ADTRAN 1000R Series User Manual

Page 1095

Advertising
background image

Command Reference Guide

PPP Interface Configuration Command Set

61200510L1-35E

Copyright © 2005 ADTRAN

1095

Several example scenarios are given below for clarity.

Configuring PAP Example 1: Only the local router requires the peer to authenticate itself.

On the local router (hostname Local):

Local(config-ppp 1)#ppp authentication pap

Local(config-ppp 1)#username farend password far

On the peer (hostname Peer):

Peer(config-ppp 1)#ppp pap sent-username farend password far

The first line of the configuration sets the authentication mode as PAP. This means the peer is required to
authenticate itself to the local router via PAP. The second line is the username and password expected to
be sent from the peer. On the peer, the ppp pap sent-username command is used to specify the
appropriate matching username and password.

Configuring PAP Example 2: Both routers require the peer to authenticate itself.

On the local router (hostname Local):

Local(config-ppp 1)#ppp authentication pap

Local(config-ppp 1)#username farend password far

Local(config-ppp 1)#ppp pap sent-username nearend password near

On the peer (hostname Peer):

Peer(config-ppp 1)#ppp authentication pap

Peer(config-ppp 1)#username nearend password near

Peer(config-ppp 1)#ppp pap sent-username farend password far

Now both routers send the authentication request, verify that the username and password sent match what
is expected in the database, and send an authentication acknowledge.

Defining CHAP

The Challenge-Handshake Authentication Protocol (CHAP) is a three-way authentication protocol
composed of a challenge response and success or failure. The MD5 protocol is used to protect usernames
and passwords in the response.

First, the local router (requiring its peer to be authenticated) sends a "challenge" containing the
unencrypted username of the peer and a random number. The username of the peer is found in the
username database within the PPP interface of the local router. The peer then looks up the username in
the username database within the PPP interface, and if found takes the corresponding password and its
own hostname and sends a "response" back to the local router. This data is encrypted. The local router
verifies that the username and password are in its own username database within the PPP interface, and if
so sends a "success" back to the peer.

The PPP username and password database is separate and distinct from the global
username password database. For PAP and CHAP, use the database under the PPP
interface configuration.

Advertising
Popular Brands
Popular manuals