Re: PPP Authentication - Problem - Please Help - Thanks

nerdv · ‎07-16-2003

service tcp-keepalives-in

service tcp-keepalives-out

service password-encryption

hostname castlehill-pip

boot system flash c1700-122-8.T.bin

logging buffered 4096 debugging

enable password 7 xxxxxxxxxxxxx

username syd-cor1 password 7 xxxxxxxxxxx

memory-size iomem 25

clock timezone EST 10

clock summer-time EDST recurring last Sun Oct 2:00 last Sun Mar 3:00

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip source-route

no ip domain-lookup

ip accounting-threshold 1024

isdn switch-type basic-net3

isdn voice-call-failure 0

interface Tunnel0

description Private-IP Tunnel to Head Office

ip address a.b.c.d p.q.r.s

no ip redirects

tunnel source x.y.z.w

tunnel destination d.c.e.f

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

no fair-queue

hold-queue 250 in

interface ATM0.2 point-to-point

description Internet Network

pvc 1/33

ubr 128

encapsulation aal5mux ppp dialer

dialer pool-member 2

interface BRI0

no ip address

encapsulation ppp

dialer rotary-group 0

dialer-group 1

isdn switch-type basic-net3

no fair-queue

no cdp enable

interface FastEthernet0

description Local Ethernet segment

ip address x.y.z.w

speed auto

no cdp enable

interface Dialer0

description ISDN link to Connect.com.au

bandwidth 128000

ip address d.c.e.f p.q.r.s

ip access-group 10 in

no ip redirects

encapsulation ppp

dialer in-band

dialer idle-timeout 604800

dialer enable-timeout 5

dialer wait-for-carrier-time 15

dialer map ip x.y.z.w name syd-cor1 broadcast 0282198609

dialer load-threshold 1 outbound

dialer-group 1

no fair-queue

no cdp enable

ppp authentication chap

ppp chap hostname spotlight106-gw

ppp multilink

interface Dialer2

description Internet Network

ip address negotiated

encapsulation ppp

dialer pool 2

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname abcd@pqrs

ppp chap password 7 xxxxxxxxxx

ip classless

ip route 0.0.0.0 0.0.0.0 10.61.88.200

ip route 172.61.0.0 255.255.0.0 Dialer2

ip route x.x.x.x 255.255.255.255 x.x.x.x

no ip http server

ip pim bidir-enable

access-list 10 permit a.b.c.d

access-list 10 deny any

priority-list 1 protocol ip high lt 100

dialer-list 1 protocol ip permit

dialer-list 2 protocol ip permit

no cdp run

snmp-server community xxxxxxx RO

line con 0

password 7 xxxxxxxxxx

line aux 0

line vty 0 4

exec-timeout 60 0

password 7 xxxxxxxxxx

login

no scheduler allocate

sntp server x.y.z.w

end

This is config of the router. Now apparently when i do a debug ppp auth on this router, its giving me stuff that i was uanble to decipher. please help thanks

*Mar 2 02:38:10.629 UTC: %LINK-3-UPDOWN: Interface Virtual-Access1, changed st

te to up

*Mar 2 02:38:10.629 UTC: %DIALER-6-BIND: Interface Vi1 bound to profile Di2

*Mar 2 02:38:10.629 UTC: Vi1 PPP: Authorization NOT required

*Mar 2 02:38:10.633 UTC: Vi1 PPP: Treating connection as a callout

*Mar 2 02:38:10.633 UTC: Vi1 PPP:Phase is ESTABLISHING, Active Open

*Mar 2 02:38:10.633 UTC: Vi1 PPP:No remote authentication for call-out

*Mar 2 02:38:10.633 UTC: Vi1 LCP:O CONFREQ [Closed] id 209 len 10

*Mar 2 02:38:10.633 UTC: Vi1 LCP:MagicNumber 0x07CEDC83 (0x050607CEDC83)

*Mar 2 02:38:10.641 UTC: Vi1 LCP:I CONFACK [REQsent] id 209 len 10

*Mar 2 02:38:10.641 UTC: Vi1 LCP:MagicNumber 0x07CEDC83 (0x050607CEDC83)

*Mar 2 02:38:10.669 UTC: Vi1 LCP:I CONFREQ [ACKrcvd] id 100 len 34

*Mar 2 02:38:10.669 UTC: Vi1 LCP:AuthProto CHAP (0x0305C22305)

