Routerlabs for Cisco Simulator - Dynampis - Labs for Download

Router Labs Home

Tutorials

BGP4 - Aggreagation

BGP4 - Aggreagation with Options

OSPF - First Steps

OSPF - 2 Areas

OSPF - Area Range Command

OSPF - Default Originate Always

OSPF - Redistribution

RIPv2 - First Steps

RIPv2 - Authentication

RIPv2 - Offset List NEW

PPP - Authentication CHAP 1

Routing Documentation

Cisco Adminstrative Distance

Juniper Protocol Preference

Well Known Multicast Groups

RFC Overview

CHAP Authentication Challenge One Side

using chap hostname and password

This tutorial shows how a serial line is authenticated via chap on one side only. R2 will send the authentication challenge and R1 replies with a username ROUTER1 and the password CISCO. ROUTER1 is not the hostname of R1.

Lets take a lab of 2 routers and do some configuration:

Both routers just have the interface serial 1/0 and the interface loopback 0 configured. If you use the basic configuration and start the routers you can ping the other router.

In this tutorial some PPP configuration is needed before we can start authentication.

R1#show running-config interface serial 1/0
Building configuration...

Current configuration : 123 bytes
!
interface Serial1/0
 description to R2 Serial 1/0
 ip address 192.168.100.1 255.255.255.252
 serial restart-delay 0
end

R1#configure terminal
R1(config)#interface serial 1/0
R1(config-if)#encapsulation ppp
R1(config-if)#end
R1#


R2#configure terminal
R2(config)#interface serial 1/0
R2(config-if)#encapsulation ppp
R2(config-if)#end
R2#

After this configuration the interfaces should be reachable via ping. The CHAP challenge comes from R2. We have to configure a username and password on R2, and R1 has to send the username and the hash from the password. The CHAP challenge is configured with the command "ppp authentication chap". This command is not needed on R1.

R2#configure terminal
R2(config)#username ROUTER1 password CISCO
R2(config)#interface serial 1/0
R2(config-if)#ppp authentication chap


R1#configure terminal
R1(config)#interface serial 1/0
R1(config-if)#ppp chap hostname ROUTER1
R1(config-if)#ppp chap password CISCO

R2#debug ppp authentication
PPP authentication debugging is on
*XXX YY 16:55:36.331: Se1/0 PPP: Authorization required
*XXX YY 16:55:36.383: Se1/0 CHAP: O CHALLENGE id 43 len 23 from "R2"
*XXX YY 16:55:36.455: Se1/0 CHAP: I RESPONSE id 43 len 28 from "ROUTER1"
*XXX YY 16:55:36.459: Se1/0 PPP: Sent CHAP LOGIN Request
*XXX YY 16:55:36.463: Se1/0 PPP: Received LOGIN Response PASS
*XXX YY 16:55:36.467: Se1/0 PPP: Sent LCP AUTHOR Request
*XXX YY 16:55:36.471: Se1/0 PPP: Sent IPCP AUTHOR Request
*XXX YY 16:55:36.475: Se1/0 LCP: Received AAA AUTHOR Response PASS
*XXX YY 16:55:36.479: Se1/0 IPCP: Received AAA AUTHOR Response PASS
*XXX YY 16:55:36.479: Se1/0 CHAP: O SUCCESS id 43 len 4
*XXX YY 16:55:36.487: Se1/0 PPP: Sent CDPCP AUTHOR Request
*XXX YY 16:55:36.491: Se1/0 CDPCP: Received AAA AUTHOR Response PASS
*XXX YY 16:55:36.535: Se1/0 PPP: Sent IPCP AUTHOR Request

The debug output shows the success of the authentication, the interfaces can be pinged again.

Contact

Routerlabs.de is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc. Cisco©, Cisco Systems©, CCNA©, CCDA©, CCDP©, CCNP©, CCVP©, CCSP©, CCIE©, CCDE©, CCSI© and the Cisco Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems, Inc. in the United States and certain other countries. All other trademarks are trademarks of their respective owners.