RE: Chap Authentication

From: Mark Stephanus Chandra (mark.chandra@gmail.com)
Date: Tue Aug 26 2008 - 02:10:06 ART

• Next message: Roger Oliver: "BGP aggregate-address"
• Previous message: Mark Stephanus Chandra: "RE: Chap Authentication"
• Maybe in reply to: Mark Stephanus Chandra: "Chap Authentication"
• Next in thread: Rick Mur: "Re: Chap Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

But Anyway guys, have one last question.

In my understanding, chap authentication works both way right ?

So in this example,

Rack1R1

username Rack1R3 password 0 CISCO
!
interface Serial0/1
  ip address 163.1.13.1 255.255.255.0
  encapsulation ppp
  ppp authentication chap

Rack1R3

interface Serial1/2
  ip address 163.1.13.3 255.255.255.0
  encapsulation ppp
  clock rate 64000
  ppp chap password 0 CISCO

Rack1R1 will challenge CHAP and Rack1R3 will reply with default hostname
Rack1R3 with password CISCO which is listed on Rack1R1. And Rack1R1 actually
have to challenge back right ? and there is no username Rack1R1 on Rack1R3 ?

Could you please give me an explanation about how chap works normally and in
this example ?

Thanks a lot

Regards

Mark Stephanus Chandra

-----Original Message-----
From: Rick Mur [mailto:rick@rickmur.nl]
Sent: Tuesday, August 26, 2008 11:46 AM
To: Mark Stephanus Chandra
Cc: swm@emanon.com; ccielab@groupstudy.com
Subject: Re: Chap Authentication

It's a known fact that Dynamips might react a little different with
serials links (you don't have to set the clock rate for example, it
will always work)

I just tried it on a real rack and I tried it on dynamips with the
following config and it worked right away.
If it didn't work on your dynamips, you could try to stop the process,
delete the temp files and start again.

Rack1R1

username Rack1R3 password 0 CISCO
!
interface Serial0/1
  ip address 163.1.13.1 255.255.255.0
  encapsulation ppp
  ppp authentication chap

Rack1R3

interface Serial1/2
  ip address 163.1.13.3 255.255.255.0
  encapsulation ppp
  clock rate 64000
  ppp chap password 0 CISCO

Rick

On 25 aug 2008, at 21:15, Mark Stephanus Chandra wrote:

> Hi Scott,
>
> Thanks for replying, the debug said PPP authorization required
>
> When I do ppp authentication chap on both router, the line protocol
> just
> came up immediately.
>
> I do this in dynamips, IOS BUG maybe ?
>
> Regards
>
> Mark Stephanus Chandra
>
>
> -----Original Message-----
> From: Scott Morris [mailto:swm@emanon.com]
> Sent: Tuesday, August 26, 2008 10:58 AM
> To: 'Mark Stephanus Chandra'; ccielab@groupstudy.com
> Subject: RE: Chap Authentication
>
> What does your output from "debug ppp authentication" look like?
>
> Make sure you don't have a space after CISCO.
>
> It should work just fine. The lab I'm working on today did the same
> thing,
> works great.
>
> R2 will use its hostname by default (why you need to name) and then
> the
> password you specified.
>
> HTH,
>
>
> Scott Morris, CCIE4 #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al.
> CCSI/JNCI-M/JNCI-ER
> Senior CCIE Instructor
>
> smorris@internetworkexpert.com
>
>
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Outside US: 775-826-4344
> Online Community: Communities are what life is all about.
> CCIE Blog: To avoid the filter, we don't list it, but people love it.
>
> Knowledge is power.
> Power corrupts.
> Study hard and be Eeeeviiiil......
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Mark
> Stephanus Chandra
> Sent: Monday, August 25, 2008 11:38 PM
> To: ccielab@groupstudy.com
> Subject: Chap Authentication
>
> Dear Friends,
>
>
>
> Need Confirmation About CHAP Authentication in PPP Encapsulation.
>
>
>
> I have a lab topology R1 -----serial----------R2
>
>
>
> R1 have PPP encapsulation through R2
>
>
>
> Have A Task to do :
>
> 1. Configure R1 to challenge Chap Authentication to R2
>
> 2. R2 should respond with password CISCO
>
> 3. no username command at R2
>
>
>
> The solution provided :
>
> R1.
>
>
>
> username R2 password CISCO
>
>
>
> interface serial
>
> encapsulation PPP
>
> clockrate 64000
>
> ppp authentication CHAP
>
>
>
> R2.
>
>
>
> interface serial
>
> encapsulation PPP
>
> ppp chap password CISCO
>
>
>
> I tried the solution but it cannot make my line protocol serial goes
> up.
>
>
>
> My understanding about PPP Authentication CHAP so far is that we
> need to
> authenticate the router both direction. So I Think there is no way
> that we
> can get this authentication works without 'username command' on R2.
>
>
>
> Cause R1 need to authenticate also to R2 right ?
>
>
>
> But I also try this solution of mine but it doesn't work either :)
> Make me
> frustated.
>
>
>
> Can anyone help ?
>
>
>
>
>
> Thanks in advance guys
>
>
>
>
>
> Regards
>
>
>
> Mark Stephanus Chandra
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Roger Oliver: "BGP aggregate-address"
• Previous message: Mark Stephanus Chandra: "RE: Chap Authentication"
• Maybe in reply to: Mark Stephanus Chandra: "Chap Authentication"
• Next in thread: Rick Mur: "Re: Chap Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:32 ART