Debugging CHAP is similar to debugging PAP.
Use the
debug ppp authentication command to determine why an
authentication fails.
The following are a description of each of the
debug fields in Figure
, and their
possible values:
- Interface number associated with this debugging information and CHAP access
session in question.
- The name pioneer in this example is the name received in the CHAP response.
The router looks up this name in the list of usernames that are configured for
the router.
- The following messages can appear:
- No name received to authenticate
- Unknown name
- No secret for given name
- Short MD5 response received
- MD compare failed
- Specific CHAP type packet detected. Possible values are as follows:
- 1 = Challenge
- 2 = Response
- 3 = Success
- 4 = Failure
- ID number per Link Control Protocol (LCP) packet format.
- Packet length without header.
A common CHAP error is caused by a password mismatch. This could be
caused by two reasons:
- The peer did not supply the password expected by the local router. For
example, the router expected (had configured) the password LetmeIn, but the
peer used the password letmein. The administrator can either re-configure the
username and password sent by the peer or correct the peer with the right
username.
- The local router does not have the password correctly configured. If the
administrator has verified that the password supplied by the peer is correct,
then reconfigure the local router.
To remove the existing username and password entry use the command:
no username
<username>
where
<username> is replaced by the username in the
error message. Then configure the username and password using the command:
username <username> password
<password>
The password must match the
password on the remote router.