SROS Command Line Interface Reference Guide

PPP Interface Configuration Command Set

 

 

Several example scenarios are given below for clarity.

Configuring PAP Example 1: Only the local router requires the peer to authenticate itself.

On the local router (hostname Local):

Local(config-ppp 1)#ppp authentication pap

Local(config-ppp 1)#username farend password same

On the peer (hostname Peer):

Peer(config-ppp 1)#ppp pap sent-username farend password same

The first line of the configuration sets the authentication mode as PAP. This means the peer is required to authenticate itself to the local router via PAP. The second line is the username and password expected to be sent from the peer. On the peer, the ppp pap sent-usernamecommand is used to specify the appropriate matching username and password.

Configuring PAP Example 2: Both routers require the peer to authenticate itself.

On the local router (hostname Local):

Local(config-ppp 1)#ppp authentication pap

Local(config-ppp 1)#username farend password far

Local(config-ppp 1)#ppp pap sent-username nearend password near

On the peer (hostname Peer):

Peer(config-ppp 1)#ppp authentication pap

Peer(config-ppp 1)#username nearend password near

Peer(config-ppp 1)#ppp pap sent-username farend password far

Now both routers send the authentication request, verify that the sent-username and password match what is expected in the database, and send an authentication acknowledge.

Defining CHAP

The Challenge-Handshake Authentication Protocol (CHAP) is a three-way authentication protocol composed of a challenge response and success or failure. The MD5 protocol is used to protect usernames and passwords in the response.

First, the local router (requiring its peer to be authenticated) sends a "challenge" containing only its own unencrypted username to the peer. The peer then looks up the username in the username database within the PPP interface, and if found takes the corresponding password and its own hostname and sends a "response" back to the local router. This data is encrypted. The local router verifies that the username and password are in its own username database within the PPP interface, and if so sends a "success" back to the peer.

The PPP username and password database is separate and distinct from the global

Note username password database. For PAP and CHAP, use the database under the PPP interface configuration.

Several example scenarios are given below for clarity.

5991-2114

© Copyright 2005 Hewlett-Packard Development Company, L.P.

767

Page 767
Image 767
HP 7000 dl Router manual Peerconfig-ppp 1#ppp pap sent-username farend password same, Defining Chap