Lab 7.2.5.3 Configuring and Verifying PAP and CHAP Authentication
Step 1: Connect the equipment
Connect Router 1 and Router 2 with a serial cable connecting both Serial 0/0/0 interfaces as shown in the topology diagram.
Step 2: Perform basic configuration on Router 1
- Connect a PC to the console port of the router to perform configurations using a terminal emulation program.
- On Router 1, configure the hostname, IP addresses, and passwords as provided in the addressing table. Save the configuration.
Step 3: Perform basic configuration on Router 2
On Router 2, configure the hostname, IP addresses, and passwords as provided in the addressing table. Save the configuration.
Step 4: Configure PPP encapsulation on both R1 and R2
Change the encapsulation type to PPP by entering encapsulation ppp at the interface Serial 0/0
configuration mode prompt on both routers.
R1(config-if)#encapsulation ppp
R2(config-if)#encapsulation ppp
Step 5: Verify PPP encapsulation on R1 and R2
Enter the command show interface serial 0/0 to verify the PPP encapsulation on R1 and R2.
Step 6: Verify that the serial connection is functioning
Ping from R1 to R2 to verify that there is connectivity between the two routers.
R1#ping 192.168.15.2
R2#ping 192.168.15.1
Step 7: Turn on PPP debugging
To display the authentication exchange process as it occurs, issue the command debug ppp
authentication at the privileged EXEC mode prompt.
R1#debug ppp authentication
R2#debug ppp authentication
Step 8: Configure PPP authentication on R1 with PAP
- Configure the username and password on the R1 router.
- In Cisco IOS releases 11.1 or later, PAP must be enabled on the interface because it is disabled by default. From the Serial 0/0/0 interface configuration mode prompt, enable PAP on the interface.
Step 9: Verify that the serial connection is functioning
Verify that the serial connection is functioning by pinging the serial interface of R2.
Step 10: Configure PPP authentication on R2 with PAP
- Configure the username and password on the R2 router
- In Cisco IOS releases 11.1 or later, PAP must be enabled on the interface because it is disabled by default. From the Serial 0/0/0 interface configuration mode prompt, enable PAP on the interface.
Step 11: Verify that the serial connection is functioning
Verify that the serial connection is functioning by pinging the serial interface of R1.
Step 12: Remove PAP from R1 and R2
Remove PAP from R1 and R2 by issuing the command no in front of the commands used to configure PAP.
Step 13: Configure PPP authentication on R1 with CHAP
- f both CHAP and PAP are enabled, the first authentication method specified is requested during the link negotiation phase. If the peer suggests using the second method or simply refuses the first method, the second method is tried.
- Save the configuration on R1 and R2 and reload both routers.
- To display the authentication exchange process as it occurs, issue the command debug pppauthentication at the privileged EXEC mode prompt.
- Configure the username and password on the R1 router.
Step 14: Configure PPP authentication on R2 with CHAP
Configure the username and password on the R2 router
Step 15: Verify that the serial connection is functioning
Verify that the serial connection is functioning by pinging the serial interface of R1.
Was it successful? __________ yes
Step 16: Verify the serial line encapsulation on R1
Enter the command show interface serial 0/0 to view the details of the interface.
Step 16: Verify the serial line encapsulation on R1
Enter the command show interface serial 0/0 to view the details of the interface.
Step 18: Turn off debugging on both R1 and R2
Turn off all debugging by issuing the undebug all command on both R1 and R2.
R1#undebug all
R2#undebug all
Step 19: Reflection
- What is an advantage of using CHAP over PAP? Jawaban: CHAP is the preferred protocol because CHAP periodically verifies the identity of the remote node using a three-way handshake. CHAP provides protection against playback attack through the use of a variable challenge value that is unique and unpredictable. Because the challenge is unique and random, the resulting hash value will be unique and random.
- Which PPP protocol is used for establishing a point-to-point link? Jawaban: LCP
- Which PPP protocol is used for configuring the various Network Layer protocols? Jawaban: NCP
0 komentar:
Posting Komentar