RE: PPP Chap hostname with Dialer profile

From: Jonathan V Hays (jhays@jtan.com)
Date: Tue Apr 29 2003 - 13:47:29 GMT-3

• Next message: ezrick@walla.co.il: "CCIE 11526"
• Previous message: Leo Song: "RE: BootCamp Lab 1 help"
• Maybe in reply to: Ivan: "PPP Chap hostname with Dialer profile"
• Next in thread: Ivan: "RE: PPP Chap hostname with Dialer profile"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> I'm experimenting with ppp chap hostname feature on
> the dialer interface but could not get it work.
> I'm using the AUX-to-AUX port to simulate the ISDN
> dialing with dialer profile.
>
> Appreciate for any advice.
> Below is my config
>
> R1 (called Router)
> ---------------------
>
> username test password cisco
>
> interface Async1
> no ip address
> encapsulation ppp
> dialer in-band
> dialer pool-member 1
> async default routing
> async dynamic routing
> async mode dedicated
> ppp authentication chap
> !
> interface Dialer1
> ip address 170.1.201.2 255.255.255.252
> encapsulation ppp
> dialer pool 1
> dialer remote-name R2
> dialer-group 1
> no peer neighbor-route
> ppp authentication chap
> !
>
> R2 (Calling Router)
> -------------------
>
> username R1 password cisco
>
> interface Async1
> no ip address
> encapsulation ppp
> dialer in-band
> dialer pool-member 1
> async default routing
> async dynamic routing
> async mode dedicated
> ppp authentication chap
> !
> interface Dialer1
> ip address 170.1.201.2 255.255.255.252
> encapsulation ppp
> dialer pool 1
> dialer remote-name R1
> dialer-group 1
> dialer string 1234
> dialer idle-timeout 60
> no peer neighbor-route
> ppp authentication chap
> ppp chap hostname test

Hi Ivan,

"debug ppp auth" is a handy tool for figuring out ppp authentication
issues.

You need a "username test password cisco" entry on R1 for this to work.

I'll give you a brief sketch of how CHAP works, as I understand it:

1. R2 would normally send "R2" but since you configured "ppp chap
hostname test" it sends "test" as the challenge string to R1.

2. R1 looks up the password for "test" and hashes it (encrypts it) along
with some other stuff and sends it back to R2.

3. R2 does its own hash on "test" and compares it to the result from R1.

4. If the hashes are identical R2 sends a message to R1 saying
authentication passed.

R1 does the same to R2, using the string "R1". BTW, make sure that "R1"
is the hostname for R1.

HTH

• Next message: ezrick@walla.co.il: "CCIE 11526"
• Previous message: Leo Song: "RE: BootCamp Lab 1 help"
• Maybe in reply to: Ivan: "PPP Chap hostname with Dialer profile"
• Next in thread: Ivan: "RE: PPP Chap hostname with Dialer profile"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:09 GMT-3