From: Ayman Hamza (ayhamza@cisco.com)
Date: Mon Sep 30 2002 - 12:10:29 GMT-3
Bola;
Yes, agreed.
Let's investigate in detail for clarification.
. If R1 is calling R2. Then R2 will send a Challenge to
R1, and will calculate the Hash for the R1 - that uses username c1, you can
see that username in the debug ppp negotiation - and the MD5 hashed password
calculated on R2 is c . When R1 (caller) sends a RESPONSE, that RESPONSE will contain
the MD5 hashed calculated that is associated with the command
'ppp chap password ' on it - I mean on R1 - , which is c .
You can apply the above theory if R2 is calling R1
Best wishes;
Ayman
> From BolaAD@Resourcery.com.ng Mon Sep 30 16:15:27 2002
> content-class: urn:content-classes:message
> Subject: RE: PPP CHAP Password
> MIME-Version: 1.0
> Date: Mon, 30 Sep 2002 14:51:07 +0100
> X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator:
> Thread-Topic: PPP CHAP Password
> Thread-Index: AcJogrBuozwygNvkSM+h8kMyzQCa3gABQ9fA
> From: "Bola Adegbonmire" <BolaAD@Resourcery.com.ng>
> To: "Ayman Hamza" <ayhamza@cisco.com>
> Cc: <ccielab@groupstudy.com>
> Content-Transfer-Encoding: 8bit
> X-MIME-Autoconverted: from quoted-printable to 8bit by strange-brew.cisco.com id g8UEF3700276
>
> True. Still the passwords been used by poth peers do not have to match what
> has to match is the "ppp chap password" on one router and the associated
> global "username x password xxxx" configured on the peer. Meaning
> R1 can have
>
> usename b1 password b
> int xx
> ppp chap password c
> ppp chap hostname c1
>
> R2 will have
> usename c1 password c
> int xx
> ppp chap password b
> ppp chap hostname b1
>
> -----Original Message-----
> From: Ayman Hamza [mailto:ayhamza@cisco.com]
> Sent: Monday, September 30, 2002 2:00 PM
> To: msnyder@revolutioncomputer.com; Nick.Jaksec@acs-inc.com;
> gposey@uaes.org
> Cc: ccielab@groupstudy.com
> Subject: RE: PPP CHAP Password
>
>
> Dear All;
>
> CHAP never send any passwords at all(whether encrypted or not) over the link.
> what is always being sent is the hashed MD5 calculated data.
> For CHAP, the password should be same on both PPP peer, this is a rule
> for CHAP to work.
>
> the commands: ppp chap hostname & ppp chap password , are used to change
> the username and the passwoprd respectively. Ofcourse the password
> should be same on both routers. For example :
>
>
> ### R2 is calling R1 ####
>
> R1:
>
> !
> hostname R2
> !
> username userR2 password ccie
> !
> interface BRIx
> ...
> ppp authentication chap
> dialer map ip a.b.c.d name userR2 broadcast ----> note the hostname here !
> ..
> !
>
>
> R2:
>
> !
> hostname R2
> !
> username R1 password ccie
> !
> interface BRIx
> ...
> ppp authentication chap
> ppp chap password ccie
> ppp chap hostname userR2
> dialer map ip x.y.z.l name R1 broadcast <string>
> ..
> !
>
>
>
> Kindly read these documents that I have posted my self on CCO:
>
> http://www.cisco.com/warp/public/471/understanding_ppp_chap.html
>
> http://www.cisco.com/warp/public/471/debug_ppp_negotiation.html
>
> http://www.cisco.com/warp/public/471/ppp_authen_ts_fl.html
>
> If in the exam he said configure Authentication that sends password
> through the link; this means configure PAP. Again CHAP doesn't send the password
> at all - whether encrypted or not - . PAP sends password through the
> link and the passwords can be different on the PPP peers. I hope I clarified
> everything .
>
>
> Regards;
> Ayman
>
>
>
> > From nobody@groupstudy.com Mon Sep 30 14:32:22 2002
> > From: "Gregory W. Posey Jr." <gposey@uaes.org>
> > To: "'Michael Snyder'" <msnyder@revolutioncomputer.com>,
> > "'Jaksec Nick'"
> > <Nick.Jaksec@acs-inc.com>
> > Cc: <ccielab@groupstudy.com>
> > Subject: RE: PPP CHAP Password
> > Date: Mon, 30 Sep 2002 08:17:52 -0400
> > Organization: UAES
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > X-Mailer: Microsoft Outlook, Build 10.0.2627
> > X-ASK-Info: Whitelist match
> > Sender: nobody@groupstudy.com
> > Reply-To: "Gregory W. Posey Jr." <gposey@uaes.org>
> >
> > Actually, it's not about transposing passwords. Without using ppp chap
> > hostname command, the router defaults to using its own hostname and the
> > configured password.
> >
> > So your example below works as long as the passwords match...
> >
> > Router1(config)# username router2 password cisco
> > Router2(config)# username router1 password cisco
> >
> > The routers don't need to have a username & password entry for its own
> > hostname (e.g. Router1(config)# username router1 password cisco).
> >
> > As for the original question, does the remote router have the username &
> > password pair that is configured as the ppp chap hostname & password
> > under the interface in the "host" end router?
> >
> > Thank you,
> > Greg Posey Jr.
> > CCIE #7981
> > CSS1, CCSE
> > CCNP - Voice Access
> > M.S. EE
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Michael Snyder
> > Sent: Wednesday, September 25, 2002 10:05 AM
> > To: 'Jaksec, Nick'
> > Cc: ccielab@groupstudy.com
> > Subject: RE: PPP CHAP Password
> >
> > I don't know why this works, but I do know it does work as listed below.
> >
> > With CHAP.
> >
> > Router 1
> > User router1 pass 0 pass1
> > User router2 pass 0 pass2
> >
> > Router 2
> > User router1 pass 0 pass2
> > User router2 pass 0 pass1
> >
> > Basically your transpose the passwords on one of the routers.
> >
> > With PAP.
> >
> > Router 1
> > User router1 pass 0 pass1
> > User router2 pass 0 pass2
> >
> > Router 2
> > User router1 pass 0 pass1
> > User router2 pass 0 pass2
> >
> > You don't transpose the passwords with pap, just a one to one
> > relationship.
> >
> >
> > Also I always use a ppp alternative host name command, so I don't have
> > to worry about the router's name. Basically, I cut and paste the above
> > to the routers, name them router1 and router2 using the ppp alternative
> > host name command and it works.
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Jaksec, Nick
> > Sent: Tuesday, September 24, 2002 1:00 PM
> > To: ccielab@groupstudy.com
> > Subject: PPP CHAP Password
> >
> > When setting the hostname and password under the BRI interface (PPP CHAP
> > Hostname & PPP CHAP Password) it does not authenticate to the neighbor
> > router. I am placing the username and password on the remote router to
> > the
> > hostname and password correctly but it will not accept the new password.
> > Does anybody have any suggustions ??
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:44:07 GMT-3