[nsp] cisco router dial script
Ejay Hire
ejay.hire at isdn.net
Mon Dec 22 19:04:20 EST 2003
Gert's answer is correct, PPP auth pap callin should fix it,
but I'll supply the why..
Here is your debug, with annotations.
Normal link up and Dialer stuff
> 4d00h: %LINK-3-UPDOWN: Interface Async5, changed state to
up
> 4d00h: As5 DDR: Dialer statechange to up
> 4d00h: %DIALER-6-BIND: Interface As5 bound to profile Di1
> 4d00h: As5 DDR: Dialer call has been placed
> 4d00h: As5 PPP: Treating connection as a callout
Note how you have two AUTH-REQ. One is an O (Outgoing)
auth-req and the other is an I (incoming) auth-req
> 4d00h: As5 PAP: O AUTH-REQ id 13 len 21 from "username"
> 4d00h: As5 PAP: I AUTH-REQ id 4 len 11 from "HiPer"
The Cisco doesn't have a username and password defined for
incoming authentication from the 3com, so it fails.
> 4d00h: As5 PAP: Authenticating peer HiPer
> 4d00h: As5 PAP: O AUTH-NAK id 4 len 27 msg is
"Authentication
> failure"Username HiPer not found
Hanging up.
> 4d00h: TTY5: Async Int reset: Dropping DTR
> 4d00h: TTY5: Set DTR to 0
The trick is to put "ppp auth pap callin" so that the router
will NOT request pap authentication from the remote node on
a callout. It will still request authentication on a callin
so you don't have to worry about opening the door to a 31337
h470r, and it will still respond when the 3com requests
authentication.
-Ejay
More information about the cisco-nsp
mailing list