GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: Help on PPP Authentication - Side Note [7:86316] posted 03/25/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


I assume you mean confirm that the *remote* side is configured properly?
If your side is configured correctly ('show run') and the link is
pinging successfully you have confirmed that ppp authentication is
working and configured properly on the other side. If your concern is
router load on a production router, I can assure you that 'debug ppp
auth' presents a very light load and you should have no concern about
crashing the router.

>-----Original Message-----
>From: Serran [mailto:groupstudy@xxxxxxxxxxxxxxx] 
>Sent: Wednesday, March 24, 2004 11:58 PM
>To: Jonathan Hays
>Subject: RE: Help on PPP Authentication - Side Note [7:86316]
>
>
>As a side topic: to ppp authentication..
>
>Is it possible to confirm that a link has been configured with 
>ppp authe
>without bringing the line down and debugging ppp auth?
>
>
>cheers
>Serran
>
>-----Original Message-----
>From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx]On Behalf Of
>Jonathan Hays
>Sent: Thursday, 25 March 2004 3:47 PM
>To: cisco@xxxxxxxxxxxxxx
>Subject: RE: Help on PPP Authentication [7:86316]
>
>
>you wrote:
>>-----Original Message-----
>>From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On
>>Behalf Of John Brandis
>>Sent: Wednesday, March 24, 2004 7:05 PM
>>To: cisco@xxxxxxxxxxxxxx
>>Subject: Help on PPP Authentication [7:86316]
>>
>>
>>Hi All,
>>
>>Have an issue here with two routers over ISDN. I am pretty sure that I
>>cant communicate between the two because the link is not being brought
>>up properly. I see that after 110 seconds, the link dies. I debug ppp
>>authent, and I see the following.
>>
>>
>>00:16:37: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66
>>changed to
>>up
>>00:16:37: %DIALER-6-BIND: Interface BRI0:2 bound to profile Diale
>>00:16:37: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up
>>00:16:37: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
>>00:16:37: %DIALER-6-BIND: Interface BRI0:1 bound to profile Dialer0
>>00:16:43: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to
>>111111111
>>
>>syd-2520#sh ip route static
>>     10.0.0.0/8 is variably subnetted, 54 subnets, 5 masks
>>S       10.9.9.2/32 is directly connected, Dialer0
>>S       10.64.30.0/24 [200/0] via 10.9.9.2
>>syd-2520#debug
>>syd-2520#debug ppp
>>syd-2520#debug ppp auth
>>syd-2520#debug ppp authentication cha
>>syd-2520#debug ppp authentication ch?
>>% Unrecognized command
>>syd-2520#debug ppp authentication ?
>>
>>
>>syd-2520#debug ppp authentication
>>PPP authentication debugging is on
>>syd-2520#
>>syd-2520#
>>syd-2520#
>>00:17:29: BR0:1 CHAP: O CHALLENGE id 6 len 29 from "syd-2520"
>>00:17:29: BR0:2 CHAP: O CHALLENGE id 6 len 29 from "syd-2520"
>>00:17:29: BR0:2 CHAP: I CHALLENGE id 6 len 29 from "syd-2520"
>>00:17:29: BR0:2 CHAP: Waiting for peer to authenticate first
>>00:17:29: BR0:1 CHAP: I CHALLENGE id 6 len 29 from "syd-2520"
>>00:17:29: BR0:1 CHAP: Ignoring Challenge with local namesh
>>00:17:39: BR0:1 CHAP: O CHALLENGE id 7 len 29 from "syd-2520"
>>00:17:39: BR0:2 CHAP: O CHALLENGE id 7 len 29 from "syd-2520"
>>00:17:39: BR0:2 CHAP: I CHALLENGE id 7 len 29 from "syd-2520"
>>00:17:39: BR0:2 CHAP: Waiting for peer to authenticate first
>>00:17:39: BR0:1 CHAP: I CHALLENGE id 7 len 29 from "syd-2520"
>>00:17:39: BR0:1 CHAP: Ignoring Challenge with local name
>>00:17:49: BR0:1 CHAP: O CHALLENGE id 8 len 29 from "syd-2520"
>>00:17:49: BR0:2 CHAP: O CHALLENGE id 8 len 29 from "syd-2520"
>>00:17:49: BR0:2 CHAP: I CHALLENGE id 8 len 29 from "syd-2520"
>>00:17:49: BR0:2 CHAP: Waiting for peer to authenticate first
>>00:17:49: BR0:1 CHAP: I CHALLENGE id 8 len 29 from "syd-2520"
>>00:17:49: BR0:1 CHAP: Ignoring Challenge with local name
>>
>>
>>Here is a part of the config on each router
>>
>>Syd-2520 (making the call)
>>
>>username routera password 0 letmein
>>
>>RouterA (peer)
>>
>>Username syd-2520 password 0 letmein
>>
>= = =
>This is what you should see under debug ppp auth when you ping:
>
>R2#
>*Apr 10 04:26:57.280: %LINK-3-UPDOWN: Interface BRI1/0:1, changed state
>to up
>*Apr 10 04:26:57.284: BR1/0:1 PPP: Using dialer call direction
>*Apr 10 04:26:57.284: BR1/0:1 PPP: Treating connection as a callout
>*Apr 10 04:26:57.300: BR1/0:1 CHAP: O CHALLENGE id 35 len 23 from "R2"
>*Apr 10 04:26:57.308: BR1/0:1 CHAP: I CHALLENGE id 35 len 23 from "R5"
>*Apr 10 04:26:57.308: BR1/0:1 CHAP: O RESPONSE id 35 len 23 from "R2"
>*Apr 10 04:26:57.324: BR1/0:1 CHAP: I SUCCESS id 35 len 4
>*Apr 10 04:26:57.328: BR1/0:1 CHAP: I RESPONSE id 35 len 23 from "R5"
>*Apr 10 04:26:57.328: BR1/0:1 CHAP: O SUCCESS id 35 len 4
>R2#
>*Apr 10 04:26:58.328: %LINEPROTO-5-UPDOWN: Line protocol on Interface
>BRI1/0:1, changed state to up
>R2#
>*Apr 10 04:27:03.280: %ISDN-6-CONNECT: Interface BRI1/0:1 is now
>connected to 8358661 R5
>R2#
>
>I suggest removing authentication to verify it works without it. You
>also need to post more complete configurations, including all relevant
>information. Here are mine for reference:
>
>R2#sh run int bri1/0
>Building configuration...
>
>Current configuration : 242 bytes
>!
>interface BRI1/0
> ip address 25.2.2.2 255.255.255.0
> encapsulation ppp
> dialer map ip 25.2.2.5 name R5 broadcast 8358661
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 0835866201
> isdn spid2 0835866401
> ppp authentication chap
>end
>
>R2#sh run | include dialer-list
>dialer-list 1 protocol ip permit
>R2#sh run | include username
>username R5 password 0 cisco
>R2#
>= = = = =
>R5#sh run int bri1/0
>Building configuration...
>
>Current configuration : 242 bytes
>!
>interface BRI1/0
> ip address 25.2.2.5 255.255.255.0
> encapsulation ppp
> dialer map ip 25.2.2.2 name R2 broadcast 8358662
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 0835866101
> isdn spid2 0835866301
> ppp authentication chap
>end
>
>R5#sh run | i dialer-list
>dialer-list 1 protocol ip permit
>R5#sh run | i username
>username R2 password 0 cisco
>R5#
>**Please support GroupStudy by purchasing from the GroupStudy Store:
>http://shop.groupstudy.com
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=86354&t=86316
--------------------------------------------------
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html