Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentXR 12000
71727374757677787980
6-18
Cisco XR 12000 Series Router SIP and SPA Software Configuration Guide, Release 3.2
Release 3.2, OL-6396-01, Rev.A1 January 9, 2006
Chapter 6 Configuring POS SPAs on Cisco IOS XR Software
Configuration Tasks
PPP provides Network Control Protocols (NCPs) for negotiating properties of data protocols that will
run on the link: IP Control Protocol (IPCP) to negotiate IP properties, Multiprotocol Label Switching
control processor (MPLSCP) to negotiate MPLS properties, Cisco Discovery Protocol control processor
(CDPCP) to negotiate CDP properties, IPv6CP to negotiate IP Version 6 (IPv6) properties, and Open
Systems Interconnection control processor (OSICP) to negotiate OSI properties.
Perform this task to configure PPP on POS interfaces.
Prerequisites
To use the encapsulation ppp command, you must be in a user group associated with a task group that
includes the proper task IDs for interface and PPP commands. To use the ppp authentication command,
you must be in a user group associated with a task group that includes the proper task IDs for AAA and
PPP commands.
Task IDs for commands are listed in the Cisco IOS XR Task ID Reference Guide.
PPP Encapsulation
Use the encapsulation ppp command to enable PPP encapsulation on an interface.
To enable Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol
(PAP) or both, and to specify the order in which CHAP, MS-CHAP, and PAP authentication is selected
on the interface, use the ppp authentication command in interface configuration mode.
When you enable CHAP or PAP authentication (or both), the local router requires the remote device to
prove its identity before allowing data traffic to flow. PAP authentication requires the remote device to
send a name and a password, which are checked against a matching entry in the local username database
or in the remote security server database. CHAP authentication sends a challenge message to the remote
device. The remote device encrypts the challenge value with a shared secret and returns the encrypted
value and its name to the local router in a response message. The local router attempts to match the
remote device’s name with an associated secret stored in the local username or remote security server
database; it uses the stored secret to encrypt the original challenge and verify that the encrypted values
match.
You can enable CHAP, MS-CHAP, or PAP in any order. If you enable all three methods, the first method
specified is requested during link negotiation. If the peer suggests using the second method, or refuses
the first method, the second method is tried. Some remote devices support only one method. Base the
order in which you specify methods on the remote device’s ability to correctly negotiate the appropriate
method, and on the level of data line security you require. PAP usernames and passwords are sent as clear
text strings, which can be intercepted and reused.
Enabling or disabling PPP authentication does not affect the local router’s ability to authenticate itself
to the remote device.
MS-CHAP is the Microsoft version of CHAP. Like the standard version of CHAP, MS-CHAP is used for
PPP authentication; in this case, authentication occurs between a personal computer using Microsoft
Windows NT or Microsoft Windows 95 and a Cisco router or access server acting as a network access
server.
Enabling or disabling PPP authentication does not affect the local router’s willingness to authenticate
itself to the remote device.