Browsed by
Tag: PPP

CCIE: PPP Authentication

CCIE: PPP Authentication

Personally, this is an area that I struggled with during my studies. Not quite sure why, the concept is not that difficult. Perhaps, it’s one of those “boring” subjects and I just could not get excited about it no matter how hard I tried. In real world use cases, I used PPP all the time for the PE to CE encapsulation method. The thing is at the SP, there was no need to “secure” the /30 MPLS circuits so, LCP was not necessary. Now for ADSL customers, that was a totally different story. LCP and NCP were both used. Fact is, PPP is still widely deployed and I don’t see it going away anytime soon so, we better understand it.

#1 Recommendation: ALWAYS think of PPP authentication as a client (response) and server (authenticator/challenge) relationship.

The authentication does not have to be bi-directional (although it could be).

So, the PAP/CHAP SERVER would require authentication and the PAP/CHAP CLIENT must respond.

Example 1 (PAP): 

R1: SERVER
username R2PAP password CISCO

interface serial 0/1/0
encap ppp
ppp authentication pap (P1) chap (P2)
try Protocol1 first and if unsuccessful try P2

R2: CLIENT
int ser 0/1/0
encap ppp
ppp pap sent-username R2PAP password CISCO 

Example 2 (CHAP):

R1: SERVER
username R2 password CISCO

interface serial 0/1/0
encap ppp
ppp authentication pap (P1) chap (P2)
try Protocol1 first and if unsuccessful try P2

R2: CLIENT
username R1 password CISCO
int ser 0/1/0
encap ppp