Command Reference Guide

SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set

ppp authentication <protocol>

Use the ppp authentication command to specify the authentication protocol on the PPP virtual interface

that the peer should use to authenticate itself.

Syntax Description

<protocol > Specifies the authentication protocol used on this interface

chap Configures CHAP authentication on the interface

eap Configures EAP authentication on the interface

pap Configures PAP authentication on the interface

Default Values

By default, PPP endpoints have no authentication configured.

Command Modes

(config-ppp 1)# PPP Interface Configuration Mode required

Technology Review (Continued)

CHAP and PAP are two authentication methods that enjoy widespread support. Both methods are

included in the Secure Router OS and are easily configured.

Defining PAP

The Password Authentication Protocol (PAP) is used to verify that the PPP peer is a permitted device by

checking a username and password configured on the peer. The username and password are both sent

unencrypted across the connecting private circuit.

PAP requires two-way message passing. First, the router that is required to be authenticated (say the peer)

sends an authentication request with its username and password to the router requiring authentication

(say the local router). The local router then looks up the username and password in the username

database within the PPP interface, and if they match sends an authentication acknowledge back to the

peer.

Note

The authentication method set up on the local router can be different from that on the peer.

Also, just because one router requires authentication from its peer does not mean it also has

to authenticate itself to the peer.

Note

The PPP username and password database is separate and distinct from the global

username password database. For PAP and CHAP, use the database under the PPP

interface configuration.