Re: unidirectional ppp authentication on serial interface

From: Edison Ortiz (edisonmortiz@gmail.com)
Date: Sun Jun 17 2007 - 12:21:06 ART

R1#sh run int s0/0

interface Serial0/0
 no ip address
 encapsulation ppp
 ppp pap sent-username R1 password 0 CISCO

R4#sh run int s0/0
!
interface Serial0/0
 ip address 10.0.0.3 255.255.255.0
 encapsulation ppp
 clock rate 2000000
 ppp authentication pap
end

R4#sh run | i username
username R1 password 0 CISCO

_______________________________________

From the PPP Authentication Server (R4)

*Apr 28 02:37:09.124: %LINK-3-UPDOWN: Interface Serial0/0, changed state to
up
*Apr 28 02:37:09.124: Se0/0 PPP: Using default call direction
*Apr 28 02:37:09.124: Se0/0 PPP: Treating connection as a dedicated line
*Apr 28 02:37:09.124: Se0/0 PPP: Session handle[16000003] Session id[3]
*Apr 28 02:37:09.124: Se0/0 PPP: Authorization required
*Apr 28 02:37:09.136: Se0/0 PAP: I AUTH-REQ id 3 len 13 from "R1"
*Apr 28 02:37:09.136: Se0/0 PAP: Authenticating peer R1
*Apr 28 02:37:09.140: Se0/0 PPP: Sent PAP LOGIN Request
*Apr 28 02:37:09.144: Se0/0 PPP: Received LOGIN Response PASS
*Apr 28 02:37:09.144: Se0/0 PPP: Sent LCP AUTHOR Request
*Apr 28 02:37:09.144: Se0/0 PPP: Sent IPCP AUTHOR Request
Jun 17 11:18:27.044 EDT: %LINK-3-UPDOWN: Interface Serial0/0, changed state to
up
*Apr 28 02:37:09.148: Se0/0 LCP: Received AAA AUTHOR Response PASS
*Apr 28 02:37:09.148: Se0/0 IPCP: Received AAA AUTHOR Response PASS
*Apr 28 02:37:09.148: Se0/0 PAP: O AUTH-ACK id 3 len 5
*Apr 28 02:37:09.152: Se0/0 PPP: Sent CDPCP AUTHOR Request
*Apr 28 02:37:09.156: Se0/0 CDPCP: Received AAA AUTHOR Response PASS
Jun 17 11:18:27.044 EDT: Se0/0 PPP: Using default call direction
Jun 17 11:18:27.044 EDT: Se0/0 PPP: Treating connection as a dedicated line
Jun 17 11:18:27.052 EDT: Se0/0 PAP: O AUTH-REQ id 3 len 13 from "R1"
Jun 17 11:18:27.068 EDT: Se0/0 PAP: I AUTH-ACK id 3 len 5
*Apr 28 02:37:10.153: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/0, changed state to up
Jun 17 11:18:28.072 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/0, changed state to up

____________________________________________

From the PPP Authentication Client (R1)

R1(config)#int s0/0
R1(config-if)#shut
R1(config-if)#
Jun 17 11:20:02.035 EDT: %LINK-5-CHANGED: Interface Serial0/0, changed state
to administratively down
Jun 17 11:20:03.035 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/0, changed state to down
R1(config-if)#no shut
R1(config-if)#
Jun 17 11:20:10.035 EDT: %LINK-3-UPDOWN: Interface Serial0/0, changed state to
up
Jun 17 11:20:10.035 EDT: Se0/0 PPP: Using default call direction
Jun 17 11:20:10.035 EDT: Se0/0 PPP: Treating connection as a dedicated line
Jun 17 11:20:10.047 EDT: Se0/0 PAP: O AUTH-REQ id 4 len 13 from "R1"
Jun 17 11:20:10.063 EDT: Se0/0 PAP: I AUTH-ACK id 4 len 5
Jun 17 11:20:11.063 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/0, changed state to up

______________________________________________

__

Edison Ortiz
(Routing & Switching, CCIE # 17943)

  ----- Original Message -----
  From: Ovidiu Neghina
  To: Edison Ortiz
  Cc: Cisco certification
  Sent: Sunday, June 17, 2007 11:02 AM
  Subject: Re: unidirectional ppp authentication on serial interface

  Hi
  I did that and it does not work.
  The only configuration that works for R3 ----- R2 with R3 doing
authentication and R2 being authenticated is this:
  R3 :
  username R2 password 0 CISCO
  interface Serial0/2/1
   ip address 10.0.0.3 255.0.0.0
   encapsulation ppp
   no peer neighbor-route
   clock rate 2000000
   ppp authentication pap
   ppp direction callin
  end

  R2
  interface Serial0/1/1
   ip address 10.0.0.2 255.0.0.0
   encapsulation ppp
   ppp authentication pap callin
   ppp direction callout
   ppp pap sent-username R2 password 0 CISCO
  end

  Ovi

  On 6/17/07, Edison Ortiz <edisonmortiz@gmail.com> wrote:
    You must remove

    ppp authentication pap callin

    from R2.

    __

    Edison Ortiz
    (Routing & Switching, CCIE # 17943)

    ----- Original Message -----
    From: "Ovidiu Neghina" < o.neghina@gmail.com>
    To: "Cisco certification" <ccielab@groupstudy.com>
    Sent: Sunday, June 17, 2007 9:51 AM
    Subject: unidirectional ppp authentication on serial interface

> Hi dear all.
> I have R2----------R3 connected through a serial link. I want only R3
to
> authenticate R2.
>
>
> R3#sh run | i user
> username R2 password 0 CISCO
> R3#
>
> R3#sh run int ser 0/2/1
> Building configuration...
>
> Current configuration : 123 bytes
> !
> interface Serial0/2/1
> ip address 10.0.0.3 255.0.0.0
> encapsulation ppp
> clock rate 2000000
> ppp authentication pap
> end
>
> R2#sh run int ser 0/1/1
> Building configuration...
>
> Current configuration : 153 bytes
> !
> interface Serial0/1/1
> ip address 10.0.0.2 255.0.0.0
> encapsulation ppp
> ppp authentication pap callin
> ppp pap sent-username R2 password 0 CISCO
> end
>
>
>
> It does not work. At debug ppp negotiation it says
> R3#sh log | i PPP
> *Jun 17 13:44:54.955: Se0/2/1 PPP: Authorization required
> R3#
> I have read
>
http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800
93c6f.shtml
> where unidirectional authentication is explained but over BRI
> interfaces...
> I think unidirectional ppp authentication is only for dial enviroment
and
> will not work for this setup.
>
> Could you confirm this please ?
>
> best regards
> Ovi
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:49 ART