Solved

PPP with PAP and CHAP Authentication

Posted on 2014-11-26
7
255 Views
Last Modified: 2014-11-28
Looking at this web site , in PPP authentication commands:
http://www.howtonetwork.net/public/department98.cfm

When configured PPP with PAP or CHAP authentication, I have noticed the configuration is not the same on both routers that are authenticating each other:



Example for PAP Authentication:
R1(config)#int s1/1
 R1(config-if)#encapsulation ppp 
 R1(config-if)#ppp authentication pap
 R1(config-if)#exit
 R1(config)#username R3 password cisco

Open in new window

R3(config)#int s1/1
R3(config-if)#ppp pap sent-username R3 password cisco

Open in new window



Example for CHAP Authentication:

R1(config)#int s1/1
 R1(config-if)#encapsulation ppp 
 R1(config-if)#ppp authentication chap
 R1(config-if)#exit
 R1(config)#username R3 password cisco

Open in new window


R3(config-if)#int s1/1 
 R3(config-if)#encapsulation ppp
 R3(config-if)#ppp chap hostname R3
 R3(config-if)#ppp chap password cisco

Open in new window


I wonder if PPP authentication works in Client/Server way ? in the case authentication is set up in Server/Server way, how do we configure that ?
0
Comment
Question by:jskfan
  • 6
7 Comments
 
LVL 26

Accepted Solution

by:
Soulja earned 500 total points
Comment Utility
PPP is setup in a client and server way, or better called a peer / authenticator.

How your routers are configured, R3 is the peer or caller, and R1 is the Authenticator or Called.

If you want a two way for of authentication, where R3 verifies R1 also, just add the R1's pap/chap config to R3 and R3's to R1 in addition to the configuration already there.
0
 

Author Comment

by:jskfan
Comment Utility
Can you just copy and paste from the configuration I posted above, to see what is needed to configure 2 way authentication ?

Thanks
0
 

Author Comment

by:jskfan
Comment Utility
I also am not sure why they put :

on R1:
R1(config)#username R3 password cisco

and on R3:
R3(config-if)#ppp chap hostname R3
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:jskfan
Comment Utility
For consistency sake:
PPP PAP code above is missing something, it gotto be this way:
R3(config)#int s1/1
R3(config-if)#encapsulation ppp
R3(config-if)# ppp authentication pap
R3(config-if)#ppp pap sent-username R3 password cisco

Open in new window

0
 

Author Comment

by:jskfan
Comment Utility
Regarding PAP authentication, disregard the configuration above. This one worked for me:
 R1(config)#int s1/0
 R1(config-if)ip address 1.1.1.1 255.255.255.0
 R1(config-if)#encapsulation ppp 
 R1(config-if)#ppp authentication pap
 R1(config-if)#exit
 R1(config)#username R2 password cisco

R2(config)#int s1/0
R2(config-if)ip address 1.1.1.2 255.255.255.0
R2(config-if)#encapsulation ppp 
R2(config-if)#ppp pap sent-username R2 password cisco

Open in new window

0
 

Author Comment

by:jskfan
Comment Utility
ppp
This final configuration worked for me for PAP and CHAP:
PPP with PAP authentication:
in this configuration R1 is PAP Server and R2 is PAP client

R1(config)#int s1/0
 R1(config-if)ip address 1.1.1.1 255.255.255.0
 R1(config-if)#encapsulation ppp 
 R1(config-if)#ppp authentication pap
 R1(config-if)#exit
 R1(config)#username R2 password cisco

R2(config)#int s1/0
R2(config-if)ip address 1.1.1.2 255.255.255.0
R2(config-if)#encapsulation ppp 
R2(config-if)#ppp pap sent-username R2 password cisco

=================================

PPP with CHAP authentication:
in this configuration R1 is CHAP Client and R2 is CHAP Server

R1#configure terminal
R1(config)#interface serial 1/0
R1(config-if)ip address 1.1.1.1 255.255.255.0
R1(config-if)#encapsulation ppp 
R1(config-if)#ppp chap hostname R1
R1(config-if)#ppp chap password cisco


R2#configure terminal
R2(config)#username R1 password cisco
R2(config)#interface serial 1/0
R2(config-if)ip address 1.1.1.2 255.255.255.0
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap

=================================

Open in new window

0
 

Author Closing Comment

by:jskfan
Comment Utility
Thanks
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now