Re: Follow-up - ISDN PAP

From: Brian Hescock (bhescock@xxxxxxxxx)
Date: Sun Jan 28 2001 - 17:16:02 GMT-3

• Next message: Jack Reynolds: "RE: Follow-up - ISDN PAP"
• Previous message: Jack Reynolds: "Follow-up - ISDN PAP"
• Maybe in reply to: Jack Reynolds: "Follow-up - ISDN PAP"
• Next in thread: Jack Reynolds: "RE: Follow-up - ISDN PAP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I believe it will work with dialer profiles as well but there's a bug with
it, which is why you end up having to use "ppp pap sent-username". But
"sent-username" is somewhat confusing, you have to be careful which
hostname you specify with which password. It's on my list of things to
review again next week, I'll let you know if I get it working with dialer
profiles.

B.

On Sun, 28 Jan 2001, Jack Reynolds wrote:

> OK, I got this working, but here is what I had to do... Both R3 and R5 are
> running 12.0(9). I had to get rid of my dialer profiles and go BACK to
> dialer maps on the physical bri's. This is the only way PAP auth would
> work.
>
> Thanks for all the replies. Has anyone else see this problem?
>
> JR
>
>
>
> -----Original Message-----
> From: Jack Reynolds [mailto:jacreyno@cisco.com]
> Sent: Sunday, January 28, 2001 10:46 AM
> To: Kyle Galusha; Bernard Dunn
> Subject: RE: ISDN PAP
>
>
> Tried it, but still no worky.
>
>
> -----Original Message-----
> From: Kyle Galusha [mailto:kgalusha@cisco.com]
> Sent: Sunday, January 28, 2001 10:48 AM
> To: Bernard Dunn; Jack Reynolds
> Subject: RE: ISDN PAP
>
>
> found it. ppp pap sent-username.
> Thanks,
> Kyle
>
> At 05:15 AM 1/29/2001 +1100, Bernard Dunn wrote:
> >
> >
> >int dialer0
> >
> >ppp sent-username xxx password yyy
> >ppp authen pap
> >
> >
> >On Sun, 28 Jan 2001, Jack Reynolds wrote:
> >
> >> Hi,
> >>
> >> I am using dialer interfaces with ppp auth pap (this command also
> appears on
> >> bri physical)
> >>
> >> I made sure that each router had a username for the other router's
> dialer
> >> remote-name. Both passwords set to cisco.
> >>
> >>
> >> When I do Chap on this, it works fine. Hmmm....
> >>
> >> R5 (calling router)
> >>
> >> username R3 password 0 cisco
> >>
> >> interface BRI0
> >> no ip address
> >> no ip directed-broadcast
> >> encapsulation ppp
> >> dialer pool-member 1
> >> isdn switch-type basic-ni
> >> isdn spid1 0835866201 8358662
> >> isdn spid2 0835866401 8358664
> >> ppp authentication chap
> >> !
> >> interface Dialer0
> >> ip address 137.10.254.2 255.255.255.252
> >> no ip directed-broadcast
> >> encapsulation ppp
> >> ip ospf interface-retry 0
> >> ip ospf demand-circuit
> >> dialer remote-name R3
> >> dialer idle-timeout 60
> >> dialer string 8358661
> >> dialer pool 1
> >> dialer-group 1
> >> ppp authentication chap
> >>
> >> dialer-list 1 protocol ip permit
> >>
> >>
> >>
> >> R3 (called router)
> >>
> >> username R5 password 0 cisco
> >>
> >> interface BRI0
> >> no ip address
> >> no ip directed-broadcast
> >> encapsulation ppp
> >> dialer pool-member 1
> >> isdn switch-type basic-ni
> >> isdn spid1 0835866101 8358661
> >> isdn spid2 0835866301 8358663
> >> ppp authentication chap
> >> !
> >> interface Dialer0
> >> ip address 137.10.254.1 255.255.255.252
> >> no ip directed-broadcast
> >> ip pim sparse-mode
> >> encapsulation ppp
> >> ip ospf interface-retry 0
> >> ip ospf demand-circuit
> >> dialer remote-name R5
> >> dialer idle-timeout 60
> >> dialer pool 1
> >> dialer-group 1
> >> ppp authentication chap
> >>
> >> dialer-list 1 protocol ip permit
> >>
> >> Now I substitute CHAP for PAP, and here is the debug ppp packet on R5:
