Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
401
Views
0
Helpful
2
Replies

PPP CHAP debugging.

d.tickell
Level 1
Level 1

‎12-05-2005 01:14 PM

I have a remote router, connecting via ADSL that hits a proxy radius in carrier world, which forwards the request to my radius server. When the remote tries to authenticate it appears to successfully authenticate in the radius, as it comes up in the radius logs.

However on the remote I get a failure as per the below output from "deb ppp nego"

Dec 6 07:08:54.675: Vi2 LCP: State is Open

Dec 6 07:08:54.675: Vi2 PPP: Phase is AUTHENTICATING, by the peer

Dec 6 07:08:54.675: Vi2 CHAP: I CHALLENGE id 32 len 34 from "carrier-dslam"

Dec 6 07:08:54.675: Vi2 CHAP: Using hostname from interface CHAP

Dec 6 07:08:54.675: Vi2 CHAP: Using password from interface CHAP

Dec 6 07:08:54.675: Vi2 CHAP: O RESPONSE id 32 len 47 from "dummyuser@dummy.com"

Dec 6 07:09:03.011: Vi2 CHAP: I FAILURE id 32 len 4

Dec 6 07:09:03.011: Vi2 LCP: I TERMREQ [Open] id 62 len 4

Dec 6 07:09:03.011: Vi2 LCP: O TERMACK [Open] id 62 len 4

The part that im struggling with is the:

I FAILURE id 32 len 4

As it does not shed any light on why this failed. The dialer's configuration is as per below:

interface Dialer1

description *** Primary ADSL Dialer Interface ***

ip address negotiated

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname dummyuser@dummy.com

ppp chap password xxxx

This is a one off service that does not work with this configuration, the carrier tells me that this service does not appear to have any issues, but this is a tried and tested configuration and has not been an issue up until now.

If anyone can shed any light on this I would be very happy...as there is not much hair left to tear out on this one.

Labels:
0 Helpful
2 Replies 2

spremkumar
Level 9
Level 9

‎12-05-2005 11:40 PM

Hi

Can you revert wheter you got to have any replication issues or anything in that kinda between your Proxy(radius) and the main radius server ??

As per the supporting docs and AFAIK its purely a authentication problem which triggers the failure here.

can you manually try to generate a request in ur Radius and check whether its getting authenticated or not ??

also do rfer this link for more info ..

http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800ae945.shtml#lcpauthen

regds

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to spremkumar

‎12-07-2005 06:44 AM

Daniel

This message pretty clearly indicates that the router thinks that the peer it is attempting to authenticate with is returning an authentication error:

Dec 6 07:09:03.011: Vi2 CHAP: I FAILURE id 32 len 4

Perhaps you could help us understand better what your router is connecting to and how authentication is supposed to work. The part of the config that you posted is just straight ppp chap. If it is getting to a Radius server I assume that someone somewhere has configured aaa authentication for ppp through Radius. If your Radius server is seeing the request and is logging a successful authentication but your remote router is receiving a failure, then I would take a look at the relaying Radius server and see if there are logs there that might be helpful.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents