Configuring The Ppp Authentication Protocol - Juniper ACX1000 Configuration Manual

Configuring the PPP Authentication Protocol

Copyright © 2017, Juniper Networks, Inc.
To configure the interface to authenticate with PAP in passive mode, include the
4.
statement at the
passive
logical-unt-numberppp-options pap]
[edit interfaces interface-name unit logical-unt-number
user@host# set passive
NOTE: By default, when PAP is enabled on an interface, the interface
expects authenticate-request packets from the peer. However, the
interface can be configured to send authentication request packets to the
peer by configuring PAP to operate in passive mode. In PAP passive mode,
the interface sends the authenticate-request packets to the peer only if
the interface receives the PAP option from the peer during LCP
negotiation—in passive mode, the interface does not authenticate the
peer.
The Point-to-Point Protocol (PPP) is an encapsulation protocol for transporting IP traffic
across point-to-point links. To configure PPP, you can configure the Challenge Handshake
Authentication Protocol (CHAP). CHAP allows each end of a PPP link to authenticate
its peer, as defined in RFC 1994. The authenticator sends its peer a randomly-generated
challenge that the peer must encrypt using a one-way hash; the peer must then respond
with that encrypted result. The key to the hash is a secret known only to the authenticator
and authenticated. When the response is received, the authenticator compares its
calculated result with the peer's response. If they match, the peer is authenticated.
Each end of the link identifies itself to its peer by including its name in the CHAP challenge
and response packets it sends to the peer. This name defaults to the local hostname, or
you can explicitly set it using the
challenge or CHAP response packet on a particular interface, it uses the peer identity to
look up the CHAP secret key to use.
To configure CHAP, include the
[edit access]
profile profile-name {
client client-name chap-secret chap-secret;
}
Then reference the CHAP profile name at the
You can configure multiple CHAP profiles, and configure multiple clients for each profile.
Definitions:
is the mapping between peer identifiers and CHAP secret keys. The identity of
profile
the peer contained in the CHAP challenge or response queries the profile for the secret
key to use.
client is the peer identity.
Chapter 16: Configuring Point-to-Point Protocol (PPP)
[edit interfaces interface-name unit
hierarchy level:
option. When a host receives a CHAP
local-name
statement at the
profile
[edit interfaces]
ppp-options pap]
hierarchy level:
[edit access]
hierarchy level.
499