Configuring ms-chap or ms-chap-v2 authentication – H3C Technologies H3C SecPath F5020 User Manual
Page 15
7
Step
Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter interface view.
interface interface-type
interface-number
N/A
3.
Configure the authenticator to
authenticate the peer by using
CHAP.
ppp authentication-mode chap
[ [ call-in ] domain isp-name ]
By default, PPP
authentication is disabled.
4.
Configure local or remote AAA
authentication.
For local AAA authentication, the
username and password of the peer
must be configured on the
authenticator.
For remote AAA authentication, the
username and password of the peer
must be configured on the remote
AAA server.
For more information about AAA
authentication, see Security
Configuration Guide.
The username configured for
the peer must be the same as
that configured on the peer.
The passwords configured
for the authenticator and
peer must be the same.
To configure the peer:
Step
Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter interface view.
interface interface-type
interface-number
N/A
3.
Configure a username for
the CHAP peer.
ppp chap user username
The default setting is null.
The username you configure on
the peer must be the same as the
local username you configure for
the peer on the authenticator.
4.
Set the CHAP authentication
password.
ppp chap password { cipher |
simple } password
The default setting is null.
The password you set on the peer
must be the same as the password
you set for the peer on the
authenticator.
Configuring MS-CHAP or MS-CHAP-V2 authentication
When you configure MS-CHAP or MS-CHAP-V2 authentication, follow these guidelines:
•
The device can only act as an authenticator for MS-CHAP or MS-CHAP-V2 authentication.
•
L2TP supports only MS-CHAP authentication.
•
MS-CHAP-V2 authentication supports password change only when using RADIUS.
Configuring MS-CHAP or MS-CHAP-V2 authentication when the authenticator name is configured
Step
Command
Remarks
1.
Enter system view.
system-view
N/A