From: Andrew Lennon (andrew.lennon@xxxxxxxxxxxxx)
Date: Sun Apr 01 2001 - 18:17:38 GMT-3
sorry, see further down (after 3rd header) for comments
andy
-----Original Message-----
From: Andrew Lennon
Sent: 01 April 2001 22:16
To: Nigel Taylor; Andrew Lennon; Masood Malik; ccielab@groupstudy.com
Subject: RE: isdn one way dialup
Nigel,
"This
> allows to have rb to initiate dial into ra which is not needed in this
> scenario." -
-----Original Message-----
From: Nigel Taylor [mailto:nigel_taylor@hotmail.com]
Sent: 01 April 2001 21:41
To: Andrew Lennon; Masood Malik; ccielab@groupstudy.com
Subject: Re: isdn one way dialup
Andy, Masood
See Inline...
----- Original Message -----
From: Andrew Lennon <andrew.lennon@nscglobal.com>
To: Masood Malik <malikm24@hotmail.com>; <ccielab@groupstudy.com>
Sent: Sunday, April 01, 2001 3:21 PM
Subject: RE: isdn one way dialup
> Masood,
>
> 1: on rb, erase "dialer-list 1 protocol ip permit"
NT: Andy, the reqirement called for rb to be able to dial out.. if you
remove this how will that work.
AL: "This
> allows to have rb to initiate dial into ra which is not needed in this
> scenario." - see further down and read the question.
> 2 and 3: use "ppp auth chap callin" on the router to be authenticated
(ra).
NT: very much so.. but since ra is doing the authentication on callin, rb
shouldn't need a ppp authentication chap command. I tested this and it
works without it..
AL : > "2. ra authenticates ppp chap to rb
> 3. rb doesnot authenticate ra"
Read the question. ra authenticate TO rb, ie ra is requesting
authentication.
You have it arseways round.
Andy
>
> the keyword "callin" tells the router no to authenticate.
>
> On ra under bri0, "ppp chap hostname <user>" and "ppp chap password
<word>"
> On rb under global config, "username <user> password <word>", where <user>
> and <word> match on each router.
>
> Using the lines above allows you to use alternate hostnames and passwords.
NT: There were specific requirements for this setup... no alternate host
name was provided hence the local router name should be sufficient.
This is definitely a layer 2 to layer 3 problem. I've experienced things
like this if I simply screw-up on using the wrong ip in the "dialer map"
command.
Just my $0.02 sense...
Nigel..
>
> Hope that helps
>
>
> Andy
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Masood Malik
> Sent: 01 April 2001 05:52
> To: ccielab@groupstudy.com
> Subject: isdn one way dialup
>
>
> Hi,
>
> I have the following scenario.
> 1. ra to dials into rb. rb should not be able to initiate the dial
> connection.
> 2. ra authenticates ppp chap to rb
> 3. rb doesnot authenticate ra
>
> Following is the config I use. When I ping 10.1.1.2 from ra, the isdn line
> comes up. I can see layer 3 connected and the packets traverse to router
rb,
> but the reply packets donot come come. I see encap failure on rb.
>
> I could get this working by adding the dial string at the end of map
> statement in rb (dialer map ip 10.1.1.1 name ra broadcast 7782001). This
> allows to have rb to initiate dial into ra which is not needed in this
> scenario.
>
> Am I missing something here.
>
> regards
> Masood Malik
>
>
> Following are the configs and debug.
>
> *********************
> Config router a
> *******************
> software ver 12.0.10 (2500)
>
> hostname ra
> !
> enable password cisco
> !
> username rb password 0 cisco
> ip subnet-zero
> no ip domain-lookup
> isdn switch-type basic-5ess
> !
> interface BRI0
> ip address 10.1.1.1 255.255.255.0
> no ip directed-broadcast
> encapsulation ppp
> dialer map ip 10.1.1.2 name rb broadcast 7782002
> dialer-group 1
> isdn switch-type basic-5ess
> ppp authentication chap
> !
> ip classless
> !
> dialer-list 1 protocol ip permit
> !
> *******************
> Conig router b
> *******************
>
> hostname rb
> !
> enable password cisco
> !
> username ra password 0 cisco
> ip subnet-zero
> isdn switch-type basic-5ess
> !
> interface BRI0
> ip address 10.1.1.2 255.255.255.0
> no ip directed-broadcast
> encapsulation ppp
> dialer map ip 10.1.1.1 name ra broadcast
> dialer-group 1
> isdn switch-type basic-5ess
> !
> ip classless
> !
> dialer-list 1 protocol ip permit
> !
> *************************************************
> Ping response on router a with debug ip packet on
> *************************************************
> ra#ping 10.1.1.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
>
> 00:39:02: IP: s=10.1.1.1 (local), d=10.1.1.2 (BRI0), len 100, sending.
> 00:39:04: IP: s=10.1.1.1 (local), d=10.1.1.2 (BRI0), len 100, sending.
> 00:39:06: IP: s=10.1.1.1 (local), d=10.1.1.2 (BRI0), len 100, sending.
> 00:39:08: IP: s=10.1.1.1 (local), d=10.1.1.2 (BRI0), len 100, sending.
> 00:39:10: IP: s=10.1.1.1 (local), d=10.1.1.2 (BRI0), len 100, sending.
> Success rate is 0 percent (0/5)
>
> **********************************************
> Response of the above seen from router b
> **********************************************
>
> 00:32:59: IP: s=10.1.1.1 (BRI0), d=10.1.1.2 (BRI0), len 100, rcvd 3
> 00:32:59: IP: s=10.1.1.2 (local), d=10.1.1.1 (BRI0), len 100, sending
> 00:32:59: IP: s=10.1.1.2 (local), d=10.1.1.1 (BRI0), len 100,
encapsulation
> failed
> 00:33:01: IP: s=10.1.1.1 (BRI0), d=10.1.1.2 (BRI0), len 100, rcvd 3
> 00:33:01: IP: s=10.1.1.2 (local), d=10.1.1.1 (BRI0), len 100, sending
> 00:33:01: IP: s=10.1.1.2 (local), d=10.1.1.1 (BRI0), len 100,
encapsulation
> failed
> **NOTE** All LAB SWAP messages should now be sent to the
> LAB SWAP Message board on groupstudy.com.
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:38 GMT-3