Home > Point to Point Protocol (PPP) Tutorial

Point to Point Protocol (PPP) Tutorial

March 11th, 2016 Go to comments

PAP and CHAP Configuration

Configure PAP and CHAP is rather easy. First we need to enable PPP encapsulation, then specify if PAP or CHAP will be used with the “ppp authentication pap” or “ppp authentication chap” command.

PAP Configuration

In many CCNA books you will see two routers authenticate each other and their configurations are identical. But we wish you to understand the difference in the configuration of Client and Server. So in this example we only want the Server to authenticate the Client router, not vice versa.

PAP_CHAP_Config.jpg

Client(config)#int s1/0
Client(config-if)#encapsulation ppp
Client(config-if)#ppp pap sent-username CLIENT1 password TUT
Client(config-if)#no shutdown

Server(config)#username CLIENT1 password TUT
Server(config)#int s1/1
Server(config-if)#encapsulation ppp
Server(config-if)#ppp authentication pap
Server(config-if)#no shutdown

Of course we have to enable PPP in both routers first with the “encapsulation ppp” command. Server router is the one who will authenticate when receiving username & password from Client so we need to use the “ppp authentication pap” command to tell the router to authenticate via PAP.

In Server router we also need to create an username and password entry to match the username & password sent from Client with the “username CLIENT1 password TUT” command.

Notice that in Client configuration we can specify a username (CLIENT1) that is different from its hostname (in this case Client) with the “ppp pap sent-username …” command. Client will use CLIENT1 as its username to authenticate with the Server.

If your configuration is correct then you will see the status “up/up” on your serial interfaces.

Note: Please do not use the “ppp authentication pap” command on Client router as we don’t want the Client to authenticate the Server. If you use this command the PPP link would fail because Server is not configured to send username and password to Client!

CHAP Configuration

The CHAP configuration is rather similar to the PAP configuration so we will not explain more.

Client(config)#interface Serial 1/0
Client(config-if)#encapsulation ppp
Client(config-if)#ppp chap hostname CLIENT1
Client(config-if)#ppp chap password TUT
Client(config-if)#no shutdown
Server(config)#username CLIENT1 password TUT
Server(config)#interface Serial 1/1
Server(config-if)#encapsulation ppp
Server(config-if)#ppp authentication chap
Server(config-if)#no shutdown
Note: Please do not use the “ppp authentication chap” command on Client router as we don’t want the Client to authenticate the Server. If you use this command the PPP link would fail because Server is not configured to send username and password to Client!

Verification the Serial Encapsulation Configuration

We can use the “show interface <interface>” command to see the configured encapsulation type of that Serial interface and the LCP, NCP states if PPP encapsulation is configured.

Client#show interface s1/0
Serial1/0 is up, line protocol is up
  Hardware is M4T
  MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: CDPCP, crc 16, loopback not set

We can see interface Serial1/0 is configured with PPP encapsulation. The LCP state is “open” which means the negotiation and session establishment are good. The “Open: CDPCP” line tells us the NCP is listening for the Cisco Discovery Protocol (CDP) protocol.

An useful debug command to check PPP authentication is the “debug ppp authentication” or “debug ppp negotiation” command.

Comments (7) Comments
Comment pages
1 2 3 2751
  1. Miki
    May 19th, 2017

    I have followed the steps to creating two routers interfaced by a serial line but when i type “show interface s1/0” , “it show that s1/0 is up , line protocol is down.”

    I have used the same commands as given above. please direct me to what I am missing?

  2. Pl413r
    May 31st, 2017

    Hello,
    I believe this is wrong as you need to authenticate both sides.

    client#int s0/0/0
    client#ip add 192.168.0.1 255.255.255.0
    client#encapsulation ppp
    client#ppp pap sent-username server password pass tut2
    client#username client password tut1

    server#username server password tut2
    server#int s0/0/1
    server#ip add 192.168.0.2 255.255.255.0
    server#encapsulation ppp
    server#ppp pap sent-username client password pass tut1

  3. easy p
    June 29th, 2017

    from sierra leone

  4. Anonymous
    July 3rd, 2017

    Hello,
    I believe this is wrong as you need to authenticate both sides.
    client#int s0/0/0
    client#ip add 192.168.0.1 255.255.255.0
    client#encapsulation ppp
    client#ppp pap sent-username server password pass tut2
    client#username client password tut1
    server#username server password tut2
    server#int s0/0/1
    server#ip add 192.168.0.2 255.255.255.0
    server#encapsulation ppp
    server#ppp pap sent-username client password pass tut1

  5. Switch
    July 13th, 2017

    Verified this in packet tracer that the setup as explained in the tutorial works. I configured the client side and it was down, once server side configured both ports came up with the status as shows above.

  6. Rodmar
    August 17th, 2017

    Check your configuration with the encapsulation if it is both ppp. You have a trouble with link establishment phase.

  7. Pheak KH
    September 28th, 2017

    Please add below command on both Routers

    client# ppp authentication pap
    server# ppp authentication pap

Comment pages
1 2 3 2751
Add a Comment