ISDN Configuration Tutorials

Hi all, I have done a couple of articles about ISDN configuration and would like to have you comments on them, are they complete? have I missed something? are they clear and easy to go through?

How to Configure BRI ISDN in a Cisco Router

formatting link
How to Configure ISDN Dialer Profiles in a Cisco Router
formatting link
Thank you for your time.

Mohammed

Reply to
Mohammed Alani
Loading thread data ...

Thanks for the tutorials. A couple of points, since you asked...

It isn't always clear which interface is being configured; Are you sure the information around PPP authentication is correct (and if it is, maybe it isn't clear) - isn't it the case that the password must be the same at both ends of the WAN link, and not necessarily the same as the enable secret password?

Reply to
John Petersen

Thank you for taking the time to look at my articles. In older IOS version, there used to be a command 'ppp sent-username XXX password XXX'. Using this command, you were able to set the password and user name that your router will use to access the other end's router. But as far as CHAP is concerned, This is what Cisco says in defining the command "username": =============================== username

To specify the password to be used in the PPP Challenge Handshake Authentication Protocol (CHAP) caller identification and Password Authentication Protocol (PAP), use the username command. username name password secret name Host name, server name, user ID, or command name. password An encrypted password for this username. secret For CHAP authentication only; specifies the secret password for the local router or access server or the remote device. To prevent the secret from being stolen, it is encrypted when it is stored on the local router or access server. The secret can consist of any string of up to 11 printable ASCII characters. There is no limit to the number of username-password combinations that can be specified, allowing any number of remote devices to be authenticated. =============================== So, it is the secret password being used to authenticate in CAHP. Thank you for the note, I will adjust the article according to it.

Mohammed

formatting link

Reply to
Mohammed Alani

I'm taking a CCNA course and was taught that the CHAP password was only encrypted if the command 'service password-encryption' was made, otherwise it was stored in the clear. The cisco reference you quote seems to suggest it is encrypted by default. Any idea why there is this contradiction? Version of IOS? The only refs I can find are ambiguous.

Thanks JP

Reply to
John Petersen

If you are setting a CHAP password using the commands 'ppp chap hostname' and 'ppp chap password', you will need to encrypt it using the 'service password-encryption' command. However, if you don't set a specific CHAP password, the router will use its secret password and hostname as password and username for the PPP communications. And as you know, the secret password is by default encrypted.

Mohammed

formatting link

Reply to
Mohammed Alani

Thanks, that is very clear.

But since I'm a bit dim, can I ask for one further clarification?

If on Router A I use 'username B_Hostname password B_Password' so that router B can be authenticated

If on router B I do not specify a password, the secret password is used.

So, on router A, unless I use 'service password-encryption', I will be storing router B's secret password in the clear? And even if encrypted, it is with the weak vignere cypher rather than the MD5 hash?

JP

Reply to
John Petersen

This is true. This is way you SHOULD assign a different password. The usual scenario is that you are assigned a username and a password by an ISP for example. You will have to setup these username and assword pair as the ones you use in the PPP authentication.

Mohammed

Reply to
Mohammed Alani

Thanks very much for your responses.

Reply to
John Petersen

configuration and would

the enable

Any time Jim

Reply to
Mohammed Alani

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.