From: bi.s (bi.s@gmx.net)
Date: Wed May 04 2005 - 05:10:25 GMT-3
Brian Dennis wrote:
> Bob,
> This will not work with CHAP as you see. The "ppp chap password
> bob" will never be used since r2 finds the username r5 in its global
> configuration. The "ppp chap password" command is used as a default
> password IF the router does not find a username command in the global
> configuration for the device that is challenging it. In this case it
> finds r5. If r5 challenged with a different name, then the interface
> level password would be used. But that would in turn break the
> authentication in the other direction.
>
> So you are kind of in a catch-22 situation. The reason is that
> CHAP is using the same username and password to authentication the
> remote router as it is to be authenticated by the remote router.
>
> If you want to have different passwords, use PAP on one or both
> sides.
>
hi brian,
shouldn't this work?
hostname R1
!
username r1 password 0 PASS1
username r2 password 0 PASS2
!
interface BRI0/0
ip address 172.16.12.1 255.255.255.0
encapsulation ppp
dialer map ip 172.16.12.2 name r2 broadcast 5552002
dialer-group 1
ppp authentication chap
ppp chap hostname r1
!
hostname R2
!
username r1 password 0 PASS2
username r2 password 0 PASS1
!
interface BRI0/0
ip address 172.16.12.2 255.255.255.0
encapsulation ppp
dialer map ip 172.16.12.1 name r1 broadcast 5552000
dialer-group 1
ppp authentication chap
ppp chap hostname r2
!
cya
-/b
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:56 GMT-3