AIS Router AI2524 Manuale Utente
AI2524 Router Card User’s Manual
Page 11-4
August 1997
2524UM
the response and looking up the required host name or username. The
secret passwords must be identical on the remote device and the local
router.
secret passwords must be identical on the remote device and the local
router.
By transmitting this response, the secret is never transmitted in clear
text, preventing other devices from stealing it and gaining illegal ac-
cess to the system. Without the proper response, the remote device
cannot connect to the local router.
text, preventing other devices from stealing it and gaining illegal ac-
cess to the system. Without the proper response, the remote device
cannot connect to the local router.
CHAP transactions occur only at the time a link is established. The
local router or access server does not request a password during the
rest of the call. The local device can, however, respond to such re-
quests from other devices during a call.
local router or access server does not request a password during the
rest of the call. The local device can, however, respond to such re-
quests from other devices during a call.
When PAP is enabled, the remote router attempting to connect to the
local router or access server is required to send an authentication re-
quest. If the username and password specified in the authentication re-
quest are accepted, the Cisco IOS software sends an authentication
acknowledgment.
local router or access server is required to send an authentication re-
quest. If the username and password specified in the authentication re-
quest are accepted, the Cisco IOS software sends an authentication
acknowledgment.
After you have enabled CHAP or PAP, the local router or access server
requires authentication from remote devices. If the remote device does
not support the enabled protocol, no traffic will be passed to that de-
vice.
requires authentication from remote devices. If the remote device does
not support the enabled protocol, no traffic will be passed to that de-
vice.
1.
In interface configuration mode, enable PPP encapsulation:
encapsulation ppp
2.
In interface configuration mode, enable CHAP or PAP authentica-
tion on an interface configured for PPP encapsulation:
tion on an interface configured for PPP encapsulation:
ppp authentication {chap | chap pap | pap
chap | pap} [if-needed] [
list-name |
default] [callin]
The
ppp authentication chap
optional keyword, is used
only with TACACS or extended TACACS. The optional keyword
list-name
is used only with AAA/TACACS+.
Note:
If you use a
list-name
that has not been configured
with the
aaa authentication ppp
command, you
disable PPP on the line.
3.
Add a username entry for each remote system from which the
local router or access server requires authentication.
local router or access server requires authentication.
In global configuration mode, specify the password to be used in
CHAP or PAP caller identification:
CHAP or PAP caller identification:
username
name password secret