*Mar 2 02:38:10.669 UTC: Vi1 LCP:MagicNumber 0xB12C2300 (0x0506B12C2300)

*Mar 2 02:38:10.669 UTC: Vi1 LCP:MRRU 1524 (0x110405F4)

*Mar 2 02:38:10.669 UTC: Vi1 LCP:EndpointDisc 1 Local (0x130F016E504F41413

3230166E3033)

*Mar 2 02:38:10.673 UTC: Vi1 LCP:O CONFREJ [ACKrcvd] id 100 len 8

*Mar 2 02:38:10.673 UTC: Vi1 LCP:MRRU 1524 (0x110405F4)

*Mar 2 02:38:10.681 UTC: Vi1 LCP:I CONFREQ [ACKrcvd] id 101 len 30

*Mar 2 02:38:10.681 UTC: Vi1 LCP:AuthProto CHAP (0x0305C22305)

*Mar 2 02:38:10.681 UTC: Vi1 LCP:MagicNumber 0xB12C2300 (0x0506B12C2300)xi

castlehill-pip(config)#

*Mar 2 02:38:10.681 UTC: Vi1 LCP:EndpointDisc 1 Local (0x130F016E504F41413

3230166E3033)

*Mar 2 02:38:10.681 UTC: Vi1 LCP: O CONFACK [ACKrcvd] id 101 len 30

*Mar 2 02:38:10.681 UTC: Vi1 LCP:AuthProto CHAP (0x0305C22305)

*Mar 2 02:38:10.685 UTC: Vi1 LCP:MagicNumber 0xB12C2300 (0x0506B12C2300)

*Mar 2 02:38:10.685 UTC: Vi1 LCP:EndpointDisc 1 Local (0x130F016E504F41413

3230166E3033)

*Mar 2 02:38:10.685 UTC: Vi1 LCP: State is Open

*Mar 2 02:38:10.685 UTC: Vi1 PPP: Phase is AUTHENTICATING, by the peer

*Mar 2 02:38:12.625 UTC: %LINK-3-UPDOWN: Interface Dialer2, changed state to u

*Mar 2 02:38:12.625 UTC: Di2 LCP: Not allowed on a Dialer Profile

*Mar 2 02:38:12.677 UTC: Vi1 LCP:I CONFREQ [Open] id 102 len 30

*Mar 2 02:38:12.677 UTC: Vi1 LCP:AuthProto CHAP (0x0305C22305)

*Mar 2 02:38:12.677 UTC: Vi1 LCP:MagicNumber 0xB12C2300 (0x0506B12C2300)

*Mar 2 02:38:12.677 UTC: Vi1 LCP:EndpointDisc 1 Local (0x130F016E504F41413

3230166E3033)

*Mar 2 02:38:12.681 UTC: Vi1 PPP:Phase is TERMINATING

*Mar 2 02:38:12.681 UTC: Vi1 PPP:No remote authentication for call-out

*Mar 2 02:38:12.681 UTC: Vi1 PPP:Phase is ESTABLISHING

*Mar 2 02:38:12.681 UTC: Vi1 LCP:O CONFREQ [Open] id 210 len 10

*Mar 2 02:38:12.681 UTC: Vi1 LCP:MagicNumber 0x07CEE484 (0x050607CEE484)

*Mar 2 02:38:12.685 UTC: Vi1 LCP:O CONFACK [Open] id 102 len 30

*Mar 2 02:38:12.685 UTC: Vi1 LCP:AuthProto CHAP (0x0305C22305)

*Mar 2 02:38:12.685 UTC: Vi1 LCP:MagicNumber 0xB12C2300 (0x0506B12C2300)

*Mar 2 02:38:12.685 UTC: Vi1 LCP:EndpointDisc 1 Local (0x130F016E504F41413

3230166E3033)

*Mar 2 02:38:12.689 UTC: Vi1 LCP:I CONFACK [ACKsent] id 210 len 10

*Mar 2 02:38:12.689 UTC: Vi1 LCP:MagicNumber 0x07CEE484 (0x050607CEE484)

*Mar 2 02:38:12.689 UTC: Vi1 LCP:State is Open

*Mar 2 02:38:12.689 UTC: Vi1 PPP:Phase is AUTHENTICATING, by the peer

*Mar 2 02:38:14.677 UTC: Vi1 LCP:I CONFREQ [Open] id 103 len 30

*Mar 2 02:38:14.677 UTC: Vi1 LCP:AuthProto CHAP (0x0305C22305)

*Mar 2 02:38:14.677 UTC: Vi1 LCP:MagicNumber 0xB12C2300 (0x0506B12C2300)

*Mar 2 02:38:14.677 UTC: Vi1 LCP:EndpointDisc 1 Local (0x130F016E504F414133230166E3033)

*Mar 2 02:38:14.681 UTC: Vi1 PPP:Phase is TERMINATING

*Mar 2 02:38:14.681 UTC: Vi1 PPP:No remote authentication for call-out

*Mar 2 02:38:14.681 UTC: Vi1 PPP:Phase is ESTABLISHING

*Mar 2 02:38:14.681 UTC: Vi1 LCP:O CONFREQ [Open] id 211 len 10

*Mar 2 02:38:14.681 UTC: Vi1 LCP:MagicNumber 0x07CEEC55 (0x050607CEEC55)

*Mar 2 02:38:14.681 UTC: Vi1 LCP:O CONFACK [Open] id 103 len 30

*Mar 2 02:38:14.685 UTC: Vi1 LCP:AuthProto CHAP (0x0305C22305)

*Mar 2 02:38:14.685 UTC: Vi1 LCP:MagicNumber 0xB12C2300 (0x0506B12C2300)

*Mar 2 02:38:14.685 UTC: Vi1 LCP:EndpointDisc 1 Local (0x130F016E504F41413

3230166E3033)

*Mar 2 02:38:14.689 UTC: Vi1 LCP:I CONFACK [ACKsent] id 211 len 10

*Mar 2 02:38:14.689 UTC: Vi1 LCP:MagicNumber 0x07CEEC55 (0x050607CEEC55)

*Mar 2 02:38:14.689 UTC: Vi1 LCP: State is Open

*Mar 2 02:38:14.689 UTC: Vi1 PPP: Phase is AUTHENTICATING, by the peer

*Mar 2 02:38:16.677 UTC: Vi1 LCP:I CONFREQ [Open] id 104 len 30

*Mar 2 02:38:16.677 UTC: Vi1 LCP:AuthProto CHAP (0x0305C22305)

*Mar 2 02:38:16.677 UTC: Vi1 LCP:MagicNumber 0xB12C2300 (0x0506B12C2300)

*Mar 2 02:38:16.677 UTC: Vi1 LCP:EndpointDisc 1 Local (0x130F016E504F41413

3230166E3033)

*Mar 2 02:38:16.681 UTC: Vi1 PPP:Phase is TERMINATING

*Mar 2 02:38:16.681 UTC: Vi1 PPP:No remote authentication for call-out

*Mar 2 02:38:16.681 UTC: Vi1 PPP:Phase is ESTABLISHING

*Mar 2 02:38:16.681 UTC: Vi1 LCP:O CONFREQ [Open] id 212 len 10

*Mar 2 02:38:16.681 UTC: Vi1 LCP:MagicNumber 0x07CEF426 (0x050607CEF426)

*Mar 2 02:38:16.681 UTC: Vi1 LCP:O CONFACK [Open] id 104 len 30

*Mar 2 02:38:16.685 UTC: Vi1 LCP:AuthProto CHAP (0x0305C22305)

*Mar 2 02:38:16.685 UTC: Vi1 LCP:MagicNumber 0xB12C2300 (0x0506B12C2300)

*Mar 2 02:38:16.685 UTC: Vi1 LCP:EndpointDisc 1 Local (0x130F016E504F41413

3230166E3033)

*Mar 2 02:38:16.689 UTC: Vi1 LCP:I CONFACK [ACKsent] id 212 len 10

*Mar 2 02:38:16.689 UTC: Vi1 LCP:MagicNumber 0x07CEF426 (0x050607CEF426)

*Mar 2 02:38:16.689 UTC: Vi1 LCP:State is Open

*Mar 2 02:38:16.689 UTC: Vi1 PPP:Phase is AUTHENTICATING, by the peer

*Mar 2 02:38:18.677 UTC: Vi1 LCP:I CONFREQ [Open] id 105 len 30

*Mar 2 02:38:18.677 UTC: Vi1 LCP:AuthProto CHAP (0x0305C22305)

