PPP is a standard protocol used to send data over synchronous serial links. PPP also provides a Link Control Protocol (LCP) for negotiating the properties of the link. LCP uses echo requests and responses to monitor the continuing availability of the link.
PPP supports CHAP, MS-CHAP, and PAP authentication protocols, which require a remote device to prove its identity before allowing data traffic to flow over a connection.
Challenge Handshake Authentication Protocol (CHAP)—CHAP authentication sends a challenge message to the remote device. The remote device encrypts the challenge value with a shared secret and returns the encrypted value and its name to the local router in a response message. The local router attempts to match the remote device’s name with an associated secret stored in the local username or remote security server database; it uses the stored secret to encrypt the original challenge and verify that the encrypted values match.
Configure PPP encapsulation with CHAP authentication:
Step 1.- Configure username for remote router
Router(config)# username <username> password <password>
This is the username and password used by the local router to authenticate the PPP peer.
Step 2.- Specifies the serial interface and enters interface configuration mode.
Router(config)# interface serial wic/slot/port
Step 3.- Configures synchronous serial encapsulation.
Router(config-if)# encapsulation { hdlc | frame-relay | ppp }
Step 4 .- Configure authentication CHAP
Router(config-if)# ppp authentication chap
Verification commands:
show interface serial wic/slot/port
show controllers serial wic/slot/port
show interface ip brief
Verification commands:
debug ppp authentication
Example:
Config R1:
R1(config)#username R2 password Hi-Im-R2
R1(config)#interface serial 0/2/0
R1(config-if)#clock rate 64000
R1(config-if)#ip address 10.1.1.1 255.255.255.252
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#no shut
R1(config-if)#exit
Config R2:
R2(config)#username R1 password Hi-Im-R1
R2(config)#interface serial 0/1/1
R2(config-if)#ip address 10.1.1.2 255.255.255.252
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap
R2(config-if)#no shut
%LINK-5-CHANGED: Interface Serial0/1/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1, changed state to up
R2(config-if)#exit
Validation:
R1#show interfaces serial 0/2/0
Serial0/2/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 10.1.1.1/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
R1#show controllers serial 0/2/0
Interface Serial0/2/0
Hardware is PowerQUICC MPC860
DCE V.35, clock rate 64000
idb at 0x81081AC4, driver data structure at 0x81084AC0
SCC Registers:
General [GSMR]=0x2:0x00000000, Protocol-specific [PSMR]=0x8
Events [SCCE]=0x0000, Mask [SCCM]=0x0000, Status [SCCS]=0x00
Reference:
