From: Jaroslaw Zak (jaroslawz@hotmail.com)
Date: Mon Dec 02 2002 - 08:48:06 GMT-3
Hi,
I don't think your link will come up if you omit authentication config at
one side, and here is why: Authentication type and wheter to use it or not
is negotiated by LCP on very early stage. If one side wants to use it, and
other does not, link is declared down.
You should see it using debug ppp negotiation and debug ppp authenication.
HTH
Jarek
>From: "Massimiliano Tognon" <mtognon@tecnonetspa.it>
>Reply-To: "Massimiliano Tognon" <mtognon@tecnonetspa.it>
>To: <ccielab@groupstudy.com>
>Subject: To all DDR guru....
>Date: Mon, 2 Dec 2002 12:20:50 +0100
>
>in some note i've found that if you don't want that router to challenge the
>other,simply omit the ppp authentication command....
>
>i try this on my lab, but i don't agree, 'cause if i omit th command,
>simply
>i haven't authentication.I try to make some debug and on ppp negotiation
>there's no information about authentication in progress between them.Some
>friends tell me that this is the correct answer...
>
>any comments???
>
>
>
>
>-----Messaggio originale-----
>Da: Kumar, Senthil [mailto:senthil.kumar@intechnology.co.uk]
>Inviato: martedl 26 novembre 2002 22.11
>A: 'Ajit '; Kumar, Senthil; 'charles.egbue@citicorp.com ';
>'ccielab@groupstudy.com '; 'mtognon@tecnonetspa.it ';
>'Sam.MicroGate@usa.telekom.de '
>Oggetto: RE: To all DDR guru....
>
>
>if r1 is set to authenticate incoming calls with callin keyword.it
>challenges and r2 responds. always a called party challenges.
>
>like if r1 is the central office and if r2 is remote, r2 will call r1, so
>r1 is callin and r1 challenges.
>
>
>
>
>-----Original Message-----
>From: Ajit
>To: Kumar, Senthil; charles.egbue@citicorp.com; ccielab@groupstudy.com;
>mtognon@tecnonetspa.it; Sam.MicroGate@usa.telekom.de
>Sent: 26/11/2002 20:39
>Subject: Re: To all DDR guru....
>
>Putting ppp authen chap callin on R1:-
>
>Would imply the following
>a. R2 has to intitate the call into R1. If it does, R1 will authenticate
>R2
>(authenticate incoming calls only .."callin") but R1 will not challenge
>R2.
>which i think is what was required.
>
>So if this requirement is to work, the call needs to get intitated from
>R2.
>If there is a precondition that R2 cannot intitate a call to R1 ..then I
>am
>stuck !!!
>
>
>
>
>----- Original Message -----
>From: "Kumar, Senthil" <senthil.kumar@intechnology.co.uk>
>To: "'Ajit '" <ajitmohanraj@vsnl.com>; <charles.egbue@citicorp.com>;
><ccielab@groupstudy.com>; <mtognon@tecnonetspa.it>;
><Sam.MicroGate@usa.telekom.de>
>Sent: Wednesday, November 27, 2002 1:54 AM
>Subject: RE: To all DDR guru....
>
>
> > if r1 should not challenge. r1 should call r2. when r2 receives an
>incoming
> > call and if chap is set as the authentication mode, it then challenges
>the
> > caller, when r2 challenges r1, r1 responds and r2 validates. so if at
>all
> > you want to prefer adding a callin keyword do it at r2. as r2 should
>only
> > accpet incoming calls and do authentication.
> >
> > isnt this how it works..
> >
> > -----Original Message-----
> > From: Ajit
> > To: charles.egbue@citicorp.com; ccielab@groupstudy.com;
> > mtognon@tecnonetspa.it; Sam.MicroGate@usa.telekom.de
> > Sent: 25/11/2002 21:24
> > Subject: Re: To all DDR guru....
> >
> > My inputs ...
> >
> > a.>>R1 should not challenge R2 :
> >
> > Put "ppp chap callin" under R1. What the callin on R1 really says is
> > "Hey
> > R2, you can cahhelge me but I cant challenge you" Used when you are
> > connecting a Cisco router like your R! to a non-cisco router that
>cannot
> > do
> > authnetication. Anyway that address requirement 1.
