Wednesday, 10 October 2012

PPP: Authentication using PAP


PPP: Authentication using PAP

   ·         PPP supports 2 types of authentication, PAP and CHAP

·         PAP sends password in clear-text

·         CHAP sends password encrypted.

·         In this post, let me configure password using PAP

·         Here, R1 is the server, Authenticator and R2 is the client, authentee.

·         We need to understand who is authenticating who.

·         When we dial-in for internet connection, the ISP authenticates the user, not the vice versa.

·         So, Server asks the password and the client shares it.
      
       ·         Let me take a small topology to configure this.

 

R1-----s1/0---------------------s1/0----R2

10.1.1.1----------------------------Client

 

R1(config)#username cisco password cisco

R1(config-if)#do show run int ser1/0

Building configuration...

 

Current configuration : 157 bytes

!

interface Serial1/0

 ip address 10.1.1.1 255.255.255.0

 encapsulation ppp

 no peer default ip address

 serial restart-delay 0

 ppp authentication pap

end

 

R1(config-if)#

 

R2(config-if)#do show run int ser1/0

Building configuration...

 

Current configuration : 176 bytes

!

interface Serial1/0

 ip address 10.1.1.2 255.255.255.0

 encapsulation ppp

 serial restart-delay 0

 ppp authentication pap

 ppp pap sent-username cisco password 0 cisco

end

 

R2(config-if)#int ser1/0

 

R1(config-if)#do debug ppp authe

PPP authentication debugging is on

R1(config-if)#shut

R1(config-if)#

*Mar  1 02:37:24.763: %LINK-5-CHANGED: Interface Serial1/0, changed state to administratively down

*Mar  1 02:37:25.763: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down

R1(config-if)#

R1(config-if)#no shut

R1(config-if)#

*Mar  1 02:37:36.555: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up

*Mar  1 02:37:36.559: Se1/0 PPP: Using default call direction

*Mar  1 02:37:36.559: Se1/0 PPP: Treating connection as a dedicated line

*Mar  1 02:37:36.559: Se1/0 PPP: Session handle[8F000022] Session id[35]

*Mar  1 02:37:36.563: Se1/0 PPP: Authorization required

*Mar  1 02:37:36.687: Se1/0 PAP: I AUTH-REQ id 29 len 16 from "cisco"

*Mar  1 02:37:36.687: Se1/0 PAP: Authenticating peer cisco

*Mar  1 02:37:36.691: Se1/0 PPP: Sent PAP LOGIN Request

*Mar  1 02:37:36.695: Se1/0 PPP: Received LOGIN Response PASS

*Mar  1 02:37:36.699: Se1/0 PPP: Sent LCP AUTHOR Request

*Mar  1 02:37:36.703: Se1/0 PPP: Sent IPCP AUTHOR Request

R1(config-if)#

*Mar  1 02:37:36.711: Se1/0 LCP: Received AAA AUTHOR Response PASS

*Mar  1 02:37:36.711: Se1/0 IPCP: Received AAA AUTHOR Response PASS

*Mar  1 02:37:36.715: Se1/0 PAP: O AUTH-ACK id 29 len 5

*Mar  1 02:37:36.719: Se1/0 PPP: Sent CDPCP AUTHOR Request

*Mar  1 02:37:36.723: Se1/0 CDPCP: Received AAA AUTHOR Response PASS

*Mar  1 02:37:36.763: Se1/0 PPP: Sent IPCP AUTHOR Request

R1(config-if)#

*Mar  1 02:37:37.715: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up

R1(config-if)#do u all

All possible debugging has been turned off

R1(config-if)#

 

R2(config)#

*Mar  1 02:37:36.591: Se1/0 PPP: Authorization required

*Mar  1 02:37:36.599: Se1/0 PPP: No authorization without authentication

*Mar  1 02:37:36.599: Se1/0 PAP: Using hostname from interface PAP

*Mar  1 02:37:36.599: Se1/0 PAP: Using password from interface PAP

*Mar  1 02:37:36.599: Se1/0 PAP: O AUTH-REQ id 29 len 16 from "cisco"

*Mar  1 02:37:36.739: Se1/0 PAP: I AUTH-ACK id 29 len 5

R2(config)#do u all

All possible debugging has been turned off

R2(config)#do debug ppp authen

PPP authentication debugging is on

R2(config)#

 

·         TIP:

·         Be very careful before enabling the debugs, always do logging buffered.

·         console logging is heavy and you might lose the console connection.

·         I have experienced once in the INE mock exam!

 

R1#show ip int bri

*Mar  1 02:42:31.827: %SYS-5-CONFIG_I: Configured from console by console

R1#show ip int bri | exclu unassi

Interface                  IP-Address      OK? Method Status                Protocol

Serial1/0                  10.1.1.1        YES manual up                    up

R1#ping 10.1.1.1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/28/112 ms

R1#

R1#ping 10.1.1.2

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/29/60 ms

R1#

 

R2#show ip int bri | exclu unassi

Interface                  IP-Address      OK? Method Status                Protocol

Serial1/0                  10.1.1.2        YES manual up                    up

R2#

R2#ping 10.1.1.2

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/26/96 ms

R2#

R2#ping 10.1.1.1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/26/64 ms

R2#
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)