From: Adel Abushaev (adel@netmasterclass.net)
Date: Thu Dec 11 2003 - 20:20:27 GMT-3
In your configuration, L1R1 will challenge L1R3 with CHAP, L1R3 will not
challenge L1R1.
L1R1 ppp authentication:
*Mar 1 02:30:00.675: BR0/0:1 CHAP: O CHALLENGE id 15 len 25 from "L1R1"
*Mar 1 02:30:00.695: BR0/0:1 CHAP: I RESPONSE id 15 len 25 from "L1R3"
*Mar 1 02:30:00.699: BR0/0:1 PPP: Sent CHAP LOGIN Request
*Mar 1 02:30:00.699: BR0/0:1 PPP: Received LOGIN Response PASS
*Mar 1 02:30:00.699: BR0/0:1 CHAP: O SUCCESS id 15 len 4.
In this case, the name L1R3 is matched against dialer map statement on L1R1
and L3-to-L2 map is now operational.
On the other side, L1R3 did not challenge L1R1, therefore it's map will look
like:
Static dialer map ip 144.4.13.1 (5552004) on BR0
The remote party name in dialer map statement only works when CHAP
authentication is enabled. Since CHAP is turned off on L1R3, packet destined
to 144.4.13.1 is targeted to interface BR0, but the map that will send it
thru the B channel is not functioning. It doesn't know that the router that
called in is the same router L1R1 from it's dialer map statement. As of this
moment, L1R3 decides to call L1R1. Because it has the second number of L1R1
configured in it's dialer map, assuming that L1R1 did not originate call
from this number (can happen as well, if the first B channel fails for any
reason), the call from L1R3 towards L1R1 will be successful, and two B
channels will service each direction:
L1R1 calls L1R3:
00:28:25: ISDN BR0: RX <- SETUP pd = 8 callref = 0x09
00:28:25: Bearer Capability i = 0x8890
00:28:25: Channel ID i = 0x89
00:28:25: Signal i = 0x40 - Alerting on - pattern 0
00:28:25: Called Party Number i = 0xC1, '5552006', Plan:ISDN,
Type:Subscriber(local)
00:28:25: ISDN BR0: Event: Received a DATA call from <unknown> on B1 at 64
Kb/s <---- Please note "UNKNOWN", that's the source of the problem.
00:28:25: ISDN BR0: Event: Accepting the call id 0xE
00:28:25: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
00:28:25: BR0:1 PPP: Treating connection as a callin
00:28:27: BR0:1 CHAP: I CHALLENGE id 17 len 25 from "L1R1"
00:28:27: BR0:1 CHAP: O RESPONSE id 17 len 25 from "L1R3"
00:28:27: BR0:1 CHAP: I SUCCESS id 17 len 4
00:28:27: BR0:1 DDR: dialer protocol up
00:28:28: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed
state to up
L1R3 sends ping back, and this triggers another call:
00:28:29: BR0 DDR: Dialing cause ip (s=144.4.13.2, d=144.4.13.1)
00:28:29: BR0 DDR: Attempting to dial 5552005
00:28:29: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up
00:28:29: BR0:2 PPP: Treating connection as a callout
00:28:29: ISDN BR0: TX -> CONNECT_ACK pd = 8 callref = 0x18
00:28:29: BR0:2 CHAP: I CHALLENGE id 2 len 25 from "L1R1"
00:28:29: BR0:2 CHAP: O RESPONSE id 2 len 25 from "L1R3"
00:28:29: BR0:2 CHAP: I SUCCESS id 2 len 4
00:28:29: BR0:2 DDR: dialer protocol up
00:28:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changed
state to up
HTH,
Adel Abouchaev
CCIE# 12037, MCSE
http://www.netmasterclass.net
----- Original Message -----
From: "Ellie Chou" <ellie_chou@hotmail.com>
To: <adel@netmasterclass.net>; <ccielab@groupstudy.com>
Sent: Wednesday, December 10, 2003 10:37 PM
Subject: Re: question about PPP authentication
> I have PPP configured on both sides but PPP authentication chap
> configured on one side only. I guess my question is pretty fundamental (
> just started playing with ISDN): why are there two unidirectoinal links?
> Let's say A calls B, and the traffic that triggers the call is ping. So
> my guess in order to send back ping reply back to A, B has to initiate
> another call to A, therefore there are two connections. But why can't B
> recognize the ping reply desitnation is A and there is already an active
> call? I found that only when both A and B have PPP encapsulation and PPP
> authentication chap, only one channel is used. In any other condition two
> channels are used.
>
> Here is the configuration:
>
> RouterA:
>
> interface BRI0/0
> ip address 144.4.13.1 255.255.255.252
> encapsulation ppp
> dialer map ip 144.4.13.2 name L1R3 broadcast 5551616
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 31055514140101 5551414
> isdn spid2 31055515150101 5551515
> ppp authentication chap
>
> RouterB:
>
> interface BRI0/0
> ip address 144.4.13.2 255.255.255.252
> encapsulation ppp
> dialer map ip 144.4.13.1 name L1R1 broadcast 5551515
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 31055516160101 5551616
> isdn spid2 31055517170101 5551717
>
> thanks,
>
> Ellie
>
> >From: "Adel Abushaev" >Reply-To: "Adel Abushaev" >To: >Subject: Re:
> question about PPP authentication >Date: Wed, 10 Dec 2003 15:06:05 -0500
> > >It looks like you have 2 unidirectional links, one per B-channel. >Do
> you have PPP configured on both sides or only on one? >Or is it
> authentication you configured on one side only? Or just show your >BRI
> configuration to the list. > >Adel Abouchaev >CCIE# 12037, MCSE
> >http://www.netmasterclass.net > >----- Original Message ----- >From:
> >To: >Sent: Tuesday, December 09, 2003 10:58 PM >Subject: question about
> PPP authentication > > > > Hi, > > > > I am running PPP over ISDN. > >
> Can anyone tell me if I have "ppp authentication chap" configured on one
> >side but nothing configured on the other side. What would the
> negotiation >look like? I tried it on my setup, let's say routerA and
> router B. When I >ping B from A(classified as interesting traffic), two
> ISDN connection are >established, one shows A as caller and one show B as
> caller. Can someone >help me on this? thanks a lot!!!! :-) > > > > Ellie
> > > > >
> _______________________________________________________________________ >
> > Please help support GroupStudy by purchasing your study materials from:
> > > http://shop.groupstudy.com > > > > Subscription information may be
> found at: > > http://www.groupstudy.com/list/CCIELab.html >
> >_______________________________________________________________________
> >Please help support GroupStudy by purchasing your study materials from:
> >http://shop.groupstudy.com > >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> ------------------------------------------------------------------------
>
> Our best dial-up offer is back. Get MSN Dial-up Internet Service for 6
> months @ $9.95/month now!
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:39 GMT-3