Solved: Re: MICA-6DM and PAP Authentication

mjbriggs · ‎06-19-2003

Hi and sorry for a newbie type question !

I am dialing OUT from a 3640 router with MICA-6DM modems and am trying to connect to a service running PPP with PAP authentication.I can access this service from my laptop using Windows DUN.

The router/modem dials the service but a debug of ppp negotiation suggests a fairly basic problem.

I have attached the debug and a show run from the router..For some reason asynv/sync is bugging me !!

PPP protocol negotiation debugging is on

CNS_LRD#term mon

CNS_LRD#

*Mar 1 00:37:25: %LINK-3-UPDOWN: Interface Async94, changed state to up

*Mar 1 00:37:25: %DIALER-6-BIND: Interface As94 bound to profile Di3

00:37:25: As94 PPP: Treating connection as a callout

00:37:25: As94 PPP: Phase is ESTABLISHING, Active Open

00:37:25: As94 LCP: O CONFREQ [Closed] id 12 len 24

00:37:25: As94 LCP: ACCM 0x000A0000 (0x0206000A0000)

00:37:25: As94 LCP: AuthProto PAP (0x0304C023)

00:37:25: As94 LCP: MagicNumber 0x60A57DB7 (0x050660A57DB7)

00:37:25: As94 LCP: PFC (0x0702)

00:37:25: As94 LCP: ACFC (0x0802)

00:37:27: As94 LCP: TIMEout: State REQsent

00:37:27: As94 LCP: O CONFREQ [REQsent] id 13 len 24

00:37:27: As94 LCP: ACCM 0x000A0000 (0x0206000A0000)

00:37:27: As94 LCP: AuthProto PAP (0x0304C023)

00:37:27: As94 LCP: MagicNumber 0x60A57DB7 (0x050660A57DB7)

00:37:27: As94 LCP: PFC (0x0702)

00:37:27: As94 LCP: ACFC (0x0802)

00:37:28: As94 LCP: I CONFACK [REQsent] id 13 len 24

00:37:28: As94 LCP: ACCM 0x000A0000 (0x0206000A0000)

00:37:28: As94 LCP: AuthProto PAP (0x0304C023)

00:37:28: As94 LCP: MagicNumber 0x60A57DB7 (0x050660A57DB7)

00:37:28: As94 LCP: PFC (0x0702)

00:37:28: As94 LCP: ACFC (0x0802)

00:37:28: As94 LCP: I CONFREQ [ACKrcvd] id 81 len 24

00:37:28: As94 LCP: ACCM 0x000A0000 (0x0206000A0000)

00:37:28: As94 LCP: AuthProto PAP (0x0304C023)

00:37:28: As94 LCP: MagicNumber 0x817E4680 (0x0506817E4680)

00:37:28: As94 LCP: PFC (0x0702)

00:37:28: As94 LCP: ACFC (0x0802)

00:37:28: As94 LCP: O CONFACK [ACKrcvd] id 81 len 24

00:37:28: As94 LCP: ACCM 0x000A0000 (0x0206000A0000)

00:37:28: As94 LCP: AuthProto PAP (0x0304C023)

00:37:28: As94 LCP: MagicNumber 0x817E4680 (0x0506817E4680)

00:37:28: As94 LCP: PFC (0x0702)

00:37:28: As94 LCP: ACFC (0x0802)

00:37:28: As94 LCP: State is Open

00:37:28: As94 PPP: Phase is AUTHENTICATING, by both

00:37:28: As94 PAP: O AUTH-REQ id 3 len 39 from "lavendj.lrdirect.co.uk"

00:37:30: As94 PAP: I AUTH-ACK id 3 len 5

00:37:30: As94 IPCP: PPP phase is AUTHENTICATING, discarding packet

00:37:32: As94 IPCP: PPP phase is AUTHENTICATING, discarding packet

00:37:35: As94 IPCP: PPP phase is AUTHENTICATING, discarding packet

00:37:37: As94 IPCP: PPP phase is AUTHENTICATING, discarding packet

00:37:39: As94 IPCP: PPP phase is AUTHENTICATING, discarding packet

00:37:41: As94 IPCP: PPP phase is AUTHENTICATING, discarding packet

00:37:43: As94 IPCP: PPP phase is AUTHENTICATING, discarding packet

00:37:45: As94 IPCP: PPP phase is AUTHENTICATING, discarding packet

00:37:47: As94 IPCP: PPP phase is AUTHENTICATING, discarding packet

00:37:49: As94 IPCP: PPP phase is AUTHENTICATING, discarding packet

00:37:52: As94 IPCP: PPP phase is AUTHENTICATING, discarding packet

hostname CNS_LRD

!

logging buffered 16384 debugging

enable secret 5 $1$MuF.$UG1pTHOyPfCv07JOnIj5W1

!

modem country mica united-kingdom

ip subnet-zero

no ip domain-lookup

ip name-server 10.90.193.202

ip name-server 10.90.193.203

!

isdn switch-type primary-net5

!

controller E1 1/0

pri-group timeslots 1-31

description ISDN PRI 0121-245-2440

!

interface Loopback0

ip address 172.17.253.253 255.255.255.255

!

interface FastEthernet0/0

description link to firewall via hub

ip address 172.17.1.45 255.255.255.0

ip nat inside

duplex auto

speed 10

!

interface Serial1/0:15

no ip address

encapsulation ppp

dialer pool-member 1

isdn switch-type primary-net5

isdn incoming-voice modem

no fair-queue

no cdp enable

ppp authentication chap ms-chap

ppp multilink

!

interface Serial3/0

bandwidth 64

ip unnumbered Loopback0

shutdown

!

interface Serial3/1

no ip address

shutdown

!

interface Serial3/2

bandwidth 64

ip unnumbered Loopback0

shutdown

!

interface Serial3/3

bandwidth 64

ip unnumbered Loopback0

shutdown

!

interface Serial3/4

bandwidth 64

ip unnumbered Loopback0

shutdown

!

interface Serial3/5

bandwidth 64

ip unnumbered Loopback0

shutdown

no fair-queue

!

interface Serial3/6

bandwidth 64

ip unnumbered Loopback0

no keepalive

shutdown

!

interface Serial3/7

bandwidth 64

ip unnumbered Loopback0

no keepalive

shutdown

!

interface Group-Async1

ip address negotiated

encapsulation ppp

dialer in-band

dialer pool-member 2

autodetect encapsulation ppp lapb-ta

async mode dedicated

no peer default ip address

group-range 65 94

hold-queue 10 in

!

interface Dialer1

description CNS_PSTN1

ip unnumbered Loopback0

encapsulation ppp

dialer pool 2

dialer remote-name CNS_PSTN1

dialer idle-timeout 300

dialer enable-timeout 10

dialer wait-for-carrier-time 180

dialer-group 1

autodetect encapsulation ppp v120

peer default ip address pool PSTN1

no fair-queue

pulse-time 0

no cdp enable

ppp authentication chap

ppp chap password 7 000301131D5E19035E7241

!

interface Dialer2

description *** CNS_BT ***

ip address 172.17.251.48 255.255.255.0

encapsulation ppp

no ip mroute-cache

dialer pool 1

dialer remote-name CNS_BT

dialer string 01212331659

dialer-group 1

no peer default ip address

no fair-queue

pulse-time 0

ppp authentication chap

ppp multilink

!

interface Dialer3

description *** Land Registry Direct ***

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 2

dialer remote-name lavendj.lrdirect.co.uk

dialer wait-for-carrier-time 60

dialer string 08450390206

dialer-group 1

no peer default ip address

no fair-queue

no cdp enable

ppp authentication pap

ppp pap sent-username lavendj.lrdirect.co.uk password 7 03085A1D030125461C58495

7

!