> >
> > b>> Greater than 25% of the bandwidth.
> >
> > ppp multilink
> > dialer load-threshold 64 ( since 255 represent a 100% load factor :
>64
> > ~
> > 25%)
> >
> > To touchup your config and adding what the rest have said.......
> >
> > a. username r1 password cisco on R2
> >
> > b. ppp multilink /dialer load threshold/ pppauthentication chap callin
> > to be
> > added on R1 and ofcourse R2 (withouth the callin parameter)
> >
> >
> > ----- Original Message -----
> > From: <charles.egbue@citicorp.com>
> > To: <ccielab@groupstudy.com>; <mtognon@tecnonetspa.it>;
> > <Sam.MicroGate@usa.telekom.de>
> > Sent: Tuesday, November 26, 2002 1:50 AM
> > Subject: RE: To all DDR guru....
> >
> >
> > > 1. Spids are not required for the type of isdn switch that is being
> > used
> > here (basic-net3)
> > > 2. You need the username statement on R2 (username r1 password
>cisco)
> > >
> > > Charles
> > >
> > >
> > > -----Original Message-----
> > > From: Sam.MicroGate [mailto:Sam.MicroGate@usa.telekom.de]
> > > Sent: Monday, November 25, 2002 11:48 AM
> > > To: mtognon; ccielab
> > > Subject: RE: To all DDR guru....
> > >
> > > Hello Massimiliano.
> > >
> > > A few things:
> > > 1- You need isdn spid1 and isdn spid2 interface command in R1 and
>R2.
> > They
> > > are missing.
> > > 2- You need ppp multilink interface command for the second channel
>to
> > come
> > > up.
> > > 3- Because the word callin and callout are a little bit confusing to
> > > interpret, Always use debug ppp authentication to monitor which
>router
> > > challenges the other and which router does not. The router that
> > challenges
> > > will have (O) challenge before the debug statement.
> > >
> > > Otherwise, everything is ok. Good luck.
> > >
> > >
> > > Sam
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Massimiliano Tognon [mailto:mtognon@tecnonetspa.it]
> > > Sent: Monday, November 25, 2002 10:05 AM
> > > To: ccielab@groupstudy.com
> > > Subject: To all DDR guru....
> > >
> > >
> > > Hi folks, question for you...
> > >
> > > this is the topology:
> > >
> > >
> > > R1------ ISDN------R2
> > >
> > >
> > > question is:
> > >
> > > Configure chap authentication between R1 and R2; R1 should not
> > challenge
> > R2.
> > > When the traffic is greater than 25% of the bandwidth, a second
> > channel
> > must
> > > be brought up.
> > >
> > > this is my configuration:
> > >
> > > R1:
> > >
> > > username r2 password cisco
> > >
> > > int bri 0
> > > ip address 192.168.1.1 255.255.255.0
> > > encapsulation ppp
> > > dialer map ip 192.168.1.2 name r2 broadcast 0200
> > > dialer idle-imeout 45
> > > ppp authentication chap
> > > dialer group 1
> > > isdn switch-type basic-net3
> > >
> > > dialer-list 1 protocol ip permit
> > >
> > > R2:
> > >
> > >
> > > int bri 0
> > > ip address 192.168.1.2 255.255.255.0
> > > encapsulation ppp
> > > dialer map ip 192.168.1.1 name r1broadcast 0300
> > > dialer idle-imeout 45
> > > ppp authentication chap
> > > dialer group 1
> > > isdn switch-type basic-net3
> > > dialer load-threshold 64 either
> > > ppp authentication chap callin
> > >
> > > dialer-list 1 protocol ip permit
> > >
> > >
> > >
> > > what do you think about?
> > > on R1 challenge is ignored but it is generated...
> > > do i need ppp multilink in order to work dialer load-threshlod ? i'm
> > little
> > > bit confused... any help appreciated...
> > >
> > > thanks
This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:37 GMT-3