peer neighbor-route
ppp authentication chap
ppp chap hostname what
ppp chap password 7 0822455D0A16
r2
username r1 password 0 cisco
username r2 password 0 cisco
username what password 0 cisco
username test password 0 cisco
interface BRI0
ip address 148.100.10.2 255.255.255.0
no ip directed-broadcast
encapsulation ppp
dialer idle-timeout 60
dialer map ip 148.100.10.1 name r1 broadcast -should be- dialer map ip 148.100
.10.1 name what broadcast
dialer-group 1
isdn switch-type basic-ni
isdn spid1 30162572320101
isdn spid2 30162572330101
ppp authentication chap
ppp chap hostname test
ppp chap password 7 070C285F4D06
Shaun Nicholson
01/03/2001 03:41 PM
To: kingmi1@yahoo.com@Internet
cc: ccielab@groupstudy.com@Internet (bcc: Shaun Nicholson/MD/KAIPERM)
Subject: RE: ISDN and CHAP
Ok the router 3 should not challenge means tthey want you to use ppp callin.
That means only one side challanges for authentication.
The configs I sent you will do that.
However I do not understan the bit about r5 using user9 as his chao name if r3
does not challange what does it mater what his hostname is??
Are you sure that r3 should not use user9 as his hostname?? now that would
make sense.
Or have I got it wrong
Shaun
kingmi1@yahoo.com on 01/03/2001 03:24:00 PM
To: Shaun Nicholson
cc:
Subject: RE: ISDN and CHAP
Shaun,
The problem states:
Only Router R5 should call
Router R5 should use "user9" as his chap name
Router R3 should not challenge
I have decided to you dialer interfaces. You do not
have to do that. I just find it easier. The below
config works. At least I can ping from R5 to R3. I'm
not sure, however, if R3 is not challenging. I don't
think it is because I don't have "ppp authentication
chap" on R3. Also, you mentioned the "ppp
authentication chap callin" command. I'm not sure if
I need that or not. Like I said though, my config is
working. Just not sure if it's what Cisco is looking
for.
Router R3
username user9 password 0 cisco
dialer-list 1 protocol ip permit
interface BRI0
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-ni
isdn spid1 0835866101 8358661
isdn spid2 0835866301 8358663
!
interface Dialer1
ip address 135.9.15.2 255.255.255.252
encapsulation ppp
dialer remote-name user9
dialer pool 1
dialer-group 1
ppp chap refuse callin
Router R5
username R3 password 0 cisco
dialer-list 1 protocol ip permit
interface BRI0
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-ni
isdn spid1 0835866201 8358662
isdn spid2 0835866401 8358664
ppp authentication chap
!
interface Dialer1
ip address 135.9.15.1 255.255.255.252
encapsulation ppp
dialer remote-name R3
dialer string 8358661
dialer pool 1
dialer-group 1
ppp authentication chap
ppp chap hostname user9
--- Shaun Nicholson <Shaun.Nicholson@kp.org> wrote:
> OK I've lost the original email but I had a play
> with what your trying to do and found some issues
> myself.
>
> First of all what are you trying to do.
> Why do i ask
> Well if your trying to authenticat on one side only
> then you would use the command ppp authentication
> chap callin. That would cause only one side to
> challenge for a password. Now with Chap and correct
> me if I'm wrong both sides have to be running chap I
> dont think you can disable it on one side, But the
> above command will disable the challange on one
> side. Is this what you were trying to do????
>
> Secondly the hostname bit
>
> Now on r2 I changes the hostname to test as you can
> see from my configs.
>
> I could however not get it to work by putting the
> ppp chap hostname on r1 which I think is something
> to do with the callin option.
>
>
> Does this help???
> if not post your email again as I've deleted it by
> mistake.
>
> Thanks
> Shaun
>
> r2#sh run
> !
> hostname r2
> !
> username r1 password 0 cisco
> username r2 password 0 cisco
> isdn switch-type basic-ni
> !
> interface Loopback0
> ip address 2.2.2.2 255.255.255.0
> no ip directed-broadcast
> ip ospf network point-to-point
> !
> interface BRI0
> ip address 148.100.10.2 255.255.255.0
> no ip directed-broadcast
> encapsulation ppp
> dialer idle-timeout 60
> dialer map ip 148.100.10.1 name r1 broadcast
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 30162572320101
> isdn spid2 30162572330101
> ppp authentication chap
> ppp chap hostname test
> !
> router ospf 8
> network 2.2.2.2 0.0.0.0 area 2
> network 148.100.10.0 0.0.0.255 area 12
> network 150.100.1.0 0.0.0.255 area 0
> network 150.100.20.0 0.0.0.255 area 2
> !
>
>
>
> r1#
>
> hostname r1
> !
> username r1 password 0 cisco
> username r2 password 0 cisco
> username test password 0 cisco
> isdn switch-type basic-ni
> !
> interface Loopback0
> ip address 1.1.1.1 255.255.255.0
> no ip directed-broadcast
> ip ospf network point-to-point
> !
> interface BRI0
> ip address 148.100.10.1 255.255.255.0
> no ip directed-broadcast
> encapsulation ppp
> ip ospf demand-circuit
> dialer idle-timeout 60
> dialer map ip 148.100.10.2 name r2 broadcast
> 3016257232
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 30162572300101
> isdn spid2 30162572310101
> no peer neighbor-route
> ppp authentication chap callin
> !
