Thursday, February 19, 2009

ALU - PPP Authentication Part 2

Foreward: An ALU is an Autonomous Learning Unit, you can read this post to learn more about them.

 


 

Your manager has recently read an article in a security magazine regarding the dangers of unencrypted authentication, and has asked you to make sure R3 will never allow unencrypted link authentication on the Serial1/3 link.

 

 

 

 

Highlight below for the solution:

 

Solution:

R3:

  interface Serial1/3

    ppp pap refuse

 

Confirmation:

R2:

  interface Serial0/1

    ppp authentication pap

 

R3:

  debug ppp authentication

! Clip

Se1/3 PPP: Authorization required

 

Explanation:

Commands like "ppp pap refuse" or "ppp chap refuse" are not often used, and are not likely to be worth more than one or two points on an exam, but if you did not know about them, or even know they exist, you could spend a half hour or more reading through the DOC CD trying to find the command.

 

It is a great idea to skim through the Configuration Guides and Command References on the DOC CD and take note of any commands with interesting features like "ppp pap refuse."  Being able to pick up a quick point or two by knowing a command like this off the top of your head will help tremendously.

 

 

DocCD items to reference:

Configuration Guide (Note, scroll down to Non-AAA Authentication Methods, Enabling CHAP or PAP Authentication, Refusing CHAP Authentication Requests

ppp pap refuse

ppp chap refuse


No comments:

Post a Comment