From: simon hart (simon.hart@btinternet.com)
Date: Thu Mar 10 2005 - 03:52:55 GMT-3
Thanks Marvin,
That does now make sense!
Simon
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
marvin greenlee
Sent: 10 March 2005 01:19
To: 'ccie2be'; simon hart; Vijaybhasker.Vuppala2@ge.com;
ccielab@groupstudy.com
Subject: RE: ppp chap wait [bcc][faked-from] [mx]
Note the line "Waiting for peer to authenticate first".
The called router waits.
*****
R5 Calling R6
R5 - ppp chap wait
R6 - PPP chap wait
R6#
*Mar 11 06:37:34.856: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to
up
*Mar 11 06:37:34.860: BR0/0:1 PPP: Using dialer call direction
*Mar 11 06:37:34.860: BR0/0:1 PPP: Treating connection as a callin
*Mar 11 06:37:34.972: BR0/0:1 CHAP: O CHALLENGE id 8 len 23 from "r6"
*Mar 11 06:37:34.976: BR0/0:1 CHAP: I CHALLENGE id 8 len 23 from "r5"
*Mar 11 06:37:34.980: BR0/0:1 CHAP: Waiting for peer to authenticate first
*Mar 11 06:37:34.988: BR0/0:1 CHAP: I RESPONSE id 8 len 23 from "r5"
*Mar 11 06:37:34.988: BR0/0:1 CHAP: O SUCCESS id 8 len 4
*Mar 11 06:37:34.992: BR0/0:1 CHAP: Processing saved Challenge, id 8
*Mar 11 06:37:34.992: BR0/0:1 CHAP: O RESPONSE id 8 len 23 from "r6"
*Mar 11 06:37:35.004: BR0/0:1 CHAP: I SUCCESS id 8 len 4
*Mar 11 06:37:36.006: %LINEPROTO-5-UPDOWN: Line protocol on Interface
BRI0/0:1,changed state to up
r5#
*Mar 11 06:37:39.860: BR0/0:1 PPP: Using dialer call direction
*Mar 11 06:37:39.860: BR0/0:1 PPP: Treating connection as a callout
*Mar 11 06:37:39.872: BR0/0:1 CHAP: O CHALLENGE id 8 len 23 from "r5"
*Mar 11 06:37:39.880: BR0/0:1 CHAP: I CHALLENGE id 8 len 23 from "r6"
*Mar 11 06:37:39.884: BR0/0:1 CHAP: O RESPONSE id 8 len 23 from "r5"
*Mar 11 06:37:39.896: BR0/0:1 CHAP: I SUCCESS id 8 len 4
*Mar 11 06:37:39.900: BR0/0:1 CHAP: I RESPONSE id 8 len 23 from "r6"
*Mar 11 06:37:39.904: BR0/0:1 CHAP: O SUCCESS id 8 len 4
*Mar 11 06:37:40.906: %LINEPROTO-5-UPDOWN: Line protocol on Interface
BRI0/0:1,changed state to up
*****
R6 calling R5
r5 - ppp chap wait
r6 - ppp chap wait
R6#
*Mar 11 06:39:14.944: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to
up
*Mar 11 06:39:14.944: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1
*Mar 11 06:39:14.948: BR0/0:1 PPP: Using dialer call direction
*Mar 11 06:39:14.948: BR0/0:1 PPP: Treating connection as a callout
*Mar 11 06:39:14.964: BR0/0:1 CHAP: O CHALLENGE id 9 len 23 from "r6"
*Mar 11 06:39:14.972: BR0/0:1 CHAP: I CHALLENGE id 9 len 23 from "r5"
*Mar 11 06:39:14.972: BR0/0:1 CHAP: O RESPONSE id 9 len 23 from "r6"
*Mar 11 06:39:14.984: BR0/0:1 CHAP: I SUCCESS id 9 len 4
*Mar 11 06:39:14.992: BR0/0:1 CHAP: I RESPONSE id 9 len 23 from "r5"
*Mar 11 06:39:14.992: BR0/0:1 CHAP: O SUCCESS id 9 len 4.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 28/28/28 ms
r6#
*Mar 11 06:39:15.994: %LINEPROTO-5-UPDOWN: Line protocol on Interface
BRI0/0:1,changed state to up
*Mar 11 06:39:20.950: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected
to 49
30624 r5
R5#
*Mar 11 06:39:19.543: BR0/0:1 PPP: Using dialer call direction
*Mar 11 06:39:19.543: BR0/0:1 PPP: Treating connection as a callin
*Mar 11 06:39:19.864: BR0/0:1 CHAP: O CHALLENGE id 9 len 23 from "r5"
*Mar 11 06:39:19.868: BR0/0:1 CHAP: I CHALLENGE id 9 len 23 from "r6"
*Mar 11 06:39:19.868: BR0/0:1 CHAP: Waiting for peer to authenticate first
*Mar 11 06:39:19.876: BR0/0:1 CHAP: I RESPONSE id 9 len 23 from "r6"
*Mar 11 06:39:19.880: BR0/0:1 CHAP: O SUCCESS id 9 len 4
*Mar 11 06:39:19.880: BR0/0:1 CHAP: Processing saved Challenge, id 9
*Mar 11 06:39:19.884: BR0/0:1 CHAP: O RESPONSE id 9 len 23 from "r5"
*Mar 11 06:39:19.896: BR0/0:1 CHAP: I SUCCESS id 9 len 4
*Mar 11 06:39:20.898: %LINEPROTO-5-UPDOWN: Line protocol on Interface
BRI0/0:1,changed state to up
Marvin Greenlee, CCIE#12237, CCSI# 30483
Network Learning Inc
marvin@ccbootcamp.com
www.ccbootcamp.com (Cisco Training)
-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Wednesday, March 09, 2005 4:49 PM
To: marvin greenlee; simon hart; Vijaybhasker.Vuppala2@ge.com;
ccielab@groupstudy.com
Subject: RE: ppp chap wait [bcc][faked-from] [mx]
So, if this command is enabled by default, which side authenticates first?
