From: Rohan Grover \(rohang\) (rohang@cisco.com)
Date: Tue Jul 26 2005 - 16:31:09 GMT-3
Hi Brian,
The configs are as follows
=====================================
R1
---- RA#sh run int s1/1:1 Building configuration...Current configuration : 108 bytes ! interface Serial1/1:1 ip address 22.0.0.1 255.255.255.0 encapsulation ppp ppp authentication chap end
RA#sh run | i username username RB RA#
R2 -- RB#sh run int s1/1:1 Building configuration...
Current configuration : 83 bytes ! interface Serial1/1:1 ip address 22.0.0.2 255.255.255.0 encapsulation ppp end
RB#sh run | i username username RA RB#
Debugs --------
*Jul 27 07:46:17: %SYS-5-CONFIG_I: Configured from console by console *Jul 27 07:46:18: %LINK-3-UPDOWN: Interface Serial1/1:1, changed state to up *Jul 27 00:46:18.821: Se1/1:1 PPP: Using default call direction *Jul 27 00:46:18.821: Se1/1:1 PPP: Treating connection as a dedicated line *Jul 27 00:46:18.821: Se1/1:1 PPP: Phase is ESTABLISHING, Active Open *Jul 27 00:46:18.821: Se1/1:1 PPP: Authorization required *Jul 27 00:46:18.821: Se1/1:1 LCP: O CONFREQ [Closed] id 95 len 15 *Jul 27 00:46:18.821: Se1/1:1 LCP: AuthProto CHAP (0x0305C22305) *Jul 27 00:46:18.821: Se1/1:1 LCP: MagicNumber 0x0956BE91 (0x05060956BE91) *Jul 27 00:46:18.821: Se1/1:1 LCP: I CONFACK [REQsent] id 95 len 15 *Jul 27 00:46:18.821: Se1/1:1 LCP: AuthProto CHAP (0x0305C22305) *Jul 27 00:46:18.821: Se1/1:1 LCP: MagicNumber 0x0956BE91 (0x05060956BE91) *Jul 27 00:46:18.821: Se1/1:1 LCP: I CONFREQ [ACKrcvd] id 114 len 10 *Jul 27 00:46:18.821: Se1/1:1 LCP: MagicNumber 0x52EB0860 (0x050652EB0860) *Jul 27 00:46:18.821: Se1/1:1 LCP: O CONFACK [ACKrcvd] id 114 len 10 *Jul 27 00:46:18.821: Se1/1:1 LCP: MagicNumber 0x52EB0860 (0x050652EB0860) *Jul 27 00:46:18.821: Se1/1:1 LCP: State is Open *Jul 27 00:46:18.821: Se1/1:1 PPP: Phase is AUTHENTICATING, by this end *Jul 27 00:46:18.821: Se1/1:1 CHAP: O CHALLENGE id 66 len 23 from "RA" *Jul 27 00:46:18.825: Se1/1:1 CHAP: I RESPONSE id 66 len 23 from "RB" *Jul 27 00:46:18.825: Se1/1:1 PPP: Phase is FORWARDING, Attempting Forward *Jul 27 00:46:18.825: Se1/1:1 PPP: Phase is AUTHENTICATING, Unauthenticated User *Jul 27 00:46:18.825: Se1/1:1 PPP: Sent CHAP LOGIN Request *Jul 27 00:46:18.825: Se1/1:1 PPP: Received LOGIN Response PASS *Jul 27 00:46:18.825: Se1/1:1 PPP: Phase is FORWARDING, Attempting Forward *Jul 27 00:46:18.825: Se1/1:1 PPP: Phase is AUTHENTICATING, Authenticated User *Jul 27 00:46:18.825: Se1/1:1 PPP: Sent LCP AUTHOR Request *Jul 27 00:46:18.825: Se1/1:1 PPP: Sent IPCP AUTHOR Request *Jul 27 00:46:18.825: Se1/1:1 LCP: Received AAA AUTHOR Response PASS *Jul 27 00:46:18.825: Se1/1:1 IPCP: Received AAA AUTHOR Response PASS *Jul 27 00:46:18.825: Se1/1:1 CHAP: O SUCCESS id 66 len 4 *Jul 27 00:46:18.825: Se1/1:1 PPP: Phase is UP *Jul 27 00:46:18.825: Se1/1:1 IPCP: O CONFREQ [Closed] id 1 len 10 *Jul 27 00:46:18.825: Se1/1:1 IPCP: Address 22.0.0.1 (0x030616000001) *Jul 27 00:46:18.825: Se1/1:1 PPP: Sent CDPCP AUTHOR Request *Jul 27 00:46:18.825: Se1/1:1 PPP: Process pending ncp packets *Jul 27 00:46:18.825: Se1/1:1 CDPCP: Received AAA AUTHOR Response PASS *Jul 27 00:46:18.825: Se1/1:1 CDPCP: O CONFREQ [Closed] id 1 len 4 *Jul 27 00:46:18.825: Se1/1:1 IPCP: I CONFREQ [REQsent] id 1 len 10 *Jul 27 00:46:18.825: Se1/1:1 IPCP: Address 22.0.0.2 (0x030616000002) *Jul 27 00:46:18.825: Se1/1:1 AAA/AUTHOR/IPCP: Start. Her address 22.0.0.2, we want 0.0.0.0 *Jul 27 00:46:18.825: Se1/1:1 PPP: Sent IPCP AUTHOR Request *Jul 27 00:46:18.825: Se1/1:1 CDPCP: I CONFREQ [REQsent] id 1 len 4 *Jul 27 00:46:18.825: Se1/1:1 CDPCP: O CONFACK [REQsent] id 1 len 4 *Jul 27 00:46:18.825: Se1/1:1 CDPCP: I CONFACK [ACKsent] id 1 len 4 *Jul 27 00:46:18.829: Se1/1:1 CDPCP: State is Open *Jul 27 00:46:18.829: Se1/1:1 AAA/AUTHOR/IPCP: Reject 22.0.0.2, using 0.0.0.0 *Jul 27 00:46:18.829: Se1/1:1 AAA/AUTHOR/IPCP: Done. Her address 22.0.0.2, we want 0.0.0.0 *Jul 27 00:46:18.829: Se1/1:1 IPCP: O CONFACK [REQsent] id 1 len 10 *Jul 27 00:46:18.829: Se1/1:1 IPCP: Address 22.0.0.2 (0x030616000002) *Jul 27 00:46:18.829: Se1/1:1 IPCP: I CONFACK [ACKsent] id 1 len 10 *Jul 27 00:46:18.829: Se1/1:1 IPCP: Address 22.0.0.1 (0x030616000001) *Jul 27 00:46:18.829: Se1/1:1 IPCP: State is Open *Jul 27 00:46:18.829: Se1/1:1 IPCP: Add link info for cef entry 22.0.0.2 *Jul 27 00:46:18.829: Se1/1:1 IPCP: Install route to 22.0.0.2
=====================
thanks Rohan
-----Original Message----- From: Brian McGahan [mailto:bmcgahan@internetworkexpert.com] Sent: Wednesday, July 27, 2005 12:34 AM To: Rohan Grover (rohang); Group Study Subject: RE: CHAP Authentication
Rohan,
Probably it is hashing just the magic number. Normally the magic number is a seed for the hash of the password. In your case the password would be NULL. What does the "debug ppp authentication" and "debug ppp negotiation" output show?
HTH,
Brian McGahan, CCIE #8593 bmcgahan@internetworkexpert.com
Internetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 x 705 Outside US: 775-826-4344 x 705 24/7 Support: http://forum.internetworkexpert.com Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message----- > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of > Rohan Grover (rohang) > Sent: Tuesday, July 26, 2005 1:22 PM > To: Group Study > Subject: CHAP Authentication > > Hi, > > I have 2 routers (R1 & R2) back-back configured for PPP. > > 'ppp authentication chap' is only configured on R1. > > R1 has 'username R2' (no password) and R2 has 'username R1' (no > password) > > I see that authentication suceeds! How is this working without a > password. > > Enabling 'debug ppp authentication' lets me know that R2 is using > password from AAA, but I have'nt configured AAA. > > Any idea on what is happening? > > Thanks > Rohan > >
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:31 GMT-3