Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

DDR over leased lines

Hi there,

As a test I am trying to simulate a VPDN setup in our lab and need to configure DDR PPP over a back-to-back connection between two routers. I have configured CLIENT and LAC as follows:

CLIENT:

interface Serial0/0

no ip address

encapsulation ppp

dialer in-band

dialer pool-member 1

pulse-time 1

no ppp chap wait

interface Dialer0

ip address negotiated

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname user@test.com

ppp chap password 0 cisco

ppp ipcp accept-address

dialer-list 1 protocol ip permit

LAC:

interface Serial6/0

no ip address

encapsulation ppp

dialer in-band

dialer pool-member 1

serial restart-delay 0

clockrate 1008000

dce-terminal-timing-enable

pulse-time 1

interface Dialer1

no ip address

encapsulation ppp

dialer pool 1

ppp authentication chap pap

The problem is shown when trying to enable the link:

Debug from CLIENT:

04:13:34: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up

04:13:34: Se0/0 DDR: Dialer statechange to up

04:13:34: %DIALER-6-BIND: Interface Se0/0 bound to profile Di0

04:13:34: Se0/0 PPP: Using dialer call direction

04:13:34: Se0/0 PPP: Treating connection as a callin

04:13:34: Se0/0 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 1 load]

04:13:34: Se0/0 LCP: State is Listen

04:13:36: Se0/0 LCP: TIMEout: State Listen

04:13:36: Se0/0 LCP: O CONFREQ [Listen] id 110 len 15

04:13:36: Se0/0 LCP: AuthProto CHAP (0x0305C22305)

04:13:36: Se0/0 LCP: MagicNumber 0x616B6B29 (0x0506616B6B29)

04:13:36: Se0/0 LCP: I CONFREQ [REQsent] id 37 len 15

04:13:36: Se0/0 LCP: AuthProto CHAP (0x0305C22305)

04:13:36: Se0/0 LCP: MagicNumber 0x08D682EA (0x050608D682EA)

04:13:36: Se0/0 LCP: O CONFACK [REQsent] id 37 len 15

04:13:36: Se0/0 LCP: AuthProto CHAP (0x0305C22305)

04:13:36: Se0/0 LCP: MagicNumber 0x08D682EA (0x050608D682EA)

04:13:36: Se0/0 LCP: I CONFACK [ACKsent] id 110 len 15

04:13:36: Se0/0 LCP: AuthProto CHAP (0x0305C22305)

04:13:36: Se0/0 LCP: MagicNumber 0x616B6B29 (0x0506616B6B29)

04:13:36: Se0/0 LCP: State is Open

04:13:36: Se0/0 PPP: Phase is AUTHENTICATING, by both [0 sess, 1 load]

04:13:36: Se0/0 CHAP: Using alternate hostname user@test.com

04:13:36: Se0/0 CHAP: O CHALLENGE id 126 len 39 from "user@test.com"

04:13:36: Se0/0 CHAP: I CHALLENGE id 64 len 24 from "LAC"

04:13:36: Se0/0 CHAP: Using alternate hostname user@test.com

04:13:36: Se0/0 CHAP: Ignoring spoofed Challenge

Debug from LAC:

04:15:45: %LINK-3-UPDOWN: Interface Serial6/0, changed state to up

04:15:45: Se6/0 DDR: Dialer statechange to up

04:15:45: %DIALER-6-BIND: Interface Se6/0 bound to profile Di1

04:15:45: Se6/0 PPP: Using dialer call direction

04:15:45: Se6/0 PPP: Treating connection as a callin

04:15:45: Se6/0 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 1 load]

04:15:45: Se6/0 LCP: State is Listen

04:15:46: Se6/0 LCP: I CONFREQ [Listen] id 110 len 15

04:15:46: Se6/0 LCP: AuthProto CHAP (0x0305C22305)

04:15:46: Se6/0 LCP: MagicNumber 0x616B6B29 (0x0506616B6B29)

04:15:46: Se6/0 LCP: O CONFREQ [Listen] id 37 len 15

04:15:46: Se6/0 LCP: AuthProto CHAP (0x0305C22305)

04:15:46: Se6/0 LCP: MagicNumber 0x08D682EA (0x050608D682EA)

04:15:46: Se6/0 LCP: O CONFACK [Listen] id 110 len 15

04:15:46: Se6/0 LCP: AuthProto CHAP (0x0305C22305)

04:15:46: Se6/0 LCP: MagicNumber 0x616B6B29 (0x0506616B6B29)

04:15:46: Se6/0 LCP: I CONFACK [ACKsent] id 37 len 15

04:15:46: Se6/0 LCP: AuthProto CHAP (0x0305C22305)

04:15:46: Se6/0 LCP: MagicNumber 0x08D682EA (0x050608D682EA)

04:15:46: Se6/0 LCP: State is Open

04:15:46: Se6/0 PPP: Phase is AUTHENTICATING, by both [0 sess, 1 load]

04:15:46: Se6/0 CHAP: O CHALLENGE id 64 len 24 from "LAC"

04:15:46: Se6/0 CHAP: I CHALLENGE id 126 len 39 from "user@test.com"

04:15:46: Se6/0 CHAP: Waiting for peer to authenticate first

As you may see, both ends treats the call as a "callin". The LAC waits and the CLIENT just ignores the challenge as a spoofed challenge, probably because of both seeing this as a callin. If I remove the "no ppp chap wait" from the s0/0 CLIENT config, they both just wait for the other to authenticate first.

Does anyone have a clue?

1 REPLY
Silver

Re: DDR over leased lines

I got an answer in the "Remote Access" forum. I should have used "ppp direction callout" on the client. This resolved my issue.

/Stig

141
Views
0
Helpful
1
Replies
CreatePlease to create content