From: Tarek Sabry (tsabry@xxxxxxxxxxxxxxxxxxx)
Date: Wed Mar 27 2002 - 14:09:52 GMT-3
>From my very recent experience I could ping just fine without authentication
at all. I'm pasting my config for you. I am also including a ping from R6,
then after bouncing the BRI on R5, a ping from R5. Both work.
I even had legacy on one side and a dialer profile on the other.
What I had lots of problems with is PPP PAP. Can someone confirm that PAP
works fine???
Thanks
Tarek
!
hostname r5
!
!
!
interface BRI0
ip address 20.0.0.5 255.0.0.0
encapsulation ppp
dialer map ip 20.0.0.6 name r6 broadcast 5552222
dialer load-threshold 1 outbound
dialer-group 1
isdn switch-type basic-net3
ppp multilink
!
access-list 101 deny igrp any any
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
!
----------------------------------------------------
!
hostname r6
!
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
ppp multilink
!
interface Dialer0
ip address 20.0.0.6 255.0.0.0
encapsulation ppp
dialer pool 1
dialer string 5551111
dialer load-threshold 1 outbound
dialer-group 1
pulse-time 0
ppp multilink
!
!
access-list 101 deny igrp any any
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
!
-----------------------------------------------------
r6#ping 20.0.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.5, timeout is 2 seconds:
1d03h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
1d03h: %DIALER-6-BIND: Interface BR0:1 bound to profile Di0
1d03h: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 5551111 r5.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 36/36/36 ms
r6#
1d03h: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state
to
up
r6#
r6#
--------------------------------------------------------
r5#
r5#conf t
Enter configuration commands, one per line. End with CNTL/Z.
r5(config)#int bri0
r5(config-if)#shut
r5(config-if)#
r5(config-if)#
r5(config-if)#n
1d03h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
1d03h: %LINK-5-CHANGED: Interface BRI0, changed state to administratively
down
1d03h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
1d03h: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down
1d03h: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from unknown ,
call la
sted 63 seconds
1d03h: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BRI0, TEI 88 changed to
down
1d03h: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 88 changed to down
1d03h: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state
to
down
1d03h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1,
changed
state to dow
r5(config-if)#
r5(config-if)#
r5(config-if)#no shut
r5(config-if)#
1d03h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
1d03h: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down
1d03h: %LINK-3-UPDOWN: Interface BRI0, changed state to up
1d03h: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 89 changed to up
r5(config-if)#
r5(config-if)#
r5(config-if)#
r5(config-if)#
r5(config-if)#
r5(config-if)#^Z
r5#pi
1d03h: %SYS-5-CONFIG_I: Configured from console by consoleng 20.0.0.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.6, timeout is 2 seconds:
1d03h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
1d03h: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
1d03h: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 5552222 r6.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 36/36/36 ms
r5#
1d03h: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state
to
up
1d03h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1,
changed
state to up
r5#
r5#
-------------------------------------------------------------
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
John Neiberger
Sent: Wednesday, March 27, 2002 10:30 AM
To: Giveortake@AOL.COM; ccielab@groupstudy.com
Subject: Re: Old stuff PPP Authentication
In my experience, I have always had to use
some sort of authentication to get PPP over
ISDN to work correctly. I've spoken with
others who have more experience than I and
they've reported the same types of issues.
I've since made it my standard policy to
*always* use authentication on ISDN and I
haven't had those sorts of problems since.
HTH,
John
---- On Wed, 27 Mar 2002, Giveortake@AOL.COM
(Giveortake@AOL.COM) wrote:
> Forgive me.... Archives down...
>
> In playing with the PPP authentication I
have a couple questions
> hopefully
> someone can answer. Looking for clarity
as always. In reviewing the
> below,
> please keep in mind that my configs other
than the authentication work
> fine.
> If I put in PPP authentication chap on
both sids I connect and can ping
> side
> to side..
>
> 1. If I configure no ppp authentication
on either side, there is no
> challenge/response by either party. Link
goes up/up. Can not ping.
> Do I
> HAVE to have some sort of authentication
in order to establish
> communication?
>
> 2. Continuing question 1, is it
mandatory to have username and
> password for
> PPP negotiation/authentication? In
other words if I have no user
> names/passwords and configure no ppp
authentication on either side I
> connect
> and go up/up but can not ping. Debug
ppp negotion looks fine and of
> course
> there is no challenge so I figured I
should be able to communicate
> accross
> the link but I guess not. Apparently this
is the way it is supposed to
> work.
> Can anyone confirm?
>
> 3. When I configure PPP authentication
only on the CALLED side, it does
>
> indeed challenge and authenticates. I
can ping no problem. If I do
> it
> the other way and put PPP authentication
only on the CALLING side, I
> connect
> and there is a successfull
challenge/response, but I can not ping.
> Why
> does it work when the called side
initiates the challenge but not the
> other
> way around? Is this the way it is
supposed to work?
>
> Thanks,
>
> David
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:23 GMT-3