Answers: PAP 1

Wendell
By Wendell July 26, 2016 13:10

Did you remember how to configure PAP on a serial link? Time to check your config for a back-to-back serial link with PPP and PAP. Check out the requirements back in the lab post, create your answers, and come back here to check your work.

Answers

 

Figure 1: Two Routers with IP Subnets

Example 3: R1 Config

 

Example 4: R2 Config

 

Commentary

One of the primary reasons that engineers prefer to select the Point-to-Point Protocol (PPP) over High-Level Data Link Control (HDLC) is that it supports authentication. PPP supports two different authentication protocols: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).

PAP offers both a unidirectional authentication method and a bidirectional authentication method, both of which use a simple username/password combination. Unfortunately, PAP also transmits this information over the line in cleartext. This is the reason that engineers typically select CHAP. CHAP provides a bidirectional authentication method that also utilizes a username/password combination, but instead of transmitting this information over the line in cleartext, it takes advantage of MD5 hashing; when using this method, only a calculated hash is ever sent over the line.

First, for the basics. R2’s S0/0/1 acts as DCE, and the labs asks for a clock rate of T1 speed (1.544 Mbps). Many Cisco routers’ clock rate commands have speeds close to but not exactly T1 speed (1.544 Mbps); in this case, the lab used to create the exercise supported a clock rate 1536000 command. Both R1 and R2 then list the correct IP addresses on each end of the link. (Note that with later IOS versions, the ping will work even without the clock rate command, because IOS automatically adds the command.)

To make the link use PPP, both routers include the encapsulation ppp interface subcommand.

For PAP, to create bidirectional authentication on the serial interface, each side needs to enable PAP and define the username/password to be transmitted with the ppp pap sent-username command. Additionally, each router must define the other router’s username/password with a username global command. For instance, R1 sends the username ciscouser1, with password cisco, so R2 then must have the username ciscouser1 command configured.

For the PAP authentication, on the serial interface, both need the command ppp authentication pap to enable PAP. Then, R1 uses the command ppp pap sent-username ciscouser1 password cisco to define the username/password R1 sends to R2. R2 similarly defines the the subcommand ppp pap sent-username ciscouser2 password cisco. Each router must define the other router’s username/password in a username (global) command as seen at the top of Examples 3 and 4.

Check out this link for some additional background information on PAP.

PAP 1
SNMPv2c Secured with ACLs
Wendell
By Wendell July 26, 2016 13:10
Write a comment

No Comments

No Comments Yet!

Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.

Write a comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories