CHAP authentication failure in ISDN

Discussion in 'Cisco' started by Fabien Venries, Apr 8, 2004.

  1. Hi All,

    It seems to be a recurrent topic, but I have problems configuring chap
    authentication between Cisco routers in ISDN.

    I'm using a Cisco 1721 as "client".
    I checked the password and differents logins or username are correct,
    and it seems to be Ok.
    However, I have the message "MD Compared failed", which should means
    that password and/or username are not the same.

    here is the log :

    *Mar 1 04:04:00: ISDN BR0 Q921: User TX -> INFO sapi=0 tei=98, ns=1
    nr=2
    *Mar 1 04:04:00: BR0:1 PPP: Using dialer call direction
    *Mar 1 04:04:00: BR0:1 PPP: Treating connection as a callout
    *Mar 1 04:04:00: BR0:1 PPP: Authorization required
    *Mar 1 04:04:00: ISDN BR0 Q921: User RX <- RR sapi=0 tei=98 nr=2
    *Mar 1 04:04:00: BR0:1 CHAP: O CHALLENGE id 12 len 35 from
    "MYCLIENTHOSTNAME"
    *Mar 1 04:04:00: BR0:1 CHAP: I CHALLENGE id 20 len 30 from
    "MYSERVERHOSTNAME"
    *Mar 1 04:04:00: BR0:1 CHAP: Using hostname from unknown source
    *Mar 1 04:04:00: BR0:1 CHAP: Using password from AAA
    *Mar 1 04:04:00: BR0:1 CHAP: O RESPONSE id 20 len 35 from
    "MYCLIENTHOSTNAME".
    *Mar 1 04:04:01: BR0:1 CHAP: I FAILURE id 20 len 21 msg is "MD
    compare failed"
    *Mar 1 04:04:01: ISDN BR0 Q921: User RX <- INFO sapi=0 tei=98, ns=2
    nr=2

    In my config, I have "no aaa new-model", and I don't want to use aaa.
    I imagine that it could be the source of my problem.

    Do you have an idea ???


    ------------------------------------
    Here is my config :

    version 12.3
    service timestamps debug datetime
    service timestamps log datetime
    no service password-encryption
    !
    hostname MYCLIENTHOSTNAME
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 4096 debugging
    no logging monitor
    enable secret 0 SECRETLOCAL
    enable password SECRETLOCAL
    !
    username MYSERVERHOSTNAME password 0 SECRET
    no aaa new-model
    ip subnet-zero
    !
    !
    !
    !
    ip cef
    no scripting tcl init
    no scripting tcl encdir
    isdn switch-type basic-net3
    !
    !
    !
    !
    interface BRI0
    no ip address
    encapsulation ppp
    dialer rotary-group 1
    isdn switch-type basic-net3
    isdn caller [serverPhoneNb]
    isdn answer1 [ClientPhoneNb]
    !
    interface FastEthernet0
    ip address 192.168.10.10 255.255.255.0
    speed auto
    half-duplex
    !
    interface Dialer1
    ip address 192.168.100.41 255.255.255.0
    encapsulation ppp
    dialer in-band
    dialer map ip 192.168.100.2 name MYSERVERHOSTNAME broadcast
    [ServerPhoneNb]
    dialer-group 1
    ppp authentication chap
    !
    ip classless
    ip route 192.168.100.0 255.255.255.0 BRI0
    no ip http server
    !
    !
    no logging trap
    dialer-list 1 protocol ip permit
    !
    control-plane
    !
    !
    line con 0
    line aux 0
    line vty 0
    !
    no scheduler allocate
    !
    end
     
    Fabien Venries, Apr 8, 2004
    #1
    1. Advertisements

  2. Fabien Venries

    Mark Green Guest

    Hey,
    I had that problem too, you shoul add this to interface Dialer1:
    ppp chap hostname RemoteHostName
    ppp chap password SamePasword
     
    Mark Green, Apr 8, 2004
    #2
    1. Advertisements

  3. It works !

    thanx a lot Mark !!
     
    Fabien Venries, Apr 9, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.