72-2
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter72 Configuring the PPPoE Client
Configuring the PPPoE Client Username and Password
Note PPPoE is not supported when failover is configured on the ASA, or in multiple context or transparent
mode. PPPoE is only supported in single, routed mode, without failover.
Configuring the PPPoE Client Username and Password
To configure the username and password used to authenticate the ASA to the access concentrator, use
the vpdn command. To use the vpdn command, you first define a VPDN group and then create
individual users within the group.
To configure a PPPoE username and password, perform the following steps:
Step1 Define the VPDN group to be used for PPPoE using the following command:
hostname(config)# vpdn group group_name request dialout pppoe
In this command, replace group_name with a descriptive name for the group, such as “pppoe-sbc.”
Step2 If your ISP requires authentication, select an authentication protocol by entering the following
command:
hostname(config)# vpdn group group_name ppp authentication {chap | mschap | pap}
Replace group_name with the same group name you defined in the previous step. Enter the appropriate
keyword for the type of authentication used by your ISP:
CHAP—Challenge Handshake Authentication Protocol
MS-CHAP—Microsoft Challenge Handshake Authentication Protocol Version 1
PAP—Password Authentication Protocol
Note When using CHAP or MS-CHAP, the username may be referred to as the remote system name,
while the password may be referred to as the CHAP secret.
Step3 Associate the username assigned by your ISP to the VPDN group by entering the following command:
hostname(config)# vpdn group group_name localname username
Replace group_name with the VPDN group name and username with the username assigned by your ISP.
Step4 Create a username and password pair for the PPPoE connection by entering the following command:
hostname(config)# vpdn username username password password [store-local]
Replace username with the username and password with the password assigned by your ISP.
Note The store-local option stores the username and password in a special location of NVRAM on
the ASA. If an Auto Update Server sends a clear config command to the ASA and the connection
is then interrupted, the ASA can read the username and password from NVRAM and
re-authenticate to the Access Concentrator.