RE: Help on PPP Authentication [7:86316]

From: Jonathan Hays (nomad@gfoyle.org)
Date: Wed Mar 24 2004 - 22:40:27 GMT-3

• Next message: CHIONG, ERWIN R (ASI): "RE: NetMasterClass training"
• Previous message: ngawas: "RE: Bgp summary"
• Next in thread: Bill Lijewski: "RE: Help on PPP Authentication [7:86316]"
• Maybe reply: Bill Lijewski: "RE: Help on PPP Authentication [7:86316]"
• Maybe reply: Jonathan Hays: "RE: Help on PPP Authentication [7:86316]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

you wrote:
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
>Behalf Of John Brandis
>Sent: Wednesday, March 24, 2004 7:05 PM
>To: cisco@groupstudy.com
>Subject: Help on PPP Authentication [7:86316]
>
>
>Hi All,
>
>Have an issue here with two routers over ISDN. I am pretty sure that I
>cant communicate between the two because the link is not being brought
>up properly. I see that after 110 seconds, the link dies. I debug ppp
>authent, and I see the following.
>
>
>00:16:37: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66
>changed to
>up
>00:16:37: %DIALER-6-BIND: Interface BRI0:2 bound to profile Diale
>00:16:37: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up
>00:16:37: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
>00:16:37: %DIALER-6-BIND: Interface BRI0:1 bound to profile Dialer0
>00:16:43: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to
>111111111
>
>syd-2520#sh ip route static
> 10.0.0.0/8 is variably subnetted, 54 subnets, 5 masks
>S 10.9.9.2/32 is directly connected, Dialer0
>S 10.64.30.0/24 [200/0] via 10.9.9.2
>syd-2520#debug
>syd-2520#debug ppp
>syd-2520#debug ppp auth
>syd-2520#debug ppp authentication cha
>syd-2520#debug ppp authentication ch?
>% Unrecognized command
>syd-2520#debug ppp authentication ?
>
>
>syd-2520#debug ppp authentication
>PPP authentication debugging is on
>syd-2520#
>syd-2520#
>syd-2520#
>00:17:29: BR0:1 CHAP: O CHALLENGE id 6 len 29 from "syd-2520"
>00:17:29: BR0:2 CHAP: O CHALLENGE id 6 len 29 from "syd-2520"
>00:17:29: BR0:2 CHAP: I CHALLENGE id 6 len 29 from "syd-2520"
>00:17:29: BR0:2 CHAP: Waiting for peer to authenticate first
>00:17:29: BR0:1 CHAP: I CHALLENGE id 6 len 29 from "syd-2520"
>00:17:29: BR0:1 CHAP: Ignoring Challenge with local namesh
>00:17:39: BR0:1 CHAP: O CHALLENGE id 7 len 29 from "syd-2520"
>00:17:39: BR0:2 CHAP: O CHALLENGE id 7 len 29 from "syd-2520"
>00:17:39: BR0:2 CHAP: I CHALLENGE id 7 len 29 from "syd-2520"
>00:17:39: BR0:2 CHAP: Waiting for peer to authenticate first
>00:17:39: BR0:1 CHAP: I CHALLENGE id 7 len 29 from "syd-2520"
>00:17:39: BR0:1 CHAP: Ignoring Challenge with local name
>00:17:49: BR0:1 CHAP: O CHALLENGE id 8 len 29 from "syd-2520"
>00:17:49: BR0:2 CHAP: O CHALLENGE id 8 len 29 from "syd-2520"
>00:17:49: BR0:2 CHAP: I CHALLENGE id 8 len 29 from "syd-2520"
>00:17:49: BR0:2 CHAP: Waiting for peer to authenticate first
>00:17:49: BR0:1 CHAP: I CHALLENGE id 8 len 29 from "syd-2520"
>00:17:49: BR0:1 CHAP: Ignoring Challenge with local name
>
>
>Here is a part of the config on each router
>
>Syd-2520 (making the call)
>
>username routera password 0 letmein
>
>RouterA (peer)
>
>Username syd-2520 password 0 letmein
>
= = =
This is what you should see under debug ppp auth when you ping:

R2#
*Apr 10 04:26:57.280: %LINK-3-UPDOWN: Interface BRI1/0:1, changed state
to up
*Apr 10 04:26:57.284: BR1/0:1 PPP: Using dialer call direction
*Apr 10 04:26:57.284: BR1/0:1 PPP: Treating connection as a callout
*Apr 10 04:26:57.300: BR1/0:1 CHAP: O CHALLENGE id 35 len 23 from "R2"
*Apr 10 04:26:57.308: BR1/0:1 CHAP: I CHALLENGE id 35 len 23 from "R5"
*Apr 10 04:26:57.308: BR1/0:1 CHAP: O RESPONSE id 35 len 23 from "R2"
*Apr 10 04:26:57.324: BR1/0:1 CHAP: I SUCCESS id 35 len 4
*Apr 10 04:26:57.328: BR1/0:1 CHAP: I RESPONSE id 35 len 23 from "R5"
*Apr 10 04:26:57.328: BR1/0:1 CHAP: O SUCCESS id 35 len 4
R2#
*Apr 10 04:26:58.328: %LINEPROTO-5-UPDOWN: Line protocol on Interface
BRI1/0:1, changed state to up
R2#
*Apr 10 04:27:03.280: %ISDN-6-CONNECT: Interface BRI1/0:1 is now
connected to 8358661 R5
R2#

I suggest removing authentication to verify it works without it. You
also need to post more complete configurations, including all relevant
information. Here are mine for reference:

R2#sh run int bri1/0
Building configuration...

Current configuration : 242 bytes
!
interface BRI1/0
 ip address 25.2.2.2 255.255.255.0
 encapsulation ppp
 dialer map ip 25.2.2.5 name R5 broadcast 8358661
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0835866201
 isdn spid2 0835866401
 ppp authentication chap
end

R2#sh run | include dialer-list
dialer-list 1 protocol ip permit
R2#sh run | include username
username R5 password 0 cisco
R2#
= = = = =
R5#sh run int bri1/0
Building configuration...

Current configuration : 242 bytes
!
interface BRI1/0
 ip address 25.2.2.5 255.255.255.0
 encapsulation ppp
 dialer map ip 25.2.2.2 name R2 broadcast 8358662
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0835866101
 isdn spid2 0835866301
 ppp authentication chap
end

R5#sh run | i dialer-list
dialer-list 1 protocol ip permit
R5#sh run | i username
username R2 password 0 cisco
R5#

• Next message: CHIONG, ERWIN R (ASI): "RE: NetMasterClass training"
• Previous message: ngawas: "RE: Bgp summary"
• Next in thread: Bill Lijewski: "RE: Help on PPP Authentication [7:86316]"
• Maybe reply: Bill Lijewski: "RE: Help on PPP Authentication [7:86316]"
• Maybe reply: Jonathan Hays: "RE: Help on PPP Authentication [7:86316]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:46 GMT-3