Common ISDN Problems
429
Challenge Handshake Authentication Protocol (CHAP)
ISDN provides the capability to control access by requiring authentication,
which helps to make use of the public network acceptable from a business/
security perspective.
The inner workings of the
Challenge Handshake Authentication Protocol
(CHAP)
are beyond the scope of this chapter; basically, CHAP is used to
provide a layer of security on inbound connections. When troubleshooting,
it is important to confirm that the CHAP configuration on both routers
matches. As noted in the output that follows, Cisco also supports the
Microsoft CHAP and PAP protocols. MS-CHAP was added in IOS 12.
CHAP authentication requires the point-to-point protocol (PPP). This is
enabled on the interface with the command
encapsulation ppp
.
Top(config-if)#
ppp auth ?
chap Challenge Handshake Authentication Protocol
(CHAP)
ms-chap Microsoft Challenge Handshake Authentication
Protocol (MS-CHAP)
pap Password Authentication Protocol (PAP)
When troubleshooting, remember that it is quite common for the username
parameters that define the passwords to be set incorrectly, including a typo in
the password itself or an omitted username. With encrypted passwords, this is
made more difficult to research. If a password problem is suspected, an admin-
istrator should enable the
debug ppp authentication
function. As shown
in the output that follows (italics added), the authentication failed, due to an
incorrect password.
Bottom#
debug ppp authentication
PPP authentication debugging is on
Bottom#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2
seconds:
01:54:14: %LINK-3-UPDOWN: Interface BRI0:1, changed state
to up.
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com