 |
Cisco Certification: Introduction To ISDN, Part III |
 |
|
Configuring PPP PAP Authentication
Now we know how the ISDN link comes up (interesting traffic),
and some scenarios that might cause the link to stay up, we
need to look at ISDN authentication schemes. The two methods
Cisco certification candidates must be familiar with are PAP
and CHAP.
Password Authentication Protocol (PAP) sends the username
and password over the ISDN link in clear-text. Sending any
passwords over any WAN link in clear-text is generally a bad
idea, but it's important to know you have this option.
Regarding both PAP and CHAP, it's a common misunderstanding
that each side must authenticate the other. PAP and CHAP both
support bidirectional and unidirectional authentication that
is, R1 can authenticate R2 without R2 necessarily authenticating
R1. It's more common to use unidirectional authentication
in a lab environment than a production network, but keep in
mind that bidirectional authentication is an option, not a
requirement.
The configurations of PAP and CHAP do have their similarities.
For both, you'll configure a username/password combination
in global configuration mode. Newcomers to ISDN sometimes
put the local router name in for the username remember that
the remote router name is the username.
The only real advantage of PAP over CHAP comes in the password
configuration. Since PAP actually sends the password as a
whole over the link, the two routers can send different passwords
during authentication. The operation of CHAP requires that
both routers use the same password, and we'll see why in tomorrow's
article.
Under the BRI interface, you'll enter encapsulation ppp and
ppp authentication pap. So far, your authentication scheme
looks like this:
username R2 password CCNA
Int bri0
encapsulation ppp
ppp authentication pap
PAP requires an extra command at this point. The ppp pap
sent-username command is required under the interface, indicating
the username and password this router will be sending to the
remote router.
Int bri0
encapsulation ppp
ppp authentication pap
ppp pap sent-username R1 password CISCO
I always encourage CCNA and CCNP candidates to use as many
debugs as possible when working in their lab, since these
commands show us how things work. For any PPP authentication,
always run debug ppp negotiation before sending interesting
traffic to trigger the call. Watching exactly how PAP and
CHAP work give you a much better understanding of what's going
on 'behind the command', and makes you a stronger candidate
and a stronger networking engineer.
Tomorrow, we'll take a look at CHAP, and why routers cannot
use the same password on both ends of the link.
Keep studying!
About the Author:
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage,
home of free CCNA and CCNP tutorials, The Ultimate CCNA Study
Package, and Ultimate CCNP Study Packages. For a FREE copy
of his latest e-books, “How To Pass The CCNA” and
“How To Pass The CCNP”, visit the website and download
your free copies. You can also get FREE CCNA and CCNP exam
questions every day! Pass the CCNA exam with The Bryant Advantage!
|
|
|
|
Relevant Resources |
|
|
|
|
|
Need Cisco Hardware for your Cert? |
|
|
| Call 813.852.6400 now for more information to find the best router or switch to best help you with your certification exam. Having "real" hands-on experience is extremely beneficial not just for testing, but also ensures you are actually familiar with the device you are working on.
|
|
|
|
|
Cisco Routers |
|
|
|
|
|
Cisco Switches |
|
|
|
|
|