interface Dialer4

description *** CNS Test Analogue Dial out ***

ip address 172.17.249.1 255.255.255.0

encapsulation ppp

dialer pool 2

dialer remote-name CNS_Test1

dialer idle-timeout 300

dialer enable-timeout 10

dialer wait-for-carrier-time 180

dialer string 01213033694

dialer-group 1

autodetect encapsulation ppp v120

no peer default ip address

no fair-queue

pulse-time 0

no cdp enable

ppp multilink

!

interface Dialer5

description *** CNS Test RAS_CL ***

ip address negotiated

encapsulation ppp

dialer pool 2

dialer remote-name Library_A5300_7thFl

dialer idle-timeout 300

dialer enable-timeout 10

dialer wait-for-carrier-time 180

dialer string 01212464202

dialer-group 1

autodetect encapsulation ppp v120

no peer default ip address

no fair-queue

no cdp enable

ppp authentication chap

ppp chap hostname perapltn

ppp chap password 7 071C2D4447010E07

ppp multilink

!

interface Dialer6

description *** Mike_Briggs ***

ip unnumbered Loopback0

ip nat inside

encapsulation ppp

no ip mroute-cache

dialer pool 1

dialer remote-name MikeBriggs

dialer-group 1

autodetect encapsulation ppp v120

peer default ip address pool PSTN1

no fair-queue

pulse-time 0

ppp authentication ms-chap ppp chap password 7 071C3545421D160B4013

ppp multilink

!

router eigrp 1

passive-interface Serial1/0:15

passive-interface Dialer1

passive-interface Dialer2

passive-interface Dialer3

passive-interface Dialer4

passive-interface Dialer5

network 172.17.0.0

no auto-summary

no eigrp log-neighbor-changes

!

ip local pool PSTN1 172.17.1.6 172.17.1.30

ip nat inside source route-map LRD interface Dialer3 overload

ip classless

ip route 10.0.0.0 255.0.0.0 172.17.1.39

ip route 10.110.128.0 255.255.252.0 172.17.1.39

ip route 172.17.247.0 255.255.255.0 Dialer5

ip route 172.17.248.0 255.255.255.0 Dialer4

ip route 195.166.13.0 255.255.255.0 Dialer3

no ip http server

!

access-list 100 permit ip any host 195.166.13.131 log

dialer-list 1 protocol ip permit

route-map LRD permit 1

match ip address 100

Finally I am using Dialer3 to connect to the service

Many Thanks for any help you can give me !!

Kind Regards

Mike

hbaerten · ‎06-19-2003

Hi Mike,

it looks like your router authenticates itself to the peer allright but then waits for the peer to authenticate itself to him (but the peer does not send any authentication and instead starts the IPCP negotiation which is ignored by the local router).

So you can either implement one-way authentication by changing

ppp authentication pap

into

ppp authentication pap callin

This way your router will only require authentication from the peer on incoming calls, not when you dial out.

Alternatively you can ask the peer's administrator to implement two-way authentication but I guess this is not needed in most cases.

hth

Herbert

View solution in original post

hbaerten · ‎06-19-2003

Hi Mike,

it looks like your router authenticates itself to the peer allright but then waits for the peer to authenticate itself to him (but the peer does not send any authentication and instead starts the IPCP negotiation which is ignored by the local router).

So you can either implement one-way authentication by changing

ppp authentication pap

into

ppp authentication pap callin

This way your router will only require authentication from the peer on incoming calls, not when you dial out.

Alternatively you can ask the peer's administrator to implement two-way authentication but I guess this is not needed in most cases.

hth

Herbert

mjbriggs · ‎06-19-2003

WHOOOOO!!!!!!!

Outstanding my friend...ammended dialer3 so that it used PAP callin and it worked first time..first beers on me ..Thanks so much !