H3C MSR Series Command Reference Manual page 14

Routers. layer 2 - wan command (v7)

Hide thumbs Also See for MSR Series:

Command reference manual (1187 pages)

Configuration manual (80 pages)

Manual (33 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

page of 174

/ 174
Contents
Table of Contents
Bookmarks

Table of Contents

pap: Uses PAP authentication.

call-in: Authenticates the call-in users only. This keyword can be configured when the local end serves as

the receiving end of DDR calls. For more information about DDR, see Layer 2

Configuration Guide.

domain isp-name: Specifies the ISP domain name for authentication, a case-insensitive string of 1 to 24

characters.

Usage guidelines

PPP authentication includes the following categories:

•

PAP—Two-way handshake authentication. The password used is in plain text.

CHAP—Three-way handshake authentication. The password is in cipher text.

•

You can configure several authentication modes simultaneously.

In any PPP authentication mode, AAA determines whether a user can pass the authentication through a

local authentication database or an AAA server. For more information about AAA authentication, see

Security Configuration Guide.

If you configure the ppp authentication-mode command with the domain keyword specified, you must

authenticate the peer by using the specified ISP domain and use an address pool associated with this ISP

domain for address allocation (if necessary). You can use the display domain command to display the

domain configuration.

If you configure the ppp authentication-mode command without specifying domain keyword, the system

checks the username for domain information. If the username contains an ISP domain name, this ISP

domain will be used for authentication. If the ISP domain does not exist on the local device, the user's

access request will be denied. If the username does not contain an ISP domain name, the default ISP

domain is used. You can use the domain default command to configure the default ISP domain. If no

default ISP domain is configured, the default ISP domain system is used.

For authentication on a dialup interface, configure authentication on both the physical interface and the

dialer interface. When a physical interface receives a DDR call request, it first initiates PPP negotiation

and authenticates the dial-in user, and then passes the call to the upper layer protocol.

Examples

# Configure interface Serial 2/0 to authenticate the peer by using PAP.

<Sysname> system-view

[Sysname] interface serial 2/0

[Sysname-Serial2/0] ppp authentication-mode pap

# Configure interface Serial 2/0 to authenticate the peer by using PAP and CHAP.

<Sysname> system-view

[Sysname] interface serial 2/0

[Sysname-Serial2/0] ppp authentication-mode pap chap

Related commands

•

domain default (Security Command Reference)

local-user (Security Command Reference)

•

ppp chap password

ppp chap user

•

ppp pap local-user

•

WAN Access

—

Table of Contents

This manual is also suitable for:

Msr 2600 Msr 3600 Msr 5600 Msr 26-30 Msr 36-10 Msr 36-20 ... Show all

H3C MSR Series Command Reference Manual page 14

Related Manuals for H3C MSR Series

Related Products for H3C MSR Series

This manual is also suitable for:

Table of Contents