PAP 2

PPP authentication has been around for a long time with both Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). Although most people use CHAP (for stronger authentication), practicing PAP from the CLI can be useful for rounding out your CCNA-level CLI skillset. This lab works through the basics of unidirectional authentication using PAP – as usual, you look at the requirements and make your own configuration, and I’ll post my answer in a couple of days.

Requirements

PAP Authentication provides one way to authenticate two routers on the ends of a serial link. This lab provides you with the parameters, and you then need to remember the configuration steps and get a link working. The lab begins with all the interfaces shown in Figure 1 connected and enabled using default parameters. Your job is to get the serial link working per the following parameters:

• Use PPP encapsulation
• Use PPP PAP Authentication
• Use unidirectional authentication, where R1 authenticates R2 (that is, R2 sends a username/password to R1 so R1 can authenticate R2).
• The username/password exchanged should be ciscouser/cisco.
• Use the serial IP addresses indicated in the figure.

Figure 1: Two Routers with IP Subnets

Initial Configuration

While you might be able to configure this lab using the information supplied so far, the initial configurations of the two routers can also be helpful. Example 1 and 2 show the beginning configuration state of R1 and R2.

Example 1: R1 Config

Example 2: R2 Config

Note: For any of you trying this lab on real gear or a simulator, you may also need to add a clock rate command to the router serial interface in which the DCE serial cable end is connected. More recent IOS versions supply this command automatically, but if the link does not stay up, just try adding a clock rate 128000 interface subcommand on the serial interfaces of each router – that might be all you need. Check the ICND2 Cert Guide’s Point-to-point WAN chapter for more details.

Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear or other tools, configure the lab using them.

To test your solution if you happen to try it with real gear, all you need to do is cable the back-to-back cable and configure both ends. If both serial links remain in an up/up state, and you can ping the other router’s serial interface IP address. Note that with later IOS versions, the ping will work even without a few of the commands requested in this lab. You can check some parts of the lab with the show controllers and show interfaces commands.