RE: CHAP callin problem

From: Charles Johnson (cjohnson@xxxxxxxxxxxxxxxx)
Date: Tue Apr 03 2001 - 14:56:57 GMT-3

• Next message: DuBell, Robert ITC J633CT1: "RE: Service internal"
• Previous message: Ken Wortendyke: "Re: may impossible !"
• Maybe in reply to: tom cheung: "CHAP callin problem"
• Next in thread: Jason1: "Re: CHAP callin problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Tom,
It is working the way you understand it should.

"AUTHENTICATING, by the peer" means that the calling router is not demanding
authentication. Its peer (the called router) is. If you remove the "ppp
authentication" command from the called router, there will no authentication
at all.

- Charles Johnson
  CCIE #6878

-----Original Message-----
From: Michel GASPARD [mailto:mgaspard@cisco.com]
Sent: Tuesday, April 03, 2001 1:35 PM
To: tom cheung
Cc: ccielab@groupstudy.com
Subject: Re: CHAP callin problem

Tom,

According to
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/dial_
r/drprt2/drppp.htm#xtocid1896063

"
callin (Optional) Specifies authentication on incoming (received)
calls only.
"

Does it match?

Regards,

Michel

tom cheung wrote:
>
> Group,
> I'm testing with PPP authen chap callin and was unable to get it to work.
> I'm under the impression that with this command, the calling router will
not
> send a challenge to the called router. And authentication is done by the
> called router. But it is not behaving that way. Is my understanding how
> "callin" works incorrect?
>
> Here's config for the calling router:
> interface BRI0
> no ip address
> no ip directed-broadcast
> encapsulation ppp
> dialer pool-member 1
> isdn switch-type basic-ni
> isdn spid1 xxxxxxxxxxxxxx
> isdn spid2 yyyyyyyyyyyyyy
> ppp authentication chap callin
> ppp multilink
> !
> interface Dialer1
> ip address 152.3.65.2 255.255.255.252
> no ip directed-broadcast
> encapsulation ppp
> dialer remote-name r5
> dialer idle-timeout 45
> dialer watch-disable 20
> dialer string xxxxxxxxxx
> dialer pool 1
> dialer watch-group 1
> dialer-group 1
> ppp authentication chap callin
> ppp multilink
>
> Debug output:
> 20:32:58: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
> 20:32:58: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1
> 20:32:58: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8173142121
> 20:32:58: BR0:1 PPP: Treating connection as a callout
> 20:32:58: BR0:1 CHAP: Using hostname r6 from interface Di1
> 20:32:58: BR0:1 PPP: Phase is AUTHENTICATING, by the peer
> 20:32:58: BR0:1 CHAP: I CHALLENGE id 44 len 23 from "r5"
> 20:32:58: BR0:1 CHAP: Using hostname r6 from interface Di1
> 20:32:58: BR0:1 CHAP: O RESPONSE id 44 len 23 from "r6"
> 20:32:58: BR0:1 CHAP: I SUCCESS id 44 len 4
> 20:32:58: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
> 20:32:58: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

• Next message: DuBell, Robert ITC J633CT1: "RE: Service internal"
• Previous message: Ken Wortendyke: "Re: may impossible !"
• Maybe in reply to: tom cheung: "CHAP callin problem"
• Next in thread: Jason1: "Re: CHAP callin problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:39 GMT-3