Re: ppp authentication chap callin

From: William Lijewski (ccie8642@hotmail.com)
Date: Wed Sep 24 2003 - 22:52:12 GMT-3

• Next message: Sukhdev: "AS5300 for Sale"
• Previous message: Kaiser Anwar: "isdn question"
• Maybe in reply to: Kaiser Anwar: "ppp authentication chap callin"
• Next in thread: Kaiser Anwar: "Re: ppp authentication chap callin"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

By default when you apply ppp authentication chap on the BRI interface the
router will authenticate both calls in and calls out. You don't want R3 to
authenticate both ways, only on the call out of R3, not the calls in. Here
are your options:

On R1:

ppp authentication chap callin - this will tell R1 to only authenticate
incoming calls. It will not authenticate outgoing calls. Not what you
want.

ppp authentication chap callout - this will tell R1 to only authenticate
outgoing calls. It will not authenticate incoming calls. Not what you
want.

On R3:

ppp authentication chap callin - this will tell R3 to only authenticate
incoming calls. It will not authenticate outgoing calls. Not what you
want.

ppp authentication chap callout - this will tell R3 to only authenticate
outgoing calls. It will not authenticate incoming calls. This is what you
want. The command only goes on R3. Don't do anything different on R1, only
the ppp authentication chap, so that R1 will still authenticate both
incoming and outgoing calls. On R3 apply the ppp authentication chap
callout command so that R3 will only authenticate when it callls out. It
will not authenticate when R1 calls in.

You can verify this with the 'debug ppp authentication' command on R3.
Issue it before you change R3 to callout and you will see two challenges
when R1 calls. Change it to callout on R3 and you will only see R1
challenge R3 - R3 will not challenge the call in.

Bill Lijewski
CCIE #8642
Network Learning Inc
5 Day R&S CCIE Bootcamp Instructor

>From: "Kaiser Anwar" <kaiseranwar@sbcglobal.net>
>Reply-To: "Kaiser Anwar" <kaiseranwar@sbcglobal.net>
>To: <ccielab@groupstudy.com>
>Subject: ppp authentication chap callin
>Date: Wed, 24 Sep 2003 18:16:33 -0500
>
>Hi,
> I am little confused here. this is what I am trying to achiev. I have
>R1
>connected to R3 with isdn.
> If R1 calls R3. R3 should not challenge R1. which command I need to
>put
>and on which router.
>
>Thanks
>Kaiser A
>
>***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: Sukhdev: "AS5300 for Sale"
• Previous message: Kaiser Anwar: "isdn question"
• Maybe in reply to: Kaiser Anwar: "ppp authentication chap callin"
• Next in thread: Kaiser Anwar: "Re: ppp authentication chap callin"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:36 GMT-3