Re: ISDN Chap Authentication

abbas.ali · ‎05-02-2003

If I am setting up two routers for ISDN DDR with chap authentication.

If I only want R1 to call R2, I can easily do that by omitting dialer string number or omitting DN from dialer map command on R2. Since R2 is not capable of dialing do I still need Global command "username R2 password xxxxx" on R1 for chap auhtentication. I know I need the command "username r1 password xxx on R2 though.

DDR on OSPF, If I configure ip ospf demand-circuit command on Bri0/0 then hello should be suppressed, but is this enough or I still have to deny ospf packets through access-list

For example,

access-list 101 deny ospf any any

access-list 101 permit ip any any

dialer-list 1 protocol ip list 101

makchitale · ‎05-02-2003

Yes, will need the username/password on both ends......even though only one side is calling, the routers need to authenticate each other.

Maybe your question is when we use the "callin" on (say) R1

ppp authentication chap callin

in that case R1 does not need to be configured with usrname R2 pass xxx (basically we are not chap challenging when calling out to R2).

Please refer to:

http://www.cisco.com/warp/public/104/dcprob.html

Thanks, Mak.

rjackson · ‎05-05-2003

Your two ospf scenarios dont do the same thing. ospf demand circuit stops ospf from keeping the circuit up with hellos but it still comes up once to build an adjacency and exchange data. Then it will time out and drop. However it will come up again every time there is a topology change.

The access list method would never let ospf through, which may be what you really want to do anyway.