Cisco Cisco ASR 5000
APN Configuration Mode Commands
▀ authentication
▄ Command Line Interface Reference, StarOS Release 18
1306
Authentication
Mechanism
Mechanism
IP PDP Context Behavior
PPP PDP Context Behavior
allow-
noauth
noauth
Allows the session even if the PCOs do not match any of
the configured algorithms.
If the there was no match and the
the configured algorithms.
If the there was no match and the
aaa constructed-
nai authentication
parameter is enabled in the
authentication context, the system attempts to determine
a subscriber profile (via PAP with no password) using
the subscriber’s MSISDN as the username.
a subscriber profile (via PAP with no password) using
the subscriber’s MSISDN as the username.
Allows the session with no authentication algorithm
selected.
If the
selected.
If the
aaa constructed-nai authentication
parameter is enabled in the authentication context,
the system attempts to determine a subscriber
profile (via PAP with no password) using the
subscriber’s MSISDN as the username.
the system attempts to determine a subscriber
profile (via PAP with no password) using the
subscriber’s MSISDN as the username.
chap
If also specified in the PCOs, this protocol will be used
to authenticate the subscriber.
to authenticate the subscriber.
Attempts this protocol according to its configured
priority.
If accepted by the remote end of the PPP
connection, this protocol will be used to provide
authentication.
priority.
If accepted by the remote end of the PPP
connection, this protocol will be used to provide
authentication.
mschap
If also specified in the PCOs, this protocol will be used
to authenticate the subscriber.
to authenticate the subscriber.
Attempts this protocol according to its configured
priority.
If accepted by the remote end of the PPP
connection, this protocol will be used to provide
authentication.
priority.
If accepted by the remote end of the PPP
connection, this protocol will be used to provide
authentication.
pap
If also specified in the PCOs, this protocol will be used
to authenticate the subscriber.
If this protocol is used is specified and the
to authenticate the subscriber.
If this protocol is used is specified and the
allow-
noauth
parameter is disabled, the system will attempt to
use the APN’s default username/password specified by
the outbound command for authentication via PAP.
the outbound command for authentication via PAP.
Attempts this protocol according to its configured
priority.
If accepted by the remote end of the PPP
connection, this protocol will be used to provide
authentication.
priority.
If accepted by the remote end of the PPP
connection, this protocol will be used to provide
authentication.
msid-auth
Obsolete. Use
imsi-auth
.
Obsolete. Use
imsi-auth
.
imsi-auth
Values in the PCOs are ignored.
The subscriber’s IMSI is used as the username for PAP
authentication. No password is used.
The subscriber’s IMSI is used as the username for PAP
authentication. No password is used.
The subscriber’s IMSI is used as the username for
PAP authentication. No password is used.
PAP authentication. No password is used.
msisdn-auth
Values in the PCOs are ignored.
The subscriber’s MSISDN is used as the username for
PAP authentication. No password is used.
The subscriber’s MSISDN is used as the username for
PAP authentication. No password is used.
Option not available.
Example
The following command would configure the system to attempt subscriber authentication first using
MSCHAP, then CHAP, and finally PAP. Since the
MSCHAP, then CHAP, and finally PAP. Since the
allow-noauth
command was also issued, if all attempts
to authenticate the subscriber using these protocols fail, then the subscriber would be still be allowed access.
authentication mschap 1 chap 2 pap 3 allow-noauth
To enable
imsi-auth
or
msisdn-auth
, the following command instances must be issued:
authentication imsi-auth
authentication msisdn-auth