Frame Relay + PPP and Virtual Templates

martynch1 · ‎11-03-2006

I having a few issues with Frame Relay, PPP and Virtual Templates

I'm getting Vi1 PPP: Authorization required on two out of the three Routers and not sure where I have gone wrong, one of the 4 configs is below and the other 4 configs are atached: -

R1#show ip int brief

Interface IP-Address OK? Method Status Prot

ocol

FastEthernet0/0 10.80.80.1 YES NVRAM up up

Serial0/0 10.90.90.2 YES NVRAM up up

Serial0/1 unassigned YES NVRAM up up

Serial0/1.111 unassigned YES unset up up

Virtual-Access1 10.100.100.1 YES TFTP up down

Virtual-Template1 10.100.100.1 YES NVRAM down down

Virtual-Access2 unassigned YES unset down down

Loopback0 10.1.1.1 YES NVRAM up up

R1#show run

Building configuration...

Current configuration : 1053 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

enable password cisco

!

username R4 password 0 cisco

username R6 password 0 cisco

!

no network-clock-participate slot 1

no network-clock-participate wic 0

no aaa new-model

ip subnet-zero

ip cef

!

no ftp-server write-enable

!

interface Loopback0

ip address 10.1.1.1 255.255.255.240

!

interface FastEthernet0/0

ip address 10.80.80.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0

ip address 10.90.90.2 255.255.255.240

clockrate 2000000

!

interface Serial0/1

no ip address

encapsulation frame-relay

!

interface Serial0/1.111 point-to-point

frame-relay interface-dlci 101 ppp Virtual-Template1

!

interface Virtual-Template1

bandwidth 256

ip address 10.100.100.1 255.255.255.240

ppp authentication chap

!

ip classless

no ip http server

!

line con 0

exec-timeout 0 0

password cisco

login

line aux 0

line vty 0 4

password cisco

login

!

end

Debug PPP auth shows

Vi1 PPP: Authorization required

wochanda · ‎11-03-2006

The problem you're running into here is a result of the 'ppp authentication chap' command. When you put this in, the router will attempt to authenticate all incoming connections. I see you've created a username/password pair for your other routers, which is a good first step. But, what you haven't done is configure the other routers to use the username/password pair. By default, a router will send its hostname and a null password during authenticaion. This isn't matching the 'cisco' password you put in.

Fix:

Place "ppp chap password cisco" under all Virtual-template interfaces on all 3 routers. This tells the router which password to use when requested to authenticate. If you also wanted to change the username, you can do "ppp chap hostname ".

martynch1 · ‎11-03-2006

Thanks for the swift reply wochanda, I put your fix in place "ppp chap password cisco" on all the Virtual interfaces but I still get the same error "Vi1 PPP: Authorization required"

This is the virtual interface after the changes: -

interface Virtual-Template1

bandwidth 512

ip address 10.100.101.2 255.255.255.240

ppp authentication chap

ppp chap password 0 cisco

Hope you can be of further help

Martyn

martynch1 · ‎11-03-2006

Thanks for the swift reply wochanda, I put your fix in place "ppp chap password cisco" on all the Virtual interfaces but I still get the same error "Vi1 PPP: Authorization required"

This is the virtual interface after the changes: -

interface Virtual-Template1

bandwidth 512

ip address 10.100.101.2 255.255.255.240

ppp authentication chap

ppp chap password 0 cisco

Hope you can be of further help

Martyn

Richard Burts · ‎11-03-2006

Martyn

My first thought was similar to William and I almost replied with a suggestion that was quite similar to his. But then I noticed that your description of the error said that authorization was required (not authentication). I associate authorization requirements with configuration of AAA. But the config that you posted does not have any AAA configured. I wonder if other of the routers do have AAA configured and if this could be part of the problem.

Also I attempted to look at the file that was part of your original post. But I am not sure what file type "rar" is and the several attempts that I made to open it were not successful. I do not know if there is information in that file that would help us understand what is the problem. Could you clarify the file type (and what application reads that file type) or repost the file as a more common file type (txt, rtf, etc)

HTH

Rick

HTH

Rick

martynch1 · ‎11-04-2006

Thank you for the reply, the .rar are compressed files whiched can be opened with Winrar from http://www.rarlab.com/download.htm

Regards

Martyn

wochanda · ‎11-05-2006

I don't see any AAA configured in the configs. Could you post a full 'debug ppp negotiation', not just the 'authorization required' on all routers? This way we can see if maybe a single router is ruining the party for the other 2.

network.king · ‎11-05-2006

Hi,

I was just going through the config , In R5 and in interface s1/0 -- clock rate is missing and only R4 is having both the networks present in R1 and R6 and connected at S1/0 in R5 . Just thinking on logical part of establishing ppp , it might create a problem , but not very sure on ur authorization as said by others.

regards

vanesh k

martynch1 · ‎11-06-2006

R5 is a 3620 with a Cisco Serial Module

Serial1/0 is connected to a Cisco 1720 via couple of media converters, as you can see I have set the interface type but I still cannot set the clock rate, it complains about setting a clock rate on a DTE

encapsulation frame-relay

frame-relay intf-type dce

interface Serial1/1 is connected via a Cisco back-to-back so I can put the DCE cable at either end of the kit

interface Serial1/2 is connected via a Cisco back-to-back so I can put the DCE cable at either end of the kit

martynch1 · ‎11-06-2006

Here is the aaa from the Routers

R1

aaa new-model

aaa authentication ppp default local

aaa authorization network default local

R4

aaa new-model

aaa authentication ppp default local

aaa authorization network default local

R6

aaa new-model

aaa authentication ppp default local

aaa authorization network default local

Debug information

R1

debug ppp authentication: -

Vi1 PPP: Authorization required

debug ppp negotiation

Vi1 LCP: O CONFREQ [ACKsent] id 84 len 15

Vi1 LCP: AuthProto CHAP (0x0305C22305)

Vi1 LCP: MagicNumber 0x11E82BC9 (0x050611E82BC9)

Vi1 LCP: I CONFREQ [ACKsent] id 169 len 15

Vi1 LCP: AuthProto CHAP (0x0305C22305)

Vi1 LCP: MagicNumber 0x02A1910F (0x050602A1910F)

Vi1 LCP: O CONFACK [ACKsent] id 169 len 15

Vi1 LCP: AuthProto CHAP (0x0305C22305)

*Vi1 LCP: MagicNumber 0x02A1910F (0x050602A1910F)

Vi1 LCP: TIMEout: State ACKsent

Vi1 LCP: State is Listen

R4

debug ppp authentication: -

Nothing

debug ppp negotiation: -

Vi1 LCP: TIMEout: State REQsent

Vi1 LCP: O CONFREQ [REQsent] id 222 len 15

Vi1 LCP: AuthProto CHAP (0x0305C22305)

Vi1 LCP: MagicNumber 0x02A588B9 (0x050602A588B9)

Vi1 LCP: TIMEout: State REQsent

Vi1 LCP: O CONFREQ [REQsent] id 223 len 15

Vi1 LCP: AuthProto CHAP (0x0305C22305)

Vi1 LCP: MagicNumber 0x02A588B9 (0x050602A588B9)

TIMEout: State REQsent

Vi1 LCP: O CONFREQ [REQsent] id 224 len 15

Vi1 LCP: AuthProto CHAP (0x0305C22305)

Vi1 LCP: MagicNumber 0x02A588B9 (0x050602A588B9)

Vi1 LCP: TIMEout: State REQsent

R6

debug ppp authentication: -

Vi1 PPP: Authorization required

debug ppp negotiation: -

Vi1 LCP: O CONFREQ [ACKsent] id 130 len 15

Vi1 LCP: AuthProto CHAP (0x0305C22305)

Vi1 LCP: MagicNumber 0x1205DAF3 (0x05061205DAF3)

Vi1 LCP: I CONFREQ [ACKsent] id 212 len 15

Vi1 LCP: AuthProto CHAP (0x0305C22305)

Vi1 LCP: MagicNumber 0x02A942A2 (0x050602A942A2)

Vi1 LCP: O CONFACK [ACKsent] id 212 len 15

Vi1 LCP: AuthProto CHAP (0x0305C22305)

Vi1 LCP: MagicNumber 0x02A942A2 (0x050602A942A2)

Vi1 LCP: TIMEout: State ACKsent

Many thanks

Martyn

martynch1 · ‎11-07-2006

To try and make things easier to fault find I have narrowed down the Routers used so I'm only trying to connect from R4 to R6

Attached is the running config and interface status of R4, attached is the network diagram and they other configs

R4#

version 12.1

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname R4

!

aaa new-model

aaa authentication ppp default local

aaa authorization network default local

enable password 7 14141B180F0B

!

username R6 password 7 01100F175804 (which is cisco)

!

memory-size iomem 25

ip subnet-zero

!

interface Loopback0

ip address 10.4.4.4 255.255.255.248

!

interface Virtual-Template2

bandwidth 512

ip address 10.100.101.1 255.255.255.240

ppp authentication chap

ppp chap password 7 030752180500

!

interface Serial0

no ip address

encapsulation frame-relay

!

interface Serial0.112 point-to-point

frame-relay interface-dlci 102 ppp Virtual-Template2

!

interface FastEthernet0

ip address 10.40.40.1 255.255.255.240

speed auto

!

ip classless

no ip http server

!

Interface status

Serial0.112 unassigned YES unset up up

Virtual-Access1 10.100.101.1 YES TFTP up down

Virtual-Template2 10.100.101.1 YES NVRAM