10-12-2005 09:24 AM
Cisco says in Second-Year Companion Guide Edition 2 page 339 :
((To configure PPP authentication, do the following:
Step1
On each router, define the username and password to expect from the remote router:
Router (config)# username name password secret
The arguments are described as follows:
nameThis is the hostname of the remote router. Note that it is case sensitive.
secretOn Cisco routers, the secret password must be the same for both routers.)). I said this is the end of the step 1 from the above Cisco book.
Another book 'Semester 6 Remote Access Book' Cisco says :
((If you want the router to use a different username and password, you have the option of specifying a different combination with the following commands:
Router (config-if)#ppp chap hostname name.
Router (config-if)#ppp chap password passwd. ))
I feel there is conflict between second year book and semester 6 book !!! Any clarification about that (password)
10-13-2005 12:22 AM
Hi
AFAIK both the statements are correct in their way but the way in which they are used or the real requirement needs may differ from case to case.
i would suggest to look onto the functional sample config scenarios and also the link which can help u out...
!
hostname router1
!
username router2 password cisco
!
interface BRI0
no ip address
no ip mroute-cache
encapsulation ppp
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap
---------------------------------------------------------------
!
hostname router2
!
username router1 password cisco
!
interface BRI0
no ip address
no ip mroute-cache
encapsulation ppp
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap
--------------------------------------------------------------
hostname router1
!
username router2 password 0 cisco
!
interface BRI0/0
ip address x.x.x.x y.y.y.y
no ip directed-broadcast
encapsulation ppp
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap callin
ppp chap hostname cisco
ppp chap password cisco
!
--------------------------------------------------------
hostname router2
!
username cisco password 0 cisco
!
interface BRI0/0
ip address z.z.z.z y.y.y.y
no ip directed-broadcast
encapsulation ppp
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap
-----------------------------------------------------------------
http://cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4131.shtml
http://cisco.com/en/US/tech/tk713/tk507/technologies_configuration_example09186a0080094333.shtml
regds
10-13-2005 01:08 AM
hostname router1
!
username router2 password 0 cisco
!
interface BRI0/0
ip address x.x.x.x y.y.y.y
no ip directed-broadcast
encapsulation ppp
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap callin
ppp chap hostname sydney
ppp chap password letmein
!
--------------------------------------------------------
hostname router2
!
username sydney password 0 letmein
!
interface BRI0/0
ip address z.z.z.z y.y.y.y
no ip directed-broadcast
encapsulation ppp
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap
1- What I did I modified the username and password.
2- My understanding to what the link said,,,If I want to use a default(router'name as hostname and same password for both routers) authentication, I do not need to use these two commands on both routers (router1 and router2):
ppp chap hostname sydney
ppp chap password letmein
but the password should be same on both routers.
3- If I want to use different hostname and password on router1 for authentication, I have to enter these two commands on a router1 only (not router2):
ppp chap hostname sydney
ppp chap password letmein
corret me if I am wrong please?
10-13-2005 01:25 AM
hi
yes thats also one of the advantage by providing different username and password rather than giving the client hostname and password.
Usually in SP network we do have some kinda identification purpose which we do using the username given to the client for either their backup connectivity or primary connectivity.
regds
10-13-2005 03:06 AM
Is the username case sensitive in regard to the PPP authentication ?
Because i had read an article in internetwork expert lab that the username is not case semsitive !!!
Thanks
10-13-2005 08:12 AM
I believe that you need to look carefully at the context of the discussion about whether the username is case sensitive or not. For lots of usage (like for local authentication) I believe that the user name is not case sensitive. My experience is that for PPP authentication the user name is case sensitive.
So was the article in internetwork expert lab talking specifically about configuring for PPP authenticatin or was it talking generally about configuring username in the config of a lab router?
HTH
Rick
10-13-2005 11:57 AM
This is the part of pitfall:
"By default the username is not case sensitive in regards to the PPP authentication process, but the username is case sensitive in relation to PPP callback. If R5 sends router5 during the CHAP authentication process, the dialer map on R4 will need to have the name option configured as router5. Always have the name option of the dialer map and the dialer remote-name for Dialer Profiles match the exact username----------"
10-14-2005 02:24 AM
hostname router1
!
username router2 password 0 cisco
!
interface BRI0/0
ip address x.x.x.x y.y.y.y
no ip directed-broadcast
encapsulation ppp
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap callin
ppp chap hostname sydney
ppp chap password letmein
!
--------------------------------------------------------
hostname router2
!
username sydney password 0 letmein
!
interface BRI0/0
ip address z.z.z.z y.y.y.y
no ip directed-broadcast
encapsulation ppp
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap
If the above configuration is correct then what about the following command :
username router2 password 0 cisco
that means if i change 'cisco' password to another,does it work?!
10-14-2005 03:53 AM
My understanding is that
router1 will use these to authenticate router2
1- username: router2
2- password: cisco
router2 by default should have used these to authenticate router1
1- username: router1
2- password: cisco---with default configuration password should be same on both routers
But because we have used these two commands:
ppp chap hostname sydney
ppp chap password letmein
Now router2 will not use default configuration for authentication, it will use this
1- username: sydney
2- password: letmein
11-21-2010 01:41 AM
Hi,
Did anyone try using 'secret' instead of 'password' keyword?
I mean,
username Router1 secret xxxxxx
Evenafter giving the same secret in both the routers, it didnot work. It only worked when I changed it back to 'password'.
Any idea?
11-21-2010 07:23 PM
In PPP CHAP authentication the originating router creates some challenge data. The other router uses its password to create a response by hashing the challenge data. The original router uses its password to recreate the hash. If the hashes match then the same password was used on both sides and authentication is successful (without ever sending the password over the connection). If the hashes do not match then the same password is not used on both sides and authentication fails.
The important thing here is that both routers must know the password. If you configure the user with "secret" rather than "password" then the router does not know what the password is, the router only knows a hash value created by the secret password. The router can authenticate whether someone entered the correct password or not by taking the entered password and hashing it to see if it matches. But the router does not know what the real value of the secret password is and therefore can not use it in CHAP authentication.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide