Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - LINK LAYER CONFIGURATION GUIDE 2010-10-13 Configuration Manual page 343

ppp authentication
Copyright © 2010, Juniper Networks, Inc.
Modify the length of the CHAP challenge.
Specify the maximum number of retries.
NOTE: The JunosE Software's PPP application accepts null usernames
during PAP and CHAP authentication. When the PPP application receives
an authentication request that includes a null username, PPP passes the
request to AAA. To take advantage of this feature, configure your
authentication server to support the use of null usernames.
Use to require authentication from the PPP peer.
To specify the name of a virtual router (VR) to be used as the authentication VR context,
use the virtual-router keyword. Keep the following points in mind when you use the
ppp authentication virtual-router command:
When you specify a VR in the ppp authentication command, AAA does not query
the domain map for the assigned VR context. Instead, AAA uses the VR specified in
the ppp authentication command as the authentication VR context and issues the
authentication request to the authentication server in the assigned VR context.
If you specify the default VR as the authentication VR context, AAA loosely binds
the user to the default VR. This means that RADIUS can override the default VR
context with a new VR context during the authentication process. When the ppp
authentication virtual-router command specifies the default VR, AAA returns either
the default VR or the VR specified by RADIUS.
If you specify a VR other than the default VR as the authentication VR, AAA tightly
binds the user to the specified VR. This means that RADIUS cannot override the
specified VR context with a new VR context during the authentication process. When
the ppp authentication virtual-router command specifies a nondefault VR, AAA
returns the specified VR.
The router supports the MD5 authentication algorithm for CHAP authentication.
Example 1—Specify PAP or CHAP as the primary authentication protocol, and the other
authentication protocol as the alternative. For example, the following command
specifies pap as the primary authentication protocol and chap as the alternate.
host1(config-if)#ppp authentication pap chap
The router requests the use of PAP as the authentication protocol (because it appears
first in the command line). If the peer refuses to use PAP, the router requests the CHAP
protocol. If the peer refuses to negotiate authentication, the router terminates the PPP
session.
Example 2—Specify a virtual router for the authentication virtual router context. This
command is available in static configurations and in profiles.
host1(config-if)#ppp authentication virtual-router boston pap chap
Chapter 9: Configuring Multilink PPP
311