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
marvin greenlee
Sent: Wednesday, March 09, 2005 7:25 PM
To: 'simon hart'; Vijaybhasker.Vuppala2@ge.com; ccielab@groupstudy.com
Subject: RE: ppp chap wait [bcc][faked-from] [mx]
I was saying that it is ENABLED by default, at least on the two routers that
I tried it on. Notice that "ppp chap wait" does not show in the config, but
"no ppp chap wait" does. Since the command only shows in the config when
you disable it, it is enabled by default.
Marvin Greenlee, CCIE#12237, CCSI# 30483
Network Learning Inc
marvin@ccbootcamp.com
www.ccbootcamp.com (Cisco Training)
-----Original Message-----
From: simon hart [mailto:simon.hart@btinternet.com]
Sent: Thursday, March 10, 2005 10:43 PM
To: marvin greenlee; Vijaybhasker.Vuppala2@ge.com; ccielab@groupstudy.com
Subject: RE: ppp chap wait [bcc][faked-from] [mx]
So Marvin,
I am correct in assuming that the DocCD is incorrect
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsec
ur_r/faaacr/srfathen.htm#wp1019184
Are there many of these inconsistencies??
Simon
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
marvin greenlee
Sent: 09 March 2005 23:57
To: 'Vijaybhasker.Vuppala2@ge.com'; simon.hart@btinternet.com;
ccielab@groupstudy.com
Subject: RE: ppp chap wait [bcc][faked-from]
If it is disabled by default, it would have to be version specific. I only
see it in the config when I use "no ppp chap wait".
****
R3(config)#int bri1/0
R3(config-if)#no ppp chap wait
R3(config-if)#do show run int bri1/0
Building configuration...
Current configuration : 173 bytes
!
interface BRI1/0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
no ppp chap wait
ppp multilink
ppp multilink links minimum 2
end
R3(config-if)#ppp chap wait
R3(config-if)#do show run int bri1/0
Building configuration...
Current configuration : 155 bytes
!
interface BRI1/0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
ppp multilink
ppp multilink links minimum 2
end
Marvin Greenlee, CCIE#12237, CCSI# 30483
Network Learning Inc
marvin@ccbootcamp.com
www.ccbootcamp.com (Cisco Training)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Vijaybhasker.Vuppala2@ge.com
Sent: Wednesday, March 09, 2005 3:23 PM
To: simon.hart@btinternet.com; ccielab@groupstudy.com
Subject: RE: ppp chap wait [bcc][faked-from]
Importance: Low
I think documentation is wrong. It's disabled by default
-----Original Message-----
From: simon hart [mailto:simon.hart@btinternet.com]
Sent: Wednesday, March 09, 2005 5:13 PM
To: Group Study
Subject: ppp chap wait
I am working through the IE Lab workbook and have come across the ppp chap
wait command.
The DocCD states
ppp chap wait
To specify that the router will not authenticate to a peer requesting
Challenge Handshake Authentication Protocol (CHAP) authentication until
after the peer has authenticated itself to the router, use the ppp chap wait
command in interface configuration mode.To allow the router to respond
immediately to an authentication challenge, use the no form of this command.
Defaults
Enabled
Now my question is that if this is enabled by default and you have two ends
of an ISDN link configure for CHAP authentication logic would dictate we
would have a mexican standoff - each end would be waiting for the other to
authenticate. However this clearly does not happen!!
This command really does not make a lot of sense.
Any comments??
Simon
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.6.4 - Release Date: 07/03/2005
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:44 GMT-3