Configuration of PPP

This document describes the configuration of the PPP Protocol's PAP and CHAP authentication on Cisco routers, and the simple commands involved in the configuration are no longer repeated in the comments ...

Figure 1

First, configure, validate, and test PPP PAP on Routers router-a and Router-b (refer to the topology in Figure 1)

1. Configuring PAP on Router router-a

router-a>en
Router-a #conf T
Router-a (config) #username rtb password netscene-b (create user name RTB in router-a, password netscene-b, This set of user names and passwords is the credential used by Router-b and router-a for PAP negotiation and needs to be created in router-a for Router-b. )
Router-a (config) #int s 0/0
Router-a (config-if) #ip add 192.168.1.1 255.255.255.0
Router-a (config-if) #no shut
Router-a (config-if) #clock rate 64000 (because the two routers are serial connection, the serial port of one of the routers needs to be configured as DCE, here we choose RTA's serial port s0/0 to configure the clock speed 64000)
Router-a (config-if) #encapsulation PPP (encapsulates PPP protocol on serial Interface)
Router-a (config-if) #ppp authentication pap (both PPP negotiations are verified using PAP)
Router-a (config-if) #ppp pap sent-username RTA password netscene-a (when negotiating with Router-b, Router-a sends a user named RTA to Router-b, This set of authentication credentials is netscene-a, which needs to be created on router-b beforehand. )
Router-a (config-if) #end
router-a#

2. Configuring PAP on Router Router-b

router-b>en
Router-b#conf T
Router-b (config) #username RTA password netscene-a (create user name RTA in router-b, password netscene-a, This set of user names and passwords is the credential used by router-a with Router-b for PAP negotiation, so it needs to be created in Router-b for Router-a. )
Router-b (config) #interface s 0/1
Router-b (config-if) #ip add 192.168.1.2 255.255.255.0
Router-b (config-if) #encapsulation PPP (encapsulates PPP protocol on serial Interface)
Router-b (config-if) #ppp authentication pap (PAP is used to authenticate both parties for PPP negotiation)
Router-b (config-if) #ppp pap sent-username RTB password netscene-b (when negotiating with ROUTER-A, Router-b sends the user name RTB to Router-a, This set of authentication credentials is netscene-b, and of course this set of credentials has been configured on router-a beforehand. )
Router-b (config-if) #end
router-b#

3. Verifying PPP

Router-a#show Interface s0/0

Serial0/0 is up, line protocol was up (connected)
Hardware is HD64570
Internet address is 192.168.1.1/24
MTU bytes, BW 1544 Kbit, DLY 20000 usec,
Reliability 255/255, Txload 1/255, Rxload 1/255
Encapsulation PPP, loopback not set, KeepAlive set (SEC)
LCP Open
Open:ipcp,cdpcp
......
......

For the sake of description, I have hidden the PPP information part of the s0/0 port output of the above router-a, the bold information part is important: "serial0/0 isup" indicates that the physical port s0/0 is turned on, which proves that the first layer of the device-the physical layer has been prepared for PPP negotiation; "Line protocol are up (connected)" indicates that the second layer-the data link layer has been built; "Internet address is 192.168.1.1/24" table when the port already has a third layer identity--IP address The above output information indicates that the next three layers of the TCP/IP protocol stack have been built. "ENCAPSULATIONPPP" indicates that the interface encapsulates the PPP protocol, "LCP Open" and "OPEN:IPCP" illustrate two important phases of PPP negotiation--LCP and NCP (IPCP) have been successfully negotiated, LCP and NCP (IPCP) These two sub-layers are already in the " Open (opening) "status (specific negotiation process and principle, please refer to the PPP protocol principle of this site document).
Note: The PPP output information of the S0/1 port of the router Router-b is the same as the output information of the router-a s0/0 port, which is no longer duplicated here ...

4. Test PPP Connectivity

Router-a#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is percent (5/5), round-trip Min/avg/max = 31/31/32 ms

The 5 "exclamation points" in the output information prove that router-a can ping router-b, and the negotiation and verification of PPP PAP is successful.

Figure 2

Ii. configure, validate, and test PPP CHAP on Routers router-a and Router-b (refer to the topology in Figure 2)

1. Configure CHAP on router Router-a

Router-a (config) #username RTB password netscene.net (the password set in this directive must match the password set in Router-b, otherwise the response value computed by the hash function on both ends of the communication cannot be matched. For the relevant principle, please refer to the documentation of the operating principle of PPP protocol. )
Router-a (config) #interface S1/1
Router-a (config-if) #ip address 192.168.1.1 255.255.255.0
Router-a (config-if) #no shut
Router-a (config-if) #clock rate 64000
Router-a (config-if) #encapsulation PPP
Router-a (CONFIG-IF) #ppp authentication chap (mutual authentication using CHAP for PPP negotiation)
Router-a (CONFIG-IF) #ppp chap hostname RTA (when negotiating with Router-b, Router-a sends the credentials for the user named RTA to Router-b. The credential has been created in router-b and will be transmitted over the network in clear text, but the required password is not transmitted in clear text on the network. )
Router-a (config-if) #end
router-a#

2. Configure CHAP on router Router-b

Router-b (config) #username RTA password netscene.net (the password set in this directive must match the password set in Router-a, otherwise the response value computed by the hash function on both ends of the communication cannot be matched. Refer to the documentation on how the PPP protocol works in blog post. )
Router-b (config) #interface s1/0
Router-b (config-if) #ip address 192.168.1.2 255.255.255.0
Router-b (config-if) #no shut
Router-b (config-if) #encapsulation PPP
Router-b (CONFIG-IF) #ppp authentication chap (mutual authentication using CHAP for PPP negotiation)
Router-b (CONFIG-IF) #ppp chap hostname RTB (Router-b sends credentials for the user named RTB to router-a when negotiating with Router-a. The credential has been created in router-a and will be transmitted over the network in clear text, but the required password is not transmitted in clear text on the network. )
Router-b (config-if) #end
router-b#

3. Test PPP Connectivity

Router-a#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is percent (5/5), round-trip Min/avg/max = 31/31/32 ms

The output information indicates that router-a can ping the router-b, and the negotiation and validation of PPP chap on both sides is also successful.