HP VPN Firewall Appliances Network Management Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

141

142

143

144

145

146

147

148

149

150

122

Syntax

ppp authentication-mode { chap | ms-chap | ms-chap-v2 | pap } * [ [ call-in ] domain isp-name ]

undo ppp authentication-mode

Default

PPP authentication is disabled.

Views

Interface view

Default command level

2: System level

Parameters

chap: Uses CHAP authentication.

ms-chap: Uses MS-CHAP authentication.

ms-chap-v2: Uses MS-CHAP-V2 authentication.

pap: Uses PAP authentication.

call-in: Authenticates the call-in users only.

domain isp-name: Specifies the domain name for authentication, a case-insensitive string of 1 to 24

characters.

Usage guidelines

If you run the ppp authentication-mode command with the domain keyword specified, you must

configure an address pool in the corresponding domain. You can use the display domain command to

display the domain configuration.

If you configure the ppp authentication-mode command without specifying the domain name, the system

checks the username for domain information. If the username contains a domain name, the domain will

be used for authentication. If the domain does not exist, the user's access request will be denied. If the

username does not contain a domain name, the default domain is used. You can use the domain default

command to configure the default domain. If no default domain is configured, the default domain system

is used by default.

PPP authentication includes the following types:

• PAP—Two-way handshake authentication. The password used is in plain text.

• CHAP—Three-way handshake authentication. The password is in cipher text.

• MS-CHAP—Three-way handshake authentication. The password is in cipher text.

• MS-CHAP-V2—Three-way handshake authentication. The password is in cipher text.

You can configure several authentication modes simultaneously. In addition, you can also use the AAA

authentication algorithm list (if defined) to authenticate users.

In any PPP authentication mode, AAA determines whether a user can pass the authentication through a

local authentication database or an AAA server. For more information about AAA authentication, see

Access Control Configuration Guide.

For authentication on a dialup interface, configure authentication on both the physical interface and the

dialer interface. When a physical interface receives a DCC call request, it first initiates PPP negotiation

and authenticates the dial-in user, and then passes the call to the upper layer protocol.