R3721-F3210-F3171-HP High-End Firewalls Network Management Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

131

132

133

134

135

136

137

138

139

140

113

Default level

2: System level

Parameters

chap: Uses challenge-handshake authentication protocol (CHAP) authentication.

ms-chap: Uses Microsoft CHAP (MS-CHAP) authentication.

ms-chap-v2: Uses Microsoft CHAP Version 2 (MS-CHAP-V2) authentication.

pap: Uses password authentication protocol (PAP) authentication.

call-in: Authenticates the call-in users only.

domain isp-name: Specifies the domain name for authentication, a string of 1 to 24 characters.

Description

Use ppp authentication-mode to configure the PPP authentication mode.

Use undo ppp authentication-mode to disable PPP authentication.

By default, PPP authentication is disabled.

If you run the ppp authentication-mode command with the domain keyword specified, you must

configure an address pool in the corresponding domain. (You can use the display domain command to

display the domain configuration.)

If you configure the ppp authentication-mode command without specifying the domain name, the system

checks the username for domain information. If the username contains a domain name, the domain will

be used for authentication (If the domain does not exist, the user's access request will be denied). If not,

the default domain is used (you can use the domain default command to configure the default domain;

if no default domain is configured, the default domain system is used by default).

PPP authentication falls into the following types:

• PAP authentication—Two-way handshake authentication. The password used is in plain text.

• CHAP authentication—Three-way handshake authentication. The password is in cipher text.

• MS-CHAP—Three-way handshake authentication. The password is in cipher text.

• MS-CHAP-V2—Three-way handshake authentication. The password is in cipher text.

You can configure several authentication modes simultaneously. In addition, you can also use the AAA

authentication algorithm list (if defined) to authenticate users.

In any PPP authentication mode, AAA determines whether a user can pass the authentication through a

local authentication database or an AAA server.

NOTE:

For more information about creatin

a local user account, confi

urin

its attributes, creatin

a domain,

and configuring domain attributes, see

Access Control Configuration Guide

For authentication on a dial-up interface, configure authentication on both the physical interface and the

dialer interface. Because when a physical interface receives a DCC call request, it first initiates PPP

negotiation and authenticates the dial-in user, and then passes the call to the upper layer protocol.

Related commands: ppp chap user, ppp pap local-user, and ppp chap password; local-user and

domain default.