R3303-HP HSR6800 Routers Layer 2 - WAN Command Reference
40
If you configure the ppp authentication-mode command without specifying the domain name, the system
checks the username for domain information. If the username contains a domain name, the domain will
be used for authentication If the domain does not exist, the user's access request will be denied. If the
username does not contain a domain name, the default domain is used. You can use the domain default
command to configure the default domain. If no default domain is configured, the default domain system
is used by default.
PPP authentication falls into the following categories:
• PAP—Two-way handshake authentication. The password used is in plain text.
• CHAP—Three-way handshake authentication. The password is in cipher text.
• MS-CHAP—Three-way handshake authentication. The password is in cipher text.
• MS-CHAP-V2—Three-way handshake authentication. The password is in cipher text.
You can configure several authentication modes simultaneously. In any PPP authentication mode, AAA
determines whether a user can pass the authentication through a local authentication database or an
AAA server.
Examples
# Configure interface Serial 2/0/1 to authenticate the peer device by using PAP.
<Sysname> system-view
[Sysname] interface serial 2/0/1
[Sysname-Serial2/0/1] ppp authentication-mode pap domain system
# Configure interface Serial 2/0/1 to authenticate the peer device by using PAP, CHAP, and MS-CHAP.
<Sysname> system-view
[Sysname] interface serial 2/0/1
[Sysname-Serial2/0/1] ppp authentication-mode pap chap ms-chap domain system
Related commands
• ppp chap user
• ppp pap local-user
• ppp chap password
• local-user (Security Command Reference)
• domain default (Security Command Reference)
ppp chap password
Use ppp chap password to set the password for CHAP authentication.
Use undo ppp chap password to cancel the configuration.
Syntax
ppp chap password { cipher | simple } password
undo ppp chap password
Views
Interface view
Default command level
2: System level