Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
0
Helpful
2
Replies

DDR over leased lines

Go to solution
johansens
Level 4
Level 4

‎08-21-2003 10:59 PM - edited ‎03-02-2019 09:48 AM

Hi there,

As a test I am trying to simulate a VPDN setup in our lab and need to configure DDR PPP over a back-to-back connection between two routers. I have configured CLIENT and LAC as follows:

CLIENT:

interface Serial0/0

no ip address

encapsulation ppp

dialer in-band

dialer pool-member 1

pulse-time 1

no ppp chap wait

!

interface Dialer0

ip address negotiated

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname user@test.com

ppp chap password 0 cisco

ppp ipcp accept-address

!

dialer-list 1 protocol ip permit

LAC:

interface Serial6/0

no ip address

encapsulation ppp

dialer in-band

dialer pool-member 1

serial restart-delay 0

clockrate 1008000

dce-terminal-timing-enable

pulse-time 1

!

interface Dialer1

no ip address

encapsulation ppp

dialer pool 1

ppp authentication chap pap

The problem is shown when trying to enable the link:

Debug from CLIENT:

04:13:34: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up

04:13:34: Se0/0 DDR: Dialer statechange to up

04:13:34: %DIALER-6-BIND: Interface Se0/0 bound to profile Di0

04:13:34: Se0/0 PPP: Using dialer call direction

04:13:34: Se0/0 PPP: Treating connection as a callin ! <======= callin!!

04:13:34: Se0/0 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 1 load]

04:13:34: Se0/0 LCP: State is Listen

04:13:36: Se0/0 LCP: TIMEout: State Listen

04:13:36: Se0/0 LCP: O CONFREQ [Listen] id 110 len 15

04:13:36: Se0/0 LCP: AuthProto CHAP (0x0305C22305)

04:13:36: Se0/0 LCP: MagicNumber 0x616B6B29 (0x0506616B6B29)

04:13:36: Se0/0 LCP: I CONFREQ [REQsent] id 37 len 15

04:13:36: Se0/0 LCP: AuthProto CHAP (0x0305C22305)

04:13:36: Se0/0 LCP: MagicNumber 0x08D682EA (0x050608D682EA)

04:13:36: Se0/0 LCP: O CONFACK [REQsent] id 37 len 15

04:13:36: Se0/0 LCP: AuthProto CHAP (0x0305C22305)

04:13:36: Se0/0 LCP: MagicNumber 0x08D682EA (0x050608D682EA)

04:13:36: Se0/0 LCP: I CONFACK [ACKsent] id 110 len 15

04:13:36: Se0/0 LCP: AuthProto CHAP (0x0305C22305)

04:13:36: Se0/0 LCP: MagicNumber 0x616B6B29 (0x0506616B6B29)

04:13:36: Se0/0 LCP: State is Open

04:13:36: Se0/0 PPP: Phase is AUTHENTICATING, by both [0 sess, 1 load]

04:13:36: Se0/0 CHAP: Using alternate hostname user@test.com

04:13:36: Se0/0 CHAP: O CHALLENGE id 126 len 39 from "user@test.com"

04:13:36: Se0/0 CHAP: I CHALLENGE id 64 len 24 from "LAC"

04:13:36: Se0/0 CHAP: Using alternate hostname user@test.com

04:13:36: Se0/0 CHAP: Ignoring spoofed Challenge ! <======= Problem

Debug from LAC:

04:15:45: %LINK-3-UPDOWN: Interface Serial6/0, changed state to up

04:15:45: Se6/0 DDR: Dialer statechange to up

04:15:45: %DIALER-6-BIND: Interface Se6/0 bound to profile Di1

04:15:45: Se6/0 PPP: Using dialer call direction

04:15:45: Se6/0 PPP: Treating connection as a callin ! <======= callin!!

04:15:45: Se6/0 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 1 load]

04:15:45: Se6/0 LCP: State is Listen

04:15:46: Se6/0 LCP: I CONFREQ [Listen] id 110 len 15

04:15:46: Se6/0 LCP: AuthProto CHAP (0x0305C22305)

04:15:46: Se6/0 LCP: MagicNumber 0x616B6B29 (0x0506616B6B29)

04:15:46: Se6/0 LCP: O CONFREQ [Listen] id 37 len 15

04:15:46: Se6/0 LCP: AuthProto CHAP (0x0305C22305)

04:15:46: Se6/0 LCP: MagicNumber 0x08D682EA (0x050608D682EA)

04:15:46: Se6/0 LCP: O CONFACK [Listen] id 110 len 15

04:15:46: Se6/0 LCP: AuthProto CHAP (0x0305C22305)

04:15:46: Se6/0 LCP: MagicNumber 0x616B6B29 (0x0506616B6B29)

04:15:46: Se6/0 LCP: I CONFACK [ACKsent] id 37 len 15

04:15:46: Se6/0 LCP: AuthProto CHAP (0x0305C22305)

04:15:46: Se6/0 LCP: MagicNumber 0x08D682EA (0x050608D682EA)

04:15:46: Se6/0 LCP: State is Open

04:15:46: Se6/0 PPP: Phase is AUTHENTICATING, by both [0 sess, 1 load]

04:15:46: Se6/0 CHAP: O CHALLENGE id 64 len 24 from "LAC"

04:15:46: Se6/0 CHAP: I CHALLENGE id 126 len 39 from "user@test.com"

04:15:46: Se6/0 CHAP: Waiting for peer to authenticate first

As you may see, both ends treats the call as a "callin". The LAC waits and the CLIENT just ignores the challenge as a spoofed challenge, probably because of both seeing this as a callin. If I remove the "no ppp chap wait" from the s0/0 CLIENT config, they both just wait for the other to authenticate first.

It would seem as I have to force one side to treat the connections as callout, but how to do it?

Suggestions are welcome!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
makchitale
Level 6
Level 6

‎08-22-2003 05:19 AM

Please try the "ppp direction dedicated" or "ppp direction callin".

Thanks, Mak.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
makchitale
Level 6
Level 6

‎08-22-2003 05:19 AM

Please try the "ppp direction dedicated" or "ppp direction callin".

Thanks, Mak.

0 Helpful

Go to solution
johansens
Level 4
Level 4
In response to makchitale

‎08-25-2003 04:25 AM

Yep.. "ppp direction callout" did it.. thanks for the help.

/Stig

0 Helpful
Customers Also Viewed These Support Documents