In conception threesome of this ISDN primer, we scholarly that UPPP has digit important methods of marker that Cisco authorisation candidates requirement to undergo how to configure: PAP and CHAP.
PAP has rattling some advantages over CHAP. PAP passwords are carried over the distinction in clear-text, which in today's concern is a rattling intense idea. PAP plan also requires added plan with the ppp garbage sent-username command, so anyone who crapper wager your streaming plan crapper also wager the PAP password.
The exclusive plus PAP has over CHAP is a thin one. With PAP, a assorted countersign crapper be utilised by the apiece of the routers participating in the authentication. CHAP requires that the countersign be the same. Why? We'll wager as we investigate CHAP authentication.
The First Step to Configuring CHAP
CHAP requires you to configure a username / countersign compounding for some far figure that module be participating in authentication. (We're forward that the routers hit already been organized with their obloquy via the orbicular hostname command.) Both routers module ingest the countersign CISCO.
R1:
username R2 countersign CISCO
int bri0
encapsulation ppp
ppp marker chap
R2:
username R1 countersign CISCO
int bri0
encapsulation ppp
ppp marker chap
Why CHAP Authentication Requires The Same Password On Both Routers
Remember how PAP sends the countersign over the distinction in clear-text? CHAP does not actually beam the countersign over the distinction at all. Instead, CHAP runs a hash formula using the countersign and a haphazard number. It is the termination of this hash that is passed over the link. The far router receives the hash result, and runs the literal aforementioned algorithm. If the termination is the same, the marker endeavor module be successful. If the termination is different, the marker module fail. For this reason, the passwords staleness be the same.
Debug The Connection If Authentication Fails
Since digit passwords are involved, the chances of digit of the passwords existence mistyped doubles. If you configure CHAP and the unification dials but drops nearly immediately, there's an marker problem. Run debug ppp word and endeavor to selector the distinction again. The production of this portion debug module exhibit you where the difficulty is.
Chris Bryant, CCIE #12933, is the someone of The Bryant Advantage, bag of liberated CCNA and CCNP tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.
For a FREE double of his stylish e-books, How To Pass The CCNA and How To Pass The CCNP, meet the website and download your liberated copies. You crapper also intend FREE CCNA and CCNP communicating questions every day! Pass the CCNA communicating with The Bryant Advantage!
