Hello Rene and Laz,
I hate to admit this but I am not 100% clear with what happens in PPP chap authentication.
CHAP AUTHENTICATION:
From the lesson Introduction to PPP on Cisco IOS, it says
-On the left side we have a router with hostname R1.
-On the right side we have arouter without a hostname but is has the username R1 password CCNA configured in a local db
R1----------Serial-----------R2
- --------Challenge----------> 1st question: What is happening here? Is the challenge also sent as
hash? - <-------Response-----------
- ----------Accept------------->
In order for the above to happen does R1 have to be set up with
ppp authentication chap? Meaning, R1 will be doing the authenticating and R2 is the one that is sending the username and password? Does this mean that when R1 is configured with the ppp authentication chap, it will keep sending a challenge out its Serial port until it receives a response from R2?
PAP Authentication
R1----------Serial-----------R2
- <--------Challenge----------
- ----------Accept------------->
In the PAP case that was described in the lesson, does now R2 have to have the ppp authentication chap and R1 use the ppp pap sent-username R1 password CCNA?
In this case does R1, who is potentially doing the authentication WAIT for R2 to sent the username and password as opposed to sending a challenge in order to trigger a response from R2? Is this the way it works?
I am attaching the images from the Ciscos ICND2 200-101 book for pap and chap respectively. Notice the WAIT ON THE OTHER ROUTER and ASK THE OTHER ROUTER on the illustrations
I am trying to understand how it works and what triggers these two processes. It seems to me that in chap the authenticating router is the one that begins the process and in pap, the router wanting to be authenticated is the one that triggers the process.
Thanks for your help!
–G