English version
German version
Spanish version
French version
Italian version
Portuguese / Brazilian version
Dutch version
Greek version
Russian version
Japanese version
Korean version
Simplified Chinese version
Traditional Chinese version
Hindi version
Czech version
Slovak version
Bulgarian version
 

Cisco certification: introduction to isdn, part iv

Software RSS Feed





In part III of this ISDN primer, we learned that PPP has two main methods of authentication that Cisco certification candidates need to know how to configure: PAP and CHAP.

PAP has very few advantages over CHAP. PAP passwords are carried over the line in clear-text, which in today's world is a very bad idea. PAP configuration also requires additional configuration with the "ppp pap sent-username" command, so anyone who can see your running configuration can also see the PAP password.

The only advantage PAP has over CHAP is a slim one. With PAP, a different password can be used by the each of the routers involved in the authentication. CHAP requires that the password be the same. Why? We'll see as we examine CHAP authentication.

The First Step to Configuring CHAP

CHAP requires you to configure a username / password combination for any remote device that will be involved in authentication. (We're assuming that the routers have already been configured with their names via the global hostname command.) Both routers will use the password CISCO.

R1:

username R2 password CISCO

int bri0

encapsulation ppp

ppp authentication chap

R2:

username R1 password CISCO

int bri0

encapsulation ppp

ppp authentication chap

Why CHAP Authentication Requires The Same Password On Both Routers

Remember how PAP sends the password over the line in clear-text? CHAP does not actually send the password over the line at all. Instead, CHAP runs a hash algorithm using the password and a random number. It is the result of this hash that is passed over the link. The remote router receives the hash result, and runs the exact same algorithm. If the result is the same, the authentication attempt will be successful. If the result is different, the authentication will fail. For this reason, the passwords must be the same.

Debug The Connection If Authentication Fails

Since two passwords are involved, the chances of one of the passwords being mistyped doubles. If you configure CHAP and the link dials but drops almost immediately, there's an authentication problem. Run debug ppp negotiation and attempt to dial the line again. The output of this particular debug will show you where the problem is.

Chris Bryant, CCIE (TM) #12933, has been active in the Cisco certification community for years. He has written several books that have helped CCNA candidates around the world achieve the coveted CCNA certification, including several concentrating on binary math conversions and subnetting questions that the average CCNA candidate will need to answer on their CCNA exams.

He is the owner of The Bryant Advantage (http://www.thebryantadvantage.com) where he teaches affordable world-class CCNA courses via the Internet, and sells his popular Cisco certification books. Heâ??s proud to have helped CCNA candidates around the world achieve their career goals. Mr. Bryantâ??s books and courses are sold on his site, on eBay, and on several other major Cisco certification sites.

Article Source: Messaggiamo.Com





Related:

» Seo Elite: New Seo Software!
» AntiSpywareBOT
» Reverse Mobile
» Error Nuker


Webmaster Get Html Code
Add this article to your website now!

Webmaster Submit your Articles
No registration required! Fill in the form and your article is in the Messaggiamo.Com Directory!

Add to Google RSS Feed See our mobile site See our desktop site Follow us on Twitter!

Submit your articles to Messaggiamo.Com Directory

Categories


Copyright 2006-2011 Messaggiamo.Com - Site Map - Privacy - Webmaster submit your articles to Messaggiamo.Com Directory [0.01]
Hosting by webhosting24.com
Dedicated servers sponsored by server24.eu