512
Chapter 10
Wide Area Networking Protocols
PPP Authentication Methods
There are two methods of authentication that can be used with PPP links,
either Password Authentication Protocol (PAP) or Challenge Authentication
Protocol (CHAP).
Password Authentication Protocol (PAP)
The
Password Authentication Protocol (PAP)
is the less secure of the two
methods. Passwords are sent in clear text, and PAP is only performed upon
the initial link establishment. When the PPP link is first established, the
remote node sends back to the sending router the username and password
until authentication is acknowledged. That's it.
Challenge Authentication Protocol (CHAP)
The
Challenge Authentication Protocol (CHAP)
is used at the initial startup
of a link and at periodic checkups on the link to make sure the router is still
communicating with the same host.
After PPP finishes its initial phase, the local router sends a challenge request
to the remote device. The remote device sends a value calculated using a one-
way hash function called MD5. The local router checks this hash value to make
sure it matches. If the values don't match, the link is immediately terminated.
Configuring PPP on Cisco Routers
Configuring PPP encapsulation on an interface is a fairly straightforward
process. To configure it, follow these router commands:
Router#
config t
Enter configuration commands,
one per line.
End with CNTL/Z.
Router(config)#
int s0
Router(config-if)#
encapsulation ppp
Router(config-if)#^Z
Router#
Of course, PPP encapsulation must be enabled on both interfaces con-
nected to a serial line to work, and there are several additional configuration
options available by using the help command.
Configuring PPP Authentication
After you configure your serial interface to support PPP encapsulation, you
can then configure authentication using PPP between routers. First set the
Copyright ©2002 SYBEX, Inc., Alameda, CA
www.sybex.com