From: Andriy Lysyuk (lysyuk@ics.ua)
Date: Mon Sep 22 2003 - 05:22:54 GMT-3
Hello.
Authentication is required for successful two-way communication.
Without authentication when receiving incoming call over any dial media
(ISDN, POTS), peer trying to reply with ICMP echo reply. But after
performing IP to dial number mapping receiving part is going to make
another call, because it is unaware that call already active came from
the same peer and router must not place another call.
After auhentication is enabled receiving router is aware that active
call originated from the same peer that sent ICMP request. So it simply
send ISMP reply over existing channel.
There is anohter interesting effect. When using two ISDN BRI interfaces
with all necessary configuration on both sides for placing a call,
without authentication two-way communication is performed by
establishing 2 calls over separate B channels (one originated from party
that initiated conneciton and another one originated from another
party).
Regards, Andrity Lysyuk
CCIE #10933
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jonathan V Hays
Sent: Sunday, September 21, 2003 4:34 PM
To: 'Larry Roberts'; 'Volodymyr Levytskyy'; ccielab@groupstudy.com
Subject: RE: isdn and authentication
In my experience neither PPP encapsulation nor a host route is needed to
ping. See below:
R1a#sh ip route | include 172.16.122.
C 172.16.122.0/24 is directly connected, BRI1/0
R1a#sh run int bri1/0
Building configuration...
Current configuration : 226 bytes
!
interface BRI1/0
ip address 172.16.122.1 255.255.255.0
encapsulation hdlc
dialer map ip 172.16.122.2 name R2 broadcast 8358662
dialer-group 1
isdn switch-type basic-ni
isdn spid1 0835866101
isdn spid2 0835866301
end
R1a#ping 172.16.122.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.122.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/33/36 ms
R1a#
HTH,
Jonathan
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Larry Roberts
Sent: Sunday, September 21, 2003 3:52 AM
To: Volodymyr Levytskyy; ccielab@groupstudy.com
Subject: Re: isdn and authentication
More than likely it is whenever you enable PPP you can ping the
neighbor,
not authentication. When you enable PPP encapsulation the router
installs a
/32 host route for the neighbor on the other side of the BRI link. It is
the
/32 route that enables you to ping the directly connected neighbor and
yourself.
HTH,
Larry Roberts
CCIE #7886 (R&S / Security)
----- Original Message -----
From: "Volodymyr Levytskyy" <volodymyr.levytskyy@3web.net>
To: <ccielab@groupstudy.com>
Sent: Sunday, September 21, 2003 1:10 AM
Subject: isdn and authentication
> I am wondering why if is connected BRI to BRI without authentication
there
is
> no ping on own interface or neighbor's, only when I enable
authentication
I
> can ping these interfaces. Encapsulation ppp.
>
> Thanks
> Volodymyr
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
>
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:33 GMT-3