I've a Cisco 837 running 12.4(1a):
I'm using a UK ISP that uses BTs wholesale ADSL product (PPPoATM). I've just tried switching to a different login realm whereby the ISP actually implements an L2TP endpoint so that they can terminate the PPP rather than BT. Sadly this fails. "ppp debug authentication" shows:
Oct 13 07:28:49: Vi2 CHAP: I CHALLENGE id 1 len 39 from "ESR3.Miltonkeynes3" Oct 13 07:28:49: Vi2 CHAP: Using hostname from interface CHAP Oct 13 07:28:49: Vi2 CHAP: Using password from interface CHAP Oct 13 07:28:49: Vi2 CHAP: O RESPONSE id 1 len 36 from "foobar+z@newbit Oct 13 07:28:50: Vi2 PPP: Authorization NOT required Oct 13 07:28:50: Vi2 PPP: No remote authentication for call-out Oct 13 07:28:50: Vi2 CHAP: I CHALLENGE id 2 len 24 from "ABC" Oct 13 07:28:50: Vi2 CHAP: Ignoring spoofed Challenge Oct 13 07:28:50: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to up Oct 13 07:28:53: Vi2 CHAP: I CHALLENGE id 3 len 24 from "ABC" Oct 13 07:28:53: Vi2 CHAP: Ignoring spoofed Challenge
Dialer1 has: ppp authentication chap callin
Any idea how I can stop the Cisco rejecting this second challenge just because the challenge has changed? It appears to me that IOS isn't complying with RFC1994 the way I've got it configured.
Curiously another user with 12.3(11)T7 is having success, but I can't seen an obviously relevant difference between our configurations.
Thanks a lot!!