What is PPP – PAP? Explained with Examples

By | 9th November 2015

What is Password Authentication Protocol?

Password Authentication Protocol (PAP) is a very basic two-way process. The username and password are sent in plain text, there is no encryption or protection. If it is accepted, the connection is allowed. PAP is not interactive in anyway, PAP is not considered a strong authentication protocol.

When the ppp authentication pap command is used, the username and password are sent as one LCP data package, rather than the server sending a login prompt and waiting for a response.

Although, PAP cannot be said to be a very strong authentication protocol but, there are times when using PAP can be justified. PAP may be used in the following situations:

i. When an installed network applications does not support CHAP

ii. Incompatibilities between different vendor implementations of CHAP

iii. Circumstances where a plain text password must be available to simulate a login at the remote host

PAP Authentication Protocol

How to configure PAP on a Cisco router interface

The process outlined below describes how to configure PPP encapsulation and PAP authentication protocols.

Before PAP configuration, we assumed that all interface IP addresses had been configured as the case may be.

PAP Authentication Protocol2

HQ router

HQ#config t

HQ(config)#username RO password orbit

HQ(config)#interface se0/0/0

HQ(config-if)#encapsulation ppp

HQ(config-if)#ppp authentication PAP

HQ(config-if)#ppp pap sent-username HQ password orbit


Remote Office router

RO#Config t

RO(config)#username HQ password orbit

RO(config)#interface se0/0/0

RO(config-if)#encapsulation ppp

RO(config-if)#ppp authentication PAP

RO(config-if)#ppp pap sent-username RO password orbit


The example above is of a two-way PAP authentication configuration. Both routers authenticate and are authenticated, so the PAP authentication commands emulate each other. The PAP username and password that each router sends must match those specified with the username name password password command of the other router


PAP provides a simple method for a remote host to establish its identity using a two-way handshake. This is done only on initial link establishment. The hostname on one router must match the username the other router has configured. The passwords do not have to match.

How to Configure CHAP Authentication Protocol

Leave a Reply

Your email address will not be published. Required fields are marked *