RE: ISDN and CHAP

From: Earl Aboytes (Earl@xxxxxxxxxxxxxx)
Date: Wed Jan 03 2001 - 19:22:53 GMT-3

• Next message: Earl Aboytes: "RE: dlsw filtering"
• Previous message: Casassa, Nathan: "RE: ccbootcamp Lab 7"
• Maybe in reply to: Michael King: "ISDN and CHAP"
• Next in thread: fwells12: "Re: ISDN and CHAP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Try it in your lab. If you don't configure it on one side there will still
be a challenge and the router that is challenged will try to authenticate
itself via the correct method. I have gotten this to work many times.
Earl Aboytes, CCIE 6097

-----Original Message-----
From: Shaun Nicholson [mailto:Shaun.Nicholson@kp.org]
Sent: Wednesday, January 03, 2001 1:56 PM
To: Earl
Cc: kingmi1; ccielab
Subject: RE: ISDN and CHAP

I dont want to cause an arguement but the ppp auth chap callin will cause
only one end to challange.

The way I understand it is that the callin node will not issue a challange
if it originates the call.

I thought to use chap on one side you had to use chap on the other.

Please feel free to correct me if I'm wrong

Shaun

Earl@dnssystems.com on 01/03/2001 04:44:00 PM
To: kingmi1@yahoo.com@Internet, ccielab@groupstudy.com@Internet
cc: (bcc: Shaun Nicholson/MD/KAIPERM)
Subject: RE: ISDN and CHAP

You want to use the ppp pap sent-username command to use a different name
other than the router's hostname. In order to keep the other router from
dialing don't configure a dial string.

If you place the ppp auth chap command on a router it will challenge any
router that tries to dial in.

If you do NOT place the ppp auth chap command on a router it will NOT
challenge any router that tries to dial in.

That does NOT mean that you must place the command on both routers in order
to use chap. A router will still try to authenticate itself if challenged.
The password must be the same on both sides as chap will not send the
password.

Remember, the ppp authentication parameter is the challenge method only and
not the method of sending passwords.

Earl Aboytes, CCIE 6097

-----Original Message-----
From: Michael King [mailto:kingmi1@yahoo.com]
Sent: Tuesday, January 02, 2001 7:33 PM
To: ccielab@groupstudy.com
Subject: ISDN and CHAP

I want to use CHAP on one side of the ISDN link and
not the other. I used the "ppp chap refuse callin"
command but when I debug it shows that I'm still using
CHAP. Here are my configs. I specifically wanted to
use a different name other than the hostname on Router
ONE. I also didn't want Router TWO to call. Also,
could this be done by not using Dialer interfaces?

Router ONE
username TWO password cisco
dialer-list 1 protocol ip permit

interface BRI0
 encapsulation ppp
 dialer pool-member 1
 isdn switch-type basic-ni
 isdn spid1 0835866201 8358662
 isdn spid2 0835866401 8358664
 ppp authentication chap

interface Dialer1
 ip address 1.1.1.2 255.0.0.0
 encapsulation ppp
 dialer remote-name TWO
 dialer string 8358661
 dialer pool 1
 dialer-group 1
 ppp authentication chap
 ppp chap hostname mike

Router TWO
username mike password cisco
dialer-list 1 protocol ip permit

interface BRI0
  encapsulation ppp
 dialer pool-member 1
 isdn switch-type basic-ni
 isdn spid1 0835866101 8358661
 isdn spid2 0835866301 8358663
 ppp authentication chap

interface Dialer1
 ip address 1.1.1.1 255.0.0.0
 encapsulation ppp
 dialer remote-name mike
 dialer pool 1
 dialer-group 1
 ppp authentication chap
 ppp chap refuse callin

Mike

• Next message: Earl Aboytes: "RE: dlsw filtering"
• Previous message: Casassa, Nathan: "RE: ccbootcamp Lab 7"
• Maybe in reply to: Michael King: "ISDN and CHAP"
• Next in thread: fwells12: "Re: ISDN and CHAP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:22 GMT-3