PPP_PAP_CHAP

Cisco ICND2 – Configure and verify PPP connection between Cisco routers

PPP stands for Point-to-Point and is a protocol operating at Layer 2 of the OSI model.

HDLC is Cisco proprietary and is the default encapsulation on serial links great if you have all Cisco devices, otherwise you will need PPP configured.

There are two types of authentication that can be used with PPP. These are PAP and CHAP.

PAP (Password Authentication Protocol) – Passwords are sent in plain text. No periodic checks.

CHAP (Challenge Handshake Authentication Protocol) – Password is encrypted. Sends periodic checks to ensure the router is talking to the same router.

PPP_PAP_CHAP

Configuring PPP is rather simple:

configure terminal
int s2/0
encapsulation ppp

Configure PPP with PAP authentication

RouterA:

configure terminal
hostname RouterA
username RouterB password Cisco

int s2/0
ip address 10.0.0.1 255.255.255.0
encapsulation ppp
ppp authentication pap
ppp pap sent-username RouterA password Cisco

RouterB:

configure terminal
hostname RouterB
username RouterA password Cisco

int s2/0
ip address 10.0.0.2 255.255.255.0
encapsulation ppp
ppp pap sent-username RouterB password Cisco
ppp authentication pap

Configure PPP with CHAP authentication

RouterA:

configure terminal
hostname RouterA
username RouterB password Cisco

int s2/0
ip address 10.0.0.1 255.255.255.0
encapsulation ppp
ppp authentication chap

RouterB:

configure terminal
hostname RouterB
username RouterA password Cisco

int s2/0
ip address 10.0.0.2 255.255.255.0
encapsulation ppp
ppp authentication chap

Show commands:

show interface s0/0 – Look for encapsulation ppp and LCP is open. Check interface is up and line protocol is up. Password/Username or encapsulation mismatch will bring the line protocol down.

Debug:

debug ppp authentication – Look for any failures of the three-way handshake.