From: Michael Snyder (msnyder@xxxxxxxxxxxxxxxxxxxxxx)
Date: Thu Aug 15 2002 - 13:25:02 GMT-3
Ive been trying to use the chap host and chap password commands.
Normally when I do chap, I use two usernames with transposed passwords
on one of the routers.
Router1
Username router1 password 0 pass1
Username router2 password 0 pass2
Router2
Username router1 password 0 pass2
Username router2 password 0 pass1
I never precisely understood why I had to transpose the passwords with
chap and not with pap, but it was a symmetrical solution to transpose
the two passwords for the two usernames on one of the routers.
Now, with the config below, Im using a ppp chap password command, which
I think sets the default chap password on the called router.
I know that the configs work, calling either way, from router1 to
router2, or from router2 to router1.
What is bugging me is now the password sets (user+password) is now
asymmetrical!
Before I had four password sets, and two of them were transposed.
Now I still have four password sets, and only one of them is transposed.
Why? Was it always like this, and the symmetry of my earlier solution
not needed?
TIA
hostname C
username router2 password 0 pass2
interface BRI0
ip address 10.0.0.1 255.255.255.252
encapsulation ppp
dialer idle-timeout 45
dialer map ip 10.0.0.2 name router2 broadcast 2221
dialer map ip 10.0.0.2 name router2 broadcast 2222
dialer load-threshold 4 outbound
dialer-group 1
isdn switch-type basic-net3
isdn spid1 1111
isdn spid2 1112
ppp authentication chap
ppp chap hostname router1
ppp chap password 0 pass1
ppp multilink
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
--------------------------------------------------------------
hostname D
username router1 password 0 pass2
interface BRI0
ip address 10.0.0.2 255.255.255.252
encapsulation ppp
dialer idle-timeout 45
dialer map ip 10.0.0.1 name router1 broadcast 1111
dialer map ip 10.0.0.1 name router1 broadcast 1112
dialer load-threshold 4 outbound
dialer-group 1
isdn switch-type basic-net3
isdn spid1 2221
isdn spid2 2222
ppp authentication chap
ppp chap hostname router2
ppp chap password 0 pass2
ppp multilink
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
--------------------------------------------------
Below is the debug of router 1 calling out, and also receiving a call.
C#p 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
000337: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
000338: BR0:1 PPP: Treating connection as a callout
000339: BR0:1 CHAP: Using alternate hostname router1
000340: BR0:1 CHAP: Using alternate hostname router1
000341: BR0:1 CHAP: O CHALLENGE id 14 len 28 from "router1"
000342: BR0:1 CHAP: I CHALLENGE id 14 len 28 from "router2"
000343: BR0:1 CHAP: Using alternate hostname router1
000344: BR0:1 CHAP: O RESPONSE id 14 len 28 from "router1"
000345: BR0:1 CHAP: I SUCCESS id 14 len 4
000346: BR0:1 CHAP: I RESPONSE id 14 len 28 from "router2"
000347: BR0:1 CHAP: O SUCCESS id 14 len 4
000348: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
000349: Vi1 PPP: Treating connection as a callout
000350: Vi1 CHAP: Using alternate hostname router1.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 36/36/36 ms
C#
000351: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed
state to up
000352: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1,
changed state to up
C#
000353: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 2221
router2
C#
000354: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
000355: BR0:1 CHAP: Using alternate hostname router1
000356: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 2221
router2, call lasted 46 seconds
000357: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
C#
000358: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed
state to down
000359: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1,
changed state to down
C#
000360: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
C#
000361: BR0:1 PPP: Treating connection as a callin
000362: BR0:1 CHAP: Using alternate hostname router1
000363: BR0:1 CHAP: Using alternate hostname router1
000364: BR0:1 CHAP: Using alternate hostname router1
000365: BR0:1 CHAP: O CHALLENGE id 15 len 28 from "router1"
000366: BR0:1 CHAP: I CHALLENGE id 15 len 28 from "router2"
000367: BR0:1 CHAP: Waiting for peer to authenticate first
000368: BR0:1 CHAP: I RESPONSE id 15 len 28 from "router2"
000369: BR0:1 CHAP: O SUCCESS id 15 len 4
000370: BR0:1 CHAP: Processing saved Challenge, id 15
000371: BR0:1 CHAP: Using alternate hostname router1
000372: BR0:1 CHAP: O RESPONSE id 15 len 28 from "router1"
000373: BR0:1 CHAP: I SUCCESS id 15 len 4
000374: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
C#
000375: Vi1 PPP: Treating connection as a callin
000376: Vi1 CHAP: Using alternate hostname router1
000377: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed
state to up
000378: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1,
changed state to up
C#
000379: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 2221
router2
C#
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:26 GMT-3