Solved

command to change p/w in cisco 1700

Posted on 2004-09-24
15
287 Views
Last Modified: 2012-05-05
In my office we are using a router (cisco-1700) to connect to internet(leased line). One day we are upgraded our line speed and our isp changed the internet password. Now my problem is that:
how to configure this new password in our router. I know the telnet password and please let me know the bri commands that I want put to configure this new password.
0
Comment
Question by:tell-me
  • 7
  • 5
  • 3
15 Comments
 
LVL 9

Expert Comment

by:cooledit
ID: 12149883

what kinda connection is it ISDN over that WAN or what ?....
0
 
LVL 15

Expert Comment

by:scampgb
ID: 12149945
Hi tell-me,

You might have to change more than just the password.  For example, if you're running over a channelised service, you might have to tell the router to use additional channels.

Take a look at the router config (with "show run").
Towards the top you're likely to see a line like:
username myisp password 543r3r

That *probably* what you want to change.  You'll do this by:
conf t
username myisp password mynewpassword

Make sure that you save the config first!  If it causes any problems, just restart the router.
You can save the config with "copy run start"

It's a little unusual for a leased-line to use authentication though.

It would help if you could post a copy of the config.  Replace any secure information (IPs, passwords, accesslists) with xxxx.
0
 

Author Comment

by:tell-me
ID: 12150228
When I check the running config, I can see this line:

interface dialer1
.....................
dialer-group 1
ppp authentication chap callin
ppp chap hostname mycompanyname
ppp chap password 7 mypassword
ppp multilink


I applied the same command in dialer interface1 with new password given by our ISP, and copied to startup config (with write command). But nothing happed. Till we can't access net ???
0
 
LVL 15

Expert Comment

by:scampgb
ID: 12150248
tell-me,
What you've done so far looks OK.  Can you please post a copy of the full config?

Also - exactly what did the ISP say you'd need to do once they've upgraded your bandwidth?  Did they mention anything about IP address changes or channel allocations.
0
 

Author Comment

by:tell-me
ID: 12150404
We upgraded our isdn connection 56k to 128k.
They (ISP) are telling there is no change in ip or channel allocation.


This is the running config

mycompany# show run
building confg.......
current config:
!
version 12.0
Service timestamps debug uptime
Service timestamps LOG uptime
sevice password-encryption
!
hostname mycompany
!
enable secret 5 *******
enable password 7 *****
!
username mycompany password ********
!
!
!
!
ip subnet-zero
!
ip name-server ********
ip name-server ********
isdn switch-type basic-net3
isdn voice-cal-failure 0
!
!
!
interface ethernet0
ip address ***********
no ip directed-broadcast
ip nat inside
!
interface BRI0
no ip address
no ip directed-broadcast
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
ppp multilink
!
interface Dialer1
ip address negotiated
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer idle-timeout 21600
dialer string 4359100
dialer string 4359000
dialer load-threshold 20 either
dialer-group 1
ppp authentication chap callin
ppp chap hostname mycompanyname
ppp chap password 7 mypassword
ppp multilink
!
ip nat inside source list 101 interface Dialer1 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
acccess-list 101 10.0.0.0. 0.255.255.255 any
acccess-list 101 172.16.5.0 0.0.0.255 any
dialer-list protocol ip list 101
!
line con 0
exec-timeout 0 0
loging
transport input none
stopbits 1
line vty 0 4
password 7 ********
login
!
end
0
 
LVL 15

Expert Comment

by:scampgb
ID: 12150452
tell-me:
Makes a bit more sense now, you're using ISDN and not a leased line.

Remove "username mycompany password ********", as it's not needed.
# no username mycompany password ********

Are you sure that you've got correct usernames and passwords?

I can't see anything obviously wrong here, so we'll need to do some more testing with ISDN debugging.
Make sure that the ISDN line is plugged in properly :-)

First step, can you please post the results of "show isdn status"?
0
 
LVL 9

Expert Comment

by:cooledit
ID: 12150456
debug ppp authentication

try make a new connection post details here
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:tell-me
ID: 12150656
First I admit my big mistake, we have isdn not leased line. But we can't understand your logic to remove the user name
and password. Since our isp says the changes in password (and there is no other changes) I want to make this changes in my router and performed the tasks(in interface dialer1) that I mentioned early time. What I want to do next ?

This is the out put of sh isdn status:

global isdn swtich type = basic-net3
isdn bri0 interface
ds1=0,interface isdn switch type=basic net3
layer1 status:
active
layer2 status:
TEI=101 CES=1,SAPI=0,State=multipile_frame_established
layer3 status:
0 active layer 3 call(s)
Active ds1 0 ccbs=0
the channel mask:0*80000003
Number of L2 discards=1, L2 sessionid=57
Total allocated isdn ccbs=0
0
 
LVL 15

Expert Comment

by:scampgb
ID: 12150725
I suggested removing the "username mycompany password ********" command as this isn't used by the dialer.
The username and password details used by the dialer are specified in the lines:
ppp authentication chap callin
ppp chap hostname mycompanyname
ppp chap password 7 mypassword

The results of "show isdn status" show that your ISDN line is plugged in correctly.

