RE: PPP authentication

From: Granofsky, Aaron (AGranofsky@xxxxxxxxxxx)
Date: Sun Oct 15 2000 - 14:59:00 GMT-3

• Next message: Roby Jaiswal: "CCIE Routing & Switching Lab Exam in SJ"
• Previous message: Granofsky, Aaron: "RE: Area 0 interface in OSPF db as Type 5 LSA??"
• Maybe in reply to: z z: "PPP authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
   
    Title: RE: PPP authentication
    
   If you use pap you need both RA and RB username/password on both
   routers.
   If you use pap, you need RA's username/password to send to RB so that
   RB can authenticate RA. RA also needs RB's username/password to
   authenticate RB.
   
   If you use chap, you only need the other router's username/password.
   Your router's name is sent as part of a three way handshake, and the
   password is assumed to be the same on both routers.
   
   So, if you use chap, the three way handshake keeps you from needing
   both RA and RB username/password on both routers. RA only needs the
   username password for RB, and vice versa.
   
   PAP example:
   
   hostname ra hostname rb
   int bri0 int bri0
   encap ppp encap ppp
   ppp authen pap ppp authen pap
   ip add 1.0.0.1 255.255.255.0 ip add 1.0.0.2 255.255.255.0
   dialer map ip 1.0.0.2 dialer map ip 1.0.0.1
       name rb 5552345 name ra 5554321
   username rb pass cisco username ra pass cisco
   username ra pass cisco username rb pass cisco
   
   In the config above, the first username line is to authenticate the
   other router,
   the second line is to send to the other router for him to authenticate
   you.
   
   CHAP example:
   
   hostname ra hostname rb
   int bri0 int bri0
   encap ppp encap ppp
   ppp authen chap ppp authen chap
   ip add 1.0.0.1 255.255.255.0 ip add 1.0.0.2 255.255.255.0
   dialer map ip 1.0.0.2 dialer map ip 1.0.0.1
       name rb 5552345 name ra 5554321
   username rb pass cisco username ra pass cisco
   
   In the second config, you only need the other routers username to
   authenticate him.
   
   Hope this all makes sense.
   
   -Aaron
   
   -----Original Message-----
   From: z z [mailto:ccie_99@yahoo.com]
   Sent: Saturday, October 14, 2000 10:13 PM
   To: ccielab@groupstudy.com
   Subject: PPP authentication
   
   Hi
   
   Now I am studying PPP authentciation and got quite
   confused. Can someone help me out?
   
   If we have two routers, ra and rb.
   1)using chap, only ra will authenticate rb
   2)using pap, only ra will authenticate rb
   3)using chap, ra and rb using different passwords
   4)using pap, ra and rb using different passwords.
   
   I do not have two isdn lines to try these config out.
   Need your help.
   Thanks
   

• Next message: Roby Jaiswal: "CCIE Routing & Switching Lab Exam in SJ"
• Previous message: Granofsky, Aaron: "RE: Area 0 interface in OSPF db as Type 5 LSA??"
• Maybe in reply to: z z: "PPP authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:27 GMT-3