From: Charles Johnson (cjohnson@xxxxxxxxxxxxxxxx)
Date: Tue Apr 03 2001 - 16:02:12 GMT-3
Tom,
I'm not so sure this link is a good example for you. The 11.2 debug may
look different from 12.0+. Plus, you don't don't which debug commands
they've used.
But the only way for you to be sure is to try all the combinations. Try no
ppp authent, ppp authent chap, and ppp authent chap callin. Look at debugs
with all nine combinations. Then when you feel like you know all that, try
leaving off a chap username or password on one side and then the other.
After all that, you won't care what I say.
- Charles Johnson
CCIE #6878
-----Original Message-----
From: tom cheung [mailto:tkc9789@hotmail.com]
Sent: Tuesday, April 03, 2001 2:27 PM
To: cjohnson@staff.circle.net; ccielab@groupstudy.com;
mgaspard@cisco.com
Subject: RE: CHAP callin problem
Charles,
I'm not so sure. Look at this link.
http://www.cisco.com/warp/customer/793/access_dial/pap_chap.html
It shows how debug should look when it is working.
>From: Charles Johnson <cjohnson@staff.circle.net>
>To: ccielab@groupstudy.com, 'Michel GASPARD' <mgaspard@cisco.com>, tom
>cheung <tkc9789@hotmail.com>
>Subject: RE: CHAP callin problem
>Date: Tue, 3 Apr 2001 13:56:57 -0400
>
>Tom,
>It is working the way you understand it should.
>
>"AUTHENTICATING, by the peer" means that the calling router is not
>demanding
>authentication. Its peer (the called router) is. If you remove the "ppp
>authentication" command from the called router, there will no
>authentication
>at all.
>
>- Charles Johnson
> CCIE #6878
>
>-----Original Message-----
>From: Michel GASPARD [mailto:mgaspard@cisco.com]
>Sent: Tuesday, April 03, 2001 1:35 PM
>To: tom cheung
>Cc: ccielab@groupstudy.com
>Subject: Re: CHAP callin problem
>
>
>Tom,
>
>According to
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/dial
_r/drprt2/drppp.htm#xtocid1896063
>
>"
>callin (Optional) Specifies authentication on incoming (received)
>calls only.
>"
>
>Does it match?
>
>Regards,
>
>Michel
>
>tom cheung wrote:
> >
> > Group,
> > I'm testing with PPP authen chap callin and was unable to get it to
>work.
> > I'm under the impression that with this command, the calling router will
>not
> > send a challenge to the called router. And authentication is done by the
> > called router. But it is not behaving that way. Is my understanding how
> > "callin" works incorrect?
> >
> > Here's config for the calling router:
> > interface BRI0
> > no ip address
> > no ip directed-broadcast
> > encapsulation ppp
> > dialer pool-member 1
> > isdn switch-type basic-ni
> > isdn spid1 xxxxxxxxxxxxxx
> > isdn spid2 yyyyyyyyyyyyyy
> > ppp authentication chap callin
> > ppp multilink
> > !
> > interface Dialer1
> > ip address 152.3.65.2 255.255.255.252
> > no ip directed-broadcast
> > encapsulation ppp
> > dialer remote-name r5
> > dialer idle-timeout 45
> > dialer watch-disable 20
> > dialer string xxxxxxxxxx
> > dialer pool 1
> > dialer watch-group 1
> > dialer-group 1
> > ppp authentication chap callin
> > ppp multilink
> >
> > Debug output:
> > 20:32:58: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
> > 20:32:58: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1
> > 20:32:58: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to
>8173142121
> > 20:32:58: BR0:1 PPP: Treating connection as a callout
> > 20:32:58: BR0:1 CHAP: Using hostname r6 from interface Di1
> > 20:32:58: BR0:1 PPP: Phase is AUTHENTICATING, by the peer
> > 20:32:58: BR0:1 CHAP: I CHALLENGE id 44 len 23 from "r5"
> > 20:32:58: BR0:1 CHAP: Using hostname r6 from interface Di1
> > 20:32:58: BR0:1 CHAP: O RESPONSE id 44 len 23 from "r6"
> > 20:32:58: BR0:1 CHAP: I SUCCESS id 44 len 4
> > 20:32:58: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
> > 20:32:58: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:39 GMT-3