From: allboutcisco (frenzeus@streamyx.com)
Date: Wed May 31 2006 - 15:13:05 ART
Hi group,
I'm being curious as i did a "debug ppp authen" & realized 2 things on when configuring ppp authentication on a serial link:
1. Even with "ppp authentication chap callin" configured on the local router's ppp interface, it still does send an Outbound challenge. My understanding (+ some digging up of past post) of this command is that the local router will only authenticate incoming calls & not request for challenge on outgoing calls. This applies to maybe isdn (the dial nature of it)? As the link below says something about this if being run on serial links:
http://www.groupstudy.com/archives/ccielab/200404/msg01624.html
Can someone confirm this?
2. On R1 serial ppp interface i configure "ppp chap wait". Seems clear to me with this command, R1 will not respond to a CHAP authentication request before the remote, say R2 (the caller) has been successfully authenticated with R1. Which means R1 will wait for the caller to authenticate first. However, again from the debug output, seems to me R1 is not really waiting for R2 to be authenticated before R1 responds to the challenge request from R2.
Somehow i notice the difference with Serial & dial-nature interfaces:
*Serial*
Se0/1 PPP: Using default call direction
Se0/1 PPP: Treating connection as a dedicated line
instead of if with isdn, and with ppp chap wait & ppp authen chap callin:
*Dial-nature*
Se3/0:22 PPP: Using dialer call direction
Se3/0:22 PPP: Treating connection as a callin
& also:
Se3/0:22 CHAP: Waiting for peer to authenticate first
It seems like all the "ppp authentication chap [callin | callout]" options & "ppp chap wait" applies only to dial interfaces like isdn?
Appreciate if someone could clear my understanding.
Thanks.
Cheers,
Kenny
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:23 ART