From: Kian Wah, Lai (kian_wah@qala.com.sg)
Date: Thu Oct 14 2004 - 04:23:30 GMT-3
You need to have a ppp authentication on the main interface so the phy int
knows which dialer to binds it to.
00:30:66592079220: ISDN BR1: Event: Received a DATA call from 7773234010 on
B1
t 64 Kb/s
00:30:66592079220: ISDN BR1: Event: Accepting the call id 0xB
00:30:66592079644: ISDN BR1:1: Incoming call rejected, unbindable
The phy interface upon receiving the call doesn't know which interface to
bind to so basically it drops the call. By configuring authentication on the
phy interface, you ask the router to identify who is the remote peer before
it binds it to the dialer.
Eg.
interface Dialer1
dialer remote-name r2
!
interface Dialer2
dialer remote-name r2r2
ppp chap hostname r1r1
!
If R2 (the remote router) calls in and use the hostname r2 for
authentication, R1 knows it has to bind to dialer 1. Like wise if R2 uses
hostname r2r2, it will bind to dialer 2.
If you have only 1 dialer, it will always bind to that dialer so you don't
have to worry about the unbindable issue.
Authentication has to be done on the phy interface only.
R2:
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-ni
isdn spid1 01017773234010
isdn spid2 01017773234011
ppp authentication chap
!
interface Dialer1
ip address 192.168.1.2 255.255.255.0
encapsulation ppp
dialer pool 1
dialer remote-name r1
dialer idle-timeout 0
dialer string 7773233010
dialer string 7773233011
dialer-group 1
!
interface Dialer2
ip address 172.16.1.2 255.255.255.0
encapsulation ppp
dialer pool 1
dialer remote-name r1r1
dialer idle-timeout 0
dialer string 7773233010
dialer string 7773233011
dialer-group 1
ppp chap hostname r2r2
-----> R1 has similar config.
-----> Ping to r1 first dialer interface
r2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
00:50:121067551285: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
00:50:122426653580: %DIALER-6-BIND: Interface BR0:1 bound to profile
Di1..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 32/32/32 ms
r2#
00:50:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed
state
to up
r2#
00:50:34: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 7773233010
r1
r2#
r2#
-----> ping to r1 2nd dialer interface
r2#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
00:50:176143990784: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up
00:50:178261228428: %DIALER-6-BIND: Interface BR0:2 bound to profile
Di2..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 32/32/32 ms
r2#
00:50:47: %ISDN-6-CONNECT: Interface BRI0:2 is now connected to 7773233010
r1r1
r2#
-----> If you want to do both PAP and CHAP.
interface BRI0
ppp authentication chap pap
ppp pap sent-username r2r2 password 0 CISCO
!
interface Dialer2
ppp chap refuse
Correct me if I'm wrong.
Regards,
Kian Wah
Singapore Cisco User Group
http://www.sgcug.org
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Cisco Net
Sent: Thursday, October 14, 2004 12:27 PM
To: Brian McGahan
Cc: ccielab@groupstudy.com
Subject: Re: IE Lab 9 ISDN 4.13
Brian
I had removed ppp authentication pap chap and ppp sent-username
commands from BRI interface and then after i am not able to establish
the isdn line with ping.
Sorry to trouble you but i am not still very clear why this
is happening.
Assuming i have just one dialer interface then i can establish
the ckt with interesting traffic without ppp authentication chap/pap.
How does it different from this since i am pinging only to the
remote ip address which has to be though my new dialer interface.
I guess i am not very clear why we need ppp authentication
"turned on" on the BRI interface. Please help me if you get couple
of min.
LEt me also assume a condition were i do not need authentication
on any of my dialer interfaces calls . In that case will it establish isdn
through both dialer interface (well only one at a time)
Regards
Cert
On Wed, 13 Oct 2004 14:15:28 -0400, Brian McGahan
<bmcgahan@internetworkexpert.com> wrote:
> Have you tried these various combinations? See what happens when
> authentication is not enabled on the main interface, or pap
> authentication is not enabled on the second dialer.
