RE: ISDN callback not authenticating

From: Brian Dennis (brian@labforge.com)
Date: Tue Mar 04 2003 - 00:11:50 GMT-3

• Next message: Tony Schaffran: "RE: ISDN callback not authenticating"
• Previous message: Giveortake@aol.com: "CCIE# 11192"
• Maybe in reply to: Jason Cash: "ISDN callback not authenticating"
• Next in thread: Tony Schaffran: "RE: ISDN callback not authenticating"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Jason,
You have a space after the password "cisco" for r6. From left to right
highlight the "username r6" command and then highlight the "username
ccie" command and you'll see the difference.

username r6 password 0 cisco
username ccie password 0 cisco

Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
brian@labforge.com
http://www.labforge.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jason Cash
Sent: Monday, March 03, 2003 6:12 PM
To: ccielab@groupstudy.com
Subject: ISDN callback not authenticating

I am having a problem on authenticating ISDN callback:
 
r5 is requesting callback from r6. For some reason the PPP auth is
failing. r5 is using 'ppp chap hostname ccie' which is defined on r6's
local auth. Is there a way to see the passwords neing sent other that
using PAP? I am confused as hell. The answer is listing both interface
use legacy DDR, but I want to user Dialer interface on r5. Also, the
answer states that r5 should have 'username ccie password 0 cisco'
defined. Why is that the case if I am calling r6 to authenticate?
 
r5#ping 10.1.35.6
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.35.6, timeout is 2 seconds:
 
6d03h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
6d03h: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1
6d03h: BR0:1 PPP: Treating connection as a callout
6d03h: BR0:1 CHAP: Using alternate hostname ccie
6d03h: BR0:1 CHAP: Using alternate hostname ccie
6d03h: BR0:1 CHAP: O CHALLENGE id 124 len 25 from "ccie"
6d03h: BR0:1 CHAP: I CHALLENGE id 152 len 23 from "r6"
6d03h: BR0:1 CHAP: Using alternate hostname ccie
6d03h: BR0:1 CHAP: O RESPONSE id 152 len 25 from "ccie"
6d03h: BR0:1 CHAP: I FAILURE id 152 len 25 msg is "MD/DES compare
failed"
6d03h: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 4082222222
r6
6d03h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down.
6d03h: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di1
 
R5
hostname r5
!
username r6 password 0 cisco
username ccie password 0 cisco
!
ip subnet-zero
no ip domain-lookup
!
clns routing
isdn switch-type basic-ni
!
interface BRI0
 no ip address
 encapsulation ppp
 dialer pool-member 1
 isdn switch-type basic-ni
 isdn spid1 408111111101
 isdn spid2 408111111102
!
interface Dialer1
 ip address 10.1.35.5 255.255.255.252
 encapsulation ppp
 dialer pool 1
 dialer string 4082222222
 dialer load-threshold 1 either
 dialer-group 1
 pulse-time 0
 ppp callback request
 ppp authentication chap
 ppp chap hostname ccie
 ppp multilink
!
router ospf 1
 log-adjacency-changes
 network 10.1.35.4 0.0.0.3 area 5
!
access-list 101 deny ospf any any
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
 
R6
hostname r6
!
username ccie password 0 cisco
!
ip subnet-zero
no ip domain-lookup
!
ip multicast-routing
isdn switch-type basic-ni
!
interface BRI0
 ip address 10.1.35.6 255.255.255.252
 encapsulation ppp
 dialer callback-secure
 dialer map ip 10.1.35.5 name ccie class callback broadcast 4081111111
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 408222222201
 isdn spid2 408222222202
 ppp callback accept
 ppp authentication chap
 ppp multilink
!
router ospf 1
 log-adjacency-changes
 redistribute igrp 1 metric 10 subnets
 network 10.1.5.0 0.0.0.7 area 10
 network 10.1.35.4 0.0.0.3 area 5
!
map-class dialer callback
 dialer callback-server username
access-list 101 deny ospf any any
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
 
r6# sh log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
    Console logging: level debugging, 1888 messages logged
    Monitor logging: level debugging, 588 messages logged
    Buffer logging: level debugging, 1888 messages logged
    Trap logging: level informational, 888 message lines logged
          
Log Buffer (4096 bytes):
 
6d03h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
6d03h: BR0:1 PPP: Treating connection as a callin
6d03h: BR0:1 CHAP: O CHALLENGE id 152 len 23 from "r6"
6d03h: BR0:1 CHAP: I CHALLENGE id 124 len 25 from "ccie"
6d03h: BR0:1 CHAP: Waiting for peer to authenticate first
6d03h: BR0:1 CHAP: I RESPONSE id 152 len 25 from "ccie"
6d03h: BR0:1 CHAP: O FAILURE id 152 len 25 msg is "MD/DES compare
failed"
6d03h: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 4081111111
ccie
6d03h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down

• Next message: Tony Schaffran: "RE: ISDN callback not authenticating"
• Previous message: Giveortake@aol.com: "CCIE# 11192"
• Maybe in reply to: Jason Cash: "ISDN callback not authenticating"
• Next in thread: Tony Schaffran: "RE: ISDN callback not authenticating"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:31 GMT-3