Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

PPP Commands

8-86 Configuring the Point-to-Point Protocol

XSR(config)#interface serial 1/0

XSR(config-if<S1/0>)#encapsulation ppp

XSR(config-if<S1/0>)#no shutdown

Thefollowingexampleselectschannelgroup12oftheT1/E1port1onthesecondNIMcardsothat

laterconfigurationswillapplytothisserialport:

XSR(config)#interface serial 2/1:12

XSR(config-if<s2/1:12)#encapsulation ppp

XSR(config-if<S1/0>)#no shutdown

ppp authentication

ThiscommandspecifiesthetypeandorderinwhichCHAP,MS‐CHAPorPAPprotocolsare

requestedontheinterface.OnceCHAP,PAPauthenticationorbothhavebeenenabled,theXSR

requirestheremotedevicetoproveitsidentitybeforeallowingdatatraffictoflow.

PAPauthenticationrequirestheremotedevice

tosendanameandpasswordtobechecked

againstamatchingentryinthelocalusernamedatabase.

CHAPauthenticationsendsachallengetotheremotedevice.Theremotedevicemustencryptthe

challengevaluewithasharedsecretandreturntheencryptedvalueanditsnametotheXSRin

a

responsemessage.TheXSRusestheremotedeviceʹsnametolookuptheappropriatesecretinthe

localusernamedatabase.Itusesthelooked‐upsecrettoencrypttheoriginalchallengeandverify

thatencryptedvaluesmatch.

MS‐CHAPiscloselyderivedfromthePPPCHAPwiththeexception

thatitusesMD4asthe

hashingalgorithm.

YoumayenablePAPorCHAP,MS‐CHAPorallofthem,ineitherorder.Ifbothmethodsare

enabled,thenthefirstmethodspecifiedwillberequestedduringlinknegotiation.Ifthepeer

suggestsusingthesecondmethodorsimplyrefusesthe

first,thenthesecondmethodistried.

SomeremotedevicessupportCHAPonlyandsomePAPonly.Theorderinwhichyouspecifythe

methodswillbebasedonyourconcernsabouttheremotedeviceʹsabilitytocorrectlynegotiatethe

appropriatemethodaswellasyourconcernaboutdataline

security.PAPusernamesand

passwordsaresentasclear‐textstringsandcanbeinterceptedandreused.CHAPhaseliminated

mostoftheknownsecurityholes.

EnablingordisablingPPPauthenticationdoesnotaffecttheXSRʹswillingnesstoauthenticate

itselftotheremotedevice.

Syntax

ppp authentication {any mix of pap chap ms-chap}

Possibleparametercombinationsinclude:

Note: If you specify CHAP authentication on one side of a connection, you should set CHAP on the

other side as well.

chap

EnablesCHAPonaserialinterface.

pap

EnablesPAPonaserialinterface.

ms-chap

EnablesMS‐CHAPonaserialinterface.

chap pap

PreferenceofCHAPauthenticationbeforePAP.

pap chap

PreferenceofPAPauthenticationbeforeCHAP.

previous next