RE: CHAP Authentication

From: Padhu (LFG) (padhu@xxxxxxxxxxxx)
Date: Tue May 08 2001 - 14:31:33 GMT-3

• Next message: Khalid Nafie: "RE: CHAP Authentication"
• Previous message: Leah Lynch: "RE: Troubleshooting Hyperterminal/ console connection"
• Maybe in reply to: Grant Patten: "CHAP Authentication"
• Next in thread: Khalid Nafie: "RE: CHAP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
You chap passwords are not the same ..Hence you see "MD/DES compare failed"
leave the usernames as it is and try with same passwords on both ends.

-----Original Message-----
From: Grant Patten [mailto:gpatten@lucent.com]
Sent: Tuesday, May 08, 2001 12:12 PM
To: 'ccielab@groupstudy.com'
Subject: CHAP Authentication

I'm struggling to get a good understanding of how exactly CHAP
Authentication works. I think I'm missing something fundamental and
hopefully one of you can help me out. Thanks.

When I use the configuration below, I get the following debug messages:

1d15h: BR0:1 PPP: Treating connection as a callout
1d15h: BR0:1 PPP: Phase is AUTHENTICATING, by both
1d15h: BR0:1 CHAP: Using alternate hostname ISDN2
1d15h: BR0:1 CHAP: O CHALLENGE id 14 len 26 from "ISDN2"
1d15h: BR0:1 CHAP: I CHALLENGE id 14 len 26 from "ISDN1"
1d15h: BR0:1 CHAP: Using alternate hostname ISDN2
.d15h: BR0:1 CHAP: O RESPONSE id 14 len 26 from "ISDN2"
1d15h: BR0:1 CHAP: I FAILURE id 14 len 25 msg is "MD/DES compare failed"

Here is the relevant portions of the configs I'm using on R1 and R2. I
changed the encrypted ppp chap password to what I actually set:

R2

hostname R2
!
!
username ISDN1 password 0 CCIE
!
!
interface BRI0
 ip address 147.10.1.2 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer map ip 147.10.1.1 name ISDN1 broadcast 8358661
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0835866201
 isdn spid2 0835866401
 ppp authentication chap
 ppp chap hostname ISDN2
 ppp chap password cisco

R1
hostname R1
!
!
username ISDN2 password 0 cisco
!
interface BRI0
 ip address 147.10.1.1 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer map ip 147.10.1.2 name ISDN2 broadcast
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0835866101
 isdn spid2 0835866301
 ppp authentication chap
 ppp chap hostname ISDN1
 ppp chap password CCIE
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Khalid Nafie: "RE: CHAP Authentication"
• Previous message: Leah Lynch: "RE: Troubleshooting Hyperterminal/ console connection"
• Maybe in reply to: Grant Patten: "CHAP Authentication"
• Next in thread: Khalid Nafie: "RE: CHAP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:36 GMT-3