Hi,
yeah I found the problem. When I first entered the password on one router I accidentally appended a space at the end of the line - an error which is pretty hard to sport even when password encryption is disabled. 'ppp debug nego' and 'ppp debug auth' are really helpful here. After much fiddling with the password lines it finally worked. And since the only visible difference was the inclusion of the local router, I thought that was the root of all evil. Instead, it was the trailing space in the password on one side. With password encryption disabled you can actually see this problem with most terminal programs. If you are able to select one character after the supposed password without selecting until the end of the line you certainly have that tricky trailing space. Thank you all for the clarification. Cheers, Christian On 22.09.2013, at 04:33, Bob McCouch <[email protected]> wrote: > I second the idea of watching debugs... 'deb ppp nego' is usually REALLY > clear about what's happening. For what it's worth, though, you shouldn't need > the username for the "local" router, and in my lab your configs worked as-is: > > R7: > interface Serial1/0 > ip address 192.168.11.5 255.255.255.252 > encapsulation ppp > ppp authentication chap > ppp chap password 0 ipexpert > serial restart-delay 0 > clock rate 2016000 > ! > username R8 password 0 ipexpert > > R7#show int s1/0 | i line proto|LCP|IPCP > Serial1/0 is up, line protocol is up > Encapsulation PPP, LCP Open > Open: IPCP, CDPCP, crc 16, loopback not set > > > R8: > interface Serial1/0 > ip address 192.168.11.6 255.255.255.252 > encapsulation ppp > ppp authentication chap > ppp chap password 0 ipexpert > serial restart-delay 0 > ! > username R7 password 0 ipexpert > > > R8#show int s1/0 | i line proto|LCP|IPCP > Serial1/0 is up, line protocol is up > Encapsulation PPP, LCP Open > Open: IPCP, CDPCP, crc 16, loopback not set > > > Best Regards, > Bob McCouch > CCIE #38296 > HerdingPackets.net > > > On Sat, Sep 21, 2013 at 2:58 PM, Matt McAdory <[email protected]> wrote: > Have you read: > TS flow chart > http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4130.shtml > > general config docs > http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4131.shtml > http://www.cisco.com/en/US/tech/tk713/tk507/technologies_configuration_example09186a0080094333.shtml?referring_site=bodynav > > > 'debug ppp authentication' and 'debug ppp negotiation' are your friends. > Matt > > > On Sat, Sep 21, 2013 at 8:53 AM, Christian Schröder > <[email protected]> wrote: > > Hi all, > > > > > > I have one question about PPP CHAP authentication where I don't find any > > documentation explaining the following in detail. > > > > Suppose we have two routers R7 and R8 connected directly via Back2Back > > serial and an encapsulation of PPP. > > > > As far as I understand the following applies: > > For the successful of a mutual CHAP authentication the following > > preconditions should match. > > 1. R7 knows of a password used for its authentication against R8 > > 2. R8 knows R7s password to check for successful authentication > > and vice versa. > > > > I thought for Point 1 the configuration line "ppp chap password …" is used > > And for Step 2 a normal username/password line is needed like in the > > example below. > > > > Interestingly, this does not work until I uncomment the lines preceded with > > an exclamation mark > > where the password for the router itself is configured. > > Now, I am confused about the relation between the three passwords per side > > ("username REMOTEROUTER password PW", "username THISROUTER password PW", > > "ppp chap password PW"). > > > > Why is it necessary to specify them all? > > > > > > Cheers, > > Christian > > > > > > #### On R7: > > username R8 password ipexpert > > !username R7 password ipexpert > > > > interface Serial0/0/0 > > ip address 192.168.11.5 255.255.255.252 > > encapsulation ppp > > clock rate 2000000 > > ppp authentication chap > > ppp chap password ipexpert > > > > > > > > > > #### On R8 : > > username R7 password ipexpert > > !username R8 password ipexpert > > > > interface Serial0/0/0 > > ip address 192.168.11.6 255.255.255.252 > > encapsulation ppp > > ppp authentication chap > > ppp chap password ipexpert > > > > > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com > > > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
