Options

ppp chap password

EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
in CCNA & CCENT
Can anyone explain how this command is used?

I understand the challenge is sent containing the local hostname,id and random number, the hostname should be configured to match a username/password on the remote machine.Where does the "ppp chap password" come into the equation.
Below is a config i've used to test changing the "ppp chap hostname" it works fine, if i add the line
"ppp chap password test1" to Rta and "ppp chap password test2" to Rtb,it still works after i reset the link even though there is a password mismatch.
Since chap doesnt send a password in the challenge how is the chap password relavent?

Thanks in advance!

#Rta
username cisco password hello
int ser 0/0
encap ppp
ppp authen chap
ppp chap hostname test


#Rtb
username test password hello
int ser 0/0
encap ppp
ppp authen chap
ppp chap hostname cisco
Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
· Share on FacebookShare on Twitter

Comments

  • Options
    happy420goluckyhappy420golucky Member Posts: 78 ■■□□□□□□□□
    Can I ask, have you used this configuration between the two routers. Have you tried using the debug command to see the challenge and password exchange events taking place between the two devices?
    Every passing minute is a chance to turn it all around.
    · Share on FacebookShare on Twitter
  • Options
    computerguy9355computerguy9355 Inactive Imported Users Posts: 81 ■■□□□□□□□□
    The first thing with chap is the password has to be the same on both sides. When you configure a password under chap, it will generate a hash. And that hash value will be compared on the other side. If they match, both routers will start to communicate. If they don't, authentication will fail and the connection will be teared down. You can see the processes by using the debug command "debug ppp authentication"

    Best of luck on your CCNA studies.
    · Share on FacebookShare on Twitter
  • Options
    EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    happy420golucky wrote:
    Can I ask, have you used this configuration between the two routers. Have you tried using the debug command to see the challenge and password exchange events taking place between the two devices?

    PPP doesnt send the password as clear text so its not possible to see.All i see are the hostnames which is no good to me!
    Another setup i tried was as follows:

    Rta#
    username paul password test1
    int ser 0/0
    encap ppp
    ppp authe chap
    ppp chap hostname brian
    ppp chap password test

    Rtb#
    username brian password test
    int ser 0/0
    encap ppp
    ppp authe chap
    ppp chap hostname paul
    ppp chap password test1

    My idea was as follows, rta sends a challenge to rtb, rtb receives the challenge with hostname brian,looks up the local database and see's the password test.The received id,random number and password test are hashed and sent back to rta in a challenge response. Rta will receive the challenge response from rtb, see the hostname paul but it wont bother to lookup a password in the local database as " ppp chap password test" has been configured on the local interface.A hash should be generated locally using the the original sent id,random number and password from "ppp chap password" , this being compared to the received hash should match and authentication passed.
    In reality it failed,it will pass if i change the password on Rta paul to test.
    This indicates that the "ppp chap password test" has not been used.
    Anyone know how this command is meant to be used? I've checked everywhere and its not explained.
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
    · Share on FacebookShare on Twitter
  • Options
    computerguy9355computerguy9355 Inactive Imported Users Posts: 81 ■■□□□□□□□□
    http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4131.shtml


    Go to that link, it will explain the concept behind the chap.
    · Share on FacebookShare on Twitter
  • Options
    EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    computerguy9355 wrote:
    http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4131.shtml


    Go to that link, it will explain the concept behind the chap.

    Thanks but my question is very specific, if you read my post you would see i understand the concepts behind chap.I have detailed and tested a specific command that i am unable to understand.

    Please only reply if you can answer the question.
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
    · Share on FacebookShare on Twitter
  • Options
    agustinchernitskyagustinchernitsky Member Posts: 299
    From what I understand, you should configure something like this:

    RouterA(config)# username RouterB password cisco
    RouterA(config)# int s0
    RouterA(config-if)# encap ppp
    RouterA(config-if)# ppp authentication chap (you set chap auth)

    RouterB(config)# username RouterA password cisco
    RouterB(config)# int s0
    RouterB(config-if)# encap ppp
    RouterB(config-if)# ppp authentication chap (you set chap auth)

    I don't know about the "ppp chap hostname" or "ppp chap password" cmd... Theoretically, the username cmd has the requiered password.

    Hope it helps.
    · Share on FacebookShare on Twitter
  • Options
    EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    I found the answer, "ppp chap password" is only used in response to a challenge from an unknown hostname.The only way to use it correctly between two routers is by accompanying it will "ppp authen chap callin"
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
    · Share on FacebookShare on Twitter
  • Options
    YankeeYankee Member Posts: 157
    Good research Ed. All I knew was I had never used that command because I hadn't needed it.

    Yankee
    · Share on FacebookShare on Twitter
Sign In or Register to comment.