Sunday, March 26, 2006

 

PPP CHAP authentication. (Question #48)

Consider the following debug ouput from debug ppp authentication

*Mar 27 06:06:59.357: %LINK-3-UPDOWN: Interface Serial4/0:0, changed state to up
*Mar 27 06:06:59.477: Se4/0:0 PPP: Using dialer call direction
*Mar 27 06:06:59.477: Se4/0:0 PPP: Treating connection as a callout
*Mar 27 06:06:59.477: Se4/0:0 PPP: Authorization NOT required
*Mar 27 06:06:59.477: Se4/0:0 PPP: No remote authentication for call-out
*Mar 27 06:06:59.537: Se4/0:0 CHAP: I CHALLENGE id 25 len 28 from "Router2"
*Mar 27 06:06:59.597: Se4/0:0 CHAP: Using hostname from interface CHAP
*Mar 27 06:06:59.597: Se4/0:0 CHAP: Using password from AAA
*Mar 27 06:06:59.597: Se4/0:0 CHAP: O RESPONSE id 25 len 28 from "Router1"
*Mar 27 06:06:59.709: Se4/0:0 CHAP: I SUCCESS id 25 len 4


The debug output has some text indicating that authentication is required but then some authentication seems to happen anyway. What must have been configured on the router for such behavior?

Comments:
This router R1 probably has "ppp direction callout" and still has the username Router2 password cisco.

I think that in addition it would also need the following for authorization:

aaa new-model
!
!
aaa authorization network aaa_aur none
aaa session-id common

!
interface Async65
ip address ...
encapsulation ppp
...
ppp authorization aaa_aur
ppp direction callout
!
 
I would like to share a list of Cisco exam-related articles and tips, at 100Questions Exam Portal (http://www.100qns.com) . CISCO 640-822 CCENT (100 Questions) is the Cisco Certified Networking Entry Technician exam, and covers the skills required for entry-level network support positions, and is the starting point for many networking careers. CCENT is the first step towards CCNA, and our exam volume prepares you to ace your exam.

CISCO CCNA Exam (100 Questions), or the Cisco Certified Network Associate validates the ability to install, configure, operate and troubleshoot medium-sized routed and switched networks. This includes basic mitigation of security threats, introduction to wireless networking concepts and terminology, and performance-based skills.

The other good thing is that you can test your Cisco knowledge and prepare for the exam via the exam library, which contains free-to-try exam questions. The Cisco reference section could be accessed from the drop-down menu, and because the portal covers several topics, it could be confusing initially due to the enormous amount of data, but if you spend some time navigating the contents you might be well-rewarded!

Another good site (if you need another one) is Exam Fight, at http://www.examfight.com

Hope this helps!

Susan
 
Post a Comment

Links to this post:

Create a Link



<< Home

This page is powered by Blogger. Isn't yours?