Specifications
23-35
Managing Access Server Security
If you use either the PAP NOUSERNAME or CHAP NOUSERNAME options
with the PORT LCP AUTHENTICATION command when you enable
AUTOLINK authentication, the login fails.
Note if you configure the default protocol and dedicated service for the port as
AUTOLINK and you disable AUTOLINK authentication, SLIP and character-cell
users may be connected without authentication. This will occur even if PPP users
are authenticated because of the port’s LCP AUTHENTICATION characteristics.
Setting AUTOLINK Timers
You can set an AUTOLINK timer to specify how long the port waits to detect the
protocol of the user session. If the port does not detect a valid PPP frame, a valid
SLIP frame, or a single carriage return character, the session defaults to character
cell terminal.
AUTOLINK makes two passes to determine the authentication style and the
protocol of the user session:
1. If authentication is required, the first pass determines the authentication style.
Either PPP authentication or character-cell authentication can be used. You
can set the timer for the first pass to be between 10 and 60 seconds. If no
authentication is required, AUTOLINK determines the session style.
2. If there has been an authentication pass, the second pass determines the
protocol of the user session. The protocol can be SLIP, PPP, or character-cell
terminal. You can set the timer for the second pass to be between 0 and 60
seconds. If the timer expires, AUTOLINK assumes a character-cell terminal.
Disabled PC clients that connect immediately using PPP will be
authenticated using either CHAP or PAP authentication. If
the LCP negotiation for CHAP is not acknowledged, the
access server requires PPP PAP authentication.
CHAP USERNAME PC clients that connect immediately to PPP will be
authenticated using PPP CHAP authentication.
If you user the CHAP NOUSERNAME options with the
PORT LCP AUTHENTICATION command, the login fails.
LCP Authentication Results