Configuring The Ppp Challenge Handshake Authentication Protocol - Juniper ACX1000 Configuration Manual

ACX Series Universal Access Router Configuration Guide

Configuring the PPP Challenge Handshake Authentication Protocol

494
no CHAP challenges and denies all incoming CHAP challenges. To enable CHAP, you
must create an access profile, and you must configure the interfaces to use CHAP.
When you configure an interface to use CHAP, you must assign an access profile to the
interface. When an interface receives CHAP challenges and responses, the access profile
in the packet is used to look up the shared secret, as defined in RFC 1994. If no matching
access profile is found for the CHAP challenge that was received by the interface, the
optionally configured default CHAP secret is used. The default CHAP secret is useful if
the CHAP name of the peer is unknown, or if the CHAP name changes during PPP link
negotiation.
To enable CHAP, you must create an access profile, and you must configure the interfaces
to use PAP. For more information on how to configure access profile, see Configuring
Access Profiles for L2TP or PPP Parameters.
To configure the PPP challenge handshake authentication protocol, on each physical
interface with PPP encapsulation, perform the following steps.
To assign an access profile to an interface, include the
1.
the [edit interfaces interface-name ppp-options chap]
[edit interfaces interface-name ppp-options chap]
user@host# set access-profile name
NOTE: You must include the
the CHAP authentication method. If an interface receives a CHAP challenge
or response from a peer that is not in the applied access profile, the link
is immediately dropped unless a default CHAP secret has been configured.
The default CHAP secret is used when no matching CHAP access profile exists, or if
2.
the CHAP name changes during PPP link negotiation. To configure a default CHAP
secret for an interface, include the
interface-name ppp-options chap]
[edit interfaces interface-name ppp-options chap]
user@host# set default-chap-secret name
To configure the name the interface uses in CHAP challenge and response packets,
3.
include the
local-name
chap] hierarchy level:
[edit interfaces interface-name ppp-options chap]
user@host# set local-name name
access-profile
default-chap-secret
hierarchy level.
statement at the
[edit interfaces interface-name ppp-options
statement at
access-profile
hierarchy level.
statement when you configure
statement at the [edit interfaces
Copyright © 2017, Juniper Networks, Inc.