ADTRAN 1000R Series User Manual

Page 832

Advertising
background image

Command Reference Guide

Demand Interface Configuration Command Set

61200510L1-35E

Copyright © 2005 ADTRAN

832

Several example scenarios are given below for clarity.

Configuring PAP Example 1: Only the local router requires the peer to authenticate itself.

On the local router (hostname Local):

Local(config-demand 1)#ppp authentication pap

Local(config-demand 1)#username farend password same

On the peer (hostname Peer):

Peer(config-demand 1)#ppp pap sent-username farend password same

The first line of the configuration sets the authentication mode as PAP. This means the peer is required to
authenticate itself to the local router via PAP. The second line is the username and password expected to
be sent from the peer. On the peer, the ppp pap sent-username command is used to specify the
appropriate matching username and password.

Configuring PAP Example 2: Both routers require the peer to authenticate itself.

On the local router (hostname Local):

Local(config-demand 1)#ppp authentication pap

Local(config-demand 1)#username farend password far

Local(config-demand 1)#ppp pap sent-username nearend password near

On the peer (hostname Peer):

Peer(config-demand 1)#ppp authentication pap

Peer(config-demand 1)#username nearend password near

Peer(config-demand 1)#ppp pap sent-username farend password far

Now both routers send the authentication request, verify that the username and password sent match what
is expected in the database, and send an authentication acknowledge.

Defining CHAP

The Challenge-Handshake Authentication Protocol (CHAP) is a three-way authentication protocol
composed of a challenge response and success or failure. The MD5 protocol is used to protect usernames
and passwords in the response.

First, the local router (requiring its peer to be authenticated) sends a "challenge" containing only its own
unencrypted username to the peer. The peer then looks up the username in the username database within
the PPP interface, and if found takes the corresponding password and its own hostname and sends a
“response” back to the local router. This data is encrypted. The local router verifies that the username and
password are in its own username database within the PPP interface, and if so sends a "success" back to
the peer.

The PPP username and password database is separate and distinct from the global
username password database. For PAP and CHAP, use the database under the PPP
interface configuration.

Advertising
Popular Brands
Popular manuals