From: marvin greenlee (marvin@ccbootcamp.com)
Date: Wed May 11 2005 - 13:46:52 GMT-3
Note the line "Waiting for peer to authenticate first".
The called router waits.
*****
R5 Calling R6
R5 - ppp chap wait
R6 - PPP chap wait
R6#
*Mar 11 06:37:34.856: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to
up *Mar 11 06:37:34.860: BR0/0:1 PPP: Using dialer call direction *Mar 11
06:37:34.860: BR0/0:1 PPP: Treating connection as a callin *Mar 11
06:37:34.972: BR0/0:1 CHAP: O CHALLENGE id 8 len 23 from "r6" *Mar 11
06:37:34.976: BR0/0:1 CHAP: I CHALLENGE id 8 len 23 from "r5" *Mar 11
06:37:34.980: BR0/0:1 CHAP: Waiting for peer to authenticate first *Mar 11
06:37:34.988: BR0/0:1 CHAP: I RESPONSE id 8 len 23 from "r5" *Mar 11
06:37:34.988: BR0/0:1 CHAP: O SUCCESS id 8 len 4 *Mar 11 06:37:34.992:
BR0/0:1 CHAP: Processing saved Challenge, id 8 *Mar 11 06:37:34.992: BR0/0:1
CHAP: O RESPONSE id 8 len 23 from "r6" *Mar 11 06:37:35.004: BR0/0:1 CHAP: I
SUCCESS id 8 len 4 *Mar 11 06:37:36.006: %LINEPROTO-5-UPDOWN: Line protocol
on Interface BRI0/0:1,changed state to up
r5#
*Mar 11 06:37:39.860: BR0/0:1 PPP: Using dialer call direction *Mar 11
06:37:39.860: BR0/0:1 PPP: Treating connection as a callout *Mar 11
06:37:39.872: BR0/0:1 CHAP: O CHALLENGE id 8 len 23 from "r5" *Mar 11
06:37:39.880: BR0/0:1 CHAP: I CHALLENGE id 8 len 23 from "r6" *Mar 11
06:37:39.884: BR0/0:1 CHAP: O RESPONSE id 8 len 23 from "r5" *Mar 11
06:37:39.896: BR0/0:1 CHAP: I SUCCESS id 8 len 4 *Mar 11 06:37:39.900:
BR0/0:1 CHAP: I RESPONSE id 8 len 23 from "r6" *Mar 11 06:37:39.904: BR0/0:1
CHAP: O SUCCESS id 8 len 4 *Mar 11 06:37:40.906: %LINEPROTO-5-UPDOWN: Line
protocol on Interface BRI0/0:1,changed state to up
*****
R6 calling R5
r5 - ppp chap wait
r6 - ppp chap wait
R6#
*Mar 11 06:39:14.944: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to
up *Mar 11 06:39:14.944: %DIALER-6-BIND: Interface BR0/0:1 bound to profile
Di1 *Mar 11 06:39:14.948: BR0/0:1 PPP: Using dialer call direction *Mar 11
06:39:14.948: BR0/0:1 PPP: Treating connection as a callout *Mar 11
06:39:14.964: BR0/0:1 CHAP: O CHALLENGE id 9 len 23 from "r6" *Mar 11
06:39:14.972: BR0/0:1 CHAP: I CHALLENGE id 9 len 23 from "r5" *Mar 11
06:39:14.972: BR0/0:1 CHAP: O RESPONSE id 9 len 23 from "r6" *Mar 11
06:39:14.984: BR0/0:1 CHAP: I SUCCESS id 9 len 4 *Mar 11 06:39:14.992:
BR0/0:1 CHAP: I RESPONSE id 9 len 23 from "r5" *Mar 11 06:39:14.992: BR0/0:1
CHAP: O SUCCESS id 9 len 4.!!!! Success rate is 80 percent (4/5), round-trip
min/avg/max = 28/28/28 ms r6# *Mar 11 06:39:15.994: %LINEPROTO-5-UPDOWN:
Line protocol on Interface BRI0/0:1,changed state to up *Mar 11
06:39:20.950: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to 49
30624 r5
R5#
*Mar 11 06:39:19.543: BR0/0:1 PPP: Using dialer call direction *Mar 11
06:39:19.543: BR0/0:1 PPP: Treating connection as a callin *Mar 11
06:39:19.864: BR0/0:1 CHAP: O CHALLENGE id 9 len 23 from "r5" *Mar 11
06:39:19.868: BR0/0:1 CHAP: I CHALLENGE id 9 len 23 from "r6" *Mar 11
06:39:19.868: BR0/0:1 CHAP: Waiting for peer to authenticate first *Mar 11
06:39:19.876: BR0/0:1 CHAP: I RESPONSE id 9 len 23 from "r6" *Mar 11
06:39:19.880: BR0/0:1 CHAP: O SUCCESS id 9 len 4 *Mar 11 06:39:19.880:
BR0/0:1 CHAP: Processing saved Challenge, id 9 *Mar 11 06:39:19.884: BR0/0:1
CHAP: O RESPONSE id 9 len 23 from "r5" *Mar 11 06:39:19.896: BR0/0:1 CHAP: I
SUCCESS id 9 len 4 *Mar 11 06:39:20.898: %LINEPROTO-5-UPDOWN: Line protocol
on Interface BRI0/0:1,changed state to up
Marvin Greenlee, CCIE#12237, CCSI# 30483
Network Learning Inc
marvin@ccbootcamp.com
www.ccbootcamp.com (Cisco Training)
-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Wednesday, May 11, 2005 7:59 AM
To: Sean C; Group Study
Cc: marvin greenlee
Subject: RE: Ways of Callback PPP/ISDN/Dialer [bayes]
Sean,
This IS in the archives. I know because I had this conversation with Marvin
Greenlee about 2 months ago.
I believe the Called Router Waits but if you have access to 2 rtr's with
isdn you can see for yourself by using debug ppp authen.
HTH, Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Sean
C
Sent: Wednesday, May 11, 2005 10:31 AM
To: GroupStudy
Subject: Re: Ways of Callback PPP/ISDN/Dialer
Ok, just when I thought I stopped my little head from spinning, a person
wrote
to me offline and brought up a good PPP question that now has me baffled
also.
I tried Googling and searching the archives but nada... I found one vendor
alluded to this in their own forum, but no real explanation for the
solution.
ppp chap wait: To specify that the router will not authenticate to a peer
requesting Challenge Handshake Authentication Protocol (CHAP) authentication
until after the peer has authenticated itself to the router, use the ppp
chap
wait command in interface configuration mode.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secu
r
_r/sec_p1g.htm#wp1070281
The perplexing part is that the doc says this command is enabled by default.
So the question is if ppp chap wait is enabled by default and both routers'
ints have this enabled, what makes the 2 routers finally authenticate
properly? The doc makes it read as if both routers will play a game of
chicken, waiting for the other side to be authenticated first before it
allows
itself to be authenticated. Since each router is waiting for the other side
to be authenticated first, neither side will ever be authenticated.
Arggh!!!
Any suggestions/hints of advice would be appreciated....
Sean
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:57 GMT-3