Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
708
Views
0
Helpful
3
Replies

PPP CHAP AND PAP

zillah2004
Level 1
Level 1

‎05-01-2005 01:50 AM - edited ‎03-02-2019 10:38 PM

I have got this scenario, I have got two routers 2600, Rcentral, and Rremote.

I connected these router by serial cable,.

I am looking to use ppp authentication chap.

First Case

If I want only Rremote to be authenticated by Rcentral (i.e Rcentralauthenticates Rremote and not vice versa)

Part of the configuration is:

Rcentral (config-if)#ppp authntication

Rcentral (config-if)#ppp authentication chap

Rcentral (config-if)# username Rremote password catcat

Am I right ?

Second Case

If I am looking both of them (Rcentral, Rremote) authenticate each other then I have to use these configurations:

Rcentral (config-if)#ppp authntication

Rcentral (config-if)#ppp authentication chap

Rcentral (config-if)# username Rremote password catcat

Rremote (config-if)#ppp authntication

Rremote (config-if)#ppp authentication chap

Rremote (config-if)# username Rcentral password catcat

Am I right?

2- Does be the same case for ppp pap ?

3- Why should the password (enable , secrete) should be same on both router ?

Labels:
0 Helpful
3 Replies 3

sevans1979
Level 4
Level 4

‎05-01-2005 10:57 AM

As far as I know, you cant have only one side authenticate. Both have to be participating in it.

Your config on the "second case" is correct. So you are good there.

2) It would be the same for PAP, but remember, PAP sends the password info in plain text and CHAP dosnt not send the password info at all. It uses a hash algarithm (sp?)

And if you where to do PAP and are using IOS version 11.1 or later you need to add the following statment under interface-config mode.

Router(config-if)#ppp pap sent-username "remote router hostname" password "password"

*enter the correct info for the items in parenthesis.

3) The routers have to have the same passwords in there authentication statements b/c that is how they verify the info. PAP just checks to see if the password is the same. CHAP puts the password into an algarithm and if the result is the same as the other password then it will authenticate. If the passwords where different the hash result would not match.

Please rate if this helps :)

Scott

0 Helpful

zillah2004
Level 1
Level 1
In response to sevans1979

‎05-02-2005 01:28 AM

The reason that I have asked this, because cisco book says:

"CHAP is used to periodically verify the identity of the remote node, using three-way hanshaking"

My confusion was: why only verify remote node? that means we have node for verifing and another node to be verified (remote node),,,,,correct me if my understanding is wrong,,,,,

0 Helpful

sevans1979
Level 4
Level 4
In response to zillah2004

‎05-02-2005 07:20 AM

From my understanding they both do it.

One will verify the other remote site and vise versa.

HTH

Scott

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents