- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: PPP Double Authentication posted 08/11/2005
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Hi Godswill,

Thanks for replying. I think what you have described very clearly is PPP
2-way authentication versus PPP one-way authentication.

My question was related to this feature on the DocCD

Sorry if I was not clear in the initial post



-----Original Message-----
From: Godswill Oletu [mailto:oletu@xxxxxxxx] 
Sent: Thursday, August 11, 2005 7:28 PM
To: Rohan Grover (rohang); ccielab@xxxxxxxxxxxxxx
Subject: Re: PPP Double Authentication


Look at this simplify scenerios between Routers A & B below, connected
via ISDN PPP, we will assume that all other configurations are accurate:

A#username routera password cisco
A#ppp authenication chap

B#username routerb password cisco
B#ppp authentication chap

When A calls B or B calls A, two sets of authentications have to take
place for the ISDN link to come up. Router A must authentication Router
B and Router B will also authenticate Router A. So, for ppp it does not
matter, if you are initiating the call or receiving the call, you must
authenticate the other party. This is the double authentication and this
is the default behaviour.

However, you can ask Router A to ONLY athenticate the Router B, when he
receives a call from Router B and not to authenticate when he is the one
initiating the call. This a good scenerios where your understanding of
this feature might be tested in the lab.

If you configure RouterB as:

B#ppp authentication chap callin

When Router B initiates a call to Router A; Router B will let its guards
down and will not authenticate Router A; but Router A will still
authenticate Router B. If it was Router A that called, Router B will
authenticate Router A and Router A will authenticate Router B.

You see that, no matter what, all in coming calls must be authenticated;
but out going calls will not be authenticated on the Router where you
configure the 'callin' feature. However, by default all incoming and
outgoing calls will be authenticated separately by each Router and the
results of each of those authentication must be true, for the link to
come up.


Godswill Oletu

----- Original Message ----- 
From: "Rohan Grover (rohang)" <rohang@xxxxxxxxx>
To: <ccielab@xxxxxxxxxxxxxx>
Sent: Thursday, August 11, 2005 8:48 AM
Subject: PPP Double Authentication

> Hi,
> Just wanted an opinion from this group as to how likely the above
> is to appear in the R&S lab.
> I'm finding it difficult to understand this clearly and the doccd is
> very helpful.
> Thanks
> Rohan
> Subscription information may be found at: