Wednesday, May 8, 2013

How to configure PPP authentication

I would like to explain in this article how to configure PPP authentication between two routers.
First, I would like to invite all job seekers to post their CV in https://www.security-architecture.com/. Our website is free not only for employees but also for employers.

Let's take a look first at our diagram:

As you see in the image, we have 2 routers connected through serial point-to-point interfaces. The subnet is 192.168.13.0/24.
R3 must authenticate R1, means in order for router R3 to accept PPP connection with router R1, R1 must proove his identity to router R3. And let's say that Router R3 will authenticate R1 by PAP authentication

Let us start with first basic ppp connectivity

Router R3
sh run int s0/0/1
interface Serial0/0/1
ip address 192.168.13.3 255.255.255.0
encapsulation ppp
end


router R1
show run int s0/1/0
interface Serial0/1/0
ip address 192.168.13.1 255.255.255.0
encapsulation ppp
clock rate 2000000
end


So as we said the authentication is PAP, and it is local (means when R3 wants to authenticate router R1, R3 will look in its own local database). So for that purpose, we will create a local username and password on router R3. We will name the user R1User and password is password.
R3(config)#username R1User privilege 1 password password
Now On router R3, we need to tell the router R3 to use local database for ppp authentication.
so first:
R3(config)#aaa new-model
Then we created a list called R1-PPP-AUTH, this list is local authentication list for ppp connectivity
R3(config)#aaa authentication ppp R1-PPP-AUTH local
So now let us attach this list authentication to the ppp connection on the serial interface s0/0/
R3(config-if)#ppp authentication pap R1-PPP-AUTH
R3(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to down
R3(config-if)#
As you see that once we configured the ppp authentication, the line protocol goes down on s0/0/1

So what we have to do now is to move the router R1 and configure it to send username and password to router R3, so that router R3 will know that the connection is sent from router R1
R1(config-if)#ppp pap sent-username R1User password password
R1(config-if)#
*Jan 14 10:52:36.919: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0
As you see, once we entered this command on router1, the ppp connection came up.
For PPP CHAP authentication, I will explain it in my ne


you can follow our FTP services and solutions blog on https://ftp-services.blogspot.com
You can also follow our DHCP services and ip services solutions on https://dhcpservices.blogspot.com

I hope this was helpful, and I would like to thank you for reading

No comments:

Post a Comment