PPP encapsulation PAP and CHAP authentication

You can enable PPP encapsulation over serial interfaces:

R1(config-if)#encapsulation ppp

When a ppp session is stablished the neighbors exchange their L3 addresses. Allowing connectivity between devices L2 connected but in different subnets.

If you want to avoid of learning the neighbor route:

R1(config-if)#no peer neighbor-route

PPP Pap authentication:

Uses clear text authentication that could be sniffed .

Inside the interface

ppp authentication pap <----- in the side who initializate the communication, not needed in both sides
username X password Y <-----the username and password that the other side must send.

In the other side
Configure the username:

ppp pap sent-username X password Y

PAP example:

R1:

R1(configure)#interface Serial3/1
R1(configure-if)# ip address 192.168.1.1 255.255.255.0
R1(configure-if)# encapsulation ppp
R1(configure-if)# serial restart-delay 0
R1(configure-if)# ppp authentication pap
end
R1(configure)#username Paquito password 0 Chocolatero

R3:

R3(configure)#interface Serial3/3
R3(configure-if)# ip address 10.0.0.1 255.255.255.0
R3(configure-if)# encapsulation ppp
R3(configure-if)# serial restart-delay 0
R3(configure-if)# ppp pap sent-username Paquito password 0 Chocolatero
end

PPP Chap authentication:

Uses challenges MD5, not plain text password, it is a secure authentication.

Configuration:

R1(configure)#ppp authentication chap <----who iniciates the authentication

R1(configure-if)#username x password password y

In the other side:

R1(configure)#username z password y

x= the name of the router of the other side
y= the password, that must match
z= the name of the router of the other side

The password allowed could be in clear( username x password y), using type 7(username x password7 y) but not using secret(username x secret y).

At interface level:

ppp chap hostname w

default password <---never used in the side with ppp authentication chap

ppp chap password X <----default for all the sessions

It also could be configured at interface level.

CHAP example:

R3:

R3(config)#interface Serial3/3
R3(config-if)# ip address 10.0.0.1 255.255.255.0
R3(config-if)# encapsulation ppp
R3(config-if)# serial restart-delay 0
end
R3(config)#username R2 password 0 Tomatito

R2:

R2(config)#interface Serial3/1
R2(config-if)# ip unnumbered Loopback0
R2(config-if)# encapsulation ppp
R2(config-if)# serial restart-delay 0
R2(config-if)# ppp authentication chap
end
R2(config)#username R3 password 0 Tomatito

CCIE and beyond

PPP encapsulation PAP and CHAP authentication

Author : Ivan Varela

Share this

CCIE and beyond

PPP encapsulation PAP and CHAP authentication

Author : Ivan Varela

Share this

Related Posts