Table of Contents
Advertisement
command, negotiation of the local magic number for this link and any member links
subsequently added to the bundle is not disabled.
Configuring Authentication
Perform the following optional tasks to configure authentication on interfaces with
MLPPP encapsulation or MLPPP bundles.
NOTE: The JUNOSe software's PPP application accepts null usernames during PAP
and CHAP authentication. When the PPP application receives an authentication
request that includes a null username, PPP passes the request to AAA. To take
advantage of this feature, configure your authentication server to support the use of
null usernames.
ppp authentication
Specify one or more PPP authentication types.
Modify the length of the CHAP challenge.
Specify the maximum number of retries.
Use to require authentication from the PPP peer.
To specify the name of a virtual router (VR) to be used as the authentication VR
context, use the virtual-router keyword. Keep the following points in mind when
you use the ppp authentication virtual-router command:
When you specify a VR in the ppp authentication command, AAA does not
query the domain map for the assigned VR context. Instead, AAA uses the
VR specified in the ppp authentication command as the authentication VR
context and issues the authentication request to the authentication server
in the assigned VR context.
If you specify the default VR as the authentication VR context, AAA loosely
binds the user to the default VR. This means that RADIUS can override the
default VR context with a new VR context during the authentication process.
When the ppp authentication virtual-router command specifies the default
VR, AAA returns either the default VR or the VR specified by RADIUS.
If you specify a VR other than the default VR as the authentication VR, AAA
tightly binds the user to the specified VR. This means that RADIUS cannot
override the specified VR context with a new VR context during the
authentication process. When the ppp authentication virtual-router
command specifies a nondefault VR, AAA returns the specified VR.
The router supports the MD5 authentication algorithm for CHAP authentication.
Example 1 Specify PAP or CHAP as the primary authentication protocol, and
the other authentication protocol as the alternative. For example, the following
command specifies pap as the primary authentication protocol and chap as the
alternate.
host1(config-if)#ppp authentication pap chap
Chapter 9: Configuring Multilink PPP
Configuring Static MLPPP
315
Advertisement
Table of Contents
Troubleshooting
