CHAP Question
CiscoCerts
Member Posts: 112
in CCNA & CCENT
Hey guys, I finally stumped myself with ICND2 (not sure if its a good thing or a bad thing it took 12 chapters to do!) Need a little help here if you would please.
Out of the Cisco Press ICND2 Second Edition...
Out of the Cisco Press ICND2 Second Edition...
My question is this... How does R1 know what password to give R2 and vice versa. There is now a username since the hostname=username so R1, but what is R1's password? if its not in the config then how does this work? This is two-way authentication!Chapter 12 Pre-test
Question 4:
Imagine that two routers, R1 and R2, have a leased line between them. Each router had its configuration erase and was then reloaded. R1 was then configured with the following commands:hostname R1 interface s0/0 encapsulation ppp ppp authentication chap
Which of the following configuration commands can complete the configuration of r1 so that CHAP can work correctly/ Assume that R2 has been configured correctly and that the password is fred.
a. No other configuration is needed.
b. ppp chap (global command)
c. username R1 password fred
d. username R2 password fred
e. ppp chap password fred
Book answer is D.
Comments
-
gojericho0
Member Posts: 1,059 ■■■□□□□□□□
The password is configured on both routers and has to be the same. Each router will perform the md5 hash and make sure it matches. If it does they routers are authenticated. You can also setup authentication for CHAP on a RADIUS server -
CiscoCerts
Member Posts: 112
gojericho0 wrote:The password is configured on both routers and has to be the same. Each router will perform the md5 hash and make sure it matches. If it does they routers are authenticated. You can also setup authentication for CHAP on a RADIUS server
Ah, I had a feeling that might be the answer but what hangs me up about that is the usernames are different. But it looks like the routers 'know' to use the challenging computers username's password as its own to verify with.
This appears to be one of those cases where someone has tried to simplify things but it has overcomplicated it for me.
Thanks gojericho0
Does anyone have anything else to add? -
korszo
Member Posts: 31 ■■□□□□□□□□
CiscoCerts wrote:This appears to be one of those cases where someone has tried to simplify things but it has overcomplicated it for me.
Just studying this myself the last couple days using Lammle's book, and I got confused just like you did.
The first time thorugh I confused myself by using extra commands in the configuration:
ppp chap hostname xxxxxx
ppp chap password xxxxxx
These allow you to use a different username / password combination.
Thought I understood the concept and actually thought there was an error in Lammle's book. Then I watched CBT Nuggets, and saw the above commands were not part of the basic configuration.
In the blur of information information overload, I had to reread Lammle's description of the process again. I was the one that elected to use the above commands and don't know why, but at least now I know they're there and understand what's happening.
It helps to have multiple references. I would never be able to comprehend this stuff without playing with it on real equipment in a lab environment.
Was happy to see someone else found this confusing as I had to go over it many times.
RK -
CiscoCerts
Member Posts: 112
korszo wrote:CiscoCerts wrote:This appears to be one of those cases where someone has tried to simplify things but it has overcomplicated it for me.
Just studying this myself the last couple days using Lammle's book, and I got confused just like you did.
The first time thorugh I confused myself by using extra commands in the configuration:
ppp chap hostname xxxxxx
ppp chap password xxxxxx
These allow you to use a different username / password combination.
Thought I understood the concept and actually thought there was an error in Lammle's book. Then I watched CBT Nuggets, and saw the above commands were not part of the basic configuration.
In the blur of information information overload, I had to reread Lammle's description of the process again. I was the one that elected to use the above commands and don't know why, but at least now I know they're there and understand what's happening.
It helps to have multiple references. I would never be able to comprehend this stuff without playing with it on real equipment in a lab environment.
Was happy to see someone else found this confusing as I had to go over it many times.
RK
Oh that's interesting, I didn't even know about the those commands
ppp chap hostname xxxxxx
ppp chap password xxxxxx
I also am using the CBT Nuggets to supplement my reading along with gns3. -
tech-airman
Member Posts: 953
CiscoCerts wrote:Hey guys, I finally stumped myself with ICND2 (not sure if its a good thing or a bad thing it took 12 chapters to do!) Need a little help here if you would please.
Out of the Cisco Press ICND2 Second Edition...
My question is this... How does R1 know what password to give R2 and vice versa. There is now a username since the hostname=username so R1, but what is R1's password? if its not in the config then how does this work? This is two-way authentication!Chapter 12 Pre-test
Question 4:
Imagine that two routers, R1 and R2, have a leased line between them. Each router had its configuration erase and was then reloaded. R1 was then configured with the following commands:hostname R1 interface s0/0 encapsulation ppp ppp authentication chap
Which of the following configuration commands can complete the configuration of r1 so that CHAP can work correctly/ Assume that R2 has been configured correctly and that the password is fred.
a. No other configuration is needed.
b. ppp chap (global command)
c. username R1 password fred
d. username R2 password fred
e. ppp chap password fred
Book answer is D.
CiscoCerts,
Here's a link that should help.
Link:- PPP Authentication Using the ppp chap hostname and ppp authentication chap callin Commands - http://www.cisco.com/en/US/tech/tk713/tk507/technologies_configuration_example09186a0080094333.shtml
-
CiscoCerts
Member Posts: 112
tech-airman wrote:CiscoCerts wrote:Hey guys, I finally stumped myself with ICND2 (not sure if its a good thing or a bad thing it took 12 chapters to do!) Need a little help here if you would please.
Out of the Cisco Press ICND2 Second Edition...
My question is this... How does R1 know what password to give R2 and vice versa. There is now a username since the hostname=username so R1, but what is R1's password? if its not in the config then how does this work? This is two-way authentication!Chapter 12 Pre-test
Question 4:
Imagine that two routers, R1 and R2, have a leased line between them. Each router had its configuration erase and was then reloaded. R1 was then configured with the following commands:hostname R1 interface s0/0 encapsulation ppp ppp authentication chap
Which of the following configuration commands can complete the configuration of r1 so that CHAP can work correctly/ Assume that R2 has been configured correctly and that the password is fred.
a. No other configuration is needed.
b. ppp chap (global command)
c. username R1 password fred
d. username R2 password fred
e. ppp chap password fred
Book answer is D.
CiscoCerts,
Here's a link that should help.
Link:- PPP Authentication Using the ppp chap hostname and ppp authentication chap callin Commands - http://www.cisco.com/en/US/tech/tk713/tk507/technologies_configuration_example09186a0080094333.shtml
Thank you sir, you are a gentleman and a scholar! This topic is now crystal clear to me. I haven't the slightest clue how to navigate cisco.com and pull such a perfect link as you've done here. Any tips on this?
Most helpful, thanks again!
