ppp authentication-mode (Virtual template view)

Function

The ppp authentication-mode command configures a PPP authentication mode.

The undo ppp authentication-mode command restores the default PPP authentication mode.

By default, the PPP authentication mode is auto.

This command is supported only on the NetEngine 8000 F1A.

Format

ppp authentication-mode { auto | { pap | chap | mschapv1 | mschapv2 } * }

undo ppp authentication-mode

Parameters

Parameter Description Value
auto

Indicates the autonegotiation mode.

-
pap

Indicates PAP authentication.

-
chap

Indicates CHAP authentication.

-
mschapv1

Indicates MSCHAPv1 authentication, in which the user name and password are sent in ciphertext. MSCHAPv1 is the Microsoft version of CHAP.

-
mschapv2

Indicates MSCHAPv2 authentication, in which the user name and password are sent in ciphertext. MSCHAPv2 is the Microsoft version of CHAP.

-

Views

Virtual template view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
pppoebras write

Usage Guidelines

Usage Scenario

During PPP link establishment, the devices on both ends of a PPP link must be authenticated before entering NCP negotiation. There are two major PPP authentication modes: PAP and CHAP.

  • PAP uses a 2-way handshake to verify the identity of the peer on a P2P link. It transmits the user name and password in plain text.
  • CHAP uses a 3-way handshake to verify the identity of the peer. It transmits user names but not passwords.

    If the ppp authentication-mode chap pap command is run, CHAP negotiation is preferentially used in LCP negotiation. If the peer end does not support CHAP negotiation, PAP negotiation is used. If neither mode is supported by the authenticated, the negotiation fails. The two modes cannot be both used during PPP negotiation.

Configuration Impact

If the ppp authentication-mode command is run more than once in the same view, the latest configuration overrides the previous one.

Precautions

  • This command is supported only on the admin VS.
  • The PPP authentication mode configured using this command and the AAA authentication mode are both used to authenticate PPP users.
  • Specifically, the PPP authentication mode verifies the PPP link, whereas AAA determines whether PPP users are successfully authenticated.
  • PAP is not a secure protocol, and it is recommended to use CHAP.

Example

# Configure the CHAP authentication mode.
<HUAWEI> system-view
[~HUAWEI] interface virtual-template 10
[*HUAWEI-Virtual-Template10] ppp authentication-mode chap
Parent Topic: PPPoE Access Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >