Re: callback or callin - please help

From: Ahmed Mustafa (ahmed.mustafa@sbcglobal.net)
Date: Fri May 14 2004 - 20:13:48 GMT-3

To me,

The command "PPP Authentication chap callin will go on R2 since it is a
called router. R2 will initiate a call, R1 will challange it.

Check this link out.

http://www.cisco.com/en/US/tech/tk713/tk507/technologies_configuration_examp
le09186a0080094333.shtml#configuringunidirectionalchapauthentication

----- Original Message -----
From: "Carlos G Mendioroz" <tron@huapi.ba.ar>
To: "Arifur Rahman" <arahman@cisco.com>
Cc: <ccielab@groupstudy.com>
Sent: Friday, May 14, 2004 3:03 AM
Subject: Re: callback or callin - please help

> I would say the first config meets your req.
> R1 authenticates R2 on callin, but not on callout (note you have a
> CHALLENGE I but not CHALLENGE O in the second (callback) call.
>
> Arifur Rahman wrote:
> > Hi Group
> > if it was asked "r1 will authenticate r2 only when r2 call r1", should I
> > use callin or callout for r1. Please help. Config and debug below
> >
> > r2#sr int s3/0:23
> > interface Serial3/0:23
> > ip address 172.16.12.2 255.255.255.0
> > encapsulation ppp
> > dialer map ip 172.16.12.1 name r1 broadcast 5678
> > dialer-group 1
> > isdn switch-type primary-ni
> > ppp callback request
> > ppp authentication chap
> > ppp multilink
> > end
> > r2#
> >
> >
> > r1#sr int s3/0:23
> > interface Serial3/0:23
> > ip address 172.16.12.1 255.255.255.0
> > encapsulation ppp
> > dialer callback-secure
> > dialer idle-timeout 20 either
> > dialer enable-timeout 5
> > dialer map ip 172.16.12.2 name r2 class CALLB broadcast 1234
> > dialer-group 1
> > isdn switch-type primary-ni
> > isdn protocol-emulate network
> > isdn T310 30000
> > ppp callback accept
> > ppp authentication chap callin
> > ppp multilink
> > end
> >
> > "debug ppp authen" output of router r1
> >
> > r1#
> > 01:08:16: %LINK-3-UPDOWN: Interface Serial3/0:22, changed state to up
> > r1#
> > 01:08:16: Se3/0:22 PPP: Using dialer call direction
> > 01:08:16: Se3/0:22 PPP: Treating connection as a callin
> > 01:08:16: Se3/0:22 CHAP: O CHALLENGE id 8 len 23 from "r1"
> > 01:08:16: Se3/0:22 CHAP: I CHALLENGE id 13 len 23 from "r2"
> > 01:08:16: Se3/0:22 CHAP: Waiting for peer to authenticate first
> > 01:08:16: Se3/0:22 CHAP: I RESPONSE id 8 len 23 from "r2"
> > 01:08:16: Se3/0:22 CHAP: O SUCCESS id 8 len 4
> > 01:08:16: Se3/0:22 CHAP: Processing saved Challenge, id 13
> > 01:08:16: Se3/0:22 CHAP: O RESPONSE id 13 len 23 from "r1"
> > 01:08:16: Se3/0:22 CHAP: I SUCCESS id 13 len 4
> > 01:08:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/0:22,
> > changed state to up
> > 01:08:17: %ISDN-6-DISCONNECT: Interface Serial3/0:22 disconnected from
> > 1234 r2, call lasted 1 seconds
> > r1#
> > 01:08:17: %LINK-3-UPDOWN: Interface Serial3/0:22, changed state to down
> > 01:08:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/0:22,
> > changed state to down
> > r1#
> > Vi1: Dialer re-enable time must be greater than serial pulse time: 5
> > 01:08:21: %LINK-3-UPDOWN: Interface Serial3/0:0, changed state to up
> > 01:08:21: Se3/0:0 PPP: Using dialer call direction
> > 01:08:21: Se3/0:0 PPP: Treating connection as a callout
> > 01:08:21: Se3/0:0 CHAP: I CHALLENGE id 9 len 23 from "r2"
> > 01:08:21: Se3/0:0 CHAP: O RESPONSE id 9 len 23 from "r1"
> > 01:08:21: Se3/0:0 CHAP: I SUCCESS id 9 len 4
> > 01:08:21: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
> > r1#
> > 01:08:21: Vi1 PPP: Using dialer call direction
> > 01:08:21: Vi1 PPP: Treating connection as a callout
> > r1#
> > 01:08:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/0:0,
> > changed state to up
