RE: Ppp authentication

From: Edi Guntoro (eguntoro@sisindosat.co.id)
Date: Fri Aug 06 2004 - 22:59:38 GMT-3

Hi all,
My understanding is r4 will first authenticate r5 by pap but since r5
have ppp pap refuse it won't accept the pap authentication. then r4
challenge r5 using chap and since r5 by default accept chap
authentication it should respond the challenges using its hostname and
the password cisco. I already configure the username and password
respectively.

Please any body help me ...

Thanks

Edi

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Edi Guntoro
Sent: Friday, August 06, 2004 6:00 PM
To: ccielab@groupstudy.com
Subject: Ppp authentication

Hi groups,

I'm configuting r4 to authenticate remote device for both in and out
calls. R4 should first try pap, chap then nothing. r4 should respon r5's
pap authentication using password cisco2002, But r5 should respond to r4
using chap with the password cisco. Any suggestion regarding these debug
negotiation message ??

Thanks
Edi

Rack1R4#p 187.1.45.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 187.1.45.5, timeout is 2 seconds:

*Mar 1 00:48:12.945: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state
to up *Mar 1 00:48:12.949: BR0/0:1 PPP: Using dialer call direction
*Mar 1 00:48:12.949: BR0/0:1 PPP: Treating connection as a callout *Mar
1 00:48:12.949: BR0/0:1 PPP: Phase is ESTABLISHING, Active Open *Mar 1
00:48:12.949: BR0/0:1 LCP: O CONFREQ [Closed] id 13 len 28
*Mar 1 00:48:12.949: BR0/0:1 LCP: AuthProto PAP (0x0304C023)
*Mar 1 00:48:12.949: BR0/0:1 LCP: MagicNumber 0x0D54DDFA
(0x05060D54DDFA)
*Mar 1 00:48:12.949: BR0/0:1 LCP: MRRU 1524 (0x110405F4)
*Mar 1 00:48:12.949: BR0/0:1 LCP: EndpointDisc 1 Rack1R4
(0x130A015261636B315234)
*Mar 1 00:48:12.965: BR0/0:1 LCP: I CONFREQ [REQsent] id 3 len 28
*Mar 1 00:48:12.965: BR0/0:1 LCP: AuthProto PAP (0x0304C023)
*Mar 1 00:48:12.965: BR0/0:1 LCP: MagicNumber 0x09E50A9C
(0x050609E50A9C)
*Mar 1 00:48:12.969: BR0/0:1 LCP: MRRU 1524 (0x110405F4)
*Mar 1 00:48:12.969: BR0/0:1 LCP: EndpointDisc 1 Rack1R5
(0x130A015261636B315235)
*Mar 1 00:48:12.969: BR0/0:1 LCP: O CONFACK [REQsent] id 3 len 28
*Mar 1 00:48:12.969: BR0/0:1 LCP: AuthProto PAP (0x0304C023)
*Mar 1 00:48:12.969: BR0/0:1 LCP: MagicNumber 0x09E50A9C
(0x050609E50A9C)
*Mar 1 00:48:12.969: BR0/0:1 LCP: MRRU 1524 (0x110405F4)
*Mar 1 00:48:12.969: BR0/0:1 LCP: EndpointDisc 1 Rack1R5
(0x130A015261636B315235)
*Mar 1 00:48:12.969: BR0/0:1 LCP: I CONFNAK [ACKsent] id 13 len 9
*Mar 1 00:48:12.969: BR0/0:1 LCP: AuthProto CHAP (0x0305C22305)
*Mar 1 00:48:12.969: BR0/0:1 LCP: O CONFREQ [ACKsent] id 14 len 29
*Mar 1 00:48:12.973: BR0/0:1 LCP: AuthProto CHAP (0x0305C22305)
*Mar 1 00:48:12.973: BR0/0:1 LCP: MagicNumber 0x0D54DDFA
(0x05060D54DDFA)
*Mar 1 00:48:12.973: BR0/0:1 LCP: MRRU 1524 (0x110405F4)
*Mar 1 00:48:12.973: BR0/0:1 LCP: EndpointDisc 1 Rack1R4
(0x130A015261636B315234)
*Mar . 1 00:48:12.989: BR0/0:1 LCP: I CONFACK [ACKsent] id 14 len 29
*Mar 1 00:48:12.989: BR0/0:1 LCP: AuthProto CHAP (0x0305C22305)
*Mar 1 00:48:12.993: BR0/0:1 LCP: MagicNumber 0x0D54DDFA
(0x05060D54DDFA)
*Mar 1 00:48:12.993: BR0/0:1 LCP: MRRU 1524 (0x110405F4)
*Mar 1 00:48:12.993: BR0/0:1 LCP: EndpointDisc 1 Rack1R4
(0x130A015261636B315234)
*Mar 1 00:48:12.993: BR0/0:1 LCP: State is Open
*Mar 1 00:48:12.993: BR0/0:1 PPP: Phase is AUTHENTICATING, by both *Mar
1 00:48:12.993: BR0/0:1 PAP: Using hostname from interface PAP *Mar 1
00:48:12.993: BR0/0:1 PAP: Using password from interface PAP *Mar 1
00:48:12.993: BR0/0:1 PAP: O AUTH-REQ id 5 len 22 from "Router4" *Mar 1
00:48:12.993: BR0/0:1 CHAP: O CHALLENGE id 45 len 28 from "Rack1R4" *Mar
1 00:48:13.005: BR0/0:1 PAP: I AUTH-ACK id 5 len 5.. *Mar 1
00:48:18.947: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to
220 Rack1R5.. Success rate is 0 percent (0/5) Rack1R4# *Mar 1
00:48:22.978: BR0/0:1 AUTH: Timeout 1 *Mar 1 00:48:22.978: BR0/0:1
CHAP: O CHALLENGE id 46 len 28 from "Rack1R4" Rack1R4# *Mar 1
00:48:32.994: BR0/0:1 AUTH: Timeout 2 *Mar 1 00:48:32.994: BR0/0:1
CHAP: O CHALLENGE id 47 len 28 from "Rack1R4" Rack1R4#

