Re: ppp authentication w/ dialer profiles

From: Martin, Chris (chris@xxxxxxxxxxxx)
Date: Wed May 30 2001 - 18:30:43 GMT-3

   
Louie, thats correct. The reason why is you have the dialer pool member
command under the first router. If you didint have this command it would
work just like the remote router.

----- Original Message -----
From: "louie kouncar" <lkouncar@UU.NET>
To: "'John Elias'" <jelias_@hotmail.com>; <chris@pacinter.net>;
<danyoung99@mediaone.net>; <ccielab@groupstudy.com>
Sent: Wednesday, May 30, 2001 2:25 PM
Subject: RE: ppp authentication w/ dialer profiles

> Well,
>
> Here are the results for this issue, I did a sample config and here is
what
> I found....
>
> R2 in this example is using the PPP authentication under the Dialer0
> interface and NOT under the phsical (BRI0) interface..
>
>
> R2 configs..
>
> interface BRI0
> no ip address
> no ip directed-broadcast
> encapsulation ppp
> dialer pool-member 1
> isdn switch-type basic-ni
> isdn spid1 0835866101
> isdn spid2 0835866301
> ppp multilink
> !
> interface Dialer0
> ip address 100.1.1.1 255.255.255.0
> no ip directed-broadcast
> encapsulation ppp
> dialer remote-name R3
> dialer idle-timeout 90
> dialer string 8358662
> dialer load-threshold 2 outbound
> dialer pool 1
> dialer-group 1
> ppp authentication chap
>
>
> R3 is using the PPP authentication under the Physical (BRI0) interface....
>
>
> R3 configs...
>
> interface BRI0
> ip address 100.1.1.2 255.255.255.0
> no ip directed-broadcast
> encapsulation ppp
> dialer idle-timeout 90
> dialer map ip 100.1.1.1 name R2 broadcast
> dialer load-threshold 2 outbound
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 0835866201
> isdn spid2 0835866401
> ppp authentication chap
> ppp multilink
>
> THE RESULT IS A SUCCESFULL PING
>
>
> R2#ping 100.1.1.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 100.1.1.2, timeout is 2 seconds:
>
> 05:21:29: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
> 05:21:29: %DIALER-6-BIND: Interface BR0:1 bound to profile Di0
> 05:21:29: BR0:1 PPP: Treating connection as a callout
> 05:21:29: BR0:1 PPP: Phase is AUTHENTICATING, by the peer
> 05:21:29: BR0:1 CHAP: I CHALLENGE id 2 len 23 from "R3"
> 05:21:29: BR0:1 CHAP: O RESPONSE id 2 len 23 from "R2"
> 05:21:29: BR0:1 CHAP: I SUCCESS id 2 len 4
> 05:21:29: %DIALER-6-BIND: Interface Vi1 bound to profile Di0
> 05:21:29: %LINK-3-UPDOWN: Interface Virtual-Acces.!s1, changed state to up
> 05:21:29: Vi1 PPP: Treating connection as a callout!!!
> Success rate is 80 percent (4/5), round-trip min/avg/max = 36/37/40 ms
> R2#
> 05:21:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed
> state to up
> 05:21:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1,
> changed state to up
> R2#
> 05:21:35: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358662 R3
> R2#
>
>
>
> I guess that the ISDN CIM CD is not accurate, Chris is correct, and that
> should hopefully end this issue...
>
>
> Thanks
>
>
>
> Louie J. Kouncar
> TCO3 Senior Data Center Engineer
> UUNET
> W-703-343-6645
> C-703-304-2460
>
>
>
> -----Original Message-----
> From: John Elias [mailto:jelias_@hotmail.com]
> Sent: Wednesday, May 30, 2001 5:13 PM
> To: chris@pacinter.net; lkouncar@UU.NET; danyoung99@mediaone.net;
> ccielab@groupstudy.com
> Subject: Re: ppp authentication w/ dialer profiles
>
>
> I beleive you need the commands
>
> ppp authentication <pap/chap>
> encapsulation ppp
>
> on both, the bri and the dialer interfaces. If you put it on the dialer
> interface, I beleive it will automatically put it in the bri interface.
>
> John
>
>
> >From: chris@pacinter.net (Martin, Chris)
> >Reply-To: chris@pacinter.net (Martin, Chris)
> >To: <lkouncar@UU.NET>, "'Daniel C. Young'" <danyoung99@mediaone.net>,
> > "'Groupstudy \(E-mail\)'" <ccielab@groupstudy.com>
> >Subject: Re: ppp authentication w/ dialer profiles
> >Date: Wed, 30 May 2001 13:53:27 -0700
> >
> >Louie:
> > The configs i gave you are actual configs in production, There
are
> >no typos. Try it out and let the group know what you find. im interested
in
> >your results.
> >----- Original Message -----
> >From: "louie kouncar" <lkouncar@UU.NET>
> >To: "'Martin, Chris'" <chris@pacinter.net>; "'Daniel C. Young'"
> ><danyoung99@mediaone.net>; "'Groupstudy (E-mail)'"
<ccielab@groupstudy.com>
> >Sent: Wednesday, May 30, 2001 1:49 PM
> >Subject: RE: ppp authentication w/ dialer profiles
> >
> >
> > > Well,
> > >
> > > This is taken from the ISDN CIM CD under configuring Dialer Profiles:
> > >
> > > " When dialer profiles are used with PPP, a physical interface must
have
> > > encapsulation, authentication, multilink, and the dialer pool's
> > > configuration settings. All other settings are part of a logical
> > > configuration applied to the physical interface as needed for specific
> > > calls. Dialer profiles support both PPP and HDLC encapsulation on the
> > > physical interface."
> > >
> > >
> > > The link that Chris sent does show that the PPP Authentication was not
> >used
> > > at all on the Physical Interface, it was used only on the Dialer
> >interface,
> > > Is this a Typo in the configs? or is it that the ISDN CIM CD is not
> >accurate
> > > in the description above?
> > >
> > > I will try the configs in the example below and see if they work....
> > >
> > > Any thoughts???????
> > >
> > > Thanks
> > >
> > >
> > >
> > >
> > > Louie J. Kouncar
> > > TCO3 Senior Data Center Engineer
> > > UUNET
> > > W-703-343-6645
> > > C-703-304-2460
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Martin, Chris [mailto:chris@pacinter.net]
> > > Sent: Wednesday, May 30, 2001 4:27 PM
> > > To: louie kouncar; 'Daniel C. Young'; 'Groupstudy (E-mail)'
> > > Subject: Re: ppp authentication w/ dialer profiles
> > >
> > >
> > > Why do so many people get this wrong??? Please see me post with
example
> > > configs
> > >
> > > ----- Original Message -----
> > > From: "louie kouncar" <lkouncar@UU.NET>
> > > To: "'Daniel C. Young'" <danyoung99@mediaone.net>; "'Groupstudy
> >(E-mail)'"
> > > <ccielab@groupstudy.com>
> > > Sent: Wednesday, May 30, 2001 1:00 PM
> > > Subject: RE: ppp authentication w/ dialer profiles
> > >
> > >
> > > > Daniel,
> > > >
> > > > When using dialer interface the PPP Authentication PAP/ CHAP goes on
> >the
> > > BRI
> > > > (Physical) interface and not the Dialer (logical) interface...
> > > >
> > > > Thanks
> > > >
> > > > Louie J. Kouncar
> > > > TCO3 Senior Data Center Engineer
> > > > UUNET
> > > > W-703-343-6645
> > > > C-703-304-2460
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf
Of
> > > > Daniel C. Young
> > > > Sent: Wednesday, May 30, 2001 3:23 PM
> > > > To: Groupstudy (E-mail)
> > > > Subject: ppp authentication w/ dialer profiles
> > > >
> > > >
> > > > Group,
> > > >
> > > > Just need a clarification: when configuring isdn with dialer
profiles,
> > > where
> > > > do the ppp parameters need to go to (physical interface or dialer
> > > > interface)? --specifically, the 'ppp authentication' command.
