cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
416
Views
8
Helpful
5
Replies

new chap authentication commands for 876 ISDN backup?

tnikoletos
Level 1
Level 1

Greetings,

I currently have 2 876 routers with ISDN as a backup.

When i passed CCNA back in 2003 i read that for chap authentication one needs to configure chap username and password of the peer router and then define dialer string in dialer interface.

However these routers have a different setup and at the dialer interface they use the command 'ppp authentication chap pap callin'. I read that this is a new way of defining a commom username/password of the router with the difference that you basically define your router's credentials and not your peers. For example for router 1 you define his own credentials and not his peer's (router2).

Now the problem is that these routers have been setup with SDM and a 'dialer string' has been configured. I am asked to reconfigure them because of a 3rd router existance so i need to define 'dialer map' commands.

So, if anyone knows please reply on the following:

1. Is 'dialer map' command compatible with 'ppp authentication chap pap callin' setup?

2. Has 'dialer map' command been substituted with another command?

3. Do i need to configure anything else except from the dialer?

FYI i also submit the sh startup config for ISDN

interface Dialer0

ip address 192.168.3.1 255.255.255.0

encapsulation ppp

dialer pool 1

dialer string xxxxx

dialer load-threshold 128 outbound

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname rout1

ppp chap password xxxxxxxx

ppp multilink

Many thanks in advance

regards,

themis

5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Themis,

remove the dialer string and add two dialer map commands one for each spoke router.

also for the authentication should work better with the old style:

two username commands in global config one for each spoke router.

the command

ppp authentication chap callin

should use CHAP but not in a bidirectional way here callin should the calling party only that has to be authenticated.

with normal commands CHAP authentication is bidirectional: each router challenges the other one.

This should be the difference provided by the option callin

Hope to help

Giuseppe

greetings giuseppe and thanks for your really quick reply!

So what you are saying is that i should define in global config mode the other 2 peers, leave the chap callin command in dialer and replace dialer string with dialer map info. Correct?

Also, something else. At the BRI int i see the following

interface BRI0

no ip address

ip mask-reply

no ip redirects

no ip proxy-arp

encapsulation ppp

ip route-cache flow

dialer pool-member 1

isdn switch-type basic-net3

isdn point-to-point-setup

ppp multilink

What is that line 'isdn point-to-point-setup' for?

again many thanks,

themis

Hello Themis,

your understanding is correct

I personally never used that command

here is the command reference

http://www.cisco.com/en/US/docs/ios/dial/command/reference/dia_i2.html#wp1013211

I think you should remove it even if the notes say it is effective if

This command only applies if a static TEI has been activated with the isdn static-tei

Hope to help

Giuseppe

ok,

many thanks for your time. :)

themis

greetings again,

I am facing a serious issue. I try to configure dialer map from interface dialer0 and the router doesnt support it, i.e. it doesnt have it as a command.

I can only configure them through bri interface but since i am using dialer profile i know that this is not correct.

Any suggestions? If i configure them in bri int will it work?

many thanks,

themis

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco