From: Kumar, Senthil (senthil.kumar@intechnology.co.uk)
Date: Tue Nov 26 2002 - 18:10:48 GMT-3
if r1 is set to authenticate incoming calls with callin keyword.it
challenges and r2 responds. always a called party challenges.
like if r1 is the central office and if r2 is remote, r2 will call r1, so
r1 is callin and r1 challenges.
-----Original Message-----
From: Ajit
To: Kumar, Senthil; charles.egbue@citicorp.com; ccielab@groupstudy.com;
mtognon@tecnonetspa.it; Sam.MicroGate@usa.telekom.de
Sent: 26/11/2002 20:39
Subject: Re: To all DDR guru....
Putting ppp authen chap callin on R1:-
Would imply the following
a. R2 has to intitate the call into R1. If it does, R1 will authenticate
R2
(authenticate incoming calls only .."callin") but R1 will not challenge
R2.
which i think is what was required.
So if this requirement is to work, the call needs to get intitated from
R2.
If there is a precondition that R2 cannot intitate a call to R1 ..then I
am
stuck !!!
----- Original Message -----
From: "Kumar, Senthil" <senthil.kumar@intechnology.co.uk>
To: "'Ajit '" <ajitmohanraj@vsnl.com>; <charles.egbue@citicorp.com>;
<ccielab@groupstudy.com>; <mtognon@tecnonetspa.it>;
<Sam.MicroGate@usa.telekom.de>
Sent: Wednesday, November 27, 2002 1:54 AM
Subject: RE: To all DDR guru....
> if r1 should not challenge. r1 should call r2. when r2 receives an
incoming
> call and if chap is set as the authentication mode, it then challenges
the
> caller, when r2 challenges r1, r1 responds and r2 validates. so if at
all
> you want to prefer adding a callin keyword do it at r2. as r2 should
only
> accpet incoming calls and do authentication.
>
> isnt this how it works..
>
> -----Original Message-----
> From: Ajit
> To: charles.egbue@citicorp.com; ccielab@groupstudy.com;
> mtognon@tecnonetspa.it; Sam.MicroGate@usa.telekom.de
> Sent: 25/11/2002 21:24
> Subject: Re: To all DDR guru....
>
> My inputs ...
>
> a.>>R1 should not challenge R2 :
>
> Put "ppp chap callin" under R1. What the callin on R1 really says is
> "Hey
> R2, you can cahhelge me but I cant challenge you" Used when you are
> connecting a Cisco router like your R! to a non-cisco router that
cannot
> do
> authnetication. Anyway that address requirement 1.
>
> b>> Greater than 25% of the bandwidth.
>
> ppp multilink
> dialer load-threshold 64 ( since 255 represent a 100% load factor :
64
> ~
> 25%)
>
> To touchup your config and adding what the rest have said.......
>
> a. username r1 password cisco on R2
>
> b. ppp multilink /dialer load threshold/ pppauthentication chap callin
> to be
> added on R1 and ofcourse R2 (withouth the callin parameter)
>
>
> ----- Original Message -----
> From: <charles.egbue@citicorp.com>
> To: <ccielab@groupstudy.com>; <mtognon@tecnonetspa.it>;
> <Sam.MicroGate@usa.telekom.de>
> Sent: Tuesday, November 26, 2002 1:50 AM
> Subject: RE: To all DDR guru....
>
>
> > 1. Spids are not required for the type of isdn switch that is being
> used
> here (basic-net3)
> > 2. You need the username statement on R2 (username r1 password
cisco)
> >
> > Charles
> >
> >
> > -----Original Message-----
> > From: Sam.MicroGate [mailto:Sam.MicroGate@usa.telekom.de]
> > Sent: Monday, November 25, 2002 11:48 AM
> > To: mtognon; ccielab
> > Subject: RE: To all DDR guru....
> >
> > Hello Massimiliano.
> >
> > A few things:
> > 1- You need isdn spid1 and isdn spid2 interface command in R1 and
R2.
> They
> > are missing.
> > 2- You need ppp multilink interface command for the second channel
to
> come
> > up.
> > 3- Because the word callin and callout are a little bit confusing to
> > interpret, Always use debug ppp authentication to monitor which
router
> > challenges the other and which router does not. The router that
> challenges
> > will have (O) challenge before the debug statement.
> >
> > Otherwise, everything is ok. Good luck.
> >
> >
> > Sam
> >
> >
> >
> > -----Original Message-----
> > From: Massimiliano Tognon [mailto:mtognon@tecnonetspa.it]
> > Sent: Monday, November 25, 2002 10:05 AM
> > To: ccielab@groupstudy.com
> > Subject: To all DDR guru....
> >
> >
> > Hi folks, question for you...
> >
> > this is the topology:
> >
> >
> > R1------ ISDN------R2
> >
> >
> > question is:
> >
> > Configure chap authentication between R1 and R2; R1 should not
> challenge
> R2.
> > When the traffic is greater than 25% of the bandwidth, a second
> channel
> must
> > be brought up.
> >
> > this is my configuration:
> >
> > R1:
> >
> > username r2 password cisco
> >
> > int bri 0
> > ip address 192.168.1.1 255.255.255.0
> > encapsulation ppp
> > dialer map ip 192.168.1.2 name r2 broadcast 0200
> > dialer idle-imeout 45
> > ppp authentication chap
> > dialer group 1
> > isdn switch-type basic-net3
> >
> > dialer-list 1 protocol ip permit
> >
> > R2:
> >
> >
> > int bri 0
> > ip address 192.168.1.2 255.255.255.0
> > encapsulation ppp
> > dialer map ip 192.168.1.1 name r1broadcast 0300
> > dialer idle-imeout 45
> > ppp authentication chap
> > dialer group 1
> > isdn switch-type basic-net3
> > dialer load-threshold 64 either
> > ppp authentication chap callin
> >
> > dialer-list 1 protocol ip permit
> >
> >
> >
> > what do you think about?
> > on R1 challenge is ignored but it is generated...
> > do i need ppp multilink in order to work dialer load-threshlod ? i'm
> little
> > bit confused... any help appreciated...
> >
> > thanks
>
>
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:11 GMT-3