In terms of PPP applications, we need to master the PPP configuration content. This configuration involves a lot of content, so we need to carefully sort out the content contained in it. We hope that you can understand this through the introduction in this article.
◆ PPP Application
Applicable PPP interface type:
Synchronization
Asynchronous (R & S exams are no longer available)
ISDN (R & S exams are no longer available)
High-speed serial port HSSI)
Digital user line DSL) (R & S exams not available)
◆ Configure PPP on the Synchronous Serial Link
For basic PPP configuration, you only need to configure the PPP encapsulation. For example 1, the configuration is as follows: 1.
Figure 1 PPP configuration of two Routers
In Figure 1, the serial port of vrob B is configured as the DCE end, and the clock rate is configured on the serial port of vroterb.
Example 1 configuration of router
- interface Serial1/0
- ip address 1.1.1.1 255.255.255.252
- encapsulation ppp
- no ip mroute-cache
- serial restart_delay 0
Example 2 vrob B Configuration
- interface Serial1/0
- ip address 1.1.1.2 255.255.255.252
- encapsulation ppp
- serial restart_delay 0
- clockrate 115200
◆ Ppp chap and PAP Authentication
All interfaces that use PPP can use CHAP and PAP for authentication. All are verified using the unique host name of the device. The operation is as follows:
Step 2: Establish a PPP session. The router confirms the LCP authentication type.
Step 4: confirm the CHAP or PAP mode and then determine the authentication method:
-Check the local user database, which is set by default.
-Forward authentication requests to TACACS + or RADIUS Server
In step 2 of the authentication process, a response is sent to the authentication request. If a response is returned, the PPP is created. If a negative response is returned, the connection request is rejected.
After determining the link parameters, LCP starts to execute CHAP or PAP. The PAP sends the password in plaintext, And the router confirms the password. The security difference CHAP uses the MD5 hash generator to generate a 128-bit random number during the Query Process, these columns and their characters are transmitted on the link.
The initialized rouer sends the question signal to romte rouer. The Reomte router responds to the following four important information:
The version number of the CHAP question signal data packet type identification number, ID), identify the question signal serial number
A random number
Hostname of the router sending the question Signal
Remote router received, than search password, Than identity, random number, and password are all input to the MD5 hash generator to generate a hash number. Then, it is sent to the originating router along with the CHAP response packet type identification number, identity and router hostname, the initialized router also uses the MD5 hash number generator to generate a hash number that is equal to the hash value sent by the remote router. If the hash value is not equal, authentication fails and the link is disabled.
Configure CHAP:
Step 1 configure PPP Encapsulation
Step 1 configure a username in the local router that is consistent with the hostname of the dial-in router. Add the same username as the local router hostname to the remote router. The passwords assigned to two usernames must be consistent.
Step 1 configure CHAP under the PPP Interface
In Example 3, configure the network topology in security Diagram 1.
Example 3 configure CHAP authentication
- RouterA:
- hostname routerA
- !
- username routerB password 0 cisco
- !
- ip subnet-zero
- !
- interface Serial1/0
- ip address 1.1.1.1 255.255.255.252
- encapsulation ppp
- no ip mroute-cache
- serial restart_delay 0
- ppp authentication chap
- routerB:
- hostname routerB
- !
- username routerA password 0 cisco
- !
- ip subnet-zero
- !
- interface Serial1/0
- ip address 1.1.1.2 255.255.255.252
- encapsulation ppp
- serial restart_delay 0
- clockrate 115200
- ppp authentication chap
Configure PAP Authentication
Step 1 configure PPP
Add the hostname of the remote router to the local router and add the hostname of the local router to the remote router. The passwords assigned to the two users must be consistent.
Step 1 configure PAP
- Ppp authentication pap
- Ppp pap sent-username local_device_name password password
In Example 4, configure the network topology in security Diagram 1.
Example 4 configure PAP Authentication
- RouterA:
- hostname routerA
- !
- username routerB password 0 cisco
- !
- ip subnet-zero
- !
- interface Serial1/0
- ip address 1.1.1.1 255.255.255.252
- encapsulation ppp
- no ip mroute-cache
- serial restart_delay 0
- ppp authentication pap
- ppp pap sent-username routerA password cisco
-
- routerB:
- hostname routerB
- !
- username routerA password 0 cisco
- !
- ip subnet-zero
- !
- interface Serial1/0
- ip address 1.1.1.2 255.255.255.252
- encapsulation ppp
- serial restart_delay 0
- clockrate 115200
- ppp authentication pap
- ppp pap sent-username routerB password cisco
Note: hostname and password are case sensitive.