PPP authentication - called router uses router name not ppp chap hostname

crhodes · ‎02-16-2003

I have a router (IOS 12.1(16)) with an ISDN PRI receiving calls from remote routers. I want my router to send the configured ppp chap hostname during the ppp authentication phase, not its router name.

However, using the configuration below, my router initially sends its router name not the ppp chap configured name. The remote router (IOS) can't handle this and terminates the call.

I use the exact same configuration with a remote Cisco 700 series router (not IOS), and it works, but the following debug shows my router sends its router name first, followed by the ppp chap hostname only after the remote router has responded to the challenge.

Dec 10 08:56:46: %LINK-3-UPDOWN: Interface Serial1/0:1, changed state to up

Dec 10 08:56:46: Se1/0:1 PPP: Treating connection as a callin

Dec 10 08:56:46: Se1/0:1 CHAP: O CHALLENGE id 72 len 31 from "ROUTER1"

Dec 10 08:56:46: Se1/0:1 CHAP: I CHALLENGE id 1 len 24 from "ROUTER2"

Dec 10 08:56:46: Se1/0:1 CHAP: Waiting for peer to authenticate first

Dec 10 08:56:46: Se1/0:1 CHAP: I RESPONSE id 72 len 24 from "ROUTER2"

Dec 10 08:56:46: Se1/0:1 CHAP: O SUCCESS id 72 len 4

Dec 10 08:56:46: Se1/0:1 CHAP: Processing saved Challenge, id 1

Dec 10 08:56:46: %DIALER-6-BIND: Interface Se1/0:1 bound to profile Di12

Dec 10 08:56:46: Se1/0:1 CHAP: Using alternate hostname FDRA

Dec 10 08:56:46: Se1/0:1 CHAP: O RESPONSE id 1 len 25 from "FDRA"

Dec 10 08:56:47: Se1/0:1 CHAP: I SUCCESS id 1 len 32 msg is "chap: User FDRA authorized."

Dec 10 08:56:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:1, changed state to up

Is it normal for my router to issue its router name first and then use the alternate hostname as shown above.

If this is normal, any reason why a remote IOS router would not complete PPP authentication while a Cisco 700 series does?

Following is the configuration of my router.

hostname ROUTER1

username ROUTER2 password qwerty

interface Serial1/0:15

no ip address

encapsulation ppp

dialer pool-member 1

isdn switch-type primary-net5

ppp authentication chap callin

interface Dialer18

ip address 172.16.248.5 255.255.255.252

encapsulation ppp

dialer pool 1

dialer remote-name ROUTER2

dialer string 0123456789

dialer-group 1

ppp authentication chap

ppp chap hostname R1ALIAS

ppp chap password 0 qwerty

Any assistance or thoughts appreciated.

Regards

tepatel · ‎02-18-2003

That is very normal..

The debug that you have shown is not matching with the config. You can see that during ppp negotiation, ROUTER2 name is received from other side but it bound to profile Dialer 12

Dec 10 08:56:46: %DIALER-6-BIND: Interface Se1/0:1 bound to profile Di12

But above call did worked fine as authentication SUCCESS are exchanged.

Now since this router has received the call so the call will be binded to the correct dialer profile based on the remote-name received in challenge. So Initially the receiving router will send hostname as a challenge. But the response to the challenge received will be sent using the correct hostname (modified on the interface using ppp chap hostname command)

Dec 10 08:56:46: Se1/0:1 CHAP: Using alternate hostname FDRA

Dec 10 08:56:46: Se1/0:1 CHAP: O RESPONSE id 1 len 25 from "FDRA"

And the call should work as it worked in above debug. If its not working, the problem is in the remote site router.

crhodes · ‎02-20-2003

Thanks,

You were correct.

The problem turned out to be a configuration issue at the remote router. There was no ppp chap password config line.

Once this was installed, ppp authentication succeeded.