PPP configuration full analysis

In terms of PPP applications, we need to master the PPP configuration content. This configuration involves a lot of content, so we need to carefully sort out the content contained in it. We hope that you can understand this through the introduction in this article.

◆ PPP Application

Applicable PPP interface type:

Synchronization

Asynchronous (R & S exams are no longer available)

ISDN (R & S exams are no longer available)

High-speed serial port HSSI)

Digital user line DSL) (R & S exams not available)

◆ Configure PPP on the Synchronous Serial Link

For basic PPP configuration, you only need to configure the PPP encapsulation. For example 1, the configuration is as follows: 1.

Figure 1 PPP configuration of two Routers

In Figure 1, the serial port of vrob B is configured as the DCE end, and the clock rate is configured on the serial port of vroterb.

Example 1 configuration of router

 
 

  
  
interface Serial1/0  
  
  
ip address 1.1.1.1 255.255.255.252  
  
  
encapsulation ppp  
  
  
no ip mroute-cache  
  
  
serial restart_delay 0 
 
 

Example 2 vrob B Configuration

 
 

  
  
interface Serial1/0  
  
  
ip address 1.1.1.2 255.255.255.252  
  
  
encapsulation ppp  
  
  
serial restart_delay 0  
  
  
clockrate 115200 
 
 

◆ Ppp chap and PAP Authentication

All interfaces that use PPP can use CHAP and PAP for authentication. All are verified using the unique host name of the device. The operation is as follows:

Step 2: Establish a PPP session. The router confirms the LCP authentication type.

Step 4: confirm the CHAP or PAP mode and then determine the authentication method:

-Check the local user database, which is set by default.

-Forward authentication requests to TACACS + or RADIUS Server

In step 2 of the authentication process, a response is sent to the authentication request. If a response is returned, the PPP is created. If a negative response is returned, the connection request is rejected.

After determining the link parameters, LCP starts to execute CHAP or PAP. The PAP sends the password in plaintext, And the router confirms the password. The security difference CHAP uses the MD5 hash generator to generate a 128-bit random number during the Query Process, these columns and their characters are transmitted on the link.

The initialized rouer sends the question signal to romte rouer. The Reomte router responds to the following four important information:

The version number of the CHAP question signal data packet type identification number, ID), identify the question signal serial number

A random number

Hostname of the router sending the question Signal

Remote router received, than search password, Than identity, random number, and password are all input to the MD5 hash generator to generate a hash number. Then, it is sent to the originating router along with the CHAP response packet type identification number, identity and router hostname, the initialized router also uses the MD5 hash number generator to generate a hash number that is equal to the hash value sent by the remote router. If the hash value is not equal, authentication fails and the link is disabled.

Configure CHAP:

Step 1 configure PPP Encapsulation

Step 1 configure a username in the local router that is consistent with the hostname of the dial-in router. Add the same username as the local router hostname to the remote router. The passwords assigned to two usernames must be consistent.

Step 1 configure CHAP under the PPP Interface

In Example 3, configure the network topology in security Diagram 1.

Example 3 configure CHAP authentication

 
 

  
  
RouterA:  
  
  
hostname routerA  
  
  
！  
  
  
username routerB password 0 cisco  
  
  
!  
  
  
ip subnet-zero  
  
  
!  
  
  
interface Serial1/0  
  
  
ip address 1.1.1.1 255.255.255.252  
  
  
encapsulation ppp  
  
  
no ip mroute-cache  
  
  
serial restart_delay 0  
  
  
ppp authentication chap 
 
 

 
 

  
  
routerB:  
  
  
hostname routerB  
  
  
!  
  
  
username routerA password 0 cisco  
  
  
!  
  
  
ip subnet-zero  
  
  
!  
  
  
interface Serial1/0  
  
  
ip address 1.1.1.2 255.255.255.252  
  
  
encapsulation ppp  
  
  
serial restart_delay 0  
  
  
clockrate 115200  
  
  
ppp authentication chap 
 
 

Configure PAP Authentication

Step 1 configure PPP

Add the hostname of the remote router to the local router and add the hostname of the local router to the remote router. The passwords assigned to the two users must be consistent.

Step 1 configure PAP

 
 

  
  
Ppp authentication pap  
  
  
Ppp pap sent-username local_device_name password password 
 
 

In Example 4, configure the network topology in security Diagram 1.

Example 4 configure PAP Authentication

 
 

  
  
RouterA:  
  
  
hostname routerA  
  
  
！  
  
  
username routerB password 0 cisco  
  
  
!  
  
  
ip subnet-zero  
  
  
!  
  
  
interface Serial1/0  
  
  
ip address 1.1.1.1 255.255.255.252  
  
  
encapsulation ppp  
  
  
no ip mroute-cache  
  
  
serial restart_delay 0  
  
  
ppp authentication pap  
  
  
ppp pap sent-username routerA password cisco  
  
  
 
  
  
routerB:  
  
  
hostname routerB  
  
  
!  
  
  
username routerA password 0 cisco  
  
  
!  
  
  
ip subnet-zero  
  
  
!  
  
  
interface Serial1/0  
  
  
ip address 1.1.1.2 255.255.255.252  
  
  
encapsulation ppp  
  
  
serial restart_delay 0  
  
  
clockrate 115200  
  
  
ppp authentication pap  
  
  
ppp pap sent-username routerB password cisco 
 
 

Note: hostname and password are case sensitive.