Content














3.2



PPP Authentication
 



 


3.2.2



Configuring PAP authentication
 







Enable PPP encapsulation and PAP
authentication with the following commands:

Router(config-if)#encapsulation
ppp
Router(config-if)#ppp authentication pap

A local username/password database must
also be configured, or point it to a network host that has that
information, such as a TACACS+ server. Without access to a
username/password database, the router will not know which combinations
are authorized and will deny all login attempts. Configure a local
username/password database by using the following command in global
configuration mode:

Router(config)#username
username password password

The username and password must match
the username
and password
in the remote routerłs ppp pap sent-username
command. For example, the following would add the entry for a user
called Romeo in the router's local database:

Router(config)#username
romeo password juliet

In some cases, the asynchronous
interface of a router is configured to place calls to other access
servers. If an interface is to respond to a peer's request to
authenticate with PAP, the
ppp pap sent-username
command must be used:

Router(config-if)#ppp pap
sent-username username password password


The
username and
password
in the ppp pap sent-username command, must match the
username username password
password statement on the remote host or
router.
As an example of when a router would
need to authenticate to an access server, look at the figure. Routers RTA and RTB can dial in to each other via POTS and are configured to
use PPP and PAP. Note that in the RTA router configuration, the
ppp pap sent-username
command is used to specify what username/password information to send
in the event that it dials RTB and is asked to authenticate. Router
RTB is also configured to send a username and password for PAP, if
challenged.
The name included with the
username
and dialer map
commands is case sensitive. If the name of the remote host is RTA, and
a username entry for rta is created instead, authentication will fail.

To ensure that both systems in the
example can communicate properly, their asynchronous interfaces have
been configured with the
dialer map command that
includes the remote router's name. By configuring each router with a
dialer map
statement, each system knows what to do with authentication issues
because the systems have prior knowledge of each other's name. The
dialer map
command also contains the telephone number to dial to reach the
specified router.

















 



Web Links

Configuring and Troubleshooting PPP Password Authentication
Protocol (PAP)


http://www.cisco.com/warp/public/ 471/config-pap.html