Hello
@November 123 wrote:
PPP & CHAP
- R4 must require R1 and R2 to authenticate using CHAP but R1 and R2 must not require R4 to authenticate
means that you can't run command
ppp authentication chap
command on R1 and R2 and you cant use
Username command on R1 and R2 otherwise it ask asuthentication from R4.
- R1 and R2 cannot use ppp chap hostname,
they can use ppp chap password with
Hello
one way PPP authentication is applicable?
Examaple:
R4
username Router1 password STAN1
username Router2 password STAN2
int y/y
Description R1
encapsulation ppp
ppp authentication chap callin < one way authentication>
ppp chap hostname Router1
int x/x
Description R2
encapsulation ppp
ppp authentication chap callin
ppp chap hostname Router2
R1 & R2
username Router4 password STAN4
int x/x
encapsulation ppp
ppp chap hostname Router4
@November 123 wrote:
"Security".
- Make sure that all CHAP passwords are shown in clear int the configuration - Use radius server at 6.6.44.200 as authentication server and fallback to the local AAA database in case the server is unreachable.
- Use "Singtel" as key required by the
Radius server
- Make sure AAA authentication does not affect any console or line VTY from any PPP devices (ensure that there is no username
prompt either) - Use only default authentication list for both console and line VTY.
radius server STAN
address ipv4 6.6.44.200 auth-port 1645 acct-port 1646
key Singtel
aaa group server radius RadiusPAP
server name STAN
aaa new-model
aaa authentication login default group RadiusPAP local
aaa authentication ppp default group RadiusPAP local
aaa authorization exec default group RadiusPAP if-authenticated
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
