Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

new chap authentication commands for 876 ISDN backup?

Greetings,

I currently have 2 876 routers with ISDN as a backup.

When i passed CCNA back in 2003 i read that for chap authentication one needs to configure chap username and password of the peer router and then define dialer string in dialer interface.

However these routers have a different setup and at the dialer interface they use the command 'ppp authentication chap pap callin'. I read that this is a new way of defining a commom username/password of the router with the difference that you basically define your router's credentials and not your peers. For example for router 1 you define his own credentials and not his peer's (router2).

Now the problem is that these routers have been setup with SDM and a 'dialer string' has been configured. I am asked to reconfigure them because of a 3rd router existance so i need to define 'dialer map' commands.

So, if anyone knows please reply on the following:

1. Is 'dialer map' command compatible with 'ppp authentication chap pap callin' setup?

2. Has 'dialer map' command been substituted with another command?

3. Do i need to configure anything else except from the dialer?

FYI i also submit the sh startup config for ISDN

interface Dialer0

ip address 192.168.3.1 255.255.255.0

encapsulation ppp

dialer pool 1

dialer string xxxxx

dialer load-threshold 128 outbound

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname rout1

ppp chap password xxxxxxxx

ppp multilink

Many thanks in advance

regards,

themis

5 REPLIES
Hall of Fame Super Silver

Re: new chap authentication commands for 876 ISDN backup?

Hello Themis,

remove the dialer string and add two dialer map commands one for each spoke router.

also for the authentication should work better with the old style:

two username commands in global config one for each spoke router.

the command

ppp authentication chap callin

should use CHAP but not in a bidirectional way here callin should the calling party only that has to be authenticated.

with normal commands CHAP authentication is bidirectional: each router challenges the other one.

This should be the difference provided by the option callin

Hope to help

Giuseppe

New Member

Re: new chap authentication commands for 876 ISDN backup?

greetings giuseppe and thanks for your really quick reply!

So what you are saying is that i should define in global config mode the other 2 peers, leave the chap callin command in dialer and replace dialer string with dialer map info. Correct?

Also, something else. At the BRI int i see the following

interface BRI0

no ip address

ip mask-reply

no ip redirects

no ip proxy-arp

encapsulation ppp

ip route-cache flow

dialer pool-member 1

isdn switch-type basic-net3

isdn point-to-point-setup

ppp multilink

What is that line 'isdn point-to-point-setup' for?

again many thanks,

themis

Hall of Fame Super Silver

Re: new chap authentication commands for 876 ISDN backup?

Hello Themis,

your understanding is correct

I personally never used that command

here is the command reference

http://www.cisco.com/en/US/docs/ios/dial/command/reference/dia_i2.html#wp1013211

I think you should remove it even if the notes say it is effective if

This command only applies if a static TEI has been activated with the isdn static-tei

Hope to help

Giuseppe

New Member

Re: new chap authentication commands for 876 ISDN backup?

ok,

many thanks for your time. :)

themis

New Member

Re: new chap authentication commands for 876 ISDN backup?

greetings again,

I am facing a serious issue. I try to configure dialer map from interface dialer0 and the router doesnt support it, i.e. it doesnt have it as a command.

I can only configure them through bri interface but since i am using dialer profile i know that this is not correct.

Any suggestions? If i configure them in bri int will it work?

many thanks,

themis

152
Views
8
Helpful
5
Replies