From: Michael Bramm (mbramm@xxxxxxxxxx)
Date: Thu Jan 13 2000 - 23:06:29 GMT-3
By default "PPP auth" challenges both in and outbound connections. So by statin
g
"callin", PPP wouldn't be challenging outbound call anymore. Only inbound. As b
y
Cisco Router Configuration, page 204, ISBN 1-57870-022-1
mike
Denton Bobeldyk wrote:
> I purposely didn't use 'ppp auth chap callin' in my configs.
> The point was to show that it worked fine without that config stmt and
> what if any differences would there be if it was to somehow be
> incorporated into the config.
>
> -Denny
>
> jaime.salazar@equant.com wrote:
>
> > Denny I can't see ppp authentication chap callin on R1 on your configs.
> >
> > Jaime
> >
> > Denton Bobeldyk <denny@kentwoodps.org> on 12/01/2000 10:55:25 AM
> >
> > Please respond to Denton Bobeldyk <denny@kentwoodps.org>
> >
> > To: Jaime Salazar/Mexico/AMERICAS/Equant@Equant
> > cc: Rodrigo Kazuo/Brazil/AMERICAS/Equant@Equant, ccielab@groupstudy.com
> >
> > Subject: Re: ISDN - ppp authentication chap
> >
> > Hmm... I wasn't exactly sure how the 'callin' parameter was supposed to wor
k,
> > but I found this worked just fine for me:
> > (Criteria: Only R3 may challenge R1)
> >
> > R3 ---- R1
> >
> > R3:
> > username R1 password 0 foo
> >
> > interface Serial3
> > no ip address
> > encapsulation ppp
> > clockrate 2000000
> > ppp authentication chap
> > !
> >
> > R1:
> > interface Serial0
> > no ip address
> > encapsulation ppp
> > ppp chap hostname R1
> > ppp chap password 7 00021C09
> > !
> >
> > I then did the following:
> > Enter configuration commands, one per line. End with CNTL/Z.
> > R3(config)#int s3
> > R3(config-if)#shut
> > R3(config-if)#
> > %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3, changed state to d
own
> > %LINK-5-CHANGED: Interface Serial3, changed state to administratively down
> > R3(config-if)#no shut
> > R3(config-if)#end
> > R3#
> > %SYS-5-CONFIG_I: Configured from console by console
> > %LINK-3-UPDOWN: Interface Serial3, changed state to up
> > Se3 PPP: Treating connection as a dedicated line
> > Se3 PPP: Phase is AUTHENTICATING, by this end
> > Se3 CHAP: O CHALLENGE id 4 len 23 from "R3"
> > Se3 CHAP: I RESPONSE id 4 len 23 from "R1"
> > Se3 CHAP: O SUCCESS id 4 len 4
> > %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3, changed state to u
p
> > R3#sh cdp nei
> > Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
> > S - Switch, H - Host, I - IGMP, r - Repeater
> >
> > Device ID Local Intrfce Holdtme Capability Platform Port ID
> > R1 Ser 3 167 R 2500 Ser 0
> > R3#
> >
> > Which appears to work fine. Anybody know advantages/disadvantages of this
> > approach
> > vs. the 'callin'.
> >
> > -Denny
> >
> > jaime.salazar@equant.com wrote:
> >
> > > use ppp authentication chap callin command. use debug ppp authentication
to
> > > compare the results.
> > >
> > > rodrigo.kazuo@equant.com on 12/01/2000 07:32:03 AM
> > >
> > > Please respond to rodrigo.kazuo@equant.com
> > >
> > > To: ccielab@groupstudy.com
> > > cc: (bcc: Jaime Salazar/Mexico/AMERICAS/Equant)
> > >
> > > Subject: ISDN - ppp authentication chap
> > >
> > > Is there a way to config ppp authentication chap but router must not
> > > sending "challenge" to the other side?!
> > >
> > > Rgds.
> > >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:22:44 GMT-3