Did you remember how to configure PAP on a serial link? Time to check your config for a back-to-back serial link with PPP and PAP. Check out the requirements back in the lab post, create your answers, and come back here to check your work.
Answers
Figure 1: Two Routers with IP Subnets
Example 3: R1 Config
username ciscouser2 secret cisco ! interface Serial0/0/0 ip address 172.20.20.17 255.255.255.248 encapsulation ppp ppp authentication pap ppp pap sent-username ciscouser1 password cisco
Example 4: R2 Config
username ciscouser1 secret cisco ! interface Serial0/0/1 clock rate 1536000 ip address 172.20.20.18 255.255.255.248 encapsulation ppp ppp authentication pap ppp pap sent-username ciscouser2 password cisco
Commentary
One of the primary reasons that engineers prefer to select the Point-to-Point Protocol (PPP) over High-Level Data Link Control (HDLC) is that it supports authentication. PPP supports two different authentication protocols: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).
PAP offers both a unidirectional authentication method and a bidirectional authentication method, both of which use a simple username/password combination. Unfortunately, PAP also transmits this information over the line in cleartext. This is the reason that engineers typically select CHAP. CHAP provides a bidirectional authentication method that also utilizes a username/password combination, but instead of transmitting this information over the line in cleartext, it takes advantage of MD5 hashing; when using this method, only a calculated hash is ever sent over the line.
First, for the basics. R2’s S0/0/1 acts as DCE, and the labs asks for a clock rate of T1 speed (1.544 Mbps). Many Cisco routers’ clock rate commands have speeds close to but not exactly T1 speed (1.544 Mbps); in this case, the lab used to create the exercise supported a clock rate 1536000 command. Both R1 and R2 then list the correct IP addresses on each end of the link. (Note that with later IOS versions, the ping will work even without the clock rate command, because IOS automatically adds the command.)
To make the link use PPP, both routers include the encapsulation ppp interface subcommand.
For PAP, to create bidirectional authentication on the serial interface, each side needs to enable PAP and define the username/password to be transmitted with the ppp pap sent-username command. Additionally, each router must define the other router’s username/password with a username global command. For instance, R1 sends the username ciscouser1, with password cisco, so R2 then must have the username ciscouser1 command configured.
For the PAP authentication, on the serial interface, both need the command ppp authentication pap to enable PAP. Then, R1 uses the command ppp pap sent-username ciscouser1 password cisco to define the username/password R1 sends to R2. R2 similarly defines the the subcommand ppp pap sent-username ciscouser2 password cisco. Each router must define the other router’s username/password in a username (global) command as seen at the top of Examples 3 and 4.
Check out this link for some additional background information on PAP.