Re: CHAP Authentication

From: forlab (forccielab@xxxxxxxxx)
Date: Tue May 08 2001 - 23:04:55 GMT-3

• Next message: Chun-Yu Chen: "Re: How to inject a default route into ISIS level-1?"
• Previous message: crl: "Re: Translational Bridging between Token Ring and Ethernet, IRB, and Various Routing Protocols"
• Maybe in reply to: Grant Patten: "CHAP Authentication"
• Next in thread: Zeng Puyang: "Re: CHAP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
When you use CHAP auth, The password should same.
because the password is not transfer over the ISDN line.
but the router (both)use the password to made a MD5 key , so
the password on two router must be same.

2001/05/09 01:12:22, Grant Patten <gpatten@lucent.com> wrote:

>I'm struggling to get a good understanding of how exactly CHAP
>Authentication works. I think I'm missing something fundamental and
>hopefully one of you can help me out. Thanks.
>
>When I use the configuration below, I get the following debug
messages:
>
>1d15h: BR0:1 PPP: Treating connection as a callout
>1d15h: BR0:1 PPP: Phase is AUTHENTICATING, by both
>1d15h: BR0:1 CHAP: Using alternate hostname ISDN2
>1d15h: BR0:1 CHAP: O CHALLENGE id 14 len 26 from "ISDN2"
>1d15h: BR0:1 CHAP: I CHALLENGE id 14 len 26 from "ISDN1"
>1d15h: BR0:1 CHAP: Using alternate hostname ISDN2
>.d15h: BR0:1 CHAP: O RESPONSE id 14 len 26 from "ISDN2"
>1d15h: BR0:1 CHAP: I FAILURE id 14 len 25 msg is "MD/DES compare
failed"
>
>
>Here is the relevant portions of the configs I'm using on R1 and R2.
I
>changed the encrypted ppp chap password to what I actually set:
>
>
>R2
>
>hostname R2
>!
>!
>username ISDN1 password 0 CCIE
>!
>!
>interface BRI0
> ip address 147.10.1.2 255.255.255.0
> no ip directed-broadcast
> encapsulation ppp
> dialer map ip 147.10.1.1 name ISDN1 broadcast 8358661
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 0835866201
> isdn spid2 0835866401
> ppp authentication chap
> ppp chap hostname ISDN2
> ppp chap password cisco
>
>R1
>hostname R1
>!
>!
>username ISDN2 password 0 cisco
>!
>interface BRI0
> ip address 147.10.1.1 255.255.255.0
> no ip directed-broadcast
> encapsulation ppp
> dialer map ip 147.10.1.2 name ISDN2 broadcast
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 0835866101
> isdn spid2 0835866301
> ppp authentication chap
> ppp chap hostname ISDN1
> ppp chap password CCIE
>**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Chun-Yu Chen: "Re: How to inject a default route into ISIS level-1?"
• Previous message: crl: "Re: Translational Bridging between Token Ring and Ethernet, IRB, and Various Routing Protocols"
• Maybe in reply to: Grant Patten: "CHAP Authentication"
• Next in thread: Zeng Puyang: "Re: CHAP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:36 GMT-3