Configuring ppp with chap authent.

Answered Question
Nov 29th, 2011
User Badges:

Hi.I've configured ppp on two routers In a home lab.I've enabled chap authentication with the ppp authentication chap command.The connections are up and working.The problem Is It doesnt matter what username and password combination I use on the routers.It still works.From what I've read I have to use the hostname of the peer as a username and Identical passwords.What might I be doing wrong here ?

Correct Answer by cadet alain about 5 years 8 months ago

Hi,


just do a shut/no shut of your serial interface and you will see it is not working.

you can do  debug ppp authentication to see what is the problem.


Regards.


Alain

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
johnlloyd_13 Tue, 11/29/2011 - 03:08
User Badges:
  • Blue, 1500 points or more

hi,


i recently read CCNA CNAP's chapter 2 - PPP and here's what i got from my notes and sample below. the hostname on one router must match the username the other router has configured. the passwords must also match. this occurs on initial link establishment and can be repeated any time after the link has been established



hostname R1

!

username R3 password 0 someone

!

interface Serial0/1/0

ip address 172.16.0.1 255.255.255.252

encapsulation ppp

ppp authentication chap

clock rate 64000



Serial0/1/0 IPCP: I CONFREQ [Closed] id 1 len 10


Serial0/1/0 IPCP: O CONFACK [Closed] id 1 len 10


Serial0/1/0 IPCP: I CONFREQ [REQsent] id 1 len 10


Serial0/1/0 IPCP: O CONFACK [REQsent] id 1 len 10


Serial0/1/0 IPCP: O CONFREQ [Closed] id 1 len 10


Serial0/1/0 IPCP: I CONFACK [Closed] id 1 len 10


Serial0/1/0 IPCP: O CONFREQ [Closed] id 1 len 10


Serial0/1/0 IPCP: I CONFACK [REQsent] id 1 len 10


%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0, changed state to up



----



hostname R3

!

username R1 password 0 someone

!

interface Serial0/0/0

ip address 172.16.0.2 255.255.255.0

encapsulation ppp

ppp authentication chap

Reprovoid Tue, 11/29/2011 - 03:55
User Badges:

Thats what I've read too.But It's still working whatever password , username config I use.I'm doing something wrong.

Peter Paluch Tue, 11/29/2011 - 03:39
User Badges:
  • Cisco Employee,

Hello,


In addition to the recommendations of John and Alain, would you mind posting your configurations of both routers?


Best regards,

Peter

Reprovoid Tue, 11/29/2011 - 04:26
User Badges:

I've attached the startup config both routers.My problem Is It still works even with different passwords and usernames.

Attachment: 
Correct Answer
cadet alain Tue, 11/29/2011 - 04:44
User Badges:
  • Purple, 4500 points or more

Hi,


just do a shut/no shut of your serial interface and you will see it is not working.

you can do  debug ppp authentication to see what is the problem.


Regards.


Alain

Reprovoid Tue, 11/29/2011 - 04:52
User Badges:

Thanks.I'm happy to report things have stopped working!

johnlloyd_13 Tue, 11/29/2011 - 05:12
User Badges:
  • Blue, 1500 points or more

hi,


i tried to simulate your config and it's not working. when re-configured the username to match the remote router and using same passwords, the serial links went up. could you try it on your lab and confirm?


hostname R1.12

!

username R1.12 password 0 reprovo

!

interface Serial0/0

ip address 192.168.6.3 255.255.255.0

encapsulation ppp

ppp authentication chap

clock rate 128000


----


hostname R2.10

!

username R2.10 password 0 rep

!

interface Serial0/0

ip address 192.168.6.1 255.255.255.0

encapsulation ppp

ppp authentication chap



-------


R1.12#sh ip int br

Interface              IP-Address      OK? Method Status                Protocol


FastEthernet0/0        unassigned      YES unset  administratively down down


Serial0/0              192.168.6.3     YES manual up                    down



R2.10#sh ip int br

Interface              IP-Address      OK? Method Status                Protocol


FastEthernet0/0        unassigned      YES unset  administratively down down


Serial0/0              192.168.6.1     YES manual up                    down


------



R1.12(config)#username R2.10 password reprovo

R1.12(config)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up


R2.10(config)#username R1.12 password reprovo

R2.10(config)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up

Reprovoid Tue, 11/29/2011 - 05:19
User Badges:

Yeah as cadet Alain pointed out I had to shutdown no shutdown on the serial Interfaces.The connection then stopped working

Actions

This Discussion