Re: chap auth over frame relay

From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Sun Feb 18 2007 - 20:11:11 ART

• Next message: Lou Ioanni: "Re: chap auth over frame relay"
• Previous message: jennytan: "chap auth over frame relay"
• Maybe in reply to: jennytan: "chap auth over frame relay"
• Next in thread: Lou Ioanni: "Re: chap auth over frame relay"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You don't need the local router's username locally configured. You need the
username of the remote device locally configured. CHAP basically uses the
concept of a shared secret. Meaning that you are configuring a shared
secret (aka password) to use with a particular remote device. On R2 you say
"username R4 password cisco". This is telling the router that if we are
doing CHAP with a remote device named R4 we will use the shared secret of
"cisco".

Also your password is wrong. It should be "internetworkexpert" and not
"ipexpert" ;-)

-- 
Brian Dennis, CCIE4 #2210 (R&S/ISP-Dial/Security/SP)
bdennis@internetworkexpert.com
 
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
On 2/18/07 2:47 PM, "jennytan" <jennytan@isolvesystems.com> wrote:
> R2 and R4 are connected via Frame Relay.  It worked when I didn't have
> authentication turned on. I saw authentication error as soon as I turned on
> ppp auth. Please see the detail below.  Any idea what's wrong?
> 
> On R4:-
> username R4 password 0 ipexpert
> interface Serial0/0/0
>  no ip address
>  encapsulation frame-relay
>  no fair-queue
>  frame-relay interface-dlci 402 ppp Virtual-Template1
>  no frame-relay inverse-arp
> 
> interface Virtual-Template1
>  ip address 150.50.24.4 255.255.255.0
>  ppp authentication chap
> 
> R4#
> *Feb 18 22:50: 35.906: Vi1 PPP: Authorization required
> *Feb 18 22:50:37.922: Vi1 CHAP: O CHALLENGE id 47 len 23 from "R4"
> *Feb 18 22:50:37.922: Vi1 CHAP: I CHALLENGE id 129 len 23 from "R2"
> *Feb 18 22:50:37.922 : Vi1 CHAP: Unable to authenticate for peer
> *Feb 18 22:50:39.938: Vi1 PPP: Authorization required
> *Feb 18 22:50:41.954: Vi1 CHAP: O CHALLENGE id 48 len 23 from "R4"
> *Feb 18 22:50:41.954: Vi1 CHAP: I CHALLENGE id 130 len 23 from "R2"
> *Feb 18 22:50:41.954: Vi1 CHAP: Unable to authenticate for peer
> *Feb 18 22:50:43.970: Vi1 PPP: Authorization required
> 
> 
> On R2:-
> username R2 password 0 ipexpert
> 
> interface Serial0/0/0.24 point-to-point
>  frame-relay interface-dlci 204 ppp Virtual-Template1
> 
> interface Serial0/0/0.24 point-to-point
>  frame-relay interface-dlci 204 ppp Virtual-Template1
> 
> R2#
> *Feb 18 22:59:49.200: Vi1 CHAP: O CHALLENGE id 247 len 23 from "R2"
> *Feb 18 22:59:49.200: Vi1 CHAP: I CHALLENGE id 165 len 23 from "R4"
> *Feb 18 22:59:49.200: Vi1 CHAP: Unable to authenticate for peer
> *Feb 18 22:59:51.216: Vi1 PPP: Authorization required
> *Feb 18 22:59:53.232: Vi1 CHAP: O CHALLENGE id 248 len 23 from "R2"
> *Feb 18 22:59:53.232: Vi1 CHAP: I CHALLENGE id 166 len 23 from "R4"
> *Feb 18 22:59:53.232: Vi1 CHAP: Unable to authenticate for peer
> *Feb 18 22:59:55.248: Vi1 PPP: Authorization required
> 
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Lou Ioanni: "Re: chap auth over frame relay"
• Previous message: jennytan: "chap auth over frame relay"
• Maybe in reply to: jennytan: "chap auth over frame relay"
• Next in thread: Lou Ioanni: "Re: chap auth over frame relay"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:47 ART