3.2 PPP Link Control Protocol Options
3.2.3 Configuring PAP authentication
The Figure shows two routers: Routers Left and Right; connected across an ISDN cloud, and configured for the PAP authentication method.

Perform the following steps to configure PAP authentication:

  1. On the interface, specify encapsulation ppp.
  2. Enable the use of PAP authentication with the ppp authentication PAP command. This entry is made because, during the LCP negotiation, router Left asks router Right to use PAP authentication to identify itself.
  3. Configure the addresses, usernames, and passwords. Passwords must be identical at both ends and must be entered on both systems if PAP is used between routers (two-way authentication). The router name and password are case sensitive.
  4. To ensure that both systems can communicate properly, configure the dialer-map command lines for each router. By configuring each router with a dialer-map statement, each system knows what to do with authentication issues because the systems have prior knowledge of each other. The dialer-map command also contains the telephone number to dial to reach the specified router.

The authentication method specified under the interface is for incoming calls authentication. It is not the authentication method that the router uses when asked to authenticate. It is the "answering" router prerogative to specify what authentication it entertains from a caller. The caller must comply with the authentication method asked by the answering router. If not, the negotiation fails and the access server disconnects the call.

Lab Activity    
  The Atlanta Bread Company is reviewing security policies and it has been noted that there is no authentication on the core router. You will configure PAP authentication between the Atlanta core router and the Macon remote office.