Rack1R5#debu ppp neg
PPP protocol negotiation debugging is on
Rack1R5#
00:06:45: BR0/0:2 AUTH: Timeout 1
00:06:45: BR0/0:2 CHAP: I CHALLENGE id 13 len 28 from "Rack1R4"
00:06:45: BR0/0:2 CHAP: Challenge name (Rack1R4) does not match Response
name (Router4), ignoring Rack1R5#
00:06:56: BR0/0:2 AUTH: Timeout 2
00:06:56: BR0/0:2 CHAP: I CHALLENGE id 14 len 28 from "Rack1R4"
00:06:56: BR0/0:2 CHAP: Challenge name (Rack1R4) does not match Response
name (Router4), ignoring

Rack1R4#sh run
Building configuration...

!
hostname Rack1R4
!
logging queue-limit 100
enable password cisco
!
username Rack1R5 password 0 cisco
!
interface BRI0/0
 ip address 187.1.45.4 255.255.255.0
 encapsulation ppp
 dialer map ip 187.1.45.5 name Rack1R5 broadcast 220 dialer-group 1
isdn switch-type basic-net3 compress stac ppp authentication pap chap
optional ppp pap sent-username Router4 password 0 cisco2000 ppp
multilink ppp multilink links minimum 2 ! dialer-list 1 protocol ip
permit ! End

Rack1R5#sh run
Building configuration...

hostname Rack1R5
!
enable password cisco
!
username Router4 password 0 cisco2000
username Rack1R4 password 0 cisco
!
interface BRI0/0
 ip address 187.1.45.5 255.255.255.0
 encapsulation ppp
 no ip mroute-cache
 dialer idle-timeout 0
 dialer map ip 187.1.45.4 name Router4 broadcast
 isdn switch-type basic-net3
 compress stac
 ppp authentication pap callin
 ppp pap refuse
 ppp multilink
 multilink min-links 2
!
End

This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:34 GMT-3