Basic PPP Configuration

Configuring PPP requires only the encapsulation ppp command on both ends of the link.  To change back to use the default HDLC, the engineer just needs to use the encapsulation hdlc command on both ends of the link as well.

If one side of a link is PPP and the other HDLC, the link would not come up, staying in an “up and down” interface state.

CHAP Configuration and Verification

AAA = Authentication, Authorization, and Accounting.

Step 1: Configure the routers’ hostnames using the hostname name global configuration command.

Step 2: Configure the name of the other router, and the shared secret password, using the username name password password global configuration command.

Step 3: Enable CHAP on the interface on each router using the ppp authentication chap interface subcommand.

Each router refers to the other router’s hostname in the username command, but both routers must configure the same password value.  Also, not only are the passwords case-sensitive, but the hostnames, as referenced in the username command, also are case sensitive.

Because CHAP is a function of LCP, if the authentication process fails, LCP does not complete, and the interfaces falls to an “up and down” interface state.

PAP Configuration

PAP uses the exact same configuration commands as CHAP, except that the ppp authentication pap is used instead of ppp authentication chap.

Cisco IOS also supports the ability to configure the router to first try one authentication method and, if the other side does not respond, thy the other option.  ppp authentication chap pap tells the router to send CHAP messages, and if no reply is received, to try PAP.  Note that the second option is not tried if the CHAP messages flow between the two devices, and the result is the authentication failed.