There are many ways to interconnect routers. One of the most popular and traditional ways to interconnect routers on a WAN network is using the Serial interfaces. A serial cable has two ends Data Communication Equipment (DCE) and Data Terminal Equipment (DTE). The DCE end is typically located at the service providers’ end and the DTE end is typically located at the customer end. At the DCE end, you have to specify the clock rate. To specify the clock rate, execute the clock rate <clock value > command. In this post, we will explain how to configure PPP authentication (PAP and CHAP authentication) between two routers connected via serial interfaces.
One of the major problems with connecting routers over WAN using serial is security threats. Fortunately, there are various security protocols that can be implemented to secure point-to-point WAN connection between two routers.
Also read: How to install and use GNS3
You can configure either PAP or CHAP as an authentication protocol for PPP encapsulation. CHAP is more secure than PAP and difficult to hack. However, configuration steps are same for both the PPP authentication protocols.
Creating and Understanding Topology
To configure PPP authentication on Cisco routers, we will use the following topology, in which two Cisco routers are connected using the serial interfaces. Router1 has the DCE end and Router2 has the DTE end. So, create the following topology in Cisco Packet Tracer and start to configure PPP authentication. Alternatively, you can also use GNS3. We recommend to use the Generic Routers. These routers already have serial interfaces, so you would not require to adding serial interfaces manually.
Configuring PPP Authentication (CHAP Authentication)
- Once you have created the preceding topology, you need to execute the following commands on Router1 to configure PPP authentication. In this case, CHAP authentication.
Router1(config)#int se2/0 Router1(config-if)#ip add 220.127.116.11 255.255.255.252 Router1(config-if)#clock rate 64000 Router1(config-if)#encapsulation ppp Router1(config-if)#ppp authentication chap Router1(config-if)#no shut Router1(config-if)#exit Router1(config)#username Router2 password 123456
- The following figure shows the commands used to configure PPP authentication on a Cisco router. In this case, Router1.
- In the preceding commands, we have used 123456 as shared key that will be used to authenticate the routers.
- Next, move on to Router2 and execute the following commands to configure IP address and enable CHAP authentication.
Router2(config)#int se2/0 Router2(config-if)#ip add 18.104.22.168 255.255.255.252 Router2(config-if)#encapsulation ppp Router2(config-if)#ppp authentication chap Router2(config-if)#no shut Router2(config-if)#exit
- The following figure shows the PPP configuration on Router2.
- Next, execute the following command on Router2 to verify the PPP configuration.
Router2#show int se2/0
- In the preceding figure, you can see that the Encapsulation is set as PPP. However, the line protocol status is still down. But why? Simple, you have not defined the username and password of Router1 yet. So, execute the following command to define username and password of Router1.
Router2(config)#username Router1 password 123456
In the preceding figure, you can see that the line protocol status is now shown as Up. This is what does the PPP encapsulation. Both the routers are now authenticated and can communicate to each other over the serial interfaces. Now, you have successfully configured PPP authentication on Cisco routers.
That’s all you need to do to enable and configure PPP authentication on Cisco routers. Hope, it helps you and you enjoyed it. You may share this article to encourage us to serve you more articles. You may also provide your feedback and suggestions to improve the quality of articles.