PPP Authorization

From: gladston@br.ibm.com
Date: Fri Oct 08 2004 - 10:36:59 GMT-3

• Next message: PB W-wa: "Re: Disallowing Callout"
• Previous message: James: "Re: Voice Traffic ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Have you ever tested these configuration?
It works, the strange thing is that under serial interface there is no indication that "ppp authent" has a name-list option:

aaa new-model
aa authentication ppp AAA group tacacs+
aaa authorizaton network AAA group tacacs+
!
inter s 0
enc ppp
ppp authent chap TaskAAA
ppp authoriz TaskAAA

version 12.2(1d)

r2(config)#int ser 1
r2(config-if)#ppp authentication chap ?
  callback Authenticate remote on callback only
  callin Authenticate remote on incoming call only
  callout Authenticate remote on outgoing call only
  default Use the default authentication list
  ms-chap Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
  one-time Allow use of username*OTP for one-time passwords
  optional Allow peer to refuse to authenticate
  pap Password Authentication Protocol (PAP)

r2(config-if)#ppp authentication chap TaskAAA
r2(config-if)#

version 12.2(15)T9
r6(config-if)#int ser 0
r6(config-if)#ppp authentication chap ?
  WORD Use an authentication list with this name
  callback Authenticate remote on callback only
  callin Authenticate remote on incoming call only
  callout Authenticate remote on outgoing call only
  default Use the default authentication list
  eap Extensible Authentication Protocol (EAP)
  ms-chap Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
  ms-chap-v2 Microsoft CHAP Version 2 (MS-CHAP-V2)
  one-time Allow use of username*OTP for one-time passwords
  optional Allow peer to refuse to authenticate
  pap Password Authentication Protocol (PAP)
  <cr>
r6(config-if)#ppp authentication chap TaskAAA

The example is from "CCSPCisco Certified Security Professional Certification All-in-One Exam Guide"

(the book just show "ppp authentication TaskAAA"; It does not work on IOS, need chap after 'authenticatio'. I did not test on PIX.

From DocCD:

ppp authentication {protocol1 [protocol2...]} [if-needed] [list-name | default] [callin] [one-time] [optional]

 
list-name
 (Optional) Used with authentication, authorization, and accounting (AAA). Specifies the name of a list of methods of authentication to use. If no list name is specified, the system uses the default. The list is created with the aaa authentication ppp command

• Next message: PB W-wa: "Re: Disallowing Callout"
• Previous message: James: "Re: Voice Traffic ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:45 GMT-3