PPPThere are two authentication methods. One is PAP authentication. one disadvantage of PAP authentication is that the information is transmitted in plaintext when the user identity is verified, in this way, it is likely that a third party will steal the authentication information during the verification process, so the security is poor. One isCHAPAuthentication, the biggest advantage of this authentication is encrypted authentication during the authentication process, so most of the network uses CHAP authentication, because it can better ensure network security. Today, let's take a look at the CHAP configuration and verification process.
CHAP verification process:
①. A initiates a ppp connection request to B
② B declares to A that CHAP verification is required for.
③ A declares to B and agrees to verify
④,VroB. Send the "user ID, random number" to router.
⑤ Vroa A uses the received "user ID and random number" and "own password" for hash calculation.
6. Router A sends "User ID, random number, and hash result" to B
7. vrob B uses the received "User ID, random number" and "own password" for hash calculation, the hash calculation result is compared with the hash calculation result sent by A. The result is the same, and the verification is successful. The result is different and the verification fails.
The following describes how to configure CHAP verification. The test environment is shown in figure
Set up the basic environment and configure vroa
- A (config) # int lo0 enables Lo0, which indicates the internal network of router.
- A (config-if) # ip address 192.168.10.1 255.255.255.0
- A (config-if) # exit
- A (config) # int s1/0 configure Wan port s1/1
- A (config-if) # ip address 202.110.100.1 255.255.255.0
- A (config-if) # encap ppp encapsulates Wan protocol as PPP
- A (config-if) # clock rate 64000 A and B vrouters provide clock frequency by S1/1 of vroa
- A (config-if) # no shut activates the WAN Port
- A (config-if) # exit
- A (config) # configure the route protocol rip for the second personal version of router RIP
- A (config-router) # version 2
- A (config-router) # net 192.168.10.0
- A (config-router) # net 202.110.100.0
Configure router B
- B (config) # int s1/0 Configure port S1/0 of router B
- B (config-if) # ip address 202.110.100.2 255.255.255.0
- B (config-if) # encap ppp encapsulate Wan protocol PPP
- B (config-if) # no shut activates port S1/0
- B (config-if) # exit
- B (config) # configure the second version of the rip Protocol in router RIP
- B (config-router) # ver 2
- B (config-router) # net 202.110.100.0
After the basic framework is configured, vrouters A and B can communicate with each other. However, we can use the show ip route command to view the route tables of vrouters A and B respectively.
To better see the following test results, we also need to check the port status and use the show interface port number to view the port status. We can see that the S1/0 ports and the protocols on the vrouters A and B are in the UP status, which means everything is normal.
More content for PPP → CHAP Verification:
Details about Wan protocol PPP → CHAP Verification
Detailed description of Wan protocol PPP → CHAP Verification
- Analysis on the concept of vronat NAT
- Brief Analysis on the Implementation of NAT technology
- Analysis of multicast knowledge in IGMP V2 package
- Horizontal split-by-the-command-by-product
- Instance resolution: the floating summary routing configuration of the VPN gateway.
- Analysis of multicast knowledge-Layer 2 device forwarding Multicast