Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

Cisco 700 Series ISDN Access Routers

Connect a CPA 75X Bridge and CPA 75X IP Router using PPP CHAP

Downloads

Document ID: 47883


Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Configure
      Network Diagram
      Configurations
Verify
Troubleshoot
Related Information

Introduction

This document provides a sample configuration for connecting a CPA 75x bridge to a CPA 75x IP router using Point-to-Point Protocol (PPP) Challenge Handshake Authentication Protocol (CHAP).

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on the CPA 75x bridge and IP router.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only) .

Network Diagram

This document uses this network setup:

bcppcnc.gif

Configurations

This document uses these configurations:

  • Main Site Router

  • Remote Router

Main Site Router

 
>set systemname HQ 

!--- Sets the system name of the main router. 
!--- This system name "HQ" must match the user profile in the remote 
!--- site router for authentication purposes. The system name is sent to 
!--- the far end router as the userid during PPP authentication. 

HQ>set ppp secret client (prompts for chap password)

!--- Sets the CHAP secret used to send the CHAP magic 
!--- number to the remote router when the remote router challenges 
!--- the main router. 

Enter Password: happy 

!--- Prompted to enter the password/secret.  
!--- Enter "happy" as the CHAP secret. 

ReEnter Password: happy 

!--- Prompted to re-enter the password/secret to ensure consistency. 

HQ>set encapsulation ppp

!--- Sets the encapsulation for the user profile default template to PPP.

HQ>set ppp authentication incoming chap 

!--- Sets the PPP authentication for incoming calls to use CHAP.

HQ>cd lan 

!--- Change to LAN profile.

HQ:LAN>set bridging off 

!--- Turns bridging off in the LAN profile. 

HQ:LAN>set ip routing on

!--- Turns IP routing on in the LAN profile. 

HQ:LAN>set ip rip update periodic

!--- Sends the IP RIP tables out the Ethernet port every 30 seconds. 

HQ:LAN>set ip 198.52.110.254

!--- Sets the IP address of the Ethernet port. 

HQ:LAN>set subnet 255.255.255.0 

!--- Sets the IP netmask of the Ethernet port.

HQ:LAN>set user remote 

!--- Creates the user profile "remote". Changes to the user profile "remote". 
!--- This user profile name must match the system name of the remote  
!--- site router. The system name is received from the far end as the userid 
!--- during PPP authentication. 

HQ:remote>set bridging off

!--- Turns bridging off in the user profile "remote".

HQ:remote>set ip routing on 

!--- Turns IP routing on in the user profile "remote".

HQ:remote>set ip 198.51.110.3 

!--- Sets the IP address of the user profile "remote". 
!--- The far end router will be in the same IP network as this interface. 

HQ:remote>set timeout 120

!--- Sets the idle timeout parameter to 120 seconds. 
!--- If there is no interesting traffic to be forwarded across the ISDN  
!--- connection for 120 seconds then the call is disconnected. 
!--- Because the IPX RIP updates are periodic by default on the user profile, 
!--- the call will never disconnect. 
!--- There are no IPX filters available at this time.

HQ:remote>set ppp secret host (promts for CHAP password)

!--- Sets the CHAP secret that the main router is expecting the remote 
!--- router's magic number to send when the main router challenges the 
!--- remote router to authenticate.

Enter Password: doc

!--- Prompted to enter password/secret. Enter "doc" as the CHAP secret. 

ReEnter Password: doc 

!--- Prompted to re-enter password/secret.

HQ:remote>set ppp authentication outgoing chap

!--- Sets the PPP authentication on outbound calls to CHAP. 
!--- This setting will force bi-directional authentication using CHAP on the 
!--- outgoing call basis. When the main router calls the remote router, 
!--- the main router will force the remote router to authenticate with 
!--- it using CHAP.

Remote Router

 
i>set systemname remote  

!--- Sets the system name of the remote router. 
!--- This system name "remote" must match the user profile in the main 
!--- site router for authentication purposes. The system name is sent to the 
!--- far end router as the userid in PPP authentication.
 
remote>set ip 198.51.110.4  

!--- Sets the IP address of the INTERNAL profile so that the unit is 
!--- pingable and can be telneted to, but allows IP to be bridged from the 
!--- Ethernet port to the ISDN port. This command, when done at the system prompt, 
!--- also turns on IP routing in the INTERNAL profile.

remote>set subnet 255.255.255.0  

!--- Sets the IP netmask of the INTERNAL profile.

remote>set gateway 198.51.110.3  
remote>set ppp secret client (prompts for CHAP password) 
remote>set ppp secret client (prompts for CHAP password)  

!--- Sets the CHAP secret used to send the CHAP magic number 
!--- to the main router when the main router challenges the remote router. 

Enter Password: doc  

!--- Prompted to enter the password/secret. Enter "doc" as the CHAP secret.

ReEnter Password: doc  

!--- Prompted to re-enter password/secret.

remote>set encapsulation ppp  

!--- Sets the encapsulation for the user profile default template to PPP.
 
remote>set ppp authentication incoming chap  

!--- Sets the PPP authentication for incoming calls to be forced to authenticate 
!--- using CHAP. 

remote>set user HQ  

!--- Creates the user profile "HQ". Changes to the user profile "HQ". 
!--- This user profile name has to match the system name of the main site router. 
!--- The system name is received from the far end as the userid during 
!--- PPP authentication.

remote:HQ>set bridging on  

!--- Turns bridging on in the user profi le "HQ".

remote:HQ>set timeout 120  

!--- Sets the idle timeout parameter to 120 seconds. 
!--- If there is no interesting traffic to be forwarded across the ISDN 
!--- connection for 120 seconds then the call is disconnected. 
!--- Because the IPX RIP updates are periodic by default on the user profile, 
!--- the call will never disconnect. 
!--- There are no IPX filters available at this time. 

remote:HQ>set 1 number 14085221234  

!--- Sets the CHAP secret that will be used to send the CHAP magic number 
!--- to the remote router when the remote router challenges the main router. 

Enter Password: happy  

!--- Prompted to enter the password/secret. 
!--- Enter "happy" as the CHAP secret.

ReEnter Password: happy  

!--- Prompted to re-enter the password/secret to ensure consistency. 

remote:HQ>set ppp authentication outgoing chap  

!--- Sets the PPP authentication on outbound calls to CHAP. 
!--- This setting forces bi-directional authentication using CHAP on the outgoing 
!--- call basis. When the remote router calls the main router, the remote router
!--- forces the main router to authenticate with it using CHAP.

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Jan 25, 2008 Document ID: 47883