> router ospf 8
> redistribute rip metric 30 metric-type 1 subnets
> network 1.1.1.1 0.0.0.0 area 1
> network 148.100.10.0 0.0.0.255 area 12
> network 150.100.1.0 0.0.0.255 area 0
> network 150.100.10.0 0.0.0.255 area 1
> !
>
> Here is the output of the negotion as you can see
> the peer authenticates not both
>
> r1#ping 148.100.10.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 148.100.10.2,
> timeout is 2 seconds:
> .!!!!
> Success rate is 80 percent (4/5), round-trip
> min/avg/max = 44/63/116 ms
> r1#
> 03:11:54: %LINK-3-UPDOWN: Interface BRI0:1, changed
> state to up
> 03:11:54: %ISDN-6-CONNECT: Interface BRI0:1 is now
> connected to 3016257232
> 03:11:54: BR0:1 PPP: Treating connection as a
> callout
> 03:11:54: BR0:1 PPP: Phase is ESTABLISHING, Active
> Open
> 03:11:54: BR0:1 PPP: No remote authentication for
> call-out
> 03:11:54: BR0:1 LCP: O CONFREQ [Closed] id 48 len 10
> 03:11:54: BR0:1 LCP: MagicNumber 0x00BBF45B
> (0x050600BBF45B)
> 03:11:54: BR0:1 LCP: I CONFREQ [REQsent] id 44 len
> 15
> 03:11:54: BR0:1 LCP: AuthProto CHAP
> (0x0305C22305)
> 03:11:54: BR0:1 LCP: MagicNumber 0x00BB5B0E
> (0x050600BB5B0E)
> 03:11:54: BR0:1 LCP: O CONFACK [REQsent] id 44 len
> 15
> 03:11:54: BR0:1 LCP: AuthProto CHAP
> (0x0305C22305)
> 03:11:54: BR0:1 LCP: MagicNumber 0x00BB5B0E
> (0x050600BB5B0E)
> 03:11:54: BR0:1 LCP: I CONFACK [ACKsent] id 48 len
> 10
> 03:11:54: BR0:1 LCP: MagicNumber 0x00BBF45B
> (0x050600BBF45B)
> 03:11:54: BR0:1 LCP: State is Open
> 03:11:54: BR0:1 PPP: Phase is AUTHENTICATING, by the
> peer
> 03:11:54: BR0:1 CHAP: I CHALLENGE id 38 len 25 from
> "test"
> 03:11:54: BR0:1 CHAP: O RESPONSE id 38 len 23 from
> "r1"
> 03:11:54: BR0:1 CHAP: I SUCCESS id 38 len 4
> 03:11:54: BR0:1 PPP: Phase is UP
> 03:11:54: BR0:1 IPCP: O CONFREQ [Closed] id 22 len
> 10
> 03:11:54: BR0:1 IPCP: Address 148.100.10.1
> (0x030694640A01)
> 03:11:54: BR0:1 CDPCP: O CONFREQ [Closed] id 22 len
> 4
> 03:11:54: BR0:1 IPCP: I CONFREQ [REQsent] id 22 len
> 10
> 03:11:54: BR0:1 IPCP: Address 148.100.10.2
> (0x030694640A02)
> 03:11:54: BR0:1 IPCP: O CONFACK [REQsent] id 22 len
> 10
> 03:11:54: BR0:1 IPCP: Address 148.100.10.2
> (0x030694640A02)
> 03:11:54: BR0:1 CDPCP: I CONFREQ [REQsent] id 22 len
> 4
> 03:11:54: BR0:1 CDPCP: O CONFACK [REQsent] id 22 len
> 4
> 03:11:54: BR0:1 IPCP: I CONFACK [ACKsent] id 22 len
> 10
> 03:11:54: BR0:1 IPCP: Address 148.100.10.1
> (0x030694640A01)
> 03:11:54: BR0:1 IPCP: State is Open
> 03:11:54: BR0:1 CDPCP: I CONFACK [ACKsent] id 22 len
> 4
> 03:11:54: BR0:1 CDPCP: State is Open
> 03:11:55: %LINEPROTO-5-UPDOWN: Line protocol on
> Interface BRI0:1, changed state to up
> r1#
> 03:12:00: %ISDN-6-CONNECT: Interface BRI0:1 is now
> connected to 3016257232 r2
>
>
>
> 03:14:16: BR0:1 PPP: Treating connection as a callin
> 03:14:16: BR0:1 PPP: Phase is ESTABLISHING, Passive
> Open
> 03:14:16: BR0:1 LCP: State is Listen
> 03:14:16: BR0:1 LCP: I CONFREQ [Listen] id 49 len 10
> 03:14:16: BR0:1 LCP: MagicNumber 0x00BEAA7E
> (0x050600BEAA7E)
> 03:14:16: BR0:1 LCP: O CONFREQ [Listen] id 45 len 15
> 03:14:16: BR0:1 LCP: AuthProto CHAP
> (0x0305C22305)
> 03:14:16: BR0:1 LCP: MagicNumber 0x00BE112C
> (0x050600BE112C)
> 03:14:16: BR0:1 LCP: O CONFACK [Listen] id 49 len 10
>
=== message truncated ===
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:22 GMT-3