l’utilisation de PPP over Frame Relay permet de mettre en place une authentification
- « callin » le challenge d’authentification est déclenché lors de l’appel entrant
- « send-username » spécifie les informations d’envoi
Configuration
R1
!
username R2 password 0 cisco12
username R4 password 0 cisco
!
interface Serial0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0.12 point-to-point
frame-relay interface-dlci 102 ppp Virtual-Template12
!
interface Serial0/0.13 point-to-point
frame-relay interface-dlci 103 ppp Virtual-Template13
!
interface Serial0/0.14 point-to-point
frame-relay interface-dlci 104 ppp Virtual-Template14
!
interface Serial0/1
no ip address
shutdown
!
interface Virtual-Template12
ip address 10.1.12.1 255.255.255.0
ppp authentication chap callin
ppp chap hostname R1
!
interface Virtual-Template13
ip address 10.1.13.1 255.255.255.0
ppp pap sent-username R1 password 0 cisco13
!
interface Virtual-Template14
ip address 10.1.14.1 255.255.255.0
ppp authentication chap callin
ppp pap sent-username R1-PAP password 0 ciscoPAP
!
R2
!
username R1 password 0 cisco12
!
interface Serial0/0.21 point-to-point
frame-relay interface-dlci 201 ppp Virtual-Template21
!
interface Virtual-Template21
ip address 10.1.12.2 255.255.255.0
ppp chap hostname R2
!
R3
!
username R1 password 0 cisco13
!
interface Serial1/0.31 point-to-point
frame-relay interface-dlci 301 ppp Virtual-Template31
!
interface Virtual-Template31
ip address 10.1.13.3 255.255.255.0
ppp authentication pap callin
!
R4
!
username R1-PAP password 0 ciscoPAP
username R1 password 0 cisco
!
interface Serial0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0.41 point-to-point
frame-relay interface-dlci 401
!
interface Virtual-Template41
ip address 10.1.14.4 255.255.255.0
ppp authentication pap callin
!
Debug
R4#debug ppp authentication PPP authentication debugging is on R4# *Mar 4 14:59:32.128: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up *Mar 4 14:59:32.128: Vi1 PPP: Using default call direction *Mar 4 14:59:32.128: Vi1 PPP: Treating connection as a dedicated line *Mar 4 14:59:32.128: Vi1 PPP: Session handle[EA000095] Session id[144] *Mar 4 14:59:32.132: Vi1 PPP: Authorization required *Mar 4 14:59:33.396: Vi1 PAP: I AUTH-REQ id 70 len 20 from "R1-PAP" *Mar 4 14:59:33.396: Vi1 PAP: Authenticating peer R1-PAP *Mar 4 14:59:33.400: Vi1 PPP: Sent PAP LOGIN Request *Mar 4 14:59:33.400: Vi1 CHAP: I CHALLENGE id 23 len 23 from "R1" *Mar 4 14:59:33.404: Vi1 PPP: Received LOGIN Response PASS *Mar 4 14:59:33.408: Vi1 PPP: Sent LCP AUTHOR Request *Mar 4 14:59:33.408: Vi1 PPP: Sent IPCP AUTHOR Request *Mar 4 14:59:33.408: Vi1 CHAP: Using hostname from unknown source *Mar 4 14:59:33.408: Vi1 CHAP: Using password from AAA *Mar 4 14:59:33.408: Vi1 CHAP: O RESPONSE id 23 len 23 from "R4" *Mar 4 14:59:33.412: Vi1 LCP: Received AAA AUTHOR Response PASS *Mar 4 14:59:33.412: Vi1 IPCP: Received AAA AUTHOR Response PASS *Mar 4 14:59:33.412: Vi1 PAP: O AUTH-ACK id 70 len 5 *Mar 4 14:59:33.436: Vi1 CHAP: I SUCCESS id 23 len 4 *Mar 4 14:59:33.440: Vi1 PPP: Sent IPCP AUTHOR Request *Mar 4 14:59:34.440: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up