From: Sean C. (Upp_and_Upp@hotmail.com)
Date: Sun Sep 03 2006 - 19:48:18 ART
Hi Sabrina,
Interesting thoughts. I'm wondering about one thing - are you thinking that
on the authenticating side, the command 'ppp direction callout' will force the
interface to send it's CHAP credentials across the link? I'm just trying to
understand how the CHAP credentials will leave the authenticating router since
callin is applied to it's chap authentication.
Thx,
Sean
----- Original Message -----
From: sabrina pittarel
To: Petr Lapukhov ; Sean C.
Cc: Tim Chan ; ccielab@groupstudy.com
Sent: Sunday, September 03, 2006 11:34 AM
Subject: Re: ppp chap wait
Now you got me thinking....I'm moving away a little from the ppp chap wait
command
Usually when we want one side to authenticate the other, but not viceversa
we configure "ppp authentication" of the authenticator side and only the ppp
credentials on the remote
Another way on implementing the same would be then to configure on
* the authenticator side
ppp direction callin
ppp authentication chap callin
* the authenticating side as:
ppp direction callout
ppp authentication chap callin
Assuming the task explicitly ask to meet the requirement while configuring
authentication on both sides.
Sabrina
----- Original Message ----
From: Petr Lapukhov <petr@internetworkexpert.com>
To: Sean C. <Upp_and_Upp@hotmail.com>
Cc: Tim Chan <timanji@yahoo.com>; ccielab@groupstudy.com
Sent: Sunday, September 3, 2006 7:19:23 AM
Subject: Re: ppp chap wait
The trick is that is says "wait for caller".
If you have a leased line, ppp direction is "dedicated" by default,
and "chap wait" does make sense.
You need to set up one end as "ppp direction callin" and another
as "ppp direction callout" to simulate "dialup" situation.
HTH
2006/9/3, Sean C. <Upp_and_Upp@hotmail.com>:
>
> Hi Tim,
>
> There was a good thread on this last year on GS. Not sure if this will
> help
> you out, but pay attention to Marvin's last email:
> http://www.groupstudy.com/archives/ccielab/200503/threads.html#00604
>
> HTH,
> Sean
> ----- Original Message -----
> From: "Tim Chan" <timanji@yahoo.com>
> To: <ccielab@groupstudy.com>
> Sent: Saturday, September 02, 2006 4:19 PM
> Subject: ppp chap wait
>
>
> Hi all,
>
> I know this might seem a bit obvious, but can someone explain the command
> "ppp chap wait"?
>
> According to the doccd:
> "To specify that the router will not authenticate to a peer requesting
> CHAP
> authentication until after the peer has authenticated itself to the
> router."
>
> But it's also enabled by default. That being the case, if two routers
are
> trying to authenticate each
> other, then wouldn't they never come up because they are both waiting for
> each other to authenticate first?
> (Which I know does not happen.)
>
> I'm asking because in IEWB lab 18, task 3.1 says to make sure that R4
> doesn't respond to chap
> authentication before R5 has been successfully authenticated.
>
> The definition of "ppp chap wait" would appear to be the solution, but it
> isn't.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
--
Petr Lapukhov, CCIE #16379
petr@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Outside US: 775-826-4344
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:39 ART