> >>
> >> 13:54:45: BR0:1 LCP: AuthProto PAP (0x0304C023)
> >> 13:54:45: BR0:1 LCP: MagicNumber 0x0CF7A525 (0x05060CF7A525)
> >> 13:54:45: BR0:1 PPP: I pkt type 0xC021, datagramsize 12
> >> 13:54:45: BR0:1 LCP: O CONFNAK [REQsent] id 54 len 9
> >> 13:54:45: BR0:1 LCP: AuthProto CHAP (0x0305C22305)
> >> 13:54:45: BR0:1 LCP: I CONFREJ [REQsent] id 48 len 8
> >> 13:54:45: BR0:1 LCP: AuthProto PAP (0x0304C023)
> >> 13:54:45: BR0:1 LCP: O CONFREQ [REQsent] id 49 len 14
> >> 13:54
> >> :45: BR0:1 PPP: I pkt type 0xC021, datagramsize 18
> >> 13:54:45: BR0:1 LCP: AuthProto PAP (0x0304C023)
> >> 13:54:45: BR0:1 LCP: MagicNumber 0x03088F46 (0x050603088F46)
> >> 13:54:45: BR0:1 LCP: I CONFREQ [REQsent] id 55 len 14
> >> 13:54:45: BR0:1 LCP: AuthProto PAP (0x0304C023)
> >> 13:54:45: BR0:1 LCP: MagicNumber 0x0CF7A525 (0x05060CF7A525)
> >> 13:54:45: BR0:1 PPP: I pkt type 0xC021, datagramsize 12
> >> 13:54:45: BR0:1 LCP: O CONFNAK [REQsent] id 55 len 9
> >> 13:54:45: BR0:1 LCP: AuthProto CHAP (0x0305C22305)
> >>
> >>
> >> Here is deb ppp auth on R5:
> >>
> >> 13:56:55: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
> >> 13:56:57: %LINK-3-UPDOWN: Interface Dialer0, changed state to up
> >> 13:57:05: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
> >> 13:57:05: %DIALER-6-BIND: Interface BR0:1 bound to profile Di0
> >> 13:57:05: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358661
> >> 13:57:05: BR0:1 PPP: Treating connection as a callout
> >> 13:57:05: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di0
> >> 13:57:05: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
> >> 13:57:15: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
> >> 13:57:15: %DIALER-6-BIND: Interface BR0:1 bound to profile Di0
> >> 13:57:15: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358661
> >> 13:57:15: BR0:1 PPP: Treating connection as a callout
> >> 13:57:15: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di0
> >> 13:57:15: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
> >> 13:57:25: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
> >> 13:57:25: %DIALER-6-BIND: Interface BR0:1 bound to profile Di0
> >> 13:57:25: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358661
> >> 13:57:25: BR0:1 PPP: Treating connection as a callout
> >> 13:57:25: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di0
> >>
> >>
> >> Any help is greatly appreciated!
> >>
> >> JR
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: Kyle Galusha [mailto:kgalusha@cisco.com]
> >> Sent: Sunday, January 28, 2001 9:37 AM
> >> To: Jack Reynolds
> >> Subject: Re: ISDN PAP
> >>
> >>
> >> Hi Jack,
> >> What is not working? Did you do a debug ppp auth? What did you see?
> In
> >> theory chap and pap should both work about the same except that pap
> sends
> >> the password in the clear and chap sends a hash, and not the clear text
> >> password.
> >> Kyle
> >>
> >>
> >> >Our documentation CD (even Cisco internal info, from what I can find)
> >> >appears to be lacking in ppp authentication pap info. I can get CHAP
> >> >working all sorts of ways, but cannot even get pap working. Can
> someone
> >> >shed some light for me?
> >> >
> >> >Thanks!
> >> >
> >> >JR
> >> >

• Next message: Jack Reynolds: "RE: Follow-up - ISDN PAP"
• Previous message: Jack Reynolds: "Follow-up - ISDN PAP"
• Maybe in reply to: Jack Reynolds: "Follow-up - ISDN PAP"
• Next in thread: Jack Reynolds: "RE: Follow-up - ISDN PAP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:46 GMT-3