From: Joe Martin (jmartin@capitalpremium.net)
Date: Tue Jun 03 2003 - 11:57:26 GMT-3
Let me run this past everyone and see what y'all think.
r1------ISDN-------r2
Both are using ppp encap. R2 is configured with a dialer map pointing to r1
ip add and number, no auth.
No dialer maps, strings on r1.
R2 pings R1, isdn dials up and ping is successful.
I then add a dialer map on r1 pointing to r2 ip add but no number. Nothing
else is changed. Now when r2 pings r1 the isdn dials up successfully, but no
ping replies from r1.
A debug on r1 shows "encapsulation failed".
If I then add ppp auth chap on both routers or on just r1 (called router),
then the ping is successful.
If I have auth only on r2, then ping is unsuccessful.
What I found is that no matter how I configured it, r1 would not reply to a
ping if it was configured with a dialer map but no authentication. If r1
did not authenticate the calling router (that is to say issue a chap
challenge), then I would get the encapsulation failed.
My question then is: Why is the dialer map on the called router causing a
need for authentication in order for a layer 3 packet to be forwarded?
Again, in every scenario, with or with out dialer map on r1, and with or
with out authen, the isdn call was successful. There appeared to be no
layer 2 issues (other than the encap failed from the debug ip pack), a debug
ppp neg showed that the isdn/ppp connection was fine everytime.
Unfortunately I am not in front of my routers so I cannot supply configs,
but surely they are fine if the only change I make is a "ppp auth chap"
command on r1 to make everything work.
What your call?
TIA,
Joe Martin
This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:52 GMT-3