08-21-2003 10:59 PM - edited 03-02-2019 09:48 AM
Hi there,
As a test I am trying to simulate a VPDN setup in our lab and need to configure DDR PPP over a back-to-back connection between two routers. I have configured CLIENT and LAC as follows:
CLIENT:
interface Serial0/0
no ip address
encapsulation ppp
dialer in-band
dialer pool-member 1
pulse-time 1
no ppp chap wait
!
interface Dialer0
ip address negotiated
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname user@test.com
ppp chap password 0 cisco
ppp ipcp accept-address
!
dialer-list 1 protocol ip permit
LAC:
interface Serial6/0
no ip address
encapsulation ppp
dialer in-band
dialer pool-member 1
serial restart-delay 0
clockrate 1008000
dce-terminal-timing-enable
pulse-time 1
!
interface Dialer1
no ip address
encapsulation ppp
dialer pool 1
ppp authentication chap pap
The problem is shown when trying to enable the link:
Debug from CLIENT:
04:13:34: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
04:13:34: Se0/0 DDR: Dialer statechange to up
04:13:34: %DIALER-6-BIND: Interface Se0/0 bound to profile Di0
04:13:34: Se0/0 PPP: Using dialer call direction
04:13:34: Se0/0 PPP: Treating connection as a callin ! <======= callin!!
04:13:34: Se0/0 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 1 load]
04:13:34: Se0/0 LCP: State is Listen
04:13:36: Se0/0 LCP: TIMEout: State Listen
04:13:36: Se0/0 LCP: O CONFREQ [Listen] id 110 len 15
04:13:36: Se0/0 LCP: AuthProto CHAP (0x0305C22305)
04:13:36: Se0/0 LCP: MagicNumber 0x616B6B29 (0x0506616B6B29)
04:13:36: Se0/0 LCP: I CONFREQ [REQsent] id 37 len 15
04:13:36: Se0/0 LCP: AuthProto CHAP (0x0305C22305)
04:13:36: Se0/0 LCP: MagicNumber 0x08D682EA (0x050608D682EA)
04:13:36: Se0/0 LCP: O CONFACK [REQsent] id 37 len 15
04:13:36: Se0/0 LCP: AuthProto CHAP (0x0305C22305)
04:13:36: Se0/0 LCP: MagicNumber 0x08D682EA (0x050608D682EA)
04:13:36: Se0/0 LCP: I CONFACK [ACKsent] id 110 len 15
04:13:36: Se0/0 LCP: AuthProto CHAP (0x0305C22305)
04:13:36: Se0/0 LCP: MagicNumber 0x616B6B29 (0x0506616B6B29)
04:13:36: Se0/0 LCP: State is Open
04:13:36: Se0/0 PPP: Phase is AUTHENTICATING, by both [0 sess, 1 load]
04:13:36: Se0/0 CHAP: Using alternate hostname user@test.com
04:13:36: Se0/0 CHAP: O CHALLENGE id 126 len 39 from "user@test.com"
04:13:36: Se0/0 CHAP: I CHALLENGE id 64 len 24 from "LAC"
04:13:36: Se0/0 CHAP: Using alternate hostname user@test.com
04:13:36: Se0/0 CHAP: Ignoring spoofed Challenge ! <======= Problem
Debug from LAC:
04:15:45: %LINK-3-UPDOWN: Interface Serial6/0, changed state to up
04:15:45: Se6/0 DDR: Dialer statechange to up
04:15:45: %DIALER-6-BIND: Interface Se6/0 bound to profile Di1
04:15:45: Se6/0 PPP: Using dialer call direction
04:15:45: Se6/0 PPP: Treating connection as a callin ! <======= callin!!
04:15:45: Se6/0 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 1 load]
04:15:45: Se6/0 LCP: State is Listen
04:15:46: Se6/0 LCP: I CONFREQ [Listen] id 110 len 15
04:15:46: Se6/0 LCP: AuthProto CHAP (0x0305C22305)
04:15:46: Se6/0 LCP: MagicNumber 0x616B6B29 (0x0506616B6B29)
04:15:46: Se6/0 LCP: O CONFREQ [Listen] id 37 len 15
04:15:46: Se6/0 LCP: AuthProto CHAP (0x0305C22305)
04:15:46: Se6/0 LCP: MagicNumber 0x08D682EA (0x050608D682EA)
04:15:46: Se6/0 LCP: O CONFACK [Listen] id 110 len 15
04:15:46: Se6/0 LCP: AuthProto CHAP (0x0305C22305)
04:15:46: Se6/0 LCP: MagicNumber 0x616B6B29 (0x0506616B6B29)
04:15:46: Se6/0 LCP: I CONFACK [ACKsent] id 37 len 15
04:15:46: Se6/0 LCP: AuthProto CHAP (0x0305C22305)
04:15:46: Se6/0 LCP: MagicNumber 0x08D682EA (0x050608D682EA)
04:15:46: Se6/0 LCP: State is Open
04:15:46: Se6/0 PPP: Phase is AUTHENTICATING, by both [0 sess, 1 load]
04:15:46: Se6/0 CHAP: O CHALLENGE id 64 len 24 from "LAC"
04:15:46: Se6/0 CHAP: I CHALLENGE id 126 len 39 from "user@test.com"
04:15:46: Se6/0 CHAP: Waiting for peer to authenticate first
As you may see, both ends treats the call as a "callin". The LAC waits and the CLIENT just ignores the challenge as a spoofed challenge, probably because of both seeing this as a callin. If I remove the "no ppp chap wait" from the s0/0 CLIENT config, they both just wait for the other to authenticate first.
It would seem as I have to force one side to treat the connections as callout, but how to do it?
Suggestions are welcome!
Solved! Go to Solution.
08-22-2003 05:19 AM
Please try the "ppp direction dedicated" or "ppp direction callin".
Thanks, Mak.
08-22-2003 05:19 AM
Please try the "ppp direction dedicated" or "ppp direction callin".
Thanks, Mak.
08-25-2003 04:25 AM
Yep.. "ppp direction callout" did it.. thanks for the help.
/Stig
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide