Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

callin or callout

From the following document: http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a0080093c6f.shtml, it states that "ppp authentication pap callin" will be issued on the calling router. But why "callin" and not "callout"? Thanks! :)

2 REPLIES
VIP Purple

Re: callin or callout

Hello,

the terminology can be confusing indeed. The ´callin´ keyword actually tells the remote router to only authenticate the incoming connection. Let´s say R1 calls R2, and R1 is configured with ´ppp authentication pap callin´. The output of ´debug ppp authentication´ on R2 would look like this:

1w0d: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up

1w0d: %ISDN-6-CONNECT: Interface BRI0:2 is now connected to 20

1w0d: BR0:2 PPP: Treating connection as a callin

1w0d: BR0:2 PPP: Phase is AUTHENTICATING, by this end

1w0d: BR0:2 PAP: I AUTH-REQ id 2 len 22 from "ISDN-1-COM3"

1w0d: BR0:2 PAP: Authenticating peer ISDN-1-COM3

1w0d: BR0:2 PAP: O AUTH-ACK id 2 len 5

Now, without the ´callin´ keyword, the output looks like this:

1w0d: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up

1w0d: %ISDN-6-CONNECT: Interface BRI0:2 is now connected to 20

1w0d: BR0:2 PPP: Treating connection as a callin

1w0d: BR0:2 PPP: Phase is AUTHENTICATING, by both

1w0d: BR0:2 PAP: I AUTH-REQ id 3 len 22 from "ISDN-1-COM3"

1w0d: BR0:2 PAP: Authenticating peer ISDN-1-COM3

1w0d: BR0:2 PAP: O AUTH-ACK id 3 len 5

So, basically the ´callin´ keyword tells the remote peer, R2 in this case´, to only authenticate connections that are calling in, that is, the callin keyword has to be viewed from the perspective of the remote router.

Does that make sense ?

Regards,

GP

Community Member

Re: callin or callout

Great Thanks!!! :-)

Aha, first time I see a computing concept that is considered "very understanding for the remote end". When troubleshooting things, I not only need to think from the local device's perspective, but also need to consider how's the other device is feeling and thinking. :-)

By the way, sounds like there is some security concern here. Someone (a hacker) might be able to dial in an enterprise network with the "callout" keyword, which tells the remote end do not authenticate it. :-)

239
Views
5
Helpful
2
Replies
CreatePlease to create content