12-05-2005 01:14 PM
I have a remote router, connecting via ADSL that hits a proxy radius in carrier world, which forwards the request to my radius server. When the remote tries to authenticate it appears to successfully authenticate in the radius, as it comes up in the radius logs.
However on the remote I get a failure as per the below output from "deb ppp nego"
Dec 6 07:08:54.675: Vi2 LCP: State is Open
Dec 6 07:08:54.675: Vi2 PPP: Phase is AUTHENTICATING, by the peer
Dec 6 07:08:54.675: Vi2 CHAP: I CHALLENGE id 32 len 34 from "carrier-dslam"
Dec 6 07:08:54.675: Vi2 CHAP: Using hostname from interface CHAP
Dec 6 07:08:54.675: Vi2 CHAP: Using password from interface CHAP
Dec 6 07:08:54.675: Vi2 CHAP: O RESPONSE id 32 len 47 from "dummyuser@dummy.com"
Dec 6 07:09:03.011: Vi2 CHAP: I FAILURE id 32 len 4
Dec 6 07:09:03.011: Vi2 LCP: I TERMREQ [Open] id 62 len 4
Dec 6 07:09:03.011: Vi2 LCP: O TERMACK [Open] id 62 len 4
The part that im struggling with is the:
I FAILURE id 32 len 4
As it does not shed any light on why this failed. The dialer's configuration is as per below:
interface Dialer1
description *** Primary ADSL Dialer Interface ***
ip address negotiated
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname dummyuser@dummy.com
ppp chap password xxxx
This is a one off service that does not work with this configuration, the carrier tells me that this service does not appear to have any issues, but this is a tried and tested configuration and has not been an issue up until now.
If anyone can shed any light on this I would be very happy...as there is not much hair left to tear out on this one.
12-05-2005 11:40 PM
Hi
Can you revert wheter you got to have any replication issues or anything in that kinda between your Proxy(radius) and the main radius server ??
As per the supporting docs and AFAIK its purely a authentication problem which triggers the failure here.
can you manually try to generate a request in ur Radius and check whether its getting authenticated or not ??
also do rfer this link for more info ..
http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800ae945.shtml#lcpauthen
regds
12-07-2005 06:44 AM
Daniel
This message pretty clearly indicates that the router thinks that the peer it is attempting to authenticate with is returning an authentication error:
Dec 6 07:09:03.011: Vi2 CHAP: I FAILURE id 32 len 4
Perhaps you could help us understand better what your router is connecting to and how authentication is supposed to work. The part of the config that you posted is just straight ppp chap. If it is getting to a Radius server I assume that someone somewhere has configured aaa authentication for ppp through Radius. If your Radius server is seeing the request and is logging a successful authentication but your remote router is receiving a failure, then I would take a look at the relaying Radius server and see if there are logs there that might be helpful.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide