Configure PPP Authentication on Cisco Router

There are many ways to interconnect routers. One of the most popular and traditional ways to interconnect routers on a WAN network is using the Serial interfaces. A serial cable has two ends Data Communication Equipment (DCE) and Data Terminal Equipment (DTE). The DCE end is typically located at the service providers’ end and the DTE end is typically located at the customer end. At the DCE end, you have to specify the clock rate. To specify the clock rate, execute the clock rate <clock value > command. In this post, we will explain how to configure PPP authentication (PAP and CHAP authentication) between two routers connected via serial interfaces.

One of the major problems with connecting routers over WAN using serial is security threats. Fortunately, there are various security protocols that can be implemented to secure point-to-point WAN connection between two routers.

Also read: How to install and use GNS3

You can configure either PAP or CHAP as an authentication protocol for PPP encapsulation. CHAP is more secure than PAP and difficult to hack. However, configuration steps are same for both the PPP authentication protocols.

Creating and Understanding Topology

To configure PPP authentication on Cisco routers, we will use the following topology, in which two Cisco routers are connected using the serial interfaces. Router1 has the DCE end and Router2 has the DTE end. So, create the following topology in Cisco Packet Tracer and start to configure PPP authentication. Alternatively, you can also use GNS3. We recommend to use the Generic Routers. These routers already have serial interfaces, so you would not require to adding serial interfaces manually.

Configure PPP Authentication on Cisco Routers

Configuring PPP Authentication (CHAP Authentication)

  1. Once you have created the preceding topology, you need to execute the following commands on Router1 to configure PPP authentication. In this case, CHAP authentication.
    Router1(config)#int se2/0
    Router1(config-if)#ip add 200.200.200.1 255.255.255.252
    Router1(config-if)#clock rate 64000 
    Router1(config-if)#encapsulation ppp
    Router1(config-if)#ppp authentication chap 
    Router1(config-if)#no shut 
    Router1(config-if)#exit 
    Router1(config)#username Router2 password 123456
  2. The following figure shows the commands used to configure PPP authentication on a Cisco router. In this case, Router1.Configure PPP Encapsulation - CHAP Authentication
  3. In the preceding commands, we have used 123456 as shared key that will be used to authenticate the routers.
  4. Next, move on to Router2 and execute the following commands to configure IP address and enable CHAP authentication.
    Router2(config)#int se2/0
    Router2(config-if)#ip add 200.200.200.2 255.255.255.252
    Router2(config-if)#encapsulation ppp
    Router2(config-if)#ppp authentication chap
    Router2(config-if)#no shut
    Router2(config-if)#exit
  5. The following figure shows the PPP configuration on Router2.Configure PPP CHAP Authentication
  6. Next, execute the following command on Router2 to verify the PPP configuration.
    Router2#show int se2/0

    Verify PPP Authentication configuration

  7. In the preceding figure, you can see that the Encapsulation is set as PPP. However, the line protocol status is still down. But why? Simple, you have not defined the username and password of Router1 yet. So, execute the following command to define username and password of Router1.
    Router2(config)#username Router1 password 123456

Conclusion

In the preceding figure, you can see that the line protocol status is now shown as Up. This is what does the PPP encapsulation. Both the routers are now authenticated and can communicate to each other over the serial interfaces. Now, you have successfully configured PPP authentication on Cisco routers.

That’s all you need to do to enable and configure PPP authentication on Cisco routers. Hope, it helps you and you enjoyed it. You may share this article to encourage us to serve you more articles. You may also provide your feedback and suggestions to improve the quality of articles.

Posted in CCNA, Cisco Tagged with: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*