Frank,
I think you forgot to put the
ppp chap password cisco
It will not authenticate without it
Omar
-----Mensaje original-----
De: Frank B [mailto:[EMAIL PROTECTED]]
Enviado el: Wednesday, March 28, 2001 4:17 AM
Para: Santarsiero, Bill; [EMAIL PROTECTED]
Cc: Me @ Work; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Asunto: RE: CHAP authentication w/ dialer profiles
Remember these configs are nearly identical except that I use dialer 1 & 2
where Caslow uses 0 & 1 AND I removed the command "dialer remote-name
POLICY-1" from dialer interface 2 of the HEADQUARTERS router-it's the only
way the second b channel would come up when pinging the dialer2 ip address.
Also, at the very end below my initial post I included results of both the
successful ping to the ip address of the HQ routers dialer1 ip address AND
the unsuccessful one to the dialer2 interface which was unsuccessful (there
were 5 iterations-one for each icmp echo sent but I cut out the redundant
ones.)
Well here are the configs...the relevant portions anyway. Any advice would
be greatly appreciated. Thanks again, Frank
!
hostname HEADQUARTERS
!
username SATELLITE-1 password 0 cisco
!
isdn switch-type basic-ni
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-ni
isdn spid1 0835866101
isdn spid2 0835866301
ppp authentication chap
!
interface Dialer1
ip address 140.10.1.1 255.255.255.0
encapsulation ppp
dialer pool 1
dialer remote-name SATELLITE-1
dialer string 8358662
dialer-group 1
ppp authentication chap
ppp chap hostname backup
!
interface Dialer2
ip address 172.16.1.1 255.255.255.0
encapsulation ppp
dialer pool 1
dialer string 8358664
dialer-group 1
ppp authentication chap
ppp chap hostname oregon
!
dialer-list 1 protocol ip permit
------------------------------------------------
SATELLITE-1#
!
hostname SATELLITE-1
!
username backup password 0 cisco
username HEADQUARTERS password 0 cisco
username oregon password 0 cisco
!
isdn switch-type basic-ni
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-ni
isdn spid1 0835866201
isdn spid2 0835866401
ppp authentication chap
!
interface Dialer1
ip address 140.10.1.2 255.255.255.0
encapsulation ppp
dialer pool 1
dialer remote-name backup
dialer string 8358661
dialer-group 1
ppp authentication chap
!
interface Dialer2
ip address 172.16.1.2 255.255.255.0
encapsulation ppp
dialer pool 1
dialer remote-name oregon
dialer string 8358663
dialer-group 1
ppp authentication chap
!
dialer-list 1 protocol ip permit
-----Original Message-----
From: Frank B [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 27, 2001 3:13 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: Me @ Work
Subject: CHAP authentication w/ dialer profiles
Reference Caslow's 2d ed. Ch 5 pg 187-190
-----------------------------------------
Just when I thought I was really understanding CHAP with dialer profiles,
after getting the example begining on pg 188 to work as advertised and
reading the debugs. BTW-I had to remove the command dialer remote-name
policy-1 from HEADQUARTERS dialer1 interface in order to get it to work.
But anyway, I felt I was grasping an understaning of the relationship of the
routers' hostname, the ppp chap hostname to the opposite end dialer
remote-name etc...however, out of curiosity I tried to ping both interfaces
on the HEADQUARTERS router from the SATELLITE-1 router and for dialer1 I get
the message below (note the DDR error on the 14th line.) The funny thing
is, the successful ping to dialer0 had identical chap messages, leading me
to believe the chap went "OK"??? Is that possible? What did I miss?
Can anyone assist me in understanding why this didn't work? and perhaps, if
possible, how can I get it to work both ways with 2 dialer ints to the same
destination in opposite directions?? Thanks, Frank
SATELLITE-1#ping 140.10.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 140.10.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 32/32/32 ms
SATELLITE-1#
01:04:36: BR0 DDR: rotor dialout [priority]
01:04:36: BR0 DDR: Dialing cause ip (s=140.10.1.2, d=140.10.1.1)
01:04:36: BR0 DDR: Attempting to dial 8358661
01:04:158913789984: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
01:04:161079305788: BR0:1: interface must be fifo queue, force fifo
01:04:161079305604: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1
01:04:161061273573: BR0:1 PPP: Treating connection as a callout
01:04:37: BR0:1 CHAP: O CHALLENGE id 9 len 32 from "SATELLITE-1"
01:04:37: BR0:1 CHAP: I CHALLENGE id 9 len 33 from "HEADQUARTERS"
01:04:37: BR0:1 CHAP: O RESPONSE id 9 len 32 from "SATELLITE-1"
01:04:37: BR0:1 CHAP: I SUCCESS id 9 len 4
01:04:37: BR0:1 CHAP: I RESPONSE id 9 len 27 from "backup"
01:04:37: BR0:1 CHAP: O SUCCESS id 9 len 4
01:04:37: BR0:1 DDR: dialer protocol up
SATELLITE-1#
01:04:38: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed
state to up
SATELLITE-1#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SATELLITE-1#
01:04:56: BR0 DDR: rotor dialout [priority]
01:04:56: BR0 DDR: Dialing cause ip (s=172.16.1.2, d=172.16.1.1)
01:04:56: BR0 DDR: Attempting to dial 8358663
01:04:242683684196: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up
01:04:242683684412: BR0:2: interface must be fifo queue, force fifo
01:04:242683684228: %DIALER-6-BIND: Interface BR0:2 bound to profile Di2
01:04:242665652197: BR0:2 PPP: Treating connection as a callout
01:04:56: BR0:2 CHAP: O CHALLENGE id 7 len 32 from "SATELLITE-1"
01:04:56: BR0:2 CHAP: I CHALLENGE id 7 len 33 from "HEADQUARTERS"
01:04:56: BR0:2 CHAP: O RESPONSE id 7 len 32 from "SATELLITE-1"
01:04:56: BR0:2 CHAP: I SUCCESS id 7 len 4
01:04:56: BR0:2 CHAP: I RESPONSE id 7 len 27 from "backup"
01:04:56: BR0:2 CHAP: O SUCCESS id 7 len 4
01:04:56: BR0:2 DDR: Host name (backup) does not match Di2 configuration
01:04:56: BR0 DDR: has total 1 call(s), dial_out 1, dial_in 0
01:04:56: BR0:2 PPP: Treating connection as a callout
01:04:56: %DIALER-6-UNBIND: Interface BR0:2 unbound from profile Di2
01:04:56: BR0:2 DDR: disconnecting call
01:04:240518168580: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down
01:04:242683684420: BR0:2 DDR: disconnecting call
**NOTE** All LAB SWAP messages should now be sent to the
LAB SWAP Message board on groupstudy.com.
_______________________________________________________
To unsubscribe from the CCIELAB list, send a message to
[EMAIL PROTECTED] with the body containing:
unsubscribe ccielab
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]