Re: PPP Double Authentication

From: Godswill Oletu (oletu@inbox.lv)
Date: Thu Aug 11 2005 - 10:58:21 GMT-3

• Next message: Rohan Grover \(rohang\): "RE: PPP Double Authentication"
• Previous message: gladston@br.ibm.com: "RE: WRED on Physical Interface and CBWFQ"
• Maybe in reply to: Rohan Grover \(rohang\): "PPP Double Authentication"
• Next in thread: Rohan Grover \(rohang\): "RE: PPP Double Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Rohan,

Look at this simplify scenerios between Routers A & B below, connected via
ISDN PPP, we will assume that all other configurations are accurate:

A#username routera password cisco
A#ppp authenication chap

B#username routerb password cisco
B#ppp authentication chap

When A calls B or B calls A, two sets of authentications have to take place
for the ISDN link to come up. Router A must authentication Router B and
Router B will also authenticate Router A. So, for ppp it does not matter, if
you are initiating the call or receiving the call, you must authenticate the
other party. This is the double authentication and this is the default
behaviour.

However, you can ask Router A to ONLY athenticate the Router B, when he
receives a call from Router B and not to authenticate when he is the one
initiating the call. This a good scenerios where your understanding of this
feature might be tested in the lab.

If you configure RouterB as:

B#ppp authentication chap callin

When Router B initiates a call to Router A; Router B will let its guards
down and will not authenticate Router A; but Router A will still
authenticate Router B. If it was Router A that called, Router B will
authenticate Router A and Router A will authenticate Router B.

You see that, no matter what, all in coming calls must be authenticated; but
out going calls will not be authenticated on the Router where you configure
the 'callin' feature. However, by default all incoming and outgoing calls
will be authenticated separately by each Router and the results of each of
those authentication must be true, for the link to come up.

HTH

....
Godswill Oletu

----- Original Message -----
From: "Rohan Grover (rohang)" <rohang@cisco.com>
To: <ccielab@groupstudy.com>
Sent: Thursday, August 11, 2005 8:48 AM
Subject: PPP Double Authentication

> Hi,
>
> Just wanted an opinion from this group as to how likely the above topic
> is to appear in the R&S lab.
>
> I'm finding it difficult to understand this clearly and the doccd is not
> very helpful.
>
> Thanks
> Rohan
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Rohan Grover \(rohang\): "RE: PPP Double Authentication"
• Previous message: gladston@br.ibm.com: "RE: WRED on Physical Interface and CBWFQ"
• Maybe in reply to: Rohan Grover \(rohang\): "PPP Double Authentication"
• Next in thread: Rohan Grover \(rohang\): "RE: PPP Double Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3