Software informational articles

Cisco certification: establishment to isdn, part iv - software


In part III of this ISDN primer, we academic that PPP has two main methods of certification that Cisco documentation candidates need to know how to configure: PAP and CHAP.

PAP has very few compensation over CHAP. PAP passwords are agreed over the line in clear-text, which in today's world is a very bad idea. PAP configuration also requires added configuration with the "ppp pap sent-username" command, so anybody who can see your administration configuration can also see the PAP password.

The only gain PAP has over CHAP is a slim one. With PAP, a atypical password can be used by the each of the routers complex in the authentication. CHAP requires that the password be the same. Why? We'll see as we analyze CHAP authentication.

The First Step to Configuring CHAP

CHAP requires you to configure a username / password arrangement for any cold badge that will be concerned in authentication. (We're arrogant that the routers have before now been configured with their names via the inclusive hostname command. ) Both routers will use the password CISCO.


username R2 password CISCO

int bri0

encapsulation ppp

ppp substantiation chap


username R1 password CISCO

int bri0

encapsulation ppp

ppp confirmation chap

Why CHAP Endorsement Requires The Same Password On Both Routers

Remember how PAP sends the password over the line in clear-text? CHAP does not in reality send the password over the line at all. Instead, CHAP runs a hash algorithm using the password and a arbitrary number. It is the conclusion of this hash that is accepted over the link. The aloof router receives the hash result, and runs the exact same algorithm. If the conclusion is the same, the confirmation endeavor will be successful. If the conclusion is different, the certification will fail. For this reason, the passwords must be the same.

Debug The Association If Substantiation Fails

Since two passwords are involved, the odds of one of the passwords being mistyped doubles. If you configure CHAP and the link dials but drops more or less immediately, there's an certification problem. Run debug ppp negotiation and challenge to dial the line again. The production of this actual debug will show you where the conundrum is.

Chris Bryant, CCIE (TM) #12933, has been energetic in the Cisco documentation cooperation for years. He has on paper more than a few books that have helped CCNA candidates about the world complete the in demand CCNA certification, together with quite a few concentrating on double math conversions and subnetting questions that the be around CCNA contestant will need to key on their CCNA exams.

He is the owner of The Bryant Improvement (http://www. thebryantadvantage. com) where he teaches reasonable world-class CCNA courses via the Internet, and sells his admired Cisco qualifications books. He‚??s proud to have helped CCNA candidates about the world do their career goals. Mr. Bryant‚??s books and courses are sold on his site, on eBay, and on quite a few other major Cisco documentation sites.

Developed by:
home | site map © 2018