Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 




      :: Inet-Admins
Inet-Admins mailing list archive (inet-admins@info.east.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cisco vs Ascend Max (CHAP/PAP battle ;)

A config would help (minus all passwords, phone numbers, etc.).
The MAX doesn't allow a dialin user to authenticate it (i.e., it doesn't
support a CHAP challenge from the router dialing into it). At least this
was true in most past releases. This could cause your CHAP problem.

LQM is Line Quality Monitoring.  If you have bad lines (lots of errors)
this might be useful.  If not, then it isn't needed.

At 10:49 PM 5/12/97 +0400, Basil Dolmatov wrote:
> Some fresh news from battlefield... ;))
>One part of problem were successfully solved. It was really LCP problem,
>due to the fact that on Max LCM (LQM?) was enabled and it was not
>by Cisco. When this option was disabled on Max LCP negotiation became
>Question no.1:
> What the hell is this LCM (LQM?)?? People on Ascend side claimed that
>is standard PPP feature. How it can be enabled on Cisco and could that
>enabled at all?
>Now, we are moved forward and stopped again. :(
>Ascend clearly refuses to authenticate us. All names and passwords were
>and triple-checked without any success. Usernames are OK, they are seen
>dump, so we caould check them...
>Question no.2:
>Could it be some feature in Ascend, which changes authentication
>Maybe something like LCM (see above)? ;)
>Authentication through ordinary login is successful, so Ascend works and
>authenticates well... But... It receives plaintext password during
>and in PAP/CHAP it receives encrypted password. So...
>Question no.3:
>As far as I could understand CHAP logic (I am not guru, so can say
>dumb now), it gives some ID, and encrypted version of something. Response
>that request demands encryption of something with password on responder's
>But... All passwords, which I put in Cisco config, become encrypted with
>"7th degree" aglorithm, which, AFAIR, has _no_ reverse. That is, it is
>for password checking, but it is unusable for encrypting of anything. Am
>wrong? I have found nothing which could help me to place unencrypted
>in Cisco config, so I suspect, that when encrypting this "something"
>cannot use proper password. Seems that I am definitely wrong in this,
>it would be great, if someone, who knows better, explain that in detail.
>Question no.5:
>I have got replies from people, successfully using Cisco->Ascend line
>them a lot), but have had no reply from people, who are on the Ascend
>of such lines... From Cisco side our configs look identical, so I
>that some peculiarities are present on Ascend side and asks those, who
>say something about Ascend to find the time and reply me.
>Finally, Cisco dumps of unsuccessful authentications, maybe someone will
>point to me to something significant in them. I have seen nothing. :(
Hascall H. ("Chip") Sharp	voice: +1 (919) 472-3121
Consulting Engineer-ISP		email:  chsharp@cisco.com
Cisco Systems			http://www.cisco.com/
To subscribe to cisco-nsp send "subscribe" to 
"inet-admins" Internet access mailing list. Maintained by East Connection ISP.
Mail "unsubscribe inet-admins" to Majordomo@east.ru if you want to quit.


Copyright © Lexa Software, 1996-2009.