The principle of point-to-point authentication for Cisco routers

Source: Internet
Author: User
Tags config

The Point-to-Point Protocol provides a standard method for the transmission of multi-protocol packets over point-to-point connections.

PPP was originally designed to provide an encapsulation protocol for IP traffic transmission between two peer nodes.

In the TCP-IP protocol, it is a Data Link layer protocol (the second layer in the OSI model) that is used to synchronize the modulation connection, instead of the original non-standard second layer protocol, namely the SLIP.

PPP, which is the Point-to-Point Protocol, is a data Link layer protocol for point-to-point type lines launched by the IETF. The protocol is not proprietary, it can interconnect different vendors, support Multi-Protocol, provide optional identity authentication service, compress data in various ways, support dynamic address negotiation, support multilink bundle, etc.

Second, password authentication protocol, full name: Password authentication Protocol. PAP is two times Handshake Authentication protocol, in the first initialization of the link, the authentication side first initiates the authentication request, sends the user name and the password information to the authentication end to authenticate. Password passwords are sent in clear text, so they are less secure. PAP support single and two-way certification, certification flowchart and single, two-way certification.

Second, the Challenge Handshake Authentication Agreement, full name: Challenge Handshake Authentication Protocol. CHAP verifies the identity of the authenticated end by three handshake, completes the initial link establishment, and periodically validates the link after it is established in order to improve the security. CHAP is more secure than PAP because CHAP does not send clear text on the line, but instead sends a sequence of MD5 random numbers. CHAP supports one-way and two-way authentication.

Third, the configuration process:

Hostname r_a

Interface serial2/0


Encapsulation PPP

PPP pap sent-username r_a password 0 123

Clock rate 64000

R_a (config-if) #ip address

R_a (config-if) #no shutdown

%link-5-changed:interface serial2/0, CHANGED state to up


Router#conf T

Enter configuration commands, one per line. End With cntl/z.

Router (config) #hostname R_b

R_b (config) #username r_a password 0 123

R_b (config) #interface s3/0

R_b (config-if) #encapsulation PPP

R_b (config-if) #ppp authentication pap

R_b (config-if) #ip address

R_b (config-if) #no shutdown

Finally, we should pay attention to the corresponding relationship between the user name, the password information and the router, the information correspondence between the authentication end and the authenticated end, the case sensitivity of the authentication information, and after modifying the configuration, if it does not take effect, try to restart the port, and PPP adopts 7EH as the start and end

The address domain (a) and the control domain (C) Take fixed value (a=ffh,c=03h), protocol domain (two bytes) 0021H for IP packet, 8021H for network control data, c021h for link control data, Frame Check field (FCS) is also two bytes, It is used for verifying the information field.

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.