*Mar 2 02:38:18.677 UTC: Vi1 LCP:MagicNumber 0xB12C2300 (0x0506B12C2300)

*Mar 2 02:38:18.677 UTC: Vi1 LCP:EndpointDisc 1 Local (0x130F016E504F41413

3230166E3033)

*Mar 2 02:38:18.681 UTC: Vi1 PPP: Phase is TERMINATING

*Mar 2 02:38:18.681 UTC: Vi1 PPP: No remote authentication for call-out

*Mar 2 02:38:18.681 UTC: Vi1 PPP:Phase is ESTABLISHING

*Mar 2 02:38:18.681 UTC: Vi1 LCP:O CONFREQ [Open] id 213 len 10

*Mar 2 02:38:18.681 UTC: Vi1 LCP:MagicNumber 0x07CEFBF7 (0x050607CEFBF7)

*Mar 2 02:38:18.681 UTC: Vi1 LCP:O CONFACK [Open] id 105 len 30

*Mar 2 02:38:18.685 UTC: Vi1 LCP:AuthProto CHAP (0x0305C22305)

*Mar 2 02:38:18.685 UTC: Vi1 LCP:MagicNumber 0xB12C2300 (0x0506B12C2300)

*Mar 2 02:38:18.685 UTC: Vi1 LCP:EndpointDisc 1 Local (0x130F016E504F41413

3230166E3033)

*Mar 2 02:38:18.689 UTC: Vi1 LCP:I CONFACK [ACKsent] id 213 len 10

*Mar 2 02:38:18.689 UTC: Vi1 LCP:MagicNumber 0x07CEFBF7 (0x050607CEFBF7)

*Mar 2 02:38:18.689 UTC: Vi1 LCP:State is Open

*Mar 2 02:38:18.689 UTC: Vi1 PPP:Phase is AUTHENTICATING, by the peer

*Mar 2 02:38:20.677 UTC: Vi1 LCP:I CONFREQ [Open] id 106 len 30

*Mar 2 02:38:20.677 UTC: Vi1 LCP:AuthProto CHAP (0x0305C22305)

*Mar 2 02:38:20.677 UTC: Vi1 LCP:MagicNumber 0xB12C2300 (0x0506B12C2300)

*Mar 2 02:38:20.677 UTC: Vi1 LCP:EndpointDisc 1 Local (0x130F016E504F41413

3230166E3033)

rais · ‎07-16-2003

Apparently your problem is that of authentication. The other side is trying to AUTH you, but you are not expecting it. Your BRI0 doesn't have ppp auth statement.

You can also remove all auth statements and once link is up, introduce them again.

HTH

nerdv · ‎07-16-2003

its not the bri that is the problem. its the dialer2 that is the problem - the adsl connection.thx

deilert · ‎07-16-2003

paste in the config from the remote router

nerdv · ‎07-16-2003

the remote router is the uac. IT TERMINATES ONTHE ISP AND I CANT GET IT:). I USED THE SAME CONFIG ON OTHER PLACES OF THE SAME COMPANY AND THE WORKED.

deilert · ‎07-16-2003

as stated in the earlier post it looks like the remote end is not configured for authentication , remove auth on your side , if the link comes up it proves the remote router is misconfigured.

jawad1979 · ‎07-16-2003

Hi,

Since the debug output does not have any "auth-req" or "chap", this means that both parties are still negotiating.Your router has acknowledged that it can use chap based on the config request sent by the remote end.

You can try the "ppp timeout retry 20" on the dialer interface,this will increase the timeout. But what concerns me is that after the LCP phase is open and after

UTC: Vi1 PPP:Phase is AUTHENTICATING, by the peer

The negotiations after this should include a challenge sent by the remote end something like : CHAP: I CHALLENGE id ....

Well I'm not sure if it is possible to associate a dialer interface to a physical sub-interface atm0.x

I'm really interested to know what is going on!!

Jawad

Good Luck

rjackson · ‎07-16-2003

Are you trying to using the bri or the atm ? The trace shows dialer2 which is the atm.

nerdv · ‎07-16-2003

I am tryin gto use the atm. the bri is working fine.

its the atm which is gving me the problem