[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference irocz::common_brouters

Title:Digital Brouters Conference
Notice:New common-code brouter family: RouteAbout, DECswitch 900
Moderator:MARVIN::HARTLL
Created:Mon Jul 17 1995
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:929
Total number of notes:3736

877.0. "RA-EI/Cisco CHAP" by NNTPD::"andreas waldherr @aui" (Andreas WALDHERR) Mon Apr 28 1997 09:25

Hi

I configured an ISDN link between a RouteAbout Access EI and a CISCO Router.
CHAP is used for authentication.

If the RA-EI dials to the Cisco the CHAP authentication faild. The RA sends a 
'Authenticate Success' but the Cisco respons with an 'Authentication Failure'
!
Tested with RA Version V2.0-3, V2.0-2 and V2.0-1.

Is there anything misconfigured or is it a bug in the RA-EI or Cisco Code ?
Thanks for any help 
Andreas


CISCO Trace: PRI2: received CALL_INCOMING
                     Bearer Capability i = 0x080010
                     Channel ID i = 0x210313
                     Calling Party Number i = 0x01010001, '43140400849349'
                     Called Party Number i = 0x0401, '813080'
                     -------------------
                     Bearer Capability i = 0x8890
                     Channel ID i = 0xA98393
                     Calling Party Number i = 0x1181, '43140400849349'
                     Called Party Number i = 0xC1, '813080'
PRI2: ISDN Event: Received a call from 43140400849349 on B19 at 64 Kb/s
%Link-3-UPDOWN: Interface Serial0:18, changed state to up
PPP Serial0:18 Send CHAP challange id=1 to remote
PPP Serial0:18 CHAP challange from KMBCHAP
PPP Serial0:18 CHAP response id=1 received from cross8

PPP Serial0:18 Unable to validate CHAP response. Username cross8 not found.

PPP Serial0:18 Send CHAP failure id=1 to remote 
PRI2: ISDN Event: Hangup call to call id 0x30


The CHAP ID and Passwords on both Router are double checked and ok !?



RouteAbout EI Trace:

*t 2
The software version 2.0 is different to the stored
configuration information version 0.0
Please see the release notes for information about moving
the configuration version to this software version.
After updating the configuration information (if necessary),
use the CONFIG> UPDATE VERSION-OF-SRAM command.
  GW.001: Copyright 1995-1996 Digital Equipment Corporation
  GW.002: KMBOSS, RtAbt Acces EI/IP,  Brouter: 1 Enet 1T1 1BRI,HW=1,RO=1,
          #1216,SW=V2.0-3 Started
  GW.005: Bffrs: 400 avail 400 idle   fair 103 low 80
 PPP.018: IPCP request retr exc nt 3 int PPP/1
 PPP.027: Bd lcp ack id, exp 22 gt 6, nt 3 int PPP/1
 PPP.018: LCP request retr exc nt 3 int PPP/1
 PPP.014: LCP/Listen fsm_down nt 3 int PPP/1
 PPP.002: Srl prt up, nt 3 int PPP/1
 PPP.014: LCP/Listen fsm_start nt 3 int PPP/1
 PPP.019: LCP/Listen lcp_starting nt 3 int PPP/1
 PPP.014: LCP/Listen fsm_reset nt 3 int PPP/1
 PPP.019: LCP/Listen lcp_reset nt 3 int PPP/1
 PPP.014: LCP/Listen fsm_timer nt 3 int PPP/1
 PPP.019: LCP/Listen lcp_makereq nt 3 int PPP/1
 PPP.019: LCP/Listen lcp_makeoptions nt 3 int PPP/1
 PPP.037: mk aut 0xC223
 PPP.038: mk mag 0x003B0877
 PPP.016: LCP/Listen snd Configure Request, id 43 len 15, nt 3 int PPP/1
 PPP.017: LCP/Req Sent rcv Configure Request, id 4 len 15, nt 3 int PPP/1
 PPP.019: LCP/Req Sent lcp_request nt 3 int PPP/1
 PPP.046: ck aut 0xC223
 PPP.026: lcp req rslt: Configure Ack, opt 3, ln 5, nt 3 int PPP/1
 PPP.037: mk aut 0xC223
 PPP.047: ck mag 0xEB47BA21
 PPP.026: lcp req rslt: Configure Ack, opt 5, ln 6, nt 3 int PPP/1
 PPP.038: mk mag 0xEB47BA21
 PPP.016: LCP/Req Sent snd Configure Ack, id 4 len 15, nt 3 int PPP/1
 PPP.017: LCP/Ack Sent rcv Configure Ack, id 43 len 15, nt 3 int PPP/1
 PPP.019: LCP/Ack Sent lcp_ack nt 3 int PPP/1
 PPP.019: LCP/Ack Sent lcp_makereq nt 3 int PPP/1
 PPP.019: LCP/Ack Sent lcp_makeoptions nt 3 int PPP/1
 PPP.037: mk aut 0xC223
 PPP.038: mk mag 0x003B0877
 PPP.014: LCP/Ack Sent fsm_opening nt 3 int PPP/1
 PPP.014: LCP/Ack Sent fsm_timer nt 3 int PPP/1
 PPP.014: CHAP/Closed chap_local nt 3 int PPP/1
 PPP.014: CHAP/Closed chap_send_challenge nt 3 int PPP/1
 PPP.014: CHAP/Closed chap_make_challenge nt 3 int PPP/1
 PPP.014: CHAP/Closed chap_timer nt 3 int PPP/1
 PPP.014: CHAP/Closed chap_send nt 3 int PPP/1

