From: eward15@juno.com
Date: Wed May 11 2005 - 11:48:55 GMT-3
Sean,
This was discussed recently. I believed the called router will be the one that waits. I was looking for the post in the archives, but I can not find it.
Eugene Ward
---------------------------------------------------------------------------
Ok, just when I thought I stopped my little head from spinning, a person
wrote
to me offline and brought up a good PPP question that now has me baffled also.
I tried Googling and searching the archives but nada... I found one vendor
alluded to this in their own forum, but no real explanation for the solution.
ppp chap wait: To specify that the router will not authenticate to a peer
requesting Challenge Handshake Authentication Protocol (CHAP) authentication
until after the peer has authenticated itself to the router, use the ppp chap
wait command in interface configuration mode.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur
_r/sec_p1g.htm#wp1070281
The perplexing part is that the doc says this command is enabled by default.
So the question is if ppp chap wait is enabled by default and both routers'
ints have this enabled, what makes the 2 routers finally authenticate
properly? The doc makes it read as if both routers will play a game of
chicken, waiting for the other side to be authenticated first before it allows
itself to be authenticated. Since each router is waiting for the other side
to be authenticated first, neither side will ever be authenticated. Arggh!!!
Any suggestions/hints of advice would be appreciated....
Sean
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:57 GMT-3