AIS AI2524 If you use a list-name that has not been configured, Disable PPP on the line

AI2524 Router Card User’s Manual

the response and looking up the required host name or username. The secret passwords must be identical on the remote device and the local router.

By transmitting this response, the secret is never transmitted in clear text, preventing other devices from stealing it and gaining illegal ac- cess to the system. Without the proper response, the remote device cannot connect to the local router.

CHAP transactions occur only at the time a link is established. The local router or access server does not request a password during the rest of the call. The local device can, however, respond to such re- quests from other devices during a call.

When PAP is enabled, the remote router attempting to connect to the local router or access server is required to send an authentication re- quest. If the username and password specified in the authentication re- quest are accepted, the Cisco IOS software sends an authentication acknowledgment.

After you have enabled CHAP or PAP, the local router or access server requires authentication from remote devices. If the remote device does not support the enabled protocol, no traffic will be passed to that de- vice.

1.In interface configuration mode, enable PPP encapsulation: encapsulation ppp

2.In interface configuration mode, enable CHAP or PAP authentica- tion on an interface configured for PPP encapsulation:

ppp authentication {chap chap pap pap chap pap} [if-needed] [ list-name default] [callin]

The ppp authentication chap optional keyword, is used only with TACACS or extended TACACS. The optional keyword list-nameis used only with AAA/TACACS+.

3.Add a username entry for each remote system from which the local router or access server requires authentication.

In global configuration mode, specify the password to be used in CHAP or PAP caller identification:

username name password secret