From: tom cheung (tkc9789@xxxxxxxxxxx)
Date: Tue Apr 03 2001 - 15:26:44 GMT-3
Charles,
I'm not so sure. Look at this link.
http://www.cisco.com/warp/customer/793/access_dial/pap_chap.html
It shows how debug should look when it is working.
>From: Charles Johnson <cjohnson@staff.circle.net>
>To: ccielab@groupstudy.com, 'Michel GASPARD' <mgaspard@cisco.com>, tom
>cheung <tkc9789@hotmail.com>
>Subject: RE: CHAP callin problem
>Date: Tue, 3 Apr 2001 13:56:57 -0400
>
>Tom,
>It is working the way you understand it should.
>
>"AUTHENTICATING, by the peer" means that the calling router is not
>demanding
>authentication. Its peer (the called router) is. If you remove the "ppp
>authentication" command from the called router, there will no
>authentication
>at all.
>
>- Charles Johnson
> CCIE #6878
>
>-----Original Message-----
>From: Michel GASPARD [mailto:mgaspard@cisco.com]
>Sent: Tuesday, April 03, 2001 1:35 PM
>To: tom cheung
>Cc: ccielab@groupstudy.com
>Subject: Re: CHAP callin problem
>
>
>Tom,
>
>According to
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/dial_
>r/drprt2/drppp.htm#xtocid1896063
>
>"
>callin (Optional) Specifies authentication on incoming (received)
>calls only.
>"
>
>Does it match?
>
>Regards,
>
>Michel
>
>tom cheung wrote:
> >
> > Group,
> > I'm testing with PPP authen chap callin and was unable to get it to
>work.
> > I'm under the impression that with this command, the calling router will
>not
> > send a challenge to the called router. And authentication is done by the
> > called router. But it is not behaving that way. Is my understanding how
> > "callin" works incorrect?
> >
> > Here's config for the calling router:
> > interface BRI0
> > no ip address
> > no ip directed-broadcast
> > encapsulation ppp
> > dialer pool-member 1
> > isdn switch-type basic-ni
> > isdn spid1 xxxxxxxxxxxxxx
> > isdn spid2 yyyyyyyyyyyyyy
> > ppp authentication chap callin
> > ppp multilink
> > !
> > interface Dialer1
> > ip address 152.3.65.2 255.255.255.252
> > no ip directed-broadcast
> > encapsulation ppp
> > dialer remote-name r5
> > dialer idle-timeout 45
> > dialer watch-disable 20
> > dialer string xxxxxxxxxx
> > dialer pool 1
> > dialer watch-group 1
> > dialer-group 1
> > ppp authentication chap callin
> > ppp multilink
> >
> > Debug output:
> > 20:32:58: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
> > 20:32:58: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1
> > 20:32:58: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to
>8173142121
> > 20:32:58: BR0:1 PPP: Treating connection as a callout
> > 20:32:58: BR0:1 CHAP: Using hostname r6 from interface Di1
> > 20:32:58: BR0:1 PPP: Phase is AUTHENTICATING, by the peer
> > 20:32:58: BR0:1 CHAP: I CHALLENGE id 44 len 23 from "r5"
> > 20:32:58: BR0:1 CHAP: Using hostname r6 from interface Di1
> > 20:32:58: BR0:1 CHAP: O RESPONSE id 44 len 23 from "r6"
> > 20:32:58: BR0:1 CHAP: I SUCCESS id 44 len 4
> > 20:32:58: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
> > 20:32:58: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:39 GMT-3