Page 132

106 Chapter 5: Configuring PPP and Controlling Network Access

PAP

PAP is exactly what its name implies. It is a clear text exchange of username and password
information. When a user dials in, a username request is sent. Once that is entered, a password
request is sent.

All communications flow across the wire is in clear text form. No encryption is used with PAP.
There is nothing stopping someone with a protocol analyzer from gleaning passwords as they
traverse the wire. At that point, simply playing back the packet allows authentication into the
network. Although it may not provide the level of protection you may be seeking, it's better than
nothing. It serves to keep honest people honest. Figure 5-4 depicts the PAP authentication
procedure.

Figure 5-4

PAP Authentication

As is clearly seen, PAP is a one-way authentication between the router and the host. Example
5-1 shows a basic PPP PAP configuration.

Example 5-1

PAP Configuration Example

RouterA(config)#username emma password twinz
RouterA(config)#interface async 0
RouterA(config-if)#enapsulation ppp
RouterA(config-if)#ppp authentication pap

Remote user

Emma

Access server

Router A

Run PPP

Use PAP

"emma, twinz"

Accept or reject

Name: Emma
Password: twinz

username Emma

password twinz

Local user

database