Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ISDN Chap Authentication

If I am setting up two routers for ISDN DDR with chap authentication.

If I only want R1 to call R2, I can easily do that by omitting dialer string number or omitting DN from dialer map command on R2. Since R2 is not capable of dialing do I still need Global command "username R2 password xxxxx" on R1 for chap auhtentication. I know I need the command "username r1 password xxx on R2 though.

DDR on OSPF, If I configure ip ospf demand-circuit command on Bri0/0 then hello should be suppressed, but is this enough or I still have to deny ospf packets through access-list

For example,

access-list 101 deny ospf any any

access-list 101 permit ip any any

dialer-list 1 protocol ip list 101

2 REPLIES
Silver

Re: ISDN Chap Authentication

Yes, will need the username/password on both ends......even though only one side is calling, the routers need to authenticate each other.

Maybe your question is when we use the "callin" on (say) R1

ppp authentication chap callin

in that case R1 does not need to be configured with usrname R2 pass xxx (basically we are not chap challenging when calling out to R2).

Please refer to:

http://www.cisco.com/warp/public/104/dcprob.html

Thanks, Mak.

Bronze

Re: ISDN Chap Authentication

Your two ospf scenarios dont do the same thing. ospf demand circuit stops ospf from keeping the circuit up with hellos but it still comes up once to build an adjacency and exchange data. Then it will time out and drop. However it will come up again every time there is a topology change.

The access list method would never let ospf through, which may be what you really want to do anyway.

88
Views
0
Helpful
2
Replies
CreatePlease to create content