Cisco Cisco ASR 5000
LNS Service Configuration Mode Commands
▀ authentication
▄ Command Line Interface Reference, StarOS Release 18
6988
pap
pap_priority
Default: 2
This option configures the LNS to attempt to use the Password Authentication Protocol (PAP) to authenticate
the PPP session.
A
This option configures the LNS to attempt to use the Password Authentication Protocol (PAP) to authenticate
the PPP session.
A
pap_priority
must be specified in conjunction with this option. Priorities specify which authentication
protocol should be attempted first, second, third and so on.
pap_priority
must be an integer from 1 through 1000. The lower the integer, the higher the preference.
PAP is enabled by default as the second highest preference.
msid-auth
Default: Disabled
This option configures the LNS to attempt to authenticate the PPP session based on the Mobile Station
Identity (MSID).
This option configures the LNS to attempt to authenticate the PPP session based on the Mobile Station
Identity (MSID).
Usage
Use to specify how the LNS service should handle authentication and what protocols to use. The flexibility is
given to configure this option to accommodate the fact that not every mobile will implement the same
authentication protocols.
By default LNS authentication options are set as follows:
given to configure this option to accommodate the fact that not every mobile will implement the same
authentication protocols.
By default LNS authentication options are set as follows:
allow-noauth disabled
chap enabled with a priority of 1
mschap disabled
msid-auth disabled
pap enabled with a priority of 2
Important:
At least one of the keywords must be used to complete the command.
Example
The following command configures the LNS service to allow no authentication for PPP sessions and would
perform accounting using the default NAI-construct of username@domain:
perform accounting using the default NAI-construct of username@domain:
authentication allow-noauth
The following command configures the system to attempt authentication first using CHAP, then MSCHAP,
and finally PAP. If the allow-noauth command was also issued, when all attempts to authenticate the
subscriber using these protocols failed, then the subscriber would be allowed access:
and finally PAP. If the allow-noauth command was also issued, when all attempts to authenticate the
subscriber using these protocols failed, then the subscriber would be allowed access:
authentication chap 1 mschap 2 pap 3