Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
703
Views
0
Helpful
1
Replies

ppp. chap authentication

Go to solution
sarahr202
Level 5
Level 5

‎04-01-2011 07:51 PM - edited ‎03-06-2019 04:24 PM

Hi everybody.

i was reading about ppp chap.

My book shows a following topology with debug output.

d

R1  s0------------------------------s0 R2

R1

encapsulation ppp

ppp authentication chap

username R2 password cisco

Similar config on R2 as well

Let just focus on R1 for simplicity.

Based on following link, Following will occur

http://en.wikipedia.org/wiki/Challenge-handshake_authentication_protocol

R  1 sends the challenge to R2 

R2 receives the challenge and combines the challenge and password ' cisco" and compute  hash value

R2 sends the hash  value as a response to R1

R1 receives the response  ,R1 then computes  hash value on challenge and password and see if it matches.

If matches, R1  has successfully authenticates the R2.

=====================================================

But my book shows the following for  the above  described topology

Again focusing on R1

  CHAP :O CHALLENGE ID 16 LEN 23 FROM R1

CHAP: RESPONSE ID 16 LEN 23 FROM R2

PPP: SENT LOGIN REQUEST

PPP" RECEIVED LOGIN RESPONSE PASS.

My confusion is since R2  has already been authenticated,  then why does R1 send " login  request to R2?

I also performed the  same  scenario   using GNS3, creating a topology, R1  s0-------s0 R2

When i issued the debug ppp, on R1,  i still get the same output  where  R1 sends a login request to R2 though R2 has already been authenticated by R1.

Thanks and have a great weekend.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎04-02-2011 01:58 AM

Hello Sarah,

good point

our usual configuration actually performs a mutual authentication:

R2 authenticates with R1but also R1 authenticates with R2

there are modifiers for this by adding the option callin at ther end of ppp authentication command

There is also another aspect of PPP authentication:

if you issue a

show users

you see the PPP session listed among the sessions

so it is like one router logs in the other one using his hostame as username, and viceversa.

you can demonstrate this because you may be able to telnet to R1  using a vty using R2/cisco account.

(if you have login local under line vty)

Hope to help

Giuseppe

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎04-02-2011 01:58 AM

Hello Sarah,

good point

our usual configuration actually performs a mutual authentication:

R2 authenticates with R1but also R1 authenticates with R2

there are modifiers for this by adding the option callin at ther end of ppp authentication command

There is also another aspect of PPP authentication:

if you issue a

show users

you see the PPP session listed among the sessions

so it is like one router logs in the other one using his hostame as username, and viceversa.

you can demonstrate this because you may be able to telnet to R1  using a vty using R2/cisco account.

(if you have login local under line vty)

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents