01-11-2016 10:25 AM - edited 03-05-2019 03:06 AM
Hi,
recently I have been configuring chap authentication on two routers (ospf configured for routing)
I enabled both the interfaces with ppp encapsulation (also defined username and password for chap on two routers). When I enter the command ppp authentication chap on one of the routers' interface, it actually formed neighborship with other router. Don't I have to enter the same command on neighboring router interface?
Regards,
Vish
Solved! Go to Solution.
01-11-2016 03:51 PM
Hi Vishal,
Don't I have to enter the same command on neighboring router interface?
No, it is not required for the CHAP to function. The result of the ppp authentication chap command is that this router will require its peer to authenticate using CHAP. If one of your routers had this command configured while the other did not, a one-way CHAP authentication took place. If you had both routers configured with this command, then two independent CHAP authentications would take place where each router would authenticate itself to the other router.
Keep in mind that the ppp authentication chap command causes this router to ask its peer to authenticate itself using CHAP. It does not say anything about this router authenticating to the peer - that direction of authentication is governed by the configuration of the peer.
Feel welcome to ask further!
Best regards,
Peter
01-11-2016 03:51 PM
Hi Vishal,
Don't I have to enter the same command on neighboring router interface?
No, it is not required for the CHAP to function. The result of the ppp authentication chap command is that this router will require its peer to authenticate using CHAP. If one of your routers had this command configured while the other did not, a one-way CHAP authentication took place. If you had both routers configured with this command, then two independent CHAP authentications would take place where each router would authenticate itself to the other router.
Keep in mind that the ppp authentication chap command causes this router to ask its peer to authenticate itself using CHAP. It does not say anything about this router authenticating to the peer - that direction of authentication is governed by the configuration of the peer.
Feel welcome to ask further!
Best regards,
Peter
01-12-2016 01:37 PM
Hi Peter,
The explanation you gave makes sense. Thank you for now.
Will ask you if I have any further questions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide