Home > Point to Point Protocol (PPP) Tutorial

Point to Point Protocol (PPP) Tutorial

March 11th, 2016 Go to comments

PAP and CHAP Configuration

Configure PAP and CHAP is rather easy. First we need to enable PPP encapsulation, then specify if PAP or CHAP will be used with the “ppp authentication pap” or “ppp authentication chap” command.

PAP Configuration

In many CCNA books you will see two routers authenticate each other and their configurations are identical. But we wish you to understand the difference in the configuration of Client and Server. So in this example we only want the Server to authenticate the Client router, not vice versa.

PAP_CHAP_Config.jpg

Client(config)#int s1/0
Client(config-if)#encapsulation ppp
Client(config-if)#ppp pap sent-username CLIENT1 password TUT
Client(config-if)#no shutdown

Server(config)#username CLIENT1 password TUT
Server(config)#int s1/1
Server(config-if)#encapsulation ppp
Server(config-if)#ppp authentication pap
Server(config-if)#no shutdown

Of course we have to enable PPP in both routers first with the “encapsulation ppp” command. Server router is the one who will authenticate when receiving username & password from Client so we need to use the “ppp authentication pap” command to tell the router to authenticate via PAP.

In Server router we also need to create an username and password entry to match the username & password sent from Client with the “username CLIENT1 password TUT” command.

Notice that in Client configuration we can specify a username (CLIENT1) that is different from its hostname (in this case Client) with the “ppp pap sent-username …” command. Client will use CLIENT1 as its username to authenticate with the Server.

If your configuration is correct then you will see the status “up/up” on your serial interfaces.

Note: Please do not use the “ppp authentication pap” command on Client router as we don’t want the Client to authenticate the Server. If you use this command the PPP link would fail because Server is not configured to send username and password to Client!

CHAP Configuration

The CHAP configuration is rather similar to the PAP configuration so we will not explain more.

Client(config)#interface Serial 1/0
Client(config-if)#encapsulation ppp
Client(config-if)#ppp chap hostname CLIENT1
Client(config-if)#ppp chap password TUT
Client(config-if)#no shutdown
Server(config)#username CLIENT1 password TUT
Server(config)#interface Serial 1/1
Server(config-if)#encapsulation ppp
Server(config-if)#ppp authentication chap
Server(config-if)#no shutdown
Note: Please do not use the “ppp authentication chap” command on Client router as we don’t want the Client to authenticate the Server. If you use this command the PPP link would fail because Server is not configured to send username and password to Client!

Verification the Serial Encapsulation Configuration

We can use the “show interface <interface>” command to see the configured encapsulation type of that Serial interface and the LCP, NCP states if PPP encapsulation is configured.

Client#show interface s1/0
Serial1/0 is up, line protocol is up
  Hardware is M4T
  MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: CDPCP, crc 16, loopback not set

We can see interface Serial1/0 is configured with PPP encapsulation. The LCP state is “open” which means the negotiation and session establishment are good. The “Open: CDPCP” line tells us the NCP is listening for the Cisco Discovery Protocol (CDP) protocol.

An useful debug command to check PPP authentication is the “debug ppp authentication” or “debug ppp negotiation” command.

Comments (14) Comments
Comment pages
1 2 3 2751
  1. Pl413r
    May 31st, 2017

    Hello,
    I believe this is wrong as you need to authenticate both sides.

    client#int s0/0/0
    client#ip add 192.168.0.1 255.255.255.0
    client#encapsulation ppp
    client#ppp pap sent-username server password pass tut2
    client#username client password tut1

    server#username server password tut2
    server#int s0/0/1
    server#ip add 192.168.0.2 255.255.255.0
    server#encapsulation ppp
    server#ppp pap sent-username client password pass tut1

  2. easy p
    June 29th, 2017

    from sierra leone

  3. Anonymous
    July 3rd, 2017

    Hello,
    I believe this is wrong as you need to authenticate both sides.
    client#int s0/0/0
    client#ip add 192.168.0.1 255.255.255.0
    client#encapsulation ppp
    client#ppp pap sent-username server password pass tut2
    client#username client password tut1
    server#username server password tut2
    server#int s0/0/1
    server#ip add 192.168.0.2 255.255.255.0
    server#encapsulation ppp
    server#ppp pap sent-username client password pass tut1

  4. Switch
    July 13th, 2017

    Verified this in packet tracer that the setup as explained in the tutorial works. I configured the client side and it was down, once server side configured both ports came up with the status as shows above.

  5. Rodmar
    August 17th, 2017

    Check your configuration with the encapsulation if it is both ppp. You have a trouble with link establishment phase.

  6. Pheak KH
    September 28th, 2017

    Please add below command on both Routers

    client# ppp authentication pap
    server# ppp authentication pap

  7. kock
    December 20th, 2017

    I think , username must be the peer’s hostname and password must be match

    R1 <> R2
    username R2 password 123 username R1 password 123

    https://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/25647-understanding-ppp-chap.html

  8. Kumar
    January 5th, 2018

    ppp authentication chap

    When I give this in the server router, the state changes to down and the LCP becomes closed. Only without this line, the LCP is open.. Any thoughts?

  9. Anonymous
    March 20th, 2018

    @9tut
    All your tutorials are the best thing I have ever laid my eyes upon.
    All other sites have too much jargon and unnecessarily complicate simple things.
    Thank you for keeping it simple yet thorough!
    Keep them tutorials coming!!!

  10. Anonymous
    March 29th, 2018

    I like your tutorials, thank you. I wish you would have a download option or a print :P

  11. broski
    April 10th, 2018

    Where can i find the new dumps? I am a new in ccna and need help.

  12. Rony
    April 17th, 2018

    If we have two routers named R1 and R2 respectivlely, we can do :
    R1(config)#username R2 password router_ppp
    R2(config)#username R1 password router_ppp

  13. Rony
    April 17th, 2018

    Please somebody can help to make MULTI LINK PPP connection with two Cisco routers? I want the main commands. Thanks!

  14. Mohammed
    May 9th, 2018

    Does the PPP CHAP is supported in all routers, or I should enable it. As I could not find it in my router in packet tracer 7.1

Comment pages
1 2 3 2751
Add a Comment