NETWORK LESSON

Basics of PPP Authentications using PAP – One-Way Authentication

Published by

Recto Orpia

on

Some notes for PPP Authentication using PAP.

  • PAP is sending password in clear-text

Two options to enable PPP Authentications using PAP includes

  1. One-way PAP Authentications
  2. Two-way PAP Authentications

On this Post, I’m exploring the configurations of enabling One-way PAP Authentications:

High Level steps below:

1.Set the username and password that will be used for the authentications.

R2(config)#username ccie password go4it

2. Configure under interface mode using the “ppp pap sent-username“command

R2(config-if)#ppp pap sent-username ccie password go4it
PPP: Warning: You have chosen a username/password combination that
is valid for CHAP. This is a potential security hole.


R2(config-if)#do show run int s0/0
Building configuration…

Current configuration : 218 bytes
!
interface Serial0/0
ip address 192.168.12.2 255.255.255.0
encapsulation ppp
peer default ip address pool PPP_DHCP_Pool
clock rate 2000000
ppp authentication pap
ppp pap sent-username ccie password 0 go4it
end

On R1, assigned the same PPP username and password under interface mode:

R1(config)#int s0/0
R1(config-if)#shut
R1(config-if)#ppp pap sent-username ccie password 0 go4it
PPP: Warning: You have chosen a username/password combination that
is valid for CHAP. This is a potential security hole.
R1(config-if)#
Jun 4 05:57:55.547: %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively down

R1(config-if)#do show run int s0/0
Building configuration…

Current configuration : 144 bytes
!
interface Serial0/0
ip address negotiated
encapsulation ppp
shutdown
clock rate 2000000
ppp pap sent-username ccie password 0 go4it
end

The moment, I have enable the interface , PPP links went through both the LCP and NCP negotiations. We could also see PAP Authentications is being initiated.

