R3303-HP HSR6800 Routers Layer 2 - WAN Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

Configuring MS-CHAP or MS-CHAP-V2 authentication

When you configure MS-CHAP or MS-CHAP-V2 authentication, follow these guidelines:

• In MS-CHAP or MS-CHAP-V2 authentication, an HP device can only be an authenticator

• L2TP supports the MS-CHAP authentication but does not support the MS-CHAP-V2 authentication.

• MS-CHAP-V2 authentication supports password changing only when using RADIUS.

Depending on whether the authenticator is configured with a username, the configuration of MS-CHAP

or MS-CHAP-V2 authentication includes the following two types:

1. Configuring MS-CHAP or MS-CHAP-V2 authentication when the authenticator name is configured

Step Command Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type

interface-number

N/A

3. Configure the local router to

authenticate the supplicant by

using MS-CHAP or

MS-CHAP-V2.

ppp authentication-mode

{ ms-chap | ms-chap-v2 }

[ [ call-in ] domain isp-name ]

By default, PPP authentication is

not performed.

4. Assign a username to the

MS-CHAP or MS-CHAP-V2

authenticator.

ppp chap user username

The username you assign to the

authenticator here must be the

same as the local username you

assign to the authenticator on the

supplicant.

5. Configure local or remote

AAA authentication.

For local AAA authentication, the

username and password of the

supplicant must be configured on

the authenticator.

For remote AAA authentication,

the username and password of the

supplicant must be configured on

the remote AAA server.

For more information about AAA

authentication, see Security

Configuration Guide.

The username and password

configured for the supplicant must

be the same as those configured on

the supplicant.

2. Configuring MS-CHAP or MS-CHAP-V2 authentication when no authenticator name is configured

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type interface-number N/A

3. Configure the local

device to

authenticate the

supplicant by using

MS-CHAP or

MS-CHAP-V2.

ppp authentication-mode { ms-chap |

ms-chap-v2 } [ [ call-in ] domain

isp-name ]

By default, PPP authentication is

disabled.