ISDN Configuration Tutorials

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hi all,
I have done a couple of articles about ISDN configuration and would
like to have you comments on them, are they complete? have I missed
something? are they clear and easy to go through?

How to Configure BRI ISDN in a Cisco Router
http://www.routergeek.net/content/view/44/37 /

How to Configure ISDN Dialer Profiles in a Cisco Router
http://www.routergeek.net/content/view/45/37 /

Thank you for your time.



Mohammed


Re: ISDN Configuration Tutorials
Quoted text here. Click to load it
Thanks for the tutorials. A couple of points, since you asked...

It isn't always clear which interface is being configured;
Are you sure the information around PPP authentication is correct (and if it
is, maybe it isn't clear) - isn't it the case that the password must be the
same at both ends of the WAN link, and not necessarily the same as the enable
secret password?



Re: ISDN Configuration Tutorials
Quoted text here. Click to load it

Thank you for taking the time to look at my articles.
In older IOS version, there used to be a command 'ppp sent-username
XXX password XXX'. Using this command, you were able to set the
password and user name that your router will use to access the other
end's router.
But as far as CHAP is concerned,
This is what Cisco says in defining the command "username":
===============================
username

To specify the password to be used in the PPP Challenge Handshake
Authentication Protocol (CHAP) caller identification and Password
Authentication Protocol (PAP), use the username command.
username name password secret
name     Host name, server name, user ID, or command name.
password     An encrypted password for this username.
secret     For CHAP authentication only; specifies the secret password
for the local router or access server or the remote device. To prevent
the secret from being stolen, it is encrypted when it is stored on the
local router or access server. The secret can consist of any string of
up to 11 printable ASCII characters. There is no limit to the number
of username-password combinations that can be specified, allowing any
number of remote devices to be authenticated.
===============================
So, it is the secret password being used to authenticate in CAHP.
Thank you for the note, I will adjust the article according to it.

Mohammed
www.RouterGeek.net


Re: ISDN Configuration Tutorials
On 24 Apr 2007 03:09:15 -0700

Quoted text here. Click to load it

I'm taking a CCNA course and was taught that the CHAP password was only
encrypted if the command 'service password-encryption' was made, otherwise it
was stored in the clear. The cisco reference you quote seems to suggest it is
encrypted by default. Any idea why there is this contradiction? Version of IOS?
The only refs I can find are ambiguous.

Thanks
JP

Re: ISDN Configuration Tutorials
Quoted text here. Click to load it

If you are setting a CHAP password using the commands 'ppp chap
hostname' and 'ppp chap password', you will need to encrypt it using
the 'service password-encryption' command. However, if you don't set a
specific CHAP password, the router will use its secret password and
hostname as password and username for the PPP communications. And as
you know, the secret password is by default encrypted.


Mohammed
www.RouterGeek.net


Re: ISDN Configuration Tutorials
On 25 Apr 2007 03:36:33 -0700

Quoted text here. Click to load it
Thanks, that is very clear.

But since I'm a bit dim, can I ask for one further clarification?

If on Router A I use 'username B_Hostname password B_Password'
so that router B can be authenticated

If on router B I do not specify a password, the secret password is used.

So, on router A, unless I use 'service password-encryption', I will be storing
router B's secret password in the clear? And even if encrypted, it is with the
weak vignere cypher rather than the MD5 hash?

JP


Re: ISDN Configuration Tutorials
Quoted text here. Click to load it

This is true. This is way you SHOULD assign a different password.
The usual scenario is that you are assigned a username and a password
by an ISP for example. You will have to setup these username and
assword pair as the ones you use in the PPP authentication.

Mohammed


Re: ISDN Configuration Tutorials
On 26 Apr 2007 14:23:01 -0700

Quoted text here. Click to load it
Thanks very much for your responses.

Re: ISDN Configuration Tutorials
Quoted text here. Click to load it

Any time Jim


Site Timeline