 PPP.133: CHAP/Closed snd Authenticate Challenge, id 44 len 62, nt 3 int PPP/1

 PPP.014: CHAP/Challenge Sent chap_remote nt 3 int PPP/1
 PPP.014: CHAP/Challenge Sent chap_timer nt 3 int PPP/1
 PPP.014: CHAP/Challenge Sent chap_proc nt 3 int PPP/1

 PPP.017: CHAP/Challenge Sent rcv Authenticate Challenge, id 1 len 27, nt 3
int1

 PPP.014: CHAP/Challenge Sent chap_stop_timer nt 3 int PPP/1
 PPP.014: CHAP/Challenge Sent chap_challenge nt 3 int PPP/1
 PPP.014: CHAP/Challenge Sent chap_make_response nt 3 int PPP/1
 PPP.014: CHAP/Challenge Sent chap_send nt 3 int PPP/1

 PPP.133: CHAP/Challenge Sent snd Authenticate Response, id 1 len 27, nt 3 int
1

 PPP.014: CHAP/Challenge Sent chap_timer nt 3 int PPP/1
 PPP.014: CHAP/Response Sent chap_proc nt 3 int PPP/1

 PPP.017: CHAP/Response Sent rcv Authenticate Response, id 44 len 27, nt 3 int
1

 PPP.014: CHAP/Response Sent chap_response nt 3 int PPP/1
 PPP.134: CHAP valid; val= ; len = 16; nt 3 int PPP/1
 PPP.014: CHAP/Response Sent chap_send nt 3 int PPP/1

 PPP.133: CHAP/Response Sent snd Authenticate Success, id 44 len 22, nt 3 int
P1

 PPP.014: CHAP/Success Sent chap_stop_timer nt 3 int PPP/1
 PPP.014: CHAP/Success Sent chap_proc nt 3 int PPP/1

 PPP.017: CHAP/Success Sent rcv Authenticate Failure, id 1 len 27, nt 3 int
PPP1

 PPP.014: CHAP/Success Sent chap_failure nt 3 int PPP/1
 PPP.014: CHAP/Success Sent chap_stop_timer nt 3 int PPP/1
 PPP.014: CHAP/Success Sent chap_closing nt 3 int PPP/1
 PPP.102: Aut failed, nt 3 int PPP/1
 PPP.017: LCP/Open rcv Terminate Request, id 5 len 4, nt 3 int PPP/1
 PPP.014: LCP/Open fsm_sendtermack nt 3 int PPP/1
 PPP.016: LCP/Open snd Terminate Ack, id 5 len 4, nt 3 int PPP/1
 PPP.014: PAP/Closed pap_down nt 3 int PPP/1
 PPP.014: CHAP/Closing chap_down nt 3 int PPP/1
 PPP.014: CHAP/Closing chap_stop_timer nt 3 int PPP/1
 PPP.014: CHAP/Closing chap_stop_timer nt 3 int PPP/1
 PPP.014: IPCP/Listen fsm_down nt 3 int PPP/1
 PPP.014: DNCP/Closed fsm_down nt 3 int PPP/1
 PPP.014: IPXCP/Closed fsm_down nt 3 int PPP/1
 PPP.014: BNCP/Closed fsm_down nt 3 int PPP/1
 PPP.014: ATCP/Closed fsm_down nt 3 int PPP/1
 PPP.014: OSICP/Closed fsm_down nt 3 int PPP/1




RouteAbout EI Configuration:


RtAbt Acces EI/IP,  Brouter: 1 Enet 1T1 1BRI,HW=1,RO=1,#1216,SW=V2.0-3
Hostname: KMBOSS
Boot ROM version  1.1      Watchdog timer enabled     Auto-boot switch enabled
Console baud rate: 9600

Num Name  Protocol
0   IP    DOD-IP
3   ARP   Address Resolution
11  SNMP  Simple Network Management Protocol

