Hello all,Jay McM and I had an offline chat about my previous posting, which
was trying to do the EIGRP authentication on a hub and spoke network, where the
hubs use different authentication keys from each other. I was playing around
with frame hub and spoke. To recap, I previously found that the hub, despite
having the two different keys in its key chain, both of which had valid
lifetimes, refused to send using key 2. It would only send with key 1 despite
correctly authentication spoke 2 which was using key 2. Therefore, hub
authenticated spoke, but not vice versa. On frame, you could use PPPoFr, and
use different virtual templates on each DLCI, and therefore have different key
chains on each. What I actually did was use point to point tunnels over the
frame, which worked a treat. In what my old physics teacher used to call, "a
thought experiment", I was thinking about what you could do, just on a bog
standard Ethernet segment. The tunnel approach would still work. How
ever, with PPPoE, the server virtual template is tied to the physical, via the
bba-group. Therefore the key chain would be applied to all clients that use
the virtual template, which presents the same problem as on the frame network.
My question: is there any way that you can configure a PPPoE virtual template
on the hub that is somehow tied to each individual client? For example, is
there a mechanism to tie the virtual template to the PPP chap username? Bit of
chicken and egg here, as you need the virtual template to know to authenticate
by chap, but need chap to know the virtual template to apply.....My head hurts.
Regards, George.
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
http://onlinestudylist.com/mailman/listinfo/ccie_rs
