For the chap you need a common password such as "cisco". In your
configuration it would be easiest to change the pap username and the
chap will take the hostname as routername.
R3#
username R4 password 0 cisco
ppp pap sent-username R3_pap password 0 ciscoPAP
R4#
username R3_pap password 0 ciscoPAP
username R3 password 0 cisco
Rgds,
Richard
>> -----Original Message-----
>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> Matt Sherman
>> Sent: Monday, May 09, 2011 10:09 AM
>> To: Cisco certification
>> Subject: CHAP / PAP unidirectional authentication
>>
>> Hi,
>>
>> I'm having some problems with CHAP / PAP authentication. Can anyone
>> take a
>> look to see what I'm doing wrong - much appreciated. Here's the
>> scencario:
>>
>>
>> ************************************************************************
>> *****
>> *************************************************
>> Configure a point-to-point link between R3 (s1/0.304) and R4 (s1/0.403)
>> with
>> the following authentication parameters:
>>
>>
>>
>> * R3 should send a challenge when it is called by R4
>>
>> * R4 should use PAP authentication when it is called by R3
>>
>> * The password for CHAP authentication should be cisco , whereas, the
>> password for PAP should be set to ciscoPAP and the hostname should be
>> configured to be R3-PAP.
>> ************************************************************************
>> *****
>> *************************************************
>>
>>
>>
>> Here's my config which doesn't work:
>>
>>
>> ************************************************************************
>> *****
>> *************************************************
>>
>> *R3
>> *hostname R3
>>
>> !
>> username R4 password 0 cisco
>> !
>> interface Serial1/0.304 point-to-point
>> frame-relay interface-dlci 304 ppp Virtual-Template9
>> !
>> interface Virtual-Template9
>> ip address 192.168.34.3 255.255.255.0
>> ppp authentication chap callin
>> ppp pap sent-username R3 password 0 ciscoPAP
>>
>>
>>
>> *R4*
>>
>> hostname R4
>> !
>> username R3 password 0 ciscoPAP
>> !
>> interface Serial1/0.403 point-to-point
>> frame-relay interface-dlci 403 ppp Virtual-Template9
>> !
>> interface Virtual-Template9
>> ip address 192.168.34.4 255.255.255.0
>> ppp authentication pap callin
>> ppp chap password 0 cisco
>> ************************************************************************
>> *****
>> *************************************************
>>
>>
>>
>> Here are the debug logs:
>>
>>
>> ************************************************************************
>> *****
>> *************************************************
>>
>> R3#debug ppp authentication
>> PPP authentication debugging is on
>> R3#
>> *Mar 1 01:14:46.547: Vi2 PPP: Authorization required
>> *Mar 1 01:14:46.647: Vi2 PAP: Using hostname from interface PAP
>> *Mar 1 01:14:46.651: Vi2 PAP: Using password from interface PAP
>> *Mar 1 01:14:46.651: Vi2 PAP: O AUTH-REQ id 37 len 16 from "R3"
>> *Mar 1 01:14:46.655: Vi2 CHAP: O CHALLENGE id 37 len 23 from "R3"
>> *Mar 1 01:14:46.759: Vi2 CHAP: I RESPONSE id 37 len 23 from "R4"
>> *Mar 1 01:14:46.763: Vi2 PAP: I AUTH-NAK id 37 len 26 msg is
>> "Authentication failed"
>>
>> R4#debug ppp authentication
>> PPP authentication debugging is on
>> R4#
>> *Mar 1 01:15:59.763: Vi3 PPP: Authorization required
>> *Mar 1 01:15:59.955: Vi3 PAP: I AUTH-REQ id 63 len 16 from "R3"
>> *Mar 1 01:15:59.959: Vi3 PAP: Authenticating peer R3
>> *Mar 1 01:15:59.963: Vi3 CHAP: I CHALLENGE id 63 len 23 from "R3"
>> *Mar 1 01:15:59.971: Vi3 PPP: Sent PAP LOGIN Request
>> *Mar 1 01:15:59.983: Vi3 CHAP: Using hostname from unknown source
>> *Mar 1 01:15:59.983: Vi3 CHAP: Using password from AAA
>> *Mar 1 01:15:59.983: Vi3 CHAP: O RESPONSE id 63 len 23 from "R4"
>> *Mar 1 01:15:59.983: Vi3 PPP: Received LOGIN Response FAIL
>> *Mar 1 01:15:59.983: Vi3 PAP: O AUTH-NAK id 63 len 26 msg is
>> "Authentication failed"
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon May 09 2011 - 15:26:51 ART
This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:11 ART