new chap authentication commands for 876 ISDN backup?

Unanswered Question
Feb 20th, 2009
User Badges:


I currently have 2 876 routers with ISDN as a backup.

When i passed CCNA back in 2003 i read that for chap authentication one needs to configure chap username and password of the peer router and then define dialer string in dialer interface.

However these routers have a different setup and at the dialer interface they use the command 'ppp authentication chap pap callin'. I read that this is a new way of defining a commom username/password of the router with the difference that you basically define your router's credentials and not your peers. For example for router 1 you define his own credentials and not his peer's (router2).

Now the problem is that these routers have been setup with SDM and a 'dialer string' has been configured. I am asked to reconfigure them because of a 3rd router existance so i need to define 'dialer map' commands.

So, if anyone knows please reply on the following:

1. Is 'dialer map' command compatible with 'ppp authentication chap pap callin' setup?

2. Has 'dialer map' command been substituted with another command?

3. Do i need to configure anything else except from the dialer?

FYI i also submit the sh startup config for ISDN

interface Dialer0

ip address

encapsulation ppp

dialer pool 1

dialer string xxxxx

dialer load-threshold 128 outbound

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname rout1

ppp chap password xxxxxxxx

ppp multilink

Many thanks in advance



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Giuseppe Larosa Fri, 02/20/2009 - 05:37
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Themis,

remove the dialer string and add two dialer map commands one for each spoke router.

also for the authentication should work better with the old style:

two username commands in global config one for each spoke router.

the command

ppp authentication chap callin

should use CHAP but not in a bidirectional way here callin should the calling party only that has to be authenticated.

with normal commands CHAP authentication is bidirectional: each router challenges the other one.

This should be the difference provided by the option callin

Hope to help


tnikoletos Fri, 02/20/2009 - 05:55
User Badges:

greetings giuseppe and thanks for your really quick reply!

So what you are saying is that i should define in global config mode the other 2 peers, leave the chap callin command in dialer and replace dialer string with dialer map info. Correct?

Also, something else. At the BRI int i see the following

interface BRI0

no ip address

ip mask-reply

no ip redirects

no ip proxy-arp

encapsulation ppp

ip route-cache flow

dialer pool-member 1

isdn switch-type basic-net3

isdn point-to-point-setup

ppp multilink

What is that line 'isdn point-to-point-setup' for?

again many thanks,


Giuseppe Larosa Fri, 02/20/2009 - 06:06
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Themis,

your understanding is correct

I personally never used that command

here is the command reference

I think you should remove it even if the notes say it is effective if

This command only applies if a static TEI has been activated with the isdn static-tei

Hope to help


tnikoletos Fri, 02/27/2009 - 03:37
User Badges:

greetings again,

I am facing a serious issue. I try to configure dialer map from interface dialer0 and the router doesnt support it, i.e. it doesnt have it as a command.

I can only configure them through bri interface but since i am using dialer profile i know that this is not correct.

Any suggestions? If i configure them in bri int will it work?

many thanks,



This Discussion