Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
0
Helpful
4
Replies

Username and password for local login and ppp

gwhuang5398
Level 2
Level 2

‎01-06-2009 02:07 PM - edited ‎03-04-2019 03:21 AM

I have the following username and password on the same router:

username admin password admin

username Router2 password pppchap

I want to use "admin" for local authentication to console and VTY (login local), and use Router2 for PPP authentication (ppp authentication chap). My question is how the router tells which username should be used for which authentication?

Thanks a lot

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎01-06-2009 02:25 PM

Gary

When you are just using locally configured user names and passwords on the router, I am not aware of a way to separate functions so that admin is only used for console and VTY and Router2 is used only for ppp. If someone connected to the console and entered Router2 as the ID I believe that the router would authenticate it.

I have done something similar to this, where access to console and VTY was authenticated to one server (using AAA authentication) and PPP was authenticated to another server (or could be authenticated locally). But this works because the user IDs are separated and you go one place for console/VTY and go somewhere else for PPP. I do not see a way to do it when all IDs are configured locally on the router.

HTH

Rick

HTH

Rick
0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-06-2009 02:27 PM

Hello Gary,

actually both can be used to access the router on a VTY

for the ppp authentication you can use

dialer map ip

or dialer remote-name

to specify the username to be used for PPP authentication

You can protect your VTY by using an access-list appplied with

access-class in

in vty 0 4 configuration

Hope to help

Giuseppe

0 Helpful

gwhuang5398
Level 2
Level 2
In response to Giuseppe Larosa

‎01-06-2009 02:45 PM

Thanks all for the information. Both usernames are good for console and VTY "login local". I was more concerned about PPP authentication. Supposedly local router uses remote router's hostname as username to authenticate. If more than one username exist, I was wondering if authentication would fail even though the remote router has thr right host name.

If someone has tested it, that'll be great.

Thanks again.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to gwhuang5398

‎01-06-2009 03:08 PM

Gary

I am pretty sure that I have tested this (though the was a VERY long time ago and my memory is slightly vague about it) and belive that it is not a problem when you have multiple user names configured. In doing PPP/CHAP the router gets the ID of the peer (typically the host name) and looks in its configured user names to see if there is a match. As long as there is a match on the host name the router does not care how many other names are configured.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card