RE: PPP CHAP Password

From: Bola Adegbonmire (BolaAD@Resourcery.com.ng)
Date: Mon Sep 30 2002 - 10:51:07 GMT-3

• Next message: Persio Pucci: "ATM on Lab"
• Previous message: beda jain: "what is use of ppp chap passwoed"
• Maybe in reply to: Jaksec, Nick: "PPP CHAP Password"
• Next in thread: Ayman Hamza: "RE: PPP CHAP Password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

True. Still the passwords been used by poth peers do not have to match what has to match is the "ppp chap password" on one router and the associated global "username x password xxxx" configured on the peer. Meaning
R1 can have

usename b1 password b
int xx
 ppp chap password c
 ppp chap hostname c1

R2 will have
usename c1 password c
int xx
 ppp chap password b
 ppp chap hostname b1

-----Original Message-----
From: Ayman Hamza [mailto:ayhamza@cisco.com]
Sent: Monday, September 30, 2002 2:00 PM
To: msnyder@revolutioncomputer.com; Nick.Jaksec@acs-inc.com;
gposey@uaes.org
Cc: ccielab@groupstudy.com
Subject: RE: PPP CHAP Password

Dear All;

CHAP never send any passwords at all(whether encrypted or not) over the link.
what is always being sent is the hashed MD5 calculated data.
For CHAP, the password should be same on both PPP peer, this is a rule
for CHAP to work.

the commands: ppp chap hostname & ppp chap password , are used to change
the username and the passwoprd respectively. Ofcourse the password
should be same on both routers. For example :

### R2 is calling R1 ####

R1:

!
hostname R2
!
username userR2 password ccie
!
interface BRIx
...
ppp authentication chap
dialer map ip a.b.c.d name userR2 broadcast ----> note the hostname here !
..
!

R2:

!
hostname R2
!
username R1 password ccie
!
interface BRIx
...
ppp authentication chap
ppp chap password ccie
ppp chap hostname userR2
dialer map ip x.y.z.l name R1 broadcast <string>
..
!

Kindly read these documents that I have posted my self on CCO:

http://www.cisco.com/warp/public/471/understanding_ppp_chap.html

http://www.cisco.com/warp/public/471/debug_ppp_negotiation.html

http://www.cisco.com/warp/public/471/ppp_authen_ts_fl.html

If in the exam he said configure Authentication that sends password
through the link; this means configure PAP. Again CHAP doesn't send the password
at all - whether encrypted or not - . PAP sends password through the
link and the passwords can be different on the PPP peers. I hope I clarified
everything .

Regards;
Ayman

> From nobody@groupstudy.com Mon Sep 30 14:32:22 2002
> From: "Gregory W. Posey Jr." <gposey@uaes.org>
> To: "'Michael Snyder'" <msnyder@revolutioncomputer.com>,
> "'Jaksec Nick'"
> <Nick.Jaksec@acs-inc.com>
> Cc: <ccielab@groupstudy.com>
> Subject: RE: PPP CHAP Password
> Date: Mon, 30 Sep 2002 08:17:52 -0400
> Organization: UAES
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> X-Mailer: Microsoft Outlook, Build 10.0.2627
> X-ASK-Info: Whitelist match
> Sender: nobody@groupstudy.com
> Reply-To: "Gregory W. Posey Jr." <gposey@uaes.org>
>
> Actually, it's not about transposing passwords. Without using ppp chap
> hostname command, the router defaults to using its own hostname and the
> configured password.
>
> So your example below works as long as the passwords match...
>
> Router1(config)# username router2 password cisco
> Router2(config)# username router1 password cisco
>
> The routers don't need to have a username & password entry for its own
> hostname (e.g. Router1(config)# username router1 password cisco).
>
> As for the original question, does the remote router have the username &
> password pair that is configured as the ppp chap hostname & password
> under the interface in the "host" end router?
>
> Thank you,
> Greg Posey Jr.
> CCIE #7981
> CSS1, CCSE
> CCNP - Voice Access
> M.S. EE
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Michael Snyder
> Sent: Wednesday, September 25, 2002 10:05 AM
> To: 'Jaksec, Nick'
> Cc: ccielab@groupstudy.com
> Subject: RE: PPP CHAP Password
>
> I don't know why this works, but I do know it does work as listed below.
>
> With CHAP.
>
> Router 1
> User router1 pass 0 pass1
> User router2 pass 0 pass2
>
> Router 2
> User router1 pass 0 pass2
> User router2 pass 0 pass1
>
> Basically your transpose the passwords on one of the routers.
>
> With PAP.
>
> Router 1
> User router1 pass 0 pass1
> User router2 pass 0 pass2
>
> Router 2
> User router1 pass 0 pass1
> User router2 pass 0 pass2
>
> You don't transpose the passwords with pap, just a one to one
> relationship.
>
>
> Also I always use a ppp alternative host name command, so I don't have
> to worry about the router's name. Basically, I cut and paste the above
> to the routers, name them router1 and router2 using the ppp alternative
> host name command and it works.
>
>
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Jaksec, Nick
> Sent: Tuesday, September 24, 2002 1:00 PM
> To: ccielab@groupstudy.com
> Subject: PPP CHAP Password
>
> When setting the hostname and password under the BRI interface (PPP CHAP
> Hostname & PPP CHAP Password) it does not authenticate to the neighbor
> router. I am placing the username and password on the remote router to
> the
> hostname and password correctly but it will not accept the new password.
> Does anybody have any suggustions ??

• Next message: Persio Pucci: "ATM on Lab"
• Previous message: beda jain: "what is use of ppp chap passwoed"
• Maybe in reply to: Jaksec, Nick: "PPP CHAP Password"
• Next in thread: Ayman Hamza: "RE: PPP CHAP Password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:44:07 GMT-3