RE: ISDN callback not authenticating - FIXED

From: Jason Cash (cash2001@swbell.net)
Date: Mon Mar 03 2003 - 23:56:00 GMT-3

• Next message: Giveortake@aol.com: "CCIE# 11192"
• Previous message: David Porta: "Re: 3550 & DHCP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I got it! In my curiosity I did the following:
 
r5(config)#username ccie password cisco ?
LINE <cr>
 
This put a space in the password I guess and threw a wrench in the whole
thing!
 
I still wonder why the solution has the 'username ccie password 0 cisco'
on r5? I removed this and was still able to authenticate.
 
On another note, where is the password defined when using 'ppp chap
hostname XXX'? I am curious what password it sends by default.
 
--Original Message-----
From: Jason Cash [mailto:cash2001@swbell.net]
Sent: Monday, March 03, 2003 8:12 PM
To: 'ccielab@groupstudy.com'
Subject: ISDN callback not authenticating
 
I am having a problem on authenticating ISDN callback:
 
r5 is requesting callback from r6. For some reason the PPP auth is
failing. r5 is using 'ppp chap hostname ccie' which is defined on r6's
local auth. Is there a way to see the passwords neing sent other that
using PAP? I am confused as hell. The answer is listing both interface
use legacy DDR, but I want to user Dialer interface on r5. Also, the
answer states that r5 should have 'username ccie password 0 cisco'
defined. Why is that the case if I am calling r6 to authenticate?
 
r5#ping 10.1.35.6
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.35.6, timeout is 2 seconds:
 
6d03h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
6d03h: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1
6d03h: BR0:1 PPP: Treating connection as a callout
6d03h: BR0:1 CHAP: Using alternate hostname ccie
6d03h: BR0:1 CHAP: Using alternate hostname ccie
6d03h: BR0:1 CHAP: O CHALLENGE id 124 len 25 from "ccie"
6d03h: BR0:1 CHAP: I CHALLENGE id 152 len 23 from "r6"
6d03h: BR0:1 CHAP: Using alternate hostname ccie
6d03h: BR0:1 CHAP: O RESPONSE id 152 len 25 from "ccie"
6d03h: BR0:1 CHAP: I FAILURE id 152 len 25 msg is "MD/DES compare
failed"
6d03h: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 4082222222
r6
6d03h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down.
6d03h: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di1
 
R5
hostname r5
!
username r6 password 0 cisco
username ccie password 0 cisco
!
ip subnet-zero
no ip domain-lookup
!
clns routing
isdn switch-type basic-ni
!
interface BRI0
 no ip address
 encapsulation ppp
 dialer pool-member 1
 isdn switch-type basic-ni
 isdn spid1 408111111101
 isdn spid2 408111111102
!
interface Dialer1
 ip address 10.1.35.5 255.255.255.252
 encapsulation ppp
 dialer pool 1
 dialer string 4082222222
 dialer load-threshold 1 either
 dialer-group 1
 pulse-time 0
 ppp callback request
 ppp authentication chap
 ppp chap hostname ccie
 ppp multilink
!
router ospf 1
 log-adjacency-changes
 network 10.1.35.4 0.0.0.3 area 5
!
access-list 101 deny ospf any any
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
 
R6
hostname r6
!
username ccie password 0 cisco
!
ip subnet-zero
no ip domain-lookup
!
ip multicast-routing
isdn switch-type basic-ni
!
interface BRI0
 ip address 10.1.35.6 255.255.255.252
 encapsulation ppp
 dialer callback-secure
 dialer map ip 10.1.35.5 name ccie class callback broadcast 4081111111
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 408222222201
 isdn spid2 408222222202
 ppp callback accept
 ppp authentication chap
 ppp multilink
!
router ospf 1
 log-adjacency-changes
 redistribute igrp 1 metric 10 subnets
 network 10.1.5.0 0.0.0.7 area 10
 network 10.1.35.4 0.0.0.3 area 5
!
map-class dialer callback
 dialer callback-server username
access-list 101 deny ospf any any
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
 
r6# sh log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
    Console logging: level debugging, 1888 messages logged
    Monitor logging: level debugging, 588 messages logged
    Buffer logging: level debugging, 1888 messages logged
    Trap logging: level informational, 888 message lines logged
          
Log Buffer (4096 bytes):
 
6d03h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
6d03h: BR0:1 PPP: Treating connection as a callin
6d03h: BR0:1 CHAP: O CHALLENGE id 152 len 23 from "r6"
6d03h: BR0:1 CHAP: I CHALLENGE id 124 len 25 from "ccie"
6d03h: BR0:1 CHAP: Waiting for peer to authenticate first
6d03h: BR0:1 CHAP: I RESPONSE id 152 len 25 from "ccie"
6d03h: BR0:1 CHAP: O FAILURE id 152 len 25 msg is "MD/DES compare
failed"
6d03h: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 4081111111
ccie
6d03h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down

• Next message: Giveortake@aol.com: "CCIE# 11192"
• Previous message: David Porta: "Re: 3550 & DHCP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:31 GMT-3