From: Sila Moni (silamoni@yahoo.com)
Date: Mon Jun 27 2005 - 12:38:05 GMT-3
Thanks for clarification. Let me see if I could
recap. Basically, we need to know
- who is receiver and initiator of the call
- ppp authen chap is the server; both sides can be
server or server and client; refuse is used if there
is multip authen protocol
- callback (isdn and ppp) is used for centralized
accounting
Agree?
--- "Chris Lewis (chrlewis)" <chrlewis@cisco.com>
wrote:
> Dear All:
>
> First, I'd advise separating callin/callout from
> callback, they are
> different things. Callback can be implemented using
> ISDN or PPP and
> drops an incoming call then calls back to the
> originating router.
>
> To understand callin and callout, you need to
> understand how CHAP
> authentication works, and know haw an interface
> behaves when configured
> with ppp authentication chap and without this
> command.
>
> The basics are as follows:
>
> With no ppp authentication chap, an interface will
> still respond to a
> chap challenge, but it will not send a challenge.
> With ppp authentication chap configured, the
> interface will both respond
> to challenges and initiate a challenge
> With callout, a challenge will only be sent when the
> router is
> initiating a call
> With callin, the challenge will only be sent when
> the router is
> receiving a call
> The only way to stop an interface from responding to
> a chap challenge is
> to configure ppp chap refuse
>
> Chris
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> Han Ghee Chia
> Sent: Monday, June 27, 2005 3:14 AM
> To: Lee Carter; CCIE LAB
> Subject: Re: PPP Chap Authentication (callin,
> callout, callback)
>
> As per my interpretation: -
>
> "R1 does not need to authenticate R2 when calling" -
>
> - requirement is asking for 1-way authentication
> - R1 is the calling party (initiating)
> - R2 is the called party (receiving)
> - R2 will authenticate R1, however R1 will not. (ppp
> authentication chap
> callin)
>
> Look out for key words like "secure" or "3-way
> handshake" for CHAP. PAP
> is considered unsecure and uses 2-way handshaking.
>
> Question: If nothing is mentioned about
> authentication &/ security,
> should we: - 1. Don't configure any PPP
> authentication at all, OR 2. Use
> either CHAP or PAP ???
>
> "Callout" - use on a local router context, means the
> router will
> initiate the call.
>
> "Callback" is quite simple to spot if one
> understands what callback is
> about.
>
> Normally, part 2 of the ISDN section deals with DDR.
> From there, you
> will have a better idea of who should call who and
> when. So it is
> important to read and understand both parts of this
> section before you
> begin your configuration.
>
>
> Regards
> Han Ghee
>
> Lee Carter <l2carter@yahoo.com> wrote:
> Does anyone have a good way to know which type of
> authentication is
> required depending on what is asked?
>
>
> What I mean is, I am having a heack of a time trying
> to distinguish
> between (callin, callout, callback) authentications.
>
>
> Things like R1 does not need to Authenticate R2 when
> calling. (callin,
> callout?)
>
> Thanks,
>
>
>
> ____________________________________________________
> Yahoo! Sports
> Rekindle the Rivalries. Sign up for Fantasy Football
> http://football.fantasysports.yahoo.com
>
>
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:44 GMT-3