Num Name  Feature
2   MCF   MAC Filtering

4 Networks:
Net Interface  MAC/Data-Link         Hardware                       State
0   Eth/0      Ethernet/IEEE 802.3   SCC Ethernet                   Up
1   PPP/0      Point to Point        SCC Serial Line                Down
2   ISDN/0     ISDN Base Net         ISDN Basic Rate                Up
3   PPP/1      Point to Point        ISDN Basic Rate                Up

+
*t 6
Gateway user configuration
Config>list isdn

Address assigned name             Network Address  Network Subaddress
---------------------             ---------------  ------------------

SAP-OSS                           000496227813080                      
KMB                               2                                    
Config>     
Config>
Config>net 2
ISDN user configuration
ISDN Config>list

                                   ISDN Configuration 

Local Network Address Name    = KMB
Local Network Address         = 2
Local Network Subaddress      = 

Maximum frame size in bytes   = 2048
Outbound call address Timeout =  180  Retries =   2
Switch Variant                = ETSI NET3
DN0 (Directory Number 0)      = 2
DN1 (Directory Number 1)      = 
TEI                           = Automatic
PS1 detect                    = Enabled
No circuit address accounting information being kept
ISDN Config>
ISDN Config>
ISDN Config>ex
Config>
Config>
Config>net 3
Circuit configuration
Circuit Config>list

Base net:       2
Destination name:    SAP-OSS
Outbound calls       allowed
Idle timer           = 60 sec
SelfTest Delay Timer = 150 ms
Send/Rcv Line ID:    NONE

Circuit Config>
Circuit Config>
Circuit Config>enca
Point-to-Point user configuration
PPP Config>list all

LCP Parameters
--------------
Config Request Tries:               20   Config Nak Tries:                  
10
Terminate Tries:                    10   Retry Timer:                     
3000

LCP Options
-----------
Max Receive Unit:                 1500   Magic Number:                     
Yes
Authentication Protocol:          CHAP


PAP Parameters
--------------
Authent Request Tries:              20
Retry Timer:                      3000
Request Timer:                   15000

PAP Ids/Passwords
-----------------
Local ID:                  (None)                     
Local Password:            (None)                     

Remote ID:                 (None)                     
Remote Password:           (None)                     


CHAP Parameters
--------------
Authent Request Tries:              20
Retry Timer:                      3000
Request Timer:                   15000
Repeat Authentication Timer:         0

CHAP Ids/Passwords
-----------------
Local ID:                  KMBCHAP
Local Password:            NEWTON

Remote ID:                 cross8
Remote Password:           NEWTON


NCP Parameters
---------------
Config Request Tries:               20   Config Nak Tries:                  
10
Terminate Tries:                    10   Retry Timer:                     
3000


IPCP Options
------------
IPCP Compression:                 None
IP Address:      Don't Send or Request


CCP Options
-----------
Data Compression disabled
Algorithm: Stac-LZS 
Stac: histories 1
Stac: check_mode SEQ
PPP Config>ex
Circuit Config>ex
Config>
Config>
Config>
Config>
Config>prot ip 
Internet protocol user configuration
IP config>list all
Interface addresses
IP addresses for each interface:
   intf  0   194.117.116.158  255.255.255.252  Network broadcast,    fill 1   

   intf  1                                     IP disabled on this interface
   intf  2                                     IP disabled on this interface
   intf  3   194.117.125.134  255.255.255.0    Network broadcast,    fill 1   


Routing

route to 147.204.2.0,255.255.255.0 via 194.117.125.129, cost 1



Protocols
BOOTP forwarding: disabled
Directed broadcasts: enabled
ARP Subnet routing: disabled
RFC925 routing: disabled
OSPF: disabled
Per-packet-multipath: disabled
RIP: disabled
EGP: disabled


[Posted by WWW Notes gateway]
T.RTitleUserPersonal
Name		DateLines
877.1Check cisco config...again!MARVIN::TURNERNeil Turner IPEG REO, 830-4140Mon Apr 28 1997 10:3912
I'm not sure exactly whats wrong but it looks to me like the cisco uses the Remote
ID field (cross8 in this case) from the RA-EI's chap response packet as a
'username' in order to locate the correct password. The message, 

PPP Serial0:18 Unable to validate CHAP response. Username cross8 not found

implies to me that no username cross8 has been configured. (Or perhaps it is case
sensitive...cross8 is lower case).

Any cisco PPP CHAP expertise out there?

Neil
877.2Solution found !ATZIS1::WALDHERRTue May 06 1997 09:0619
    
    Thanks for your answer and sorry for my delayed answer.
    
    The solution for their (SAP/CISCO) problem was to set the remote CHAP ID 
    to KMBCHAP (instead of cross8) on our RA90EI !
    
    
    CHAP Ids/Passwords
    -----------------
    Local ID:                  KMBCHAP
    Local Password:            NEWTON
    
    Remote ID:                 KMBCHAP
    Remote Password:           NEWTON
    
    
    Thanks Andreas