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > Cisco Net
> > Sent: Wednesday, October 13, 2004 1:01 PM
> > To: Brian McGahan
> > Cc: ccielab@groupstudy.com
> > Subject: Re: IE Lab 9 ISDN 4.13
> >
> > Hi
> > Thank you Brian.
> > 1) Why do we turned on ppp authentication pap for the new ISDN profile
> >
> > 2) Why did you turned PPP authentication on the BRI interface, would
> > it be only required on the new dialer interface ?
> > 3)
> >
> > Regards
> > Cert
> >
> > On Wed, 13 Oct 2004 09:48:06 -0400, Brian McGahan
> > <bmcgahan@internetworkexpert.com> wrote:
> > > The dialer interface is in backup, not the BRI interface. What
> > > specifically don't you understand about the section?
> > >
> > > Brian McGahan, CCIE #8593
> > > bmcgahan@internetworkexpert.com
> > >
> > > Internetwork Expert, Inc.
> > > http://www.InternetworkExpert.com
> > > Toll Free: 877-224-8987 x 705
> > > Outside US: 775-826-4344 x 705
> > > 24/7 Support: http://forum.internetworkexpert.com
> > > Live Chat: http://www.internetworkexpert.com/chat/
> > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf
> > > Of
> > > > Cisco Net
> > > > Sent: Wednesday, October 13, 2004 1:23 AM
> > > > To: ccielab@groupstudy.com
> > > > Subject: IE Lab 9 ISDN 4.13
> > > >
> > > > I am not able to understand this second dialer interface concept.
> > > > Especialy since the main BRI interface is standby mode (back up)
> to
> > > > the fraimrelay interface.
> > > >
> > > > Even if the interesting traffic (ICMP) hit on the new dialer
> > > > interface, how does the call will open when the bri interface is
> on
> > > > standby...
> > > >
> > > > Please help me with this...
> > > >
> > > > By the way my new dialer interface is not getting activated when i
> > > > ping the ip address on the other side (section 4.13)
> > > > R4:
> > > > interface Dialer100 --------------> Second interface for 4.13
> secton
> > > > ip address 10.45.45.4 255.255.255.0
> > > > encapsulation ppp
> > > > dialer pool 1
> > > > dialer remote-name Rack1R5
> > > > dialer string 4370443
> > > > dialer-group 10
> > > > ppp authentication pap
> > > > ppp chap refuse
> > > >
> > > > interface BRI3/0
> > > > no ip address
> > > > encapsulation ppp
> > > > load-interval 30
> > > > dialer pool-member 1
> > > > isdn switch-type basic-ni
> > > > isdn spid1 4082436155
> > > > ppp authentication chap pap
> > > > ppp pap sent-username Rack1R4 password 0 CISCO
> > > > ppp multilink
> > > >
> > > > access-list 111 permit icmp host 10.45.45.4 host 10.45.45.5
> > > > dialer-list 10 protocol ip list 111
> > > >
> > > > R5:
> > > >
> > > > interface Dialer100 -------------> Second interface for 4.13
> secton
> > > > ip address 10.45.45.5 255.255.255.0
> > > > encapsulation ppp
> > > > dialer pool 1
> > > > dialer remote-name Rack1R4
> > > > dialer-group 11
> > > > ppp authentication pap
> > > > ppp chap refuse
> > > >
> > > > interface BRI2/0
> > > > no ip address
> > > > encapsulation ppp
> > > > dialer pool-member 1
> > > > isdn switch-type basic-ni
> > > > isdn spid1 4084370443
> > > > ppp authentication chap pap
> > > > ppp pap sent-username Rack1R4 password 0 CISCO
> > > > ppp multilink
> > > >
> > > > access-list 111 permit icmp host 10.45.45.5 host 10.45.45.4
> > > > dialer-list 10 protocol ip list 111
> > > > Thank you
> > > > Cert.
> > > >
> > > >
> > >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
>
>
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:47 GMT-3