CHAP authentication for PPP authentication

To ensure the security of the network environment, we need to set up a verification mechanism in the network environment, that is, when a user's device wants to communicate with your device, it must pass your authentication. Today, let's take a look at the WAN protocol PPP authentication. There are two PPP authentication methods. One is PAP authentication. one disadvantage of PAP authentication is that the information is transmitted in plaintext when the user identity is verified, in this way, it is likely that a third party will steal the authentication information during the verification process, so the security is poor. One is CHAP authentication. The biggest advantage of this authentication is encrypted authentication during the authentication process. Therefore, most of the networks adopt CHAP authentication because it can better ensure network security. Today, let's take a look at the CHAP configuration and verification process.

CHAP verification process:

①. A initiates a ppp connection request to B

② B declares to A that CHAP verification is required for.

③ A declares to B and agrees to verify

④ Vrob B sends the "user ID, random number" to vroa

⑤ Vroa A uses the received "user ID and random number" and "own password" for hash calculation.

6. Router A sends "User ID, random number, and hash result (Note: no password is sent at this time, and the password is included in the hash)" to B

7. vrob B uses the received "User ID, random number" and "own password" for hash calculation, the hash calculation result is compared with the hash calculation result sent by A. The result is the same, and the verification is successful. The result is different and the verification fails.

The following describes how to configure CHAP verification. The test environment is shown in figure

Build basic environment

Configure router

 
 

  
  
A (config) # int lo0 enables Lo0, which indicates the internal network of router.
  
  
A (config-if) # ip address 192.168.10.1 255.255.255.0
  
  
A (config-if) # exit
  
  
A (config) # int s1/0 configure Wan port s1/1
  
  
A (config-if) # ip address 202.110.100.1 255.255.255.0
  
  
A (config-if) # encap ppp encapsulates Wan protocol as PPP
  
  
A (config-if) # clock rate 64000 A and B vrouters provide clock frequency by S1/1 of vroa
  
  
A (config-if) # no shut activates the WAN Port
  
  
A (config-if) # exit
  
  
A (config) # configure the route protocol rip for the second personal version of router RIP
  
  
A (config-router) # version 2
  
  
A (config-router) # net 192.168.10.0
  
  
 
  
  
A (config-router) # net 202.110.100.0
 
 

Configure router B

 
 

  
  
B (config) # int s1/0 Configure port S1/0 of router B
  
  
B (config-if) # ip address 202.110.100.2 255.255.255.0
  
  
B (config-if) # encap ppp encapsulate Wan protocol PPP
  
  
B (config-if) # no shut activates port S1/0
  
  
B (config-if) # exit
  
  
B (config) # configure the second version of the rip Protocol in router RIP
  
  
B (config-router) # ver 2
  
  
B (config-router) # net 202.110.100.0
 
 

After the basic framework is configured, vrouters A and B can communicate with each other. However, we can use the show ip route command to view the route tables of vrouters A and B respectively.

To better see the following test results, we also need to check the port status and use the show interface port number to view the port status. We can see that the S1/0 ports and the protocols on the vrouters A and B are in the UP status, which means everything is normal.