05-02-2003 02:50 PM - edited 03-02-2019 07:05 AM
If I am setting up two routers for ISDN DDR with chap authentication.
If I only want R1 to call R2, I can easily do that by omitting dialer string number or omitting DN from dialer map command on R2. Since R2 is not capable of dialing do I still need Global command "username R2 password xxxxx" on R1 for chap auhtentication. I know I need the command "username r1 password xxx on R2 though.
DDR on OSPF, If I configure ip ospf demand-circuit command on Bri0/0 then hello should be suppressed, but is this enough or I still have to deny ospf packets through access-list
For example,
access-list 101 deny ospf any any
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
05-02-2003 03:12 PM
Yes, will need the username/password on both ends......even though only one side is calling, the routers need to authenticate each other.
Maybe your question is when we use the "callin" on (say) R1
ppp authentication chap callin
in that case R1 does not need to be configured with usrname R2 pass xxx (basically we are not chap challenging when calling out to R2).
Please refer to:
http://www.cisco.com/warp/public/104/dcprob.html
Thanks, Mak.
05-05-2003 07:29 AM
Your two ospf scenarios dont do the same thing. ospf demand circuit stops ospf from keeping the circuit up with hellos but it still comes up once to build an adjacency and exchange data. Then it will time out and drop. However it will come up again every time there is a topology change.
The access list method would never let ospf through, which may be what you really want to do anyway.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide