Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

I need help with pap authentication

Hi,

I'am trying to connect 2 Routers back to back via the AUX Port and a nullmodem cable. I get a connection without ppp-authentication. But when I enable pap or chap it seems that the password and usernames are not send. I verified this with debug ppp authentication and ppp negotiation.

Here is my config:

------------------

hostname router-2501

aaa new-model

aaa authentication login default local-case

aaa authentication ppp default local

aaa authorization exec default local

enable secret 5 <removed>

username admin privilege 14 password 7 <removed>

username guest nopassword

username router-2503 password 7 <removed>

username home password 7 <removed>

interface Async1

bandwidth 38

ip address 172.16.1.2 255.255.255.0

encapsulation ppp

async mode dedicated

ppp authentication pap

line aux 0

modem InOut

transport input all

stopbits 1

speed 38400

flowcontrol hardware

###########################################################

hostname router-2503

aaa new-model

aaa authentication login default local-case

aaa authentication ppp default local

aaa authorization exec default local

enable secret 5 <removed>

username admin privilege 14 password 7 <removed>

username router-2501 password 7 <removed>

username home password 7 <removed>

interface Async1

bandwidth 38

ip address 172.16.1.1 255.255.255.0

encapsulation ppp

async mode dedicated

ppp authentication pap

line aux 0

modem InOut

transport input all

stopbits 1

speed 38400

flowcontrol hardware

Here is the debug from pap:

00:11:18: %LINK-3-UPDOWN: Interface Async1, changed state to up

00:11:18: As1 PPP: Using modem call direction

00:11:18: As1 PPP: Treating connection as a callin

00:11:18: As1 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 0 load]

00:11:18: As1 LCP: State is Listen

router-2501#

00:11:20: As1 LCP: TIMEout: State Listen

00:11:20: As1 LCP: O CONFREQ [Listen] id 12 len 24

00:11:20: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

00:11:20: As1 LCP: AuthProto PAP (0x0304C023)

00:11:20: As1 LCP: MagicNumber 0x00169FE3 (0x050600169FE3)

00:11:20: As1 LCP: PFC (0x0702)

00:11:20: As1 LCP: ACFC (0x0802)

00:11:20: As1 LCP: I CONFREQ [REQsent] id 19 len 24

00:11:20: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

00:11:20: As1 LCP: AuthProto PAP (0x0304C023)

00:11:20: As1 LCP: MagicNumber 0x00175D48 (0x050600175D48)

00:11:20: As1 LCP: PFC (0x0702)

00:11:20: As1 LCP: ACFC (0x0802)

00:11:20: As1 LCP: O CONFACK [REQsent] id 19 len 24

00:11:20: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

00:11:20: As1 LCP: AuthProto PAP (0x0304C023)

00:11:20: As1 LCP: MagicNumber 0x00175D48 (0x050600175D48)

00:11:20: As1 LCP: PFC (0x0702)

00:11:20: As1 LCP: ACFC (0x0802)

00:11:20: As1 LCP: I CONFACK [ACKsent] id 12 len 24

00:11:20: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

00:11:20: As1 LCP: AuthProto PAP (0x0304C023)

00:11:20: As1 LCP: MagicNumber 0x00169FE3 (0x050600169FE3)

00:11:20: As1 LCP: PFC (0x0702)

00:11:20: As1 LCP: ACFC (0x0802)

00:11:20: As1 LCP: State is Open

00:11:20: As1 PPP: Phase is AUTHENTICATING, by both [0 sess, 0 load]

router-2501#

I remains in this for a few minutes and then it tries to reconnect again. Can anyone help?

Best Regards

Marcos

  • Remote Access
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Re: I need help with pap authentication

Hello,

there is a hidden command that you could use:

ppp direction callout (on the local router)

ppp direction callin (on the remote router)

Aparently, in a back-to-back scenario like yours, the routers do not know exactly who called who...

HTH,

GP

6 REPLIES

Re: I need help with pap authentication

Hi

The config which you have posted makes both the routers to recieve the calls and recieve the authentication credintials using PAP.

i would suggest to key in ppp authentication pap callin and ppp pap sent-username router-2501 password xxxxx on the 2501 router.

if u need more info do go thru this lik ..

http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a0080093c6f.shtml

regds

VIP Purple

Re: I need help with pap authentication

Hello Marcos,

try the following:

On your router-2501:

interface Async1

bandwidth 38

ip address 172.16.1.2 255.255.255.0

encapsulation ppp

async mode dedicated

ppp authentication pap

-->ppp pap sent-username router-2501 password XXXX

And on your router-2503:

interface Async1

bandwidth 38

ip address 172.16.1.1 255.255.255.0

encapsulation ppp

async mode dedicated

ppp authentication pap

--> ppp pap sent-username router-2503 password XXXX

HTH,

GP

New Member

Re: I need help with pap authentication

Hi,

I tried the ppp pap sent-username router... and got the same result.

I also tried to use chap and got the following result:

00:14:49: %LINK-3-UPDOWN: Interface Async1, changed state to up

router-2503#

00:14:49: As1 PPP: Using modem call direction

00:14:49: As1 PPP: Treating connection as a callin

00:14:49: As1 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 0 load]

00:14:49: As1 LCP: State is Listen

router-2503#

00:14:51: As1 LCP: I CONFREQ [Listen] id 10 len 25

00:14:51: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

00:14:51: As1 LCP: AuthProto CHAP (0x0305C22305)

00:14:51: As1 LCP: MagicNumber 0x00194ED5 (0x050600194ED5)

00:14:51: As1 LCP: PFC (0x0702)

00:14:51: As1 LCP: ACFC (0x0802)

00:14:51: As1 LCP: O CONFREQ [Listen] id 23 len 25

00:14:51: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

00:14:51: As1 LCP: AuthProto CHAP (0x0305C22305)

00:14:51: As1 LCP: MagicNumber 0x001A2BCB (0x0506001A2BCB)

00:14:51: As1 LCP: PFC (0x0702)

00:14:51: As1 LCP: ACFC (0x0802)

00:14:51: As1 LCP: O CONFACK [Listen] id 10 len 25

00:14:51: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

00:14:51: As1 LCP: AuthProto CHAP (0x0305C22305)

00:14:51: As1 LCP: MagicNumber 0x00194ED5 (0x050600194ED5)

00:14:51: As1 LCP: PFC (0x0702)

00:14:51: As1 LCP: ACFC (0x0802)

00:14:51: As1 LCP: I CONFACK [ACKsent] id 23 len 25

00:14:51: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

00:14:51: As1 LCP: AuthProto CHAP (0x0305C22305)

00:14:51: As1 LCP: MagicNumber 0x001A2BCB (0x0506001A2BCB)

00:14:51: As1 LCP: PFC (0x0702)

00:14:51: As1 LCP: ACFC (0x0802)

00:14:51: As1 LCP: State is Open

00:14:51: As1 PPP: Phase is AUTHENTICATING, by both [0 sess, 0 load]

router-2503#

00:14:51: As1 CHAP: O CHALLENGE id 1 len 32 from "router-2503"

00:14:51: As1 CHAP: I CHALLENGE id 1 len 32 from "router-2501"

00:14:51: As1 CHAP: Waiting for peer to authenticate first

router-2503#

00:15:01: As1 CHAP: O CHALLENGE id 2 len 32 from "router-2503"

00:15:01: As1 CHAP: I CHALLENGE id 2 len 32 from "router-2501"

00:15:01: As1 CHAP: Waiting for peer to authenticate first

router-2503#no debug all

00:15:11: As1 CHAP: O CHALLENGE id 3 len 32 from "router-2503"

00:15:11: As1 CHAP: I CHALLENGE id 3 len 32 from "router-2501"

00:15:11: As1 CHAP: Waiting for peer to authenticate first

router-2503#no debug all

All possible debugging has been turned off

router-2503#

I can see the "As1 CHAP: Waiting for peer to authenticate first" message on both routers...

It seems that both sides treat the back-to-back connection as call in and waiting for the other side to authenticate. It is shown in the debug output:

00:14:49: As1 PPP: Using modem call direction

00:14:49: As1 PPP: Treating connection as a callin

I can see this debug messages on both routers, there looking identical. So my question is, can I force one router to handle the connection as dial out ?

VIP Purple

Re: I need help with pap authentication

Hello,

there is a hidden command that you could use:

ppp direction callout (on the local router)

ppp direction callin (on the remote router)

Aparently, in a back-to-back scenario like yours, the routers do not know exactly who called who...

HTH,

GP

New Member

Re: I need help with pap authentication

Hi GP,

thank you, now it works ;-)

I can use chap as authentication and pap. But when I want to use pap, I must use the ppp pap sent-username ... command. Do you have any idea why pap dosent works with the local account database?

When I use chap, it works.

Regards

Marcos

VIP Purple

Re: I need help with pap authentication

Hello Marcos,

there is a slight difference in the way CHAP and PAP operate: unlike CHAP, PAP does not automatically send the router´s hostname for authentication. The username and password value must be manually configured with the ´ppp pap sent-username´ command under the interface.

HTH,

GP

158
Views
5
Helpful
6
Replies
This widget could not be displayed.