From: marvin greenlee (marvin@ccbootcamp.com)
Date: Fri Mar 04 2005 - 16:09:09 GMT-3
'ppp chap password' is used to set an alternate password.
'ppp authentication chap' is used to configure authentication.
A few examples:
***
R1
ppp authentication chap callin
R2
ppp authentication chap
In this case, if R1 calls R2, R1 will not challenge R2, but R1 will respond
to a challenge from R2. If R2 calls R1, however, both R1 and R2 will
challenge each other. Whether or not R1 challenges depends on the direction
of the call.
***
R1
R2
ppp authentication chap
In this case, R1 does not have a 'ppp authentication chap' command. R1 will
still RESPOND to challenges from R2, but R1 will never challenge R2.
***
R1
ppp authentication chap
r2
ppp authentication chap
In this case, both sides will challenge, regardless of which side initiates
the call.
***
Make sure that you verify with 'debug ppp authentication'. Sample output
shown below.
Two way challenge sample output from 'debug ppp authentication':
5d04h: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up
Aug 17 13:41:30: BR0/0:1 PPP: Using dialer call direction
Aug 17 13:41:30: BR0/0:1 PPP: Treating connection as a callout
Aug 17 13:41:30: BR0/0:1 CHAP: O CHALLENGE id 9 len 23 from "r5"
Aug 17 13:41:30: BR0/0:1 CHAP: I CHALLENGE id 12 len 23 from "r6"
Aug 17 13:41:30: BR0/0:1 CHAP: O RESPONSE id 12 len 23 from "r5"
Aug 17 13:41:30: BR0/0:1 CHAP: I SUCCESS id 12 len 4
Aug 17 13:41:30: BR0/0:1 CHAP: I RESPONSE id 9 len 23 from "r6"
Aug 17 13:41:30: BR0/0:1 CHAP: O SUCCESS id 9 len 4
5d04h: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
Aug 17 13:41:31: Vi1 PPP: Using dialer call direction
Aug 17 13:41:31: Vi1 PPP: Treating connection as a callout
5d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed
state t
o up
5d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1,
changed
state to up
5d04h: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to 4930622 r6
***
One way challenge:
Aug 17 13:39:50: BR0/0:1 PPP: Using dialer call direction
Aug 17 13:39:50: BR0/0:1 PPP: Treating connection as a callout
Aug 17 13:39:50: BR0/0:1 CHAP: I CHALLENGE id 10 len 23 from "r6"
Aug 17 13:39:50: BR0/0:1 CHAP: O RESPONSE id 10 len 23 from "r5"
Aug 17 13:39:51: BR0/0:1 CHAP: I SUCCESS id 10 len 4
5d04h: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
Aug 17 13:39:51: Vi1 PPP: Using dialer call direction
Aug 17 13:39:51: Vi1 PPP: Treating connection as a callout
5d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed
state to up
5d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1,
changed state to up
r5#
5d04h: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to 4930622 r6
In the debug output, O is outbound and I is inbound. In this case, R5
receives an inbound challenge from R6, and responds.
Marvin Greenlee, CCIE#12237, CCSI# 30483
Network Learning Inc
marvin@ccbootcamp.com
www.ccbootcamp.com (Cisco Training)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Rasal Abdul Kader
Sent: Friday, March 04, 2005 10:48 AM
To: ccielab@groupstudy.com
Subject: PPP CHAP authentication [bcc][faked-from]
Importance: Low
hello group.
could someone explain the difference between "ppp chap password" and
"ppp authentication chap callin". for example if the question says, R1
should challenge R2 and R2 should not attempt to authenticate R1,
which one do i use.
thanks.
rasal.
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:40 GMT-3