04-14-2003 07:31 AM - edited 03-04-2019 02:51 AM
I have 1 site dialling into another site on backup and I cannot get the ppp part working. Debug output shows the following:-
Apr 1 13:52:19.533 GMT: BR2/0:1 LCP: State is Open
Apr 1 13:52:19.537 GMT: BR2/0:1 PPP: Phase is AUTHENTICATING, by both
Apr 1 13:52:19.537 GMT: BR2/0:1 CHAP: Using alternate hostname CWBackup
Apr 1 13:52:19.537 GMT: BR2/0:1 CHAP: O CHALLENGE id 58 len 29 from "CWBackup"
Apr 1 13:52:19.553 GMT: BR2/0:1 CHAP: I CHALLENGE id 105 len 30 from "VDBF_RATH
"
Apr 1 13:52:19.553 GMT: BR2/0:1 CHAP: Using alternate hostname CWBackup
Apr 1 13:52:19.553 GMT: BR2/0:1 CHAP: O RESPONSE id 105 len 29 from "CWBackup"
Apr 1 13:52:19.585 GMT: BR2/0:1 CHAP: I FAILURE id 105 len 26 msg is "Authentication failure"
However, I have been through the 2 router configs (NMC3640 and VDBF 2)with a fine tooth-comb and can still see no problem , please see attached:-
NMC3640 - 1NMC3640
hostname NMC3640
!
boot system flash slot0:c3640-jo3s56i-mz.121-13.bin
boot system flash 1207TIPPLUS.bin
logging buffered 4096 debugging
enable secret xxxxx
!
username xxxxxx password xxxxxxx
!
interface BRI2/0
description ISDN backup for SNMP Management **ISDN 01-4046834-35,OldSwRmP1**
no ip address
no ip unreachables
no ip proxy-arp
encapsulation ppp
dialer pool-member 1
dialer pool-member 2
isdn switch-type basic-net3
ppp authentication chap
!
interface Dialer1
description "ISDN SNMP Bkup FOR Vanden-Burgh,isdn:4046834-5/OldSwPrt1/"
ip address 193.154.4.30 255.255.255.252
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip policy route-map Eth3/0
dialer pool 1
dialer remote-name VDBF_RATH
dialer idle-timeout 300
dialer string 2051200
dialer max-call 2
dialer-group 1
pulse-time 0
no cdp enable
ppp authentication chap
ppp chap hostname CWBackup
ppp chap password 7 060A0A715C4F1B1D
VDBF -RATH
hostname VDBF_RATH
!
boot system flash c3640-i-mz.122-2.T.bin
logging buffered 10000 debugging
logging rate-limit console 10 except errors
no logging console
aaa new-model
aaa group server radius SHANE
!
aaa authentication login default group radius
aaa authentication login auth_off none
aaa authentication login ACE group radius local
aaa authentication ppp default group radius
aaa authentication ppp ACE group radius
aaa authentication ppp DEPOT local
enable secret xxxxx.
enable password xxxx
!
username xxxx password xxxx
!
controller E1 1/0
framing NO-CRC4
pri-group timeslots 1-31
!
interface Serial1/0:15
description ISDN PRI
ip unnumbered FastEthernet0/0
encapsulation ppp
dialer pool-member 1
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
no fair-queue
no cdp enable
ppp authentication chap one-time
ppp multilink
!
interface Dialer8
description ISDN Backup
ip address 193.154.4.29 255.255.255.252
encapsulation ppp
dialer pool 1
dialer remote-name CWBackup
dialer idle-timeout 500
ppp authentication chap DEPOT
!
04-14-2003 08:28 AM
Make sure there are no spaces at the end of the passwords on the username statements.
04-14-2003 08:34 AM
Mary,
Your CHAP password on Dialer1 of NMC3640 is encrypted. VDBF_RATH is expecting to see the password le0pard from CWBackup. Have you verified that le0pard is the password being sent by NMC3640? I would eliminate the CHAP password from the Dialer1 interface configuration, make sure that the "username VDBF_RATH password" command includes the password "le0pard" and try a call again. I know that the password in the dialer interface shouldn't be sent when the router knows the peer that is sending a challenge, but you never know...
Of course, don't forget to change all passwords after this is operational.
HTH
Mark
04-14-2003 11:00 AM
You are using two-way chap here. Mean both the routers will challenge eachother. So in that case usernames presented by two routers during chap authentication can be dirrerent but the passwords should be the same. so i can see that (by decoding the hex numbers in the password) password is le0pard but need to make sure that VDBF_RATH use that password. So to fix that issue you need to enter following commands under interface dialer 8 on VDBF_RATH router
ppp chap hostname VDBF_RATH
ppp chap password le0pard
With that it should work fine
OR
===
you can just use one-way chap by using "ppp authentication chap callin" under "interface Dialer1" on NMC3640 router. With that command it should work too.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide