Role of CHAP Authentication Configured Under Cellular Interface

Available Languages

Download Options

  • PDF     (75.1 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (74.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (70.1 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 26, 2016
Document ID:200309

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes the role of Challenge Handshake Authentication Protocol (CHAP) authentication configured under cellular interface. It also clarifies the logic and sequence of steps that take place at the time of initialization of cellular interface in Cisco 3G/4G routers.

Prerequisites

Requirements

Cisco recommends that you have basic knowledge of 3G and 4G.

  • chat script
  • cellular interface configuration
  • dialer list for triggering a dial
  • line configuration
  • modem profile
  • route for the cellular interface

Note: There are the six sections that must be configured in order to have a working cellular connection.

Components Used

This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Configure

These are the standard cellular configurations that you should have for any 3G/4G connection.

Assume that you have two profiles here, for example:

Profile 1 : PROFILE-1@CISCO.COM Password CISCO123
Profile 2 : PROFILE-2@CISCO.COM Password CISCO1234

Cellular 0 interface configuration :

Router#sh run in cellular 0
Building configuration...

Current configuration : 502 bytes
!
interface Cellular0
 ip address negotiated
 encapsulation ppp
 dialer in-band
 dialer idle-timeout 0
 dialer string LTE
 dialer-group 1
 async mode interactive
 ppp chap hostname TEST-1@CISCO.COM
 ppp chap password CISCO123
end

Profile 1 configuration details:

Below are the profile configuration for profile 1 

Router#show cellular 0 profile 1
Profile password Encryption level: 7

Profile 1 = ACTIVE*
--------
PDP Type = IPv4
PDP address = 10.10.10.1
Access Point Name (APN) = CISCO.COM
Authentication = CHAP
Username: PROFILE-1@CISCO.COM
Password: CISCO123
*- Default profile

Cellular 1 interface configuration:

Router#sh run in cellular 1
Building configuration...

Current configuration : 502 bytes
!
interface Cellular1
 ip address negotiated
 encapsulation ppp
 dialer in-band
 dialer idle-timeout 0
 dialer string LTE
 dialer-group 1
 async mode interactive
 ppp chap hostname TEST-2@CISCO.COM
 ppp chap password CISCO1234
end

Profile 2 configuration details:

Configuration for profile 2

Router#show cellular 0 profile 2
Profile password Encryption level: 7

Profile 2 = ACTIVE*
--------
PDP Type = IPv4
PDP address = 20.20.20.1
Access Point Name (APN) = CISCO.COM
Authentication = CHAP
Username: PROFILE-2@CISCO.COM
Password: CISCO1234
*- Default profile

When you activate profile 1,  you get a negotiated IP address from the provider for username PROFILE-1@CISCO.COM.

Note: For authentication with provider CHAP username and password configured under cellular are not used.

Use this command to activate the second profile:

Router #cellular 1 lte profile create 2 PROFILE-2@CISCO.COM

To modify the Default Profile 1 or 2, you need to re-create the profile. You are asked twice to confirm whether you want to overwrite the profile that already exists.

How to recreate profile 1 is shown in this example:

Router#cellular lte profile create 1 PROFILE-1@CISCO.COM
Warning: You are attempting to modify the attach profile.
Please consult the service provider before doing so.
Modem power cycle required for change to take effect.

PDP Type = IPv4
Access Point Name (APN) =
Authentication = NONE

Profile 1 already exists with above parameters. Do you want to 
overwrite? [confirm]

Profile 1 will be overwritten with the following values:

PDP type = IPv4
APN = PROFILE-1@CISCO.COM
Authentication = NONE

Are you sure? [confirm]
Profile 1 written to modem

For GSM, use this format:

cellular 0 gsm profile create <profile number> <apn> <authentication> <username> <password> ipv4
Router#cellular 0 gsm profile create 1 PROFILE-1@CISCO.com chap PROFILE-1@CISCO.COM CISCO123 ipv4

Verify

Use this section in order to confirm that your configuration works properly.

For 3G/4G fixed routers and modules, the encapsulation under the cellular interface is for the communication between IOS and modem. It has nothing to do with the communication or negotiation between modem and the service provider. In older modems, for communication between IOS and modem, PPP was used. In newer LTE modems, SLIP frames are used for the same purpose.

The parameters required to negotiate with service provider like authentication, username/password credentials and so on must be configured in cellular profile and not under cellular interface or dialer interface.

Troubleshoot

This section provides information you can use in order  to troubleshoot your configuration.

Basic debugs for troubleshooting:

Debug dialer
Debug chat
Debug modem
Debug ppp negotiation
TAC Authored

Contributed by Cisco Engineers

  • Lijesh N C
    Cisco TAC Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products