Ppp Authentication - Cisco ASR 14000 Series Command Reference Manual

PPP Commands on Cisco IOS XR Software

ppp authentication

To enable Challenge Handshake Authentication Protocol (CHAP), MS-CHAP, or Password
Authentication Protocol (PAP), and to specify the order in which CHAP, MS-CHAP, and PAP
authentication is selected on the interface, use the ppp authentication command in interface
configuration mode. To disable PPP authentication, use the no form of this command.
Syntax Description protocol
list-name
default
Defaults PPP authentication is not enabled.
Command Modes Interface configuration
Command History Release
Release 3.7.1
Usage Guidelines To use this command, you must be in a user group associated with a task group that includes the proper
task IDs.
When you enable CHAP or PAP authentication (or both), the local router requires the remote device to
prove its identity before allowing data traffic to flow. PAP authentication requires the remote device to
send a name and a password, which is checked against a matching entry in the local username database
or in the remote security server database. CHAP authentication sends a challenge message to the remote
device. The remote device encrypts the challenge value with a shared secret and returns the encrypted
value and its name to the local router in a response message. The local router attempts to match the
remote device's name with an associated secret stored in the local username or remote security server
database; it uses the stored secret to encrypt the original challenge and verify that the encrypted values
match.
You can enable CHAP, MS-CHAP, or PAP in any order. If you enable all three methods, the first method
specified is requested during link negotiation. If the peer suggests using the second method, or refuses
the first method, the second method is tried. Some remote devices support only one method. Base the
OL-17228-01
ppp authentication protocol [protocol [protocol]] [list-name | default]
no ppp authentication
Name of the authentication protocol used for PPP authentication. See
for the appropriate keyword. You may select one, two, or all three protocols, in
any order.
(Optional) Used with authentication, authorization, and accounting (AAA).
Name of a list of methods of authentication to use. If no list name is specified,
the system uses the default. The list is created with the aaa authentication ppp
command.
(Optional) Specifies the name of the list of methods created with the aaa
authentication ppp command.
Modification
This command was introduced on the Cisco ASR 14000 Series Router.
Cisco ASR 14000 Series Router Interface and Hardware Component Command Reference
ppp authentication
Table 37
HR-263