Frame-Relay and Authentification

l’utilisation de PPP over Frame Relay permet de mettre en place une authentification

• « callin » le challenge d’authentification est déclenché lors de l’appel entrant
• « send-username » spécifie les informations d’envoi

Configuration

R1
!
username R2 password 0 cisco12
username R4 password 0 cisco
!
interface Serial0/0
 no ip address
 encapsulation frame-relay
!
interface Serial0/0.12 point-to-point
 frame-relay interface-dlci 102 ppp Virtual-Template12
!
interface Serial0/0.13 point-to-point
 frame-relay interface-dlci 103 ppp Virtual-Template13
!
interface Serial0/0.14 point-to-point
 frame-relay interface-dlci 104 ppp Virtual-Template14
!
interface Serial0/1
 no ip address
 shutdown
!
interface Virtual-Template12
 ip address 10.1.12.1 255.255.255.0
 ppp authentication chap callin
 ppp chap hostname R1
!
interface Virtual-Template13
 ip address 10.1.13.1 255.255.255.0
 ppp pap sent-username R1 password 0 cisco13
!
interface Virtual-Template14
 ip address 10.1.14.1 255.255.255.0
 ppp authentication chap callin
 ppp pap sent-username R1-PAP password 0 ciscoPAP
!

R2
!
username R1 password 0 cisco12
!
interface Serial0/0.21 point-to-point
 frame-relay interface-dlci 201 ppp Virtual-Template21
!
interface Virtual-Template21
 ip address 10.1.12.2 255.255.255.0
 ppp chap hostname R2
!

R3
!
username R1 password 0 cisco13
!
interface Serial1/0.31 point-to-point
 frame-relay interface-dlci 301 ppp Virtual-Template31
!
interface Virtual-Template31
 ip address 10.1.13.3 255.255.255.0
 ppp authentication pap callin
!

R4
!
username R1-PAP password 0 ciscoPAP
username R1 password 0 cisco
!
interface Serial0/0
 no ip address
 encapsulation frame-relay
!
interface Serial0/0.41 point-to-point
 frame-relay interface-dlci 401
!
interface Virtual-Template41
 ip address 10.1.14.4 255.255.255.0
 ppp authentication pap callin
!

Debug

R4#debug ppp authentication
PPP authentication debugging is on
R4#
*Mar  4 14:59:32.128: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Mar  4 14:59:32.128: Vi1 PPP: Using default call direction
*Mar  4 14:59:32.128: Vi1 PPP: Treating connection as a dedicated line
*Mar  4 14:59:32.128: Vi1 PPP: Session handle[EA000095] Session id[144]
*Mar  4 14:59:32.132: Vi1 PPP: Authorization required
*Mar  4 14:59:33.396: Vi1 PAP: I AUTH-REQ id 70 len 20 from "R1-PAP"
*Mar  4 14:59:33.396: Vi1 PAP: Authenticating peer R1-PAP
*Mar  4 14:59:33.400: Vi1 PPP: Sent PAP LOGIN Request
*Mar  4 14:59:33.400: Vi1 CHAP: I CHALLENGE id 23 len 23 from "R1"
*Mar  4 14:59:33.404: Vi1 PPP: Received LOGIN Response PASS
*Mar  4 14:59:33.408: Vi1 PPP: Sent LCP AUTHOR Request
*Mar  4 14:59:33.408: Vi1 PPP: Sent IPCP AUTHOR Request
*Mar  4 14:59:33.408: Vi1 CHAP: Using hostname from unknown source
*Mar  4 14:59:33.408: Vi1 CHAP: Using password from AAA
*Mar  4 14:59:33.408: Vi1 CHAP: O RESPONSE id 23 len 23 from "R4"
*Mar  4 14:59:33.412: Vi1 LCP: Received AAA AUTHOR Response PASS
*Mar  4 14:59:33.412: Vi1 IPCP: Received AAA AUTHOR Response PASS
*Mar  4 14:59:33.412: Vi1 PAP: O AUTH-ACK id 70 len 5
*Mar  4 14:59:33.436: Vi1 CHAP: I SUCCESS id 23 len 4
*Mar  4 14:59:33.440: Vi1 PPP: Sent IPCP AUTHOR Request
*Mar  4 14:59:34.440: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up