ppp and chap

Answered Question
Mar 29th, 2009
User Badges:
  • Bronze, 100 points or more

Hi every body!


My book says " with chap the protocol begins with a message called a challenge which asks the other router to send its user name and password. The chap challenge states the random number both routers are pre-configured with the password.The challenged router runs the hash algorithm using the just-learned random number and the secret password and sends the result back to the router that sent the challenge"


My question is when router sends the challenge response does it also include the user name?


The book shows a command " ppp authentication chap pap",

MY book says it tells the router try first chap if no message is received then try pap.

I am just wondering how about" ppp authentication pap chap", will router try pap first if no message is received then try chap ?




Thanks a lot!

Correct Answer by Giuseppe Larosa about 8 years 4 weeks ago

Hello Sarah,


>> My question is when router sends the challenge response does it also include the user name?


yes, because the local router needs to be able to distinguish between multiple possible peers (this is possible on ISDN)


see


http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4130.shtml#8


from the document above:


BR0:1 CHAP: O CHALLENGE id 9 len 33 from "maui-soho-03"


or


BR0:1 CHAP: O RESPONSE id 16 len 33 from "maui-soho-03"


O means output I input in deb ppp neg output.


2) ppp authentication pap chap", will router try pap first if no message is received then try chap ?


yes it should be so the list should be an ordered list of authentication methods


Hope to help

Giuseppe



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Giuseppe Larosa Mon, 03/30/2009 - 01:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Sarah,


>> My question is when router sends the challenge response does it also include the user name?


yes, because the local router needs to be able to distinguish between multiple possible peers (this is possible on ISDN)


see


http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4130.shtml#8


from the document above:


BR0:1 CHAP: O CHALLENGE id 9 len 33 from "maui-soho-03"


or


BR0:1 CHAP: O RESPONSE id 16 len 33 from "maui-soho-03"


O means output I input in deb ppp neg output.


2) ppp authentication pap chap", will router try pap first if no message is received then try chap ?


yes it should be so the list should be an ordered list of authentication methods


Hope to help

Giuseppe



Actions

This Discussion