From: Brian Dennis (brian@labforge.com)
Date: Wed May 21 2003 - 12:33:43 GMT-3
Here are the first question's configs:
R1
interface bri0/0
encap ppp
ppp authentication chap
R2
interface bri0/0
encap ppp
With this config R1 will authenticate the remote end for both incoming
and outgoing calls. R2 is allowing itself to be authenticated (default
behavior).
Now the second question's configs:
R1
interface bri0/0
encap ppp
ppp authentication chap callin
R2
interface bri0/0
encap ppp
ppp authentication chap
With this config R1 will authenticate the remote end only for incoming
calls. R2 will authenticate the remote end for both incoming and
outgoing calls.
Remember that the default behavior is to allow the router to be
authenticated. If you want a router to not be authenticated you should
disable the authentication protocol. This is done by using the "ppp
chap|pap|eap refuse" interface command. Usually the remote end has the
"optional" keyword on the end of the "ppp authentication <auth
protocol>" command when one of the remote sites could be configured to
refuse authentication.
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
John Matijevic
Sent: Wednesday, May 21, 2003 6:17 AM
To: ccielab@groupstudy.com
Subject: unidirectional chap auth
Hello Team,
I am preparing for my second attempt failed the first attempt back in
March.
My question is what is the difference of using ppp auth chap under the
interface on one side, and the other router not having that command, vs
2nd
scenerio using ppp auth chap callin on one side then using ppp auth chap
on
the other router. I know that the second scenerio is used with non-cisco
routers that do not support authentication by the calling device. What
is the
difference between the two methods? I dont think there is any but please
clarify.
Sincerely,
Matijevic
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:45 GMT-3