Re: chap fails is hostname is not used on PPPoFR from naveen M S on 2009-04-05 (Ccielab archives 04/2009)

From: naveen M S <navin.ms_at_gmail.com>
Date: Sun, 5 Apr 2009 19:24:13 -0700

Thanks Ryan and Lejoe. Removing "ppp authentication chap" on R6 worked. You
guys rock !

On Sun, Apr 5, 2009 at 6:54 PM, Lejoe <styran_at_gmail.com> wrote:

> As Ryan said you need to remove ppp authentication chap from R6. With that
> configuration R6 too will try to authenticate BB1, in which case it must
> have a corresponding
>
> username BB1 password CISCO
>
> in its global configuration.
>
> Regards
>
> Lejoe
>
>
> On Mon, Apr 6, 2009 at 11:48 AM, Ryan West <rwest_at_zyedge.com> wrote:
>
>> In your first example, remove PPP authentication chap. You are being
>> authenticated, not the authenticator.
>>
>> Sent from handheld.
>>
>> On Apr 5, 2009, at 9:22 PM, "naveen M S" <navin.ms_at_gmail.com> wrote:
>>
>> > Group,
>> >
>> > Task is to authenticate R6 with BB1 over PPPoFR.
>> >
>> > Rack1R6 (s0/0/0)--------------FR------------------- (s0/0/0) BB1
>> >
>> > *BB1 is pre-configured as follows:*
>> >
>> > username ROUTER6 password 0 CISCO
>> > !
>> > interface Virtual-Template1
>> > ip address 54.1.7.254 255.255.255.0
>> > ppp authentication chap
>> > !
>> > interface Serial0/0/0.201 point-to-point
>> > frame-relay interface-dlci 201 ppp Virtual-Template1
>> > !
>> >
>> > *Task instructions are -*
>> >
>> > 1) BB1 will send authentication challenge with username=BB1
>> > 2) R6 should reply with username=ROUTER6 and MD5 password = CISCO
>> > 3) Do not use global "username " command for this task.
>> >
>> > *Configured the following on R6*
>> >
>> > interface Serial0/0/0
>> > no ip address
>> > encapsulation frame-relay
>> > no fair-queue
>> > frame-relay interface-dlci 201 ppp Virtual-Template1
>> > !
>> > !
>> > interface Virtual-Template1
>> > ip address 54.1.7.6 255.255.255.0
>> > ppp authentication chap
>> > ppp chap hostname ROUTER6
>> > ppp chap password 0 CISCO
>> >
>> > *Authentication fails with these messages*
>> >
>> > *Apr 6 00:22:54.938: Vi1 PPP: Authorization required
>> > *Apr 6 00:22:54.950: Vi1 CHAP: O CHALLENGE id 51 len 28 from
>> > "ROUTER6"
>> > *Apr 6 00:22:54.958: Vi1 CHAP: I CHALLENGE id 51 len 24 from "BB1"
>> > *Apr 6 00:22:54.962: Vi1 CHAP: Using hostname from interface CHAP
>> > *Apr 6 00:22:54.962: Vi1 CHAP: Using password from interface CHAP
>> > *Apr 6 00:22:54.962: Vi1 CHAP: O RESPONSE id 51 len 28 from "ROUTER6"
>> > *Apr 6 00:22:54.966: Vi1 CHAP: I RESPONSE id 51 len 24 from "BB1"
>> > *Apr 6 00:22:54.966: Vi1 PPP: Sent CHAP LOGIN Request
>> > *Apr 6 00:22:54.966: Vi1 PPP: Received LOGIN Response FAIL
>> > *Apr 6 00:22:54.966: Vi1 CHAP: O FAILURE id 51 len 25 msg is
>> > "Authentication failed"
>> >
>> > *Re-configured R6 as follows:*
>> >
>> > username BB1 password 0 CISCO
>> > !
>> > interface Serial0/0/0
>> > no ip address
>> > encapsulation frame-relay
>> > no fair-queue
>> > frame-relay interface-dlci 201 ppp Virtual-Template1
>> > !
>> > interface Virtual-Template1
>> > ip address 54.1.7.6 255.255.255.0
>> > ppp authentication chap
>> >
>> > *Re-configured BB1 as follows:
>> > *
>> > username Rack1R6 password 0 CISCO
>> > no username ROUTER6 password 0 CISCO
>> > !
>> > interface Virtual-Template1
>> > ip address 54.1.7.254 255.255.255.0
>> > ppp authentication chap
>> > !
>> > interface Serial0/0/0.201 point-to-point
>> > frame-relay interface-dlci 201 ppp Virtual-Template1
>> > !
>> >
>> > *Authetication was successful this time*
>> >
>> > *Apr 6 01:01:07.778: Vi1 CHAP: O CHALLENGE id 93 len 28 from
>> > "Rack1R6"
>> > *Apr 6 01:01:07.782: Vi1 CHAP: I CHALLENGE id 93 len 24 from "BB1"
>> > *Apr 6 01:01:07.782: Vi1 CHAP: Using hostname from unknown source
>> > *Apr 6 01:01:07.782: Vi1 CHAP: Using password from AAA
>> > *Apr 6 01:01:07.782: Vi1 CHAP: O RESPONSE id 93 len 28 from "Rack1R6"
>> > *Apr 6 01:01:07.802: Vi1 CHAP: I RESPONSE id 93 len 24 from "BB1"
>> > *Apr 6 01:01:07.802: Vi1 PPP: Sent CHAP LOGIN Request
>> > *Apr 6 01:01:07.802: Vi1 PPP: Received LOGIN Response PASS
>> > *Apr 6 01:01:07.802: Vi1 PPP: Sent LCP AUTHOR Request
>> > *Apr 6 01:01:07.802: Vi1 PPP: Sent IPCP AUTHOR Request
>> > *Apr 6 01:01:07.802: Vi1 LCP: Received AAA AUTHOR Response PASS
>> > *Apr 6 01:01:07.802: Vi1 IPCP: Received AAA AUTHOR Response PASS
>> > *Apr 6 01:01:07.802: Vi1 CHAP: O SUCCESS id 93 len 4
>> > *Apr 6 01:01:07.806: Vi1 CHAP: I SUCCESS id 93 len 4
>> > *Apr 6 01:01:07.810: Vi1 PPP: Sent IPCP AUTHOR Request
>> > **Apr 6 01:01:08.806: %LINEPROTO-5-UPDOWN: Line protocol on Interface
>> > Virtual-Access1, changed state to up*
>> >
>> > Can someone please help me understand what went wrong ? The solution
>> > for
>> > this task is exactly what was configured on R6, the first time. Am
>> > concerned
>> > that about connections to Backbone routers in the lab. If they fail to
>> > establish, the rest of the lab cannot be completed.
>> >
>> > TIA,
>> > Naveen.
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>>
>>
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Apr 05 2009 - 19:24:13 ART

This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART