Table of Contents
Advertisement
Command Reference Guide
Several example scenarios are given below for clarity.
Configuring PAP Example 1: Only the local router requires the peer to authenticate itself.
On the local router (host name Local):
Local(config-ppp 1)#ppp authentication pap
Local(config-ppp 1)#username farend password far
On the peer (host name Peer):
Peer(config-ppp 1)#ppp pap sent-username farend password far
The first line of the configuration sets the authentication mode as PAP. This means the peer is required to
authenticate itself to the local router via PAP. The second line is the user name and password expected to
be sent from the peer. On the peer, the ppp pap sent-username command is used to specify the
appropriate matching user name and password.
Configuring PAP Example 2: Both routers require the peer to authenticate itself.
On the local router (host name Local):
Local(config-ppp 1)#ppp authentication pap
Local(config-ppp 1)#username farend password far
Local(config-ppp 1)#ppp pap sent-username nearend password near
On the peer (host name Peer):
Peer(config-ppp 1)#ppp authentication pap
Peer(config-ppp 1)#username nearend password near
Peer(config-ppp 1)#ppp pap sent-username farend password far
Now both routers send the authentication request, verify that the user name and password sent match
what is expected in the database, and send an authentication acknowledge.
Defining CHAP
CHAP is a three-way authentication protocol composed of a challenge response and success or failure.
The message digest 5 (MD5) protocol is used to protect user names and passwords in the response.
First, the local router (requiring its peer to be authenticated) sends a challenge containing the unencrypted
user name of the peer and a random number. The user name of the peer is found in the user name
database within the PPP interface of the local router. The peer then looks up the user name in the user
name database within the PPP interface, and if found takes the corresponding password and its own host
name and sends a response back to the local router. This data is encrypted. The local router verifies that
the user name and password are in its own user name database within the PPP interface, and if so sends
a success back to the peer.
The PPP user name and password database is separate and distinct from the global user
name password database. For PAP and CHAP, use the database under the PPP interface
configuration.
60000CRG0-35E
Copyright © 2012 ADTRAN, Inc.
PPP Interface Command Set
2570
Advertisement
Table of Contents
