As Ryan said you need to remove ppp authentication chap from R6. With that
configuration R6 too will try to authenticate BB1, in which case it must
have a corresponding
username BB1 password CISCO
in its global configuration.
Regards
Lejoe
On Mon, Apr 6, 2009 at 11:48 AM, Ryan West <rwest_at_zyedge.com> wrote:
> In your first example, remove PPP authentication chap. You are being
> authenticated, not the authenticator.
>
> Sent from handheld.
>
> On Apr 5, 2009, at 9:22 PM, "naveen M S" <navin.ms_at_gmail.com> wrote:
>
> > Group,
> >
> > Task is to authenticate R6 with BB1 over PPPoFR.
> >
> > Rack1R6 (s0/0/0)--------------FR------------------- (s0/0/0) BB1
> >
> > *BB1 is pre-configured as follows:*
> >
> > username ROUTER6 password 0 CISCO
> > !
> > interface Virtual-Template1
> > ip address 54.1.7.254 255.255.255.0
> > ppp authentication chap
> > !
> > interface Serial0/0/0.201 point-to-point
> > frame-relay interface-dlci 201 ppp Virtual-Template1
> > !
> >
> > *Task instructions are -*
> >
> > 1) BB1 will send authentication challenge with username=BB1
> > 2) R6 should reply with username=ROUTER6 and MD5 password = CISCO
> > 3) Do not use global "username " command for this task.
> >
> > *Configured the following on R6*
> >
> > interface Serial0/0/0
> > no ip address
> > encapsulation frame-relay
> > no fair-queue
> > frame-relay interface-dlci 201 ppp Virtual-Template1
> > !
> > !
> > interface Virtual-Template1
> > ip address 54.1.7.6 255.255.255.0
> > ppp authentication chap
> > ppp chap hostname ROUTER6
> > ppp chap password 0 CISCO
> >
> > *Authentication fails with these messages*
> >
> > *Apr 6 00:22:54.938: Vi1 PPP: Authorization required
> > *Apr 6 00:22:54.950: Vi1 CHAP: O CHALLENGE id 51 len 28 from
> > "ROUTER6"
> > *Apr 6 00:22:54.958: Vi1 CHAP: I CHALLENGE id 51 len 24 from "BB1"
> > *Apr 6 00:22:54.962: Vi1 CHAP: Using hostname from interface CHAP
> > *Apr 6 00:22:54.962: Vi1 CHAP: Using password from interface CHAP
> > *Apr 6 00:22:54.962: Vi1 CHAP: O RESPONSE id 51 len 28 from "ROUTER6"
> > *Apr 6 00:22:54.966: Vi1 CHAP: I RESPONSE id 51 len 24 from "BB1"
> > *Apr 6 00:22:54.966: Vi1 PPP: Sent CHAP LOGIN Request
> > *Apr 6 00:22:54.966: Vi1 PPP: Received LOGIN Response FAIL
> > *Apr 6 00:22:54.966: Vi1 CHAP: O FAILURE id 51 len 25 msg is
> > "Authentication failed"
> >
> > *Re-configured R6 as follows:*
> >
> > username BB1 password 0 CISCO
> > !
> > interface Serial0/0/0
> > no ip address
> > encapsulation frame-relay
> > no fair-queue
> > frame-relay interface-dlci 201 ppp Virtual-Template1
> > !
> > interface Virtual-Template1
> > ip address 54.1.7.6 255.255.255.0
> > ppp authentication chap
> >
> > *Re-configured BB1 as follows:
> > *
> > username Rack1R6 password 0 CISCO
> > no username ROUTER6 password 0 CISCO
> > !
> > interface Virtual-Template1
> > ip address 54.1.7.254 255.255.255.0
> > ppp authentication chap
> > !
> > interface Serial0/0/0.201 point-to-point
> > frame-relay interface-dlci 201 ppp Virtual-Template1
> > !
> >
> > *Authetication was successful this time*
> >
> > *Apr 6 01:01:07.778: Vi1 CHAP: O CHALLENGE id 93 len 28 from
> > "Rack1R6"
> > *Apr 6 01:01:07.782: Vi1 CHAP: I CHALLENGE id 93 len 24 from "BB1"
> > *Apr 6 01:01:07.782: Vi1 CHAP: Using hostname from unknown source
> > *Apr 6 01:01:07.782: Vi1 CHAP: Using password from AAA
> > *Apr 6 01:01:07.782: Vi1 CHAP: O RESPONSE id 93 len 28 from "Rack1R6"
> > *Apr 6 01:01:07.802: Vi1 CHAP: I RESPONSE id 93 len 24 from "BB1"
> > *Apr 6 01:01:07.802: Vi1 PPP: Sent CHAP LOGIN Request
> > *Apr 6 01:01:07.802: Vi1 PPP: Received LOGIN Response PASS
> > *Apr 6 01:01:07.802: Vi1 PPP: Sent LCP AUTHOR Request
> > *Apr 6 01:01:07.802: Vi1 PPP: Sent IPCP AUTHOR Request
> > *Apr 6 01:01:07.802: Vi1 LCP: Received AAA AUTHOR Response PASS
> > *Apr 6 01:01:07.802: Vi1 IPCP: Received AAA AUTHOR Response PASS
> > *Apr 6 01:01:07.802: Vi1 CHAP: O SUCCESS id 93 len 4
> > *Apr 6 01:01:07.806: Vi1 CHAP: I SUCCESS id 93 len 4
> > *Apr 6 01:01:07.810: Vi1 PPP: Sent IPCP AUTHOR Request
> > **Apr 6 01:01:08.806: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> > Virtual-Access1, changed state to up*
> >
> > Can someone please help me understand what went wrong ? The solution
> > for
> > this task is exactly what was configured on R6, the first time. Am
> > concerned
> > that about connections to Backbone routers in the lab. If they fail to
> > establish, the rest of the lab cannot be completed.
> >
> > TIA,
> > Naveen.
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
>
>
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 06 2009 - 11:54:35 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART