From: CCIE expert (aronccie@gmail.com)
Date: Sun Dec 21 2008 - 21:10:13 ARST
I tried to break up the config where I do only pap on one side and then
only chap on one side and it works without the ppp chap hostname. However,
when I put them together using the same config nothing happends unless I add
the ppp chap hostname to the chap server side.
ppp chap hostname- from a servers prespective I will challenge with this
hostname and if client I will respond to this hostname
cisco - "To create a pool of dialup routers that all appear to be the same
host when authenticating with CHAP"
Rack1R1 <---- Server for Chap authentication and client for PAP
authentication
username ROUTER2 password 0 CISCO1
!
interface Serial1/0
no ip address
encapsulation frame-relay
frame-relay interface-dlci 102 ppp Virtual-Template1
!
interface Virtual-Template1
ip address 192.168.1.1 255.255.255.0
ppp authentication chap
ppp chap hostname Rackabc <-- It should work without it, but it doesn't.
If I change to any value except ROUTER2 it works
ppp pap sent-username Rack1R1 password 0 hello
Rack1R2 <---- Server for PAP authenticaiton and Client for CHAP
authentication
username Rack1R1 password 0 hello <~~~ used for PAP this router being the
server
!
interface Serial1/0
no ip address
encapsulation frame-relay
frame-relay interface-dlci 201 ppp Virtual-Template1
!
interface Virtual-Template1
ip address 192.168.1.2 255.255.255.0
ppp authentication pap
ppp chap hostname ROUTER2
ppp chap password 0 CISCO1
!
Without the ppp chap hostname on the server side
Virtual-Template1 192.168.1.1 YES manual down
down
Virtual-Access2 192.168.1.1 YES TFTP up
down
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
.....
With ppp chap hostname on the server side
Rack1R1(config-if)#ppp chap hostname Anything
Rack1R1(config-if)#
*Mar 1 02:25:19.167: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Virtual-Ac
cess2, changed state to up
Rack1R1(config-if)#do ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/83/144 ms
Break down one authentication at a time Rack1R1 is client Rack1R2 is the
server for PAP
Rack1R1
!
interface Serial1/0
no ip address
encapsulation frame-relay
frame-relay interface-dlci 102 ppp Virtual-Template1
!
interface Virtual-Template1
ip address 192.168.1.1 255.255.255.0
ppp pap sent-username Rack1R1 password 0 hello
Rack1R2 <---- Server for PAP authenticaiton
username Rack1R1 password 0 hello
!
interface Serial1/0
no ip address
encapsulation frame-relay
frame-relay interface-dlci 201 ppp Virtual-Template1
!
interface Virtual-Template1
ip address 192.168.1.2 255.255.255.0
ppp authentication pap
IT WORKS
Rack1R2(config-if)#do ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/91/204 ms
Break down one authentication at a time Rack1R1 is client Rack1R2 is the
server for CHAP
Rack1R1 Server for Chap
username ROUTER2 password 0 CISCO1
!
interface Serial1/0
no ip address
encapsulation frame-relay
frame-relay interface-dlci 102 ppp Virtual-Template1
!
interface Virtual-Template1
ip address 192.168.1.1 255.255.255.0
ppp authentication chap
Rack1R2
!
interface Serial1/0
no ip address
encapsulation frame-relay
frame-relay interface-dlci 201 ppp Virtual-Template1
!
interface Virtual-Template1
ip address 192.168.1.2 255.255.255.0
ppp chap hostname ROUTER2
ppp chap password 0 CISCO1
IT WORKS
Rack1R2(config-if)#do ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/92/260 ms
so why doesn't it work together?
Any guidence is much appreciated.
Aron
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:09 ARST