RE: ISDN PAP authentication problem

From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Fri Aug 08 2003 - 03:58:58 GMT-3

• Next message: Krishnan Narayanan: "Filterlist Weight"
• Previous message: Brian Dennis: "RE: ISDN PAP authentication problem"
• Maybe in reply to: Alec Pun: "ISDN PAP authentication problem"
• Next in thread: Alec Pun: "Re: ISDN PAP authentication problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

As a side note you can tell that the dialer interface's pap password
isn't "cisco" just by looking at it.

They way you can tell that the password under the dialer interface isn't
"cisco" is because "cisco" when encrypted using Cisco's standard
encryption algorithm will output a string that is always 12
digits/characters long ((encrypt string-2)/2). The password under the
dialer interface when unencrypted is 6 digits/characters long.

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brian Dennis
Sent: Thursday, August 07, 2003 11:17 PM
To: 'Alec Pun'; ccielab@groupstudy.com
Subject: RE: ISDN PAP authentication problem

Reset the pap password under the dialer interface on R5 to cisco and it
should work. It looks like there are some extra characters after cisco
in
the password.

ppp pap sent-username R5 password cisco

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Alec
Pun
Sent: Thursday, August 07, 2003 10:51 PM
To: ccielab@groupstudy.com
Subject: ISDN PAP authentication problem

Hi group,

I am trying PAP authentication over ISDN and hit into some problem. One
side R5 is using dialer profile whereas the other one R6 is using legacy
configuration. However, ISDN connection can't be established because of
the
PAP authentication failure.

I've tried both sides using legacy configuration and it works. Grateful
if
any one can give me some hints, thanks.

regards,
alec
------------------------------------------------------------------------

hostname R5
!
!
username R6 password 0 cisco

interface BRI0
 no ip address
 encapsulation ppp
 dialer pool-member 1
 isdn switch-type basic-net3
 isdn spid1 81049306240101
 isdn spid2 81049306250101
 ppp pap sent-username R5 password 7 030752180500
!
interface Dialer1
 ip address 1.1.1.5 255.255.255.0
 encapsulation ppp
 dialer pool 1
 dialer remote-name R6
 dialer string 4930622
 dialer-group 1
 pulse-time 0
 ppp authentication pap
 ppp pap sent-username R5 password 7 104D000A061852
!
dialer-list 1 protocol ip permit

hostname R6
!
!
username R5 password 0 cisco

interface BRI0
 ip address 1.1.1.6 255.255.255.0
 encapsulation ppp
 dialer-group 1
 isdn switch-type basic-net3
 isdn spid1 81049306220101
 isdn spid2 81049306230101
 ppp authentication pap
 ppp pap sent-username R6 password 7 030752180500
!
ip classless
ip http server
!
dialer-list 1 protocol ip permit
!

R5#ping 1.1.1.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.6, timeout is 2 seconds:

1d20h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
1d20h: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1
1d20h: BR0:1 PPP: Treating connection as a callout
1d20h: BR0:1 PAP: O AUTH-REQ id 44 len 14 from "R5"
1d20h: BR0:1 PAP: I AUTH-NAK id 44 len 27 msg is "Authentication
failure"
1d20h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down.
1d20h: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di1
1d20h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
1d20h: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1
1d20h: BR0:1 PPP: Treating connection as a callout
1d20h: BR0:1 PAP: O AUTH-REQ id 45 len 14 from "R5"
1d20h: BR0:1 PAP: I AUTH-NAK id 45 len 27 msg is "Authentication
failure"
1d20h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down.
1d20h: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di1
1d20h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
1d20h: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1
1d20h: BR0:1 PPP: Treating connection as a callout
1d20h: BR0:1 PAP: O AUTH-REQ id 46 len 14 from "R5"
1d20h: BR0:1 PAP: I AUTH-NAK id 46 len 27 msg is "Authentication
failure"
1d20h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down.
1d20h: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di1
1d20h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
1d20h: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1
1d20h: BR0:1 PPP: Treating connection as a callout
1d20h: BR0:1 PAP: O AUTH-REQ id 47 len 14 from "R5"
1d20h: BR0:1 PAP: I AUTH-NAK id 47 len 27 msg is "Authentication
failure"
1d20h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down.
1d20h: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di1
1d20h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
1d20h: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1
1d20h: BR0:1 PPP: Treating connection as a callout
1d20h: BR0:1 PAP: O AUTH-REQ id 48 len 14 from "R5"
1d20h: BR0:1 PAP: I AUTH-NAK id 48 len 27 msg is "Authentication
failure"
1d20h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down.
Success rate is 0 percent (0/5)
R5#
1d20h: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di1

• Next message: Krishnan Narayanan: "Filterlist Weight"
• Previous message: Brian Dennis: "RE: ISDN PAP authentication problem"
• Maybe in reply to: Alec Pun: "ISDN PAP authentication problem"
• Next in thread: Alec Pun: "Re: ISDN PAP authentication problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:53:55 GMT-3