Just to check that you've got the right password (I'm assuming the word "tablelamp" specified, do this:
conf t
int dialer 1
no ppp chap password
ppp chap password tablelamp


Then try to connect again.
If that doesn't work, we need to do the PPP debug that cooledit mentioned.  At the enable prompt:
terminal monitor
undebug all
debug ppp authent

... then force the router to dial (browse to a web page for example).
You'll get a load of debug information from the router.  Post that info here.
0
 

Author Comment

by:tell-me
ID: 12154511
Thank you for your effort to solve our problem. But debugging commands did not helped to solve. Any way some other professional solved the issue and our net connection is fine now. I would like to know about the commands they applied to resolve this issue, but unfortunately they are not willing to share it (as they are professionals from a different company)

Anyway I have some other questions related to this:

1.      Can you assume what they had done to solve the issue?
2.      By reviewing “sh isdn” output, you said that our isdn plugged in correctly. How you take this opinions?
3.      If the ppp authentication is the problem, how I can troubleshoot this?
4.      Last one is a general question. Can you recommend a hand book and some online resources(last time it is very difficult to use online resources) to assist me when I face similar situation in Cisco network.

If you want to analyze our current run config to answer my questions I will send to your email.


Thank you,


0
 
LVL 9

Expert Comment

by:cooledit
ID: 12154518
hi, Tel-me

Could you poste the Running config here just to let us know what have been happening.
Just remove IP addresses, passwords and more
0
 
LVL 15

Expert Comment

by:scampgb
ID: 12154898
cooledit's right - we'll need a copy of the running config to see what they've done.

On another note, I'd be very concerned about any "professionals" who will modify your router config and not let you know what they've done.

On the point "2":
layer1 status:
active                                                      <== The cable is plugged in
layer2 status:
TEI=101 CES=1,SAPI=0,State=multipile_frame_established      <== It can see the ISDN signal from your ISDN provider

4: experts-exchange is a good place to ask for help ;-)
Troubleshooting is a difficult thing to do if you don't understand how it's meant to to work in the first place....
0
 

Author Comment

by:tell-me
ID: 12158832
This is the run config:


#show run

Building configuration...


Current configuration : 991 bytes

!

version 12.2

service timestamps
debug uptime

service timestamps log uptime

no service password-encryption

!

hostname ********
!

enable secret 5 ******************
enable password ******
!

ip subnet-zero
no
ip domain-lookup

ip name-server *******
ip name-server *******
!

isdn switch-type basic-net3

!

!

!

interface BRI0
ip address negotiated

ip nat outside
 encapsulation
ppp
dialer idle-timeout 2147483

dialer string *******
dialer load-threshold 1 either
dialer-group 1

isdn switch-type basic-net3

ppp authentication pap callin

ppp pap sent-username ******* password 7 *******!
interface FastEthernet0

ip address ****** ********
ip nat inside
speed 100
full-duplex

!
ip nat inside source list 10
interface BRI0 overload
ip classless
ip route 0.0.0.0 0.0.0.0
BRI0
no ip http server

!

!

access-list 10 permit any
dialer-list 1 protocol ip permit

!

line con 0
line aux 0
line vty 0
password *******
login
line vty 1 4
login

!

end


I know this site is good place to ask, but could you recommend some books that may enhance my skills, pls ?
0
 
LVL 15

Accepted Solution

by:
scampgb earned 125 total points
ID: 12181788
tell-me,
> ppp authentication pap callin
>
> ppp pap sent-username ******* password 7 *******!

I think this is what they've changed.  They've reconfigured it to use PAP rather than CHAP authentication.
PAP authentication is less secure, so I'd avoid using it wherever possible.

As for learning, this tutorial looks a good start http://www.swcp.com/~jgentry/topo/cisco.htm

Book options are:
Managing IP Networks with Cisco Routers
http://www.amazon.com/exec/obidos/tg/detail/-/1565923200/102-1435749-3466563?v=glance

Cisco Cookbook
http://www.amazon.com/exec/obidos/ASIN/0596003676/qid=1096476273/sr=ka-3/ref=pd_ka_3/102-1435749-3466563

I suggest that you visit a good bookseller and browse what they have available.  I'm personally a fan of the "nutshell" series of books.
0
 
LVL 15

Expert Comment

by:scampgb
ID: 12191333
Glad I could help :-)

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now