From: Snow, Tim (timothy.snow@eds.com)
Date: Mon Sep 22 2003 - 05:35:56 GMT-3
I respectfully disagree with the statement "Authentication is required for
successful two-way communication" as I've successfully bound channels
using caller-id and thus avoided any authentication issues. Just something
to think about. It's cool to see it in action...
Cheers
Tim
#12042
-----Original Message-----
From: Andriy Lysyuk [mailto:lysyuk@ics.ua]
Sent: Monday, September 22, 2003 4:23 AM
To: 'Jonathan V Hays'; 'Larry Roberts'; 'Volodymyr Levytskyy';
ccielab@groupstudy.com
Subject: RE: isdn and authentication
Hello.
Authentication is required for successful two-way communication. Without
authentication when receiving incoming call over any dial media (ISDN,
POTS), peer trying to reply with ICMP echo reply. But after performing IP to
dial number mapping receiving part is going to make another call, because it
is unaware that call already active came from the same peer and router must
not place another call.
After auhentication is enabled receiving router is aware that active call
originated from the same peer that sent ICMP request. So it simply send ISMP
reply over existing channel.
There is anohter interesting effect. When using two ISDN BRI interfaces
with all necessary configuration on both sides for placing a call, without
authentication two-way communication is performed by establishing 2 calls
over separate B channels (one originated from party that initiated
conneciton and another one originated from another party).
Regards, Andrity Lysyuk
CCIE #10933
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jonathan V Hays
Sent: Sunday, September 21, 2003 4:34 PM
To: 'Larry Roberts'; 'Volodymyr Levytskyy'; ccielab@groupstudy.com
Subject: RE: isdn and authentication
In my experience neither PPP encapsulation nor a host route is needed to
ping. See below:
R1a#sh ip route | include 172.16.122.
C 172.16.122.0/24 is directly connected, BRI1/0
R1a#sh run int bri1/0
Building configuration...
Current configuration : 226 bytes
!
interface BRI1/0
ip address 172.16.122.1 255.255.255.0
encapsulation hdlc
dialer map ip 172.16.122.2 name R2 broadcast 8358662 dialer-group 1 isdn
switch-type basic-ni isdn spid1 0835866101 isdn spid2 0835866301 end
R1a#ping 172.16.122.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.122.2, timeout is 2 seconds: !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/33/36 ms R1a#
HTH,
Jonathan
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Larry Roberts
Sent: Sunday, September 21, 2003 3:52 AM
To: Volodymyr Levytskyy; ccielab@groupstudy.com
Subject: Re: isdn and authentication
More than likely it is whenever you enable PPP you can ping the neighbor,
not authentication. When you enable PPP encapsulation the router installs a
/32 host route for the neighbor on the other side of the BRI link. It is the
/32 route that enables you to ping the directly connected neighbor and
yourself.
HTH,
Larry Roberts
CCIE #7886 (R&S / Security)
----- Original Message -----
From: "Volodymyr Levytskyy" <volodymyr.levytskyy@3web.net>
To: <ccielab@groupstudy.com>
Sent: Sunday, September 21, 2003 1:10 AM
Subject: isdn and authentication
> I am wondering why if is connected BRI to BRI without authentication
there
is
> no ping on own interface or neighbor's, only when I enable
authentication
I
> can ping these interfaces. Encapsulation ppp.
>
> Thanks
> Volodymyr
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
>
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:33 GMT-3