FW: Loosing easy points in the LAB - ISDN

From: jean.paul.baaklini@accenture.com
Date: Sat Oct 16 2004 - 15:23:35 GMT-3

• Next message: Brian McGahan: "RE: If all else fails, reboot"
• Previous message: Brian McGahan: "RE: delete a item in numbered ACL"
• Maybe in reply to: Vesselin Kostov: "Loosing easy points in the LAB - ISDN"
• Next in thread: ccie2be: "Re: Loosing easy points in the LAB - ISDN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Vasselin,

If they say allow only ping traffic to bring the line up, then allowing
all traffic would cause you to get 0% on the whole question bundle.
 
I would use:
Dialer-list 1 protocol ip list 100

Accessl-list 100 permit icmp any any echo
Accessl-list 100 permit icmp any any echo-reply

ppp chap password cisco would make the local router use cisco as a
password as a default password for every peer intead of checking the
local database, but you shouldn't have it on both routers if the peer is
not doing any authentication but just replying to a challenge. Or is R3
authenticating R5 too?

I think that your multilink conf is correct, I wouldn't add
dialer load-threshold 128 either on R3 though, let R5 bring the second
channel when needed.

Cheers,
JP

-----Original Message-----
From: Vesselin Kostov [mailto:V.Kostov@cnsys.bg]
Sent: 16 October 2004 19:08
To: Baaklini, Jean paul
Subject: RE: Loosing easy points in the LAB - ISDN

Hi Jean,

I hope I am not violating the NDA since this wasn't exactly in my LAB
and this configuration is in every Cisco book..

Anyway, I have also:
dialer-list 1 protocol ip permit
dialer-group 1
I thought it was enough to use "ppp chap password cisco"

Do you say I have to use "username R5 password cisco"?
And how do you think I have to make the access lists if I define the
interesting traffic for example from network 10.0.0.0 and also have to
permit the ping tests between the routers?
I am really not sure about that :)

-----Original Message-----
From: jean.paul.baaklini@accenture.com
[mailto:jean.paul.baaklini@accenture.com]
Sent: Saturday, October 16, 2004 9:00 PM
To: Vesselin Kostov; ccielab@groupstudy.com
Subject: RE: Loosing easy points in the LAB - ISDN

Hi Vasselin,

There's no dialer-group on R5 to bind the dialer-list to the interface.
Besides that we don't see your dialer-list here, have you included echo
AND echo-reply?

Have you created username/password on the routers?

Cheers,
JP

BTW, you shouldn't say what was on your exam, think of the NDA mate.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Vesselin Kostov
Sent: 16 October 2004 18:52
To: studygroup
Subject: Loosing easy points in the LAB - ISDN

Hi guys,

What do you think about loosing points in the LAB that you think you
deserve?
Did that happen to you?

I was just making simple ISDN configuration and I thought how many
things could get wrong in such a task. Let's say I have that:

"Configure ISDN on R3 and R5.
Configure authentication which is not transmitting the whole password
across the network. Use password 'cisco'.
When the link utilization reaches 50%, the second link should be brought
up.
The routers R3 and R5 should ping the remote end of the ISDN link. Only
R5 should be able to dial."

Well, that is pretty simple... But then I started thinking....
Here is the config:

R5:
interface BRI0/0
 ip address 192.168.35.5 255.255.255.0
 encapsulation ppp
 dialer idle-timeout 0
 dialer map ip 192.168.57.0 name R3 broadcast 1122334455
 dialer map ip 192.168.35.3 name R3 broadcast 1122334455
 dialer load-threshold 128 either
 isdn switch-type basic-net3
 ppp authentication chap
 ppp chap password cisco
 ppp multilink

R3:
interface BRI0/0
 ip address 192.168.35.3 255.255.255.0
 encapsulation ppp
 dialer idle-timeout 0
 dialer map ip 192.168.35.5 name R5 broadcast 11223344
 dialer load-threshold 128 either
 isdn switch-type basic-net3
 ppp authentication chap
 ppp chap password cisco
 ppp multilink
!

So, a lot of questions appeared:
Am I using the right authentication?
Am I using the right encryption type?
What is the difference between " dialer load-threshold 128 either",
"multilink load-threshold 128 either" and "ppp multilink load-threshold
128 either"? What is the right command between these three?
Am I doing the right map?

May be these questions are stupid... May be my configuration is
correct... But I know it isn't since I had similar configuration in my
LAB and got zero points. What if I have that one next time? I know it is
working, but still the most important thing is the POINTS!!!
What do you think about it?
What is the right configuration?
Did you also loose the "easy" points?

p.s While we are still on ISDN I would like to ask you when would you
use the following command:
"no peer neighbor-route"

###########################################

This message has been scanned by F-Secure Anti-Virus for Microsoft
Exchange.

###########################################
.

• Next message: Brian McGahan: "RE: If all else fails, reboot"
• Previous message: Brian McGahan: "RE: delete a item in numbered ACL"
• Maybe in reply to: Vesselin Kostov: "Loosing easy points in the LAB - ISDN"
• Next in thread: ccie2be: "Re: Loosing easy points in the LAB - ISDN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:48 GMT-3