> > > >
> > > > The reason we are asking is that we excluded 'ppp authentication'
from
> >the
> > > > physical interface but applied it to the dialer interface, and
'debug
> >ppp
> > > > authentication' showed no output for authentication.
> > > >
> > > >
> > > >
> > > >
> > > > In case you want to include this information...This is with 'ppp
auth'
> >on
> > > > the dialer interface (no authentication debug message). See bellow:
> > > >
> > > > 15:16:29: BR0 DDR: rotor dialout [priority]
> > > > 15:16:29: BR0 DDR: Dialing cause ip (s=172.16.120.1, d=172.16.120.2)
> > > > 15:16:29: BR0 DDR: Attempting to dial 384020
> > > > 15:16:29: ISDN BR0: TX -> SETUP pd = 8 callref = 0x16
> > > > 15:16:29: Bearer Capability i = 0x8890
> > > > 15:16:29: Channel ID i = 0x83
> > > > 15:16:29: Called Party Number i = 0x80, '384020'
> > > > 15:16:29: ISDN BR0: RX <- CALL_PROC pd = 8 callref = 0x96
> > > > 15:16:29: Channel ID i = 0x89
> > > > 15:16:29: Signal i = 0x05 - Confirm tone on
> > > > 15:16:29: ISDN BR0: RX <- ALERTING pd = 8 callref = 0x96
> > > > 15:16:29: Signal i = 0x01 - Ring back tone on
> > > > 15:16:29: ISDN BR0: RX <- CONNECT pd = 8 callref = 0x96
> > > > 15:16:29: Signal i = 0x3F - Tones off
> > > > 15:16:29: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
> > > > 15:16:30: %DIALER-6-BIND: Interface BR0:1 bound to profile Di0
> > > > 15:16:30: BR0:1 PPP: Treating connection as a callout
> > > > 15:16:30: ISDN BR0: TX -> CONNECT_ACK pd = 8 callref = 0x16
> > > > 15:16:30: BR0:1 DDR: dialer protocol up
> > > > 15:16:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1,
> >changed
> > > > state to up
> > > > 15:16:36: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to
384020
> > > > 384020
> > > >
> > > > r1#s deb
> > > > Dial on demand:
> > > > Dial on demand events debugging is on
> > > > PPP:
> > > > PPP authentication debugging is on
> > > > ISDN:
> > > > ISDN Q931 packets debugging is on
> > > >
> > > > Yet, the call was placed, and the line still went up. Once we placed
> >it
> >on
> > > > the physical interface, the handshake occured properly as it should.
> > > > Puzzling...truly puzzling.
> > > >
> > > > Now, on Cisco's web site for PPP Callback Over ISDN:
> > > >
> >http://www.cisco.com/warp/public/793/access_dial/isdn-ppp-callback.html
> > > >
> > > > You will notice that one router is configured with legacy ddr and
the
> > > other
> > > > with dialer profiles. The router with the dialer profiles,
> >maui-nas-04,
> > > has
> > > > the 'ppp authentication' command on its dialer interface -- not the
> > > physical
> > > > interface!
> > > >
> > > > Later, we tested various combinations of 'ppp authenticaion' on bri0
> >and
> > > > dialer0 and found the following:
> > > > br0 on r1, d0 on r2 --> OK
> > > > br0 on r1, br0 on r2 --> OK
> > > > d0 on r1, d0 on r2 --> Call connect, but no authenticaion (see
above)
> > > > br0 & d0 on r1, br0 on r2 --> OK
> > > > br0 & d0 on r1, br0 & d0 on r2 --> NO GO!
> > > >
> > > > Our theory is that 'encapsulation ppp' needs to go on at least one
> > > physical,
> > > > but where are all othe ther ppp parameters supposed to go?
> > > >
> > > > Can anyone verify and explain this?
> > > >
> > > > Regards,
> > > > Daniel & Raymond
> > > > **Please read:http://www.groupstudy.com/list/posting.html
> > > > **Please read:http://www.groupstudy.com/list/posting.html
> >**Please read:http://www.groupstudy.com/list/posting.html

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:57 GMT-3