KaylaITFTTB Premium Member join:2012-07-26 Calgary, AB 1 edit |
KaylaIT
Premium Member
2012-Aug-11 8:42 pm
Problems with PPP and CiscoHi
I am having a problem with my Cisco router and PPP, I cannot get it to authenticate. The problem is that I am receiving a CHAP challenge from the server and it rejects any negotiations for PAP. Has anyone seen this before? I can confirm that my laptop and Zyxel 1432 can authenticate properly. If anyone can provide the LCP negotiation from wireshark it would be much appriciated.
EDIT: I am in Calgary but any info from the east is welcomed.
Randal |
|
|
sgtux
Member
2012-Aug-11 11:46 pm
I'm running Cisco 1921 router bonding 2 VDSL lines (MLPPP). I've never seen any problems with PPP authentication. I'm in Toronto (GTA). Here is my Dialer interface configuration:
! interface Dialer0 ip address negotiated ip access-group 1 in ip access-group 1 out no ip redirects no ip proxy-arp ip mtu 1492 ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ppp pap sent-username [removed] password [removed] ppp ipcp address accept ppp multilink ppp multilink fragment disable no cdp enable hold-queue 224 in !
As you can see I don't configure PPP CHAP authentication at all. |
|
1 edit |
spock8
Member
2012-Aug-12 3:44 am
Here is mine running a 6meg connection out west running on a c2621
One thing I noticed is that for me to connect I had to add a chap and pap username and password. If I take the chap out it will not work. Odd but when doing a debug I found this.
Vi1 PPP: No authorization without authentication Vi1 CHAP: I CHALLENGE id 140 len 46 from "VANCBC01AR08" Vi1 CHAP: Using hostname from interface CHAP CHAP: Using password from interface CHAP
googling "VANCBC01AR08" tells us it is a telus router in vancouver by the looks of it and it was asking for a chap username and password. Once it does that I was then asked for a PAP
interface FastEthernet0/0 description TEKSAVVY ISP no ip address duplex auto speed auto pppoe enable pppoe-client dial-pool-number 1 no cdp enable
interface Dialer1 description WAN - ISP - 700kbps up 5000kbps down mtu 1477 bandwidth 700 ip address negotiated no ip proxy-arp ip nat outside ip nbar protocol-discovery encapsulation ppp ip route-cache flow no ip mroute-cache dialer pool 1 no cdp enable ppp authentication chap pap callin ppp chap hostname "username" ppp chap password "password" ppp pap sent-username "username" password "password" ppp ipcp dns request accept ppp ipcp address accept service-policy output QOS-VOIP |
|
KaylaITFTTB Premium Member join:2012-07-26 Calgary, AB |
KaylaIT
Premium Member
2012-Aug-12 10:05 am
Hi Spock
Thanks for the info, adding CHAP to the dialer has resolved the issue. I have confirmed that the Telus Edge devices are sending a CHAP challenge first once there is a valid response then they start a PAP authentication.
Randal |
|