PPP Advanced Authentication


After configuring some basic PPP authentication, the management of the puppet business decided they want to increase security. One of the things they want you to do is change the behavior of using the hostname as username.


  • Configure the IP addresses as specified in the topology picture.
  • Configure the correct hostname on both routers.
  • Configure both links for encapsulation PPP.
  • Router Kermit should authenticate Grover by using PAP, if it fails it should switch to CHAP, use the S0/0 interfaces.
  • Router Grover should refuse PAP authentication and use CHAP authentication, use the S0/0 interfaces.
  • Router Kermit should use the alternate CHAP hostname “MUPPET”. You are not allowed to change the hostname of any router, use the S0/0 interfaces.
  • Configure both routers to they want to authenticate the PPP connection on the S0/1 interfaces by using the fictional radius server at IP address, use password “MUPPET” for the fictional radius server.
  • In case the radius server fails both routers should use the local database for authentication.




PPP Authentication

Video Solution:

Configuration Files

You need to register to download the GNS3 topology file. (Registration is free!)

Once you are logged in you will find the configuration files right here.

Opt In Image
Do you want your CCNA or CCNP Certificate?

The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.

Written by René Molenaar - CCIE #41726

You May Also Like

About the Author: Rene Molenaar

René - CCIE #41726 is the creator of GNS3Vault.com where he shares CCNA, CCNP and CCIE R&S labs. He also blogs about networking on http://networklessons.com


    1. Not at the moment. If you want to test RADIUS I would suggest to download "Elektron Radius Server". It’s simple to configure and will give you a working radius server within 5 minutes.

      To test TACACS I would take a look at Cisco ACS server.

  1. Hello Rene:

    First of thanks for this scenario and another videos that i have seen in this web.

    I followed the steps you indicate to do the ppp chap authentication with a radius server.

    I have in my topology a CentOS 5 virtual machine with VirtualBox and i have installed FreeRadius Server. The radius server is working local and remote from other CentOs Machines with the radtest command. But with the Cisco routers it isn’t working the interface of the client is going down and up constantly.

    Do you know if i have to something special for get it working with Cisco IOS for the CHAP authentication with PPP.

    Thanks a lot for your help.

Comments are closed.