R1(config-if)#
Jun 4 07:01:37.946: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
Jun 4 07:01:37.946: Se0/0 PPP: Using default call direction
Jun 4 07:01:37.950: Se0/0 PPP: Treating connection as a dedicated line
Jun 4 07:01:37.950: Se0/0 PPP: Session handle[B500000E] Session id[14]
Jun 4 07:01:37.950: Se0/0 PPP: Phase is ESTABLISHING, Active Open
Jun 4 07:01:37.950: Se0/0 LCP: O CONFREQ [Closed] id 10 len 10
Jun 4 07:01:37.954: Se0/0 LCP: MagicNumber 0x023ACD40 (0x0506023ACD40)
Jun 4 07:01:37.990: Se0/0 LCP: I CONFREQ [REQsent] id 82 len 14
Jun 4 07:01:37.990: Se0/0 LCP: AuthProto PAP (0x0304C023)
Jun 4 07:01:37.990: Se0/0 LCP: MagicNumber 0x0339D6F4 (0x05060339D6F4)
Jun 4 07:01:37.990: Se0/0 LCP: O CONFACK [REQsent] id 82 len 14
Jun 4 07:01:37.994: Se0/0 LCP: AuthProto PAP (0x0304C023)
Jun 4 07:01:37.994: Se0/0 LCP: MagicNumber 0x0339D6F4 (0x05060339D6F4)
Jun 4 07:01:37.994: Se0/0 LCP: I CONFACK [ACKsent] id 10 len 10
Jun 4 07:01:37.994: Se0/
R1(config-if)#
R1(config-if)#0 LCP: MagicNumber 0x023ACD40 (0x0506023ACD40)
Jun 4 07:01:37.998: Se0/0 LCP: State is Open
Jun 4 07:01:37.998: Se0/0 PPP: Phase is AUTHENTICATING, by the peer
Jun 4 07:01:37.998: Se0/0 PAP: Using hostname from interface PAP
Jun 4 07:01:37.998: Se0/0 PAP: Using password from interface PAP
Jun 4 07:01:37.998: Se0/0 PAP: O AUTH-REQ id 3 len 15 from “ccie”
Jun 4 07:01:38.034: Se0/0 PAP: I AUTH-ACK id 3 len 5
Jun 4 07:01:38.034: Se0/0 PPP: Phase is FORWARDING, Attempting Forward
Jun 4 07:01:38.038: Se0/0 PPP: Queue IPCP code[1] id[1]
Jun 4 07:01:38.038: Se0/0 PPP: Discarded CDPCP code[1] id[1]
Jun 4 07:01:38.038: Se0/0 PPP: Phase is ESTABLISHING, Finish LCP
Jun 4 07:01:38.042: Se0/0 PPP: Phase is UP
Jun 4 07:01:38.042: Se0/0 IPCP: O CONFREQ [Closed] id 1 len 10
Jun 4 07:01:38.042: Se0/0 IPCP: Address 0.0.0.0 (0x030600000000)
Jun 4 07:01:38.042: Se0/0 CDPCP: O CONFREQ [Closed] id 1 len 4
Jun 4 07:01:38.046: Se0/0 PPP: Process pending ncp packets
Jun 4 07:01:38.046: Se0/0 IPCP: Redirect packet to Se0/0
Jun 4 07:01:38.046: Se0/0 IPCP: I CONFREQ [REQsent] id 1 len 10
Jun 4 07:01:38.046: Se0/0 IPCP: Address 192.168.12.2 (0x0306C0A80C02)
Jun 4 07:01:38.046: Se0/0 IPCP: O CONFACK [REQsent] id 1 len 10
Jun 4 07:01:38.046: Se0/0 IPCP: Address 192.168.12.2 (0x0306C0A80C02)
Jun 4 07:01:38.050: Se0/0 CDPCP: I CONFACK [REQsent] id 1 len 4
Jun 4 07:01:38.054: Se0/0 IPCP: I CONFNAK [ACKsent] id 1 len 10
Jun 4 07:01:38.054: Se0/0 IPCP: Address 192.168.12.3 (0x0306C0A80C03)
Jun 4 07:01:38.054: Se0/0 IPCP: O CONFREQ [ACKsent] id 2 len 10
Jun 4 07:01:38.054: Se0/0 IPCP: Address 192.168.12.3 (0x0306C0A80C03)
Jun 4 07:01:38.078: Se0/0 IPCP: I CONFACK [ACKsent] id 2 len 10
Jun 4 07:01:38.078: Se0/0 IPCP: Address 192.168.12.3 (0x0306C0A80C03)
Jun 4 07:01:38.078: Se0/0 IPCP: State is Open
Jun 4 07:01:38.082: Se0/0 IPCP: Install negotiated IP interface address 192.168.12.3
Jun 4 07:01:38.094: Se0/0 IPCP: Install route to 192.168.12.2
Jun 4 07:01:39.038: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
Jun 4 07:01:40.022: Se0/0 CDPCP: Timeout: State ACKrcvd
Jun 4 07:01:40.022: Se0/0 CDPCP: O CONFREQ [ACKrcvd] id 2 len 4
Jun 4 07:01:40.042: Se0/0 CDPCP: I CONFACK [REQsent] id 2 len 4
Jun 4 07:01:40.094: Se0/0 IPCP: Install route to 192.168.12.2
Jun 4 07:01:41.258: Se0/0 CDPCP: I CONFREQ [ACKrcvd] id 2 len 4
Jun 4 07:01:41.258: Se0/0 CDPCP: O CONFACK [ACKrcvd] id 2 len 4
Jun 4 07:01:41.262: Se0/0 CDPCP: State is Open

R1(config-if)#do show ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
Serial0/0 192.168.12.3 YES IPCP up up
FastEthernet0/1 unassigned YES unset administratively down down
Serial0/1 unassigned YES unset administratively down down
Serial0/2 unassigned YES unset administratively down down
Serial0/3 unassigned YES unset administratively down down
FastEthernet1/0 unassigned YES unset administratively down down
R1(config-if)#
R1(config-if)#
R1(config-if)#do show int s0/0
Serial0/0 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 192.168.12.3/32
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, loopback not set

In summary, in order to enable one-way PAP authentication, the router controlling the PPP sessions should set a username and password that will be used for the establishing the PPP sessions.

R2 Required configurations is highlighted above
R1 require configurations is highlighted above

#################### END OF LAB #################################

Leave a comment

Previous Post
Next Post

Recent posts

Quote of the week

"People ask me what I do in the winter when there's no baseball. I'll tell you what I do. I stare out the window and wait for spring."

~ Rogers Hornsby

NETWORK LESSON

About

Passionate about simplifying the complex world of networking and automation for learners everywhere.”.

Topics

Follow Us

Create a website or blog at WordPress.com