> > 01:08:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> > Virtual-Access1, changed state to up
> > r1#
> > 01:08:27: %ISDN-6-CONNECT: Interface Serial3/0:0 is now connected to
> > 1234 r2
> > r1#
> > 01:08:42: %ISDN-6-DISCONNECT: Interface Serial3/0:0 disconnected from
> > 1234 r2, call lasted 20 seconds
> > r1#
> > 01:08:42: %LINK-3-UPDOWN: Interface Serial3/0:0, changed state to down
> > r1#
> > 01:08:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/0:0,
> > changed state to down
> > 01:08:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> > Virtual-Access1, changed state to down
> > r1#
> > r1#
> > r1#
> > r1#
> > r1#
> > r1#ct
> > Enter configuration commands, one per line. End with CNTL/Z.
> > r1(config)#int s3/0:23
> > r1(config-if)# ppp authentication chap callb
> > r1(config-if)#^Z
> > r1#
> > 01:09:00: %SYS-5-CONFIG_I: Configured from console by console
> > r1#
> > r1#
> > r1#sr int s3/0:23
> > Building configuration...
> >
> > Current configuration : 392 bytes
> > !
> > interface Serial3/0:23
> > ip address 172.16.12.1 255.255.255.0
> > encapsulation ppp
> > dialer callback-secure
> > dialer idle-timeout 20 either
> > dialer enable-timeout 5
> > dialer map ip 172.16.12.2 name r2 class CALLB broadcast 1234
> > dialer-group 1
> > isdn switch-type primary-ni
> > isdn protocol-emulate network
> > isdn T310 30000
> > ppp callback accept
> > ppp authentication chap callback
> > ppp multilink
> > end
> >
> > r1#
> > 01:09:11: %LINK-3-UPDOWN: Interface Serial3/0:22, changed state to up
> > r1#
> > 01:09:11: Se3/0:22 PPP: Using dialer call direction
> > 01:09:11: Se3/0:22 PPP: Treating connection as a callin
> > 01:09:11: Se3/0:22 CHAP: I CHALLENGE id 14 len 23 from "r2"
> > 01:09:11: Se3/0:22 CHAP: O RESPONSE id 14 len 23 from "r1"
> > 01:09:11: Se3/0:22 CHAP: I SUCCESS id 14 len 4
> > 01:09:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/0:22,
> > changed state to up
> > 01:09:12: %ISDN-6-CONNECT: Interface Serial3/0:22 is now connected to
r2
> > 01:09:12: %ISDN-6-DISCONNECT: Interface Serial3/0:22 disconnected from
> > r2, call lasted 1 seconds
> > r1#
> > 01:09:12: %LINK-3-UPDOWN: Interface Serial3/0:22, changed state to down
> > 01:09:13: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/0:22,
> > changed state to down
> > r1#
> > 01:09:16: %LINK-3-UPDOWN: Interface Serial3/0:0, changed state to up
> > r1#
> > Vi1: Dialer re-enable time must be greater than serial pulse time: 5
> > 01:09:16: Se3/0:0 PPP: Using dialer call direction
> > 01:09:16: Se3/0:0 PPP: Treating connection as a callout
> > 01:09:16: Se3/0:0 CHAP: O CHALLENGE id 2 len 23 from "r1"
> > 01:09:16: Se3/0:0 CHAP: I CHALLENGE id 10 len 23 from "r2"
> > 01:09:16: Se3/0:0 CHAP: O RESPONSE id 10 len 23 from "r1"
> > 01:09:16: Se3/0:0 CHAP: I SUCCESS id 10 len 4
> > 01:09:16: Se3/0:0 CHAP: I RESPONSE id 2 len 23 from "r2"
> > 01:09:16: Se3/0:0 CHAP: O SUCCESS id 2 len 4
> > 01:09:16: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
> > r1#
> > 01:09:16: Vi1 PPP: Using dialer call direction
> > 01:09:16: Vi1 PPP: Treating connection as a callout
> > r1#
> > 01:09:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/0:0,
> > changed state to up
> > 01:09:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> > Virtual-Access1, changed state to up
> > r1#
> > 01:09:22: %ISDN-6-CONNECT: Interface Serial3/0:0 is now connected to
> > 1234 r2
> > r1#
> > 01:09:37: %ISDN-6-DISCONNECT: Interface Serial3/0:0 disconnected from
> > 1234 r2, call lasted 20 seconds
> >
> > Appreciate your help. thank you - Arif
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
> --
> Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:12 GMT-3