Re: PPP CHAP/PAP Authentication over Frame-relay doesn't work

From: CCIE expert (aronccie@gmail.com)
Date: Sun Dec 21 2008 - 21:21:45 ARST

• Next message: Jonny English: "CCIE Voice"
• Previous message: CCIE expert: "PPP CHAP/PAP Authentication over Frame-relay doesn't work"
• Maybe in reply to: CCIE expert: "PPP CHAP/PAP Authentication over Frame-relay doesn't work"
• Next in thread: CCIE expert: "Re: PPP CHAP/PAP Authentication over Frame-relay doesn't work"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sorry I noticed I made a mistake on the description for
"Break down one authentication at a time Rack1R1 is client Rack1R2 is the
server for CHAP"
should be

Break down one authentication at a time Rack1R1 is server Rack1R2 is the
client for CHAP I updated the email below

On Sun, Dec 21, 2008 at 6:10 PM, CCIE expert <aronccie@gmail.com> wrote:

> I tried to break up the config where I do only pap on one side and then
> only chap on one side and it works without the ppp chap hostname. However,
> when I put them together using the same config nothing happends unless I add
> the ppp chap hostname to the chap server side.
>
> ppp chap hostname- from a servers prespective I will challenge with this
> hostname and if client I will respond to this hostname
>
> cisco - "To create a pool of dialup routers that all appear to be the same
> host when authenticating with CHAP"
>
> Rack1R1 <---- Server for Chap authentication and client for PAP
> authentication
>
> username ROUTER2 password 0 CISCO1
> !
> interface Serial1/0
> no ip address
> encapsulation frame-relay
> frame-relay interface-dlci 102 ppp Virtual-Template1
> !
> interface Virtual-Template1
> ip address 192.168.1.1 255.255.255.0
> ppp authentication chap
> ppp chap hostname Rackabc <-- It should work without it, but it doesn't.
> If I change to any value except ROUTER2 it works
> ppp pap sent-username Rack1R1 password 0 hello
>
>
> Rack1R2 <---- Server for PAP authenticaiton and Client for CHAP
> authentication
> username Rack1R1 password 0 hello <~~~ used for PAP this router being the
> server
> !
> interface Serial1/0
> no ip address
> encapsulation frame-relay
> frame-relay interface-dlci 201 ppp Virtual-Template1
> !
> interface Virtual-Template1
> ip address 192.168.1.2 255.255.255.0
> ppp authentication pap
> ppp chap hostname ROUTER2
> ppp chap password 0 CISCO1
> !
>
> Without the ppp chap hostname on the server side
> Virtual-Template1 192.168.1.1 YES manual down
> down
>
> Virtual-Access2 192.168.1.1 YES TFTP up
> down
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
> .....
>
> With ppp chap hostname on the server side
>
> Rack1R1(config-if)#ppp chap hostname Anything
> Rack1R1(config-if)#
> *Mar 1 02:25:19.167: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Virtual-Ac
> cess2, changed state to up
> Rack1R1(config-if)#do ping 192.168.1.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 40/83/144 ms
>
> Break down one authentication at a time Rack1R1 is client Rack1R2 is the
> server for PAP
>
> Rack1R1
> !
> interface Serial1/0
> no ip address
> encapsulation frame-relay
> frame-relay interface-dlci 102 ppp Virtual-Template1
> !
> interface Virtual-Template1
> ip address 192.168.1.1 255.255.255.0
> ppp pap sent-username Rack1R1 password 0 hello
>
>
> Rack1R2 <---- Server for PAP authenticaiton
> username Rack1R1 password 0 hello
> !
> interface Serial1/0
> no ip address
> encapsulation frame-relay
> frame-relay interface-dlci 201 ppp Virtual-Template1
> !
> interface Virtual-Template1
> ip address 192.168.1.2 255.255.255.0
> ppp authentication pap
>
> IT WORKS
>
> Rack1R2(config-if)#do ping 192.168.1.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 8/91/204 ms
>
>
> Break down one authentication at a time Rack1R1 is server Rack1R2 is the
> client for CHAP
>
> Rack1R1 Server for Chap
>
> username ROUTER2 password 0 CISCO1
> !
> interface Serial1/0
> no ip address
> encapsulation frame-relay
> frame-relay interface-dlci 102 ppp Virtual-Template1
> !
> interface Virtual-Template1
> ip address 192.168.1.1 255.255.255.0
> ppp authentication chap
>
>
> Rack1R2
> !
> interface Serial1/0
> no ip address
> encapsulation frame-relay
> frame-relay interface-dlci 201 ppp Virtual-Template1
> !
> interface Virtual-Template1
> ip address 192.168.1.2 255.255.255.0
> ppp chap hostname ROUTER2
> ppp chap password 0 CISCO1
>
> IT WORKS
> Rack1R2(config-if)#do ping 192.168.1.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 32/92/260 ms
>
> so why doesn't it work together?
>
>
> Any guidence is much appreciated.
>
> Aron

Blogs and organic groups at http://www.ccie.net

• Next message: Jonny English: "CCIE Voice"
• Previous message: CCIE expert: "PPP CHAP/PAP Authentication over Frame-relay doesn't work"
• Maybe in reply to: CCIE expert: "PPP CHAP/PAP Authentication over Frame-relay doesn't work"
• Next in thread: CCIE expert: "Re: PPP CHAP/PAP Authentication over Frame-relay doesn't work"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:09 ARST