PPP Commands
8-86 Configuring the Point-to-Point Protocol
XSR(config)#interface serial 1/0
XSR(config-if<S1/0>)#encapsulation ppp
XSR(config-if<S1/0>)#no shutdown
Thefollowingexampleselectschannelgroup12oftheT1/E1port1onthesecondNIMcardsothat
laterconfigurationswillapplytothisserialport:
XSR(config)#interface serial 2/1:12
XSR(config-if<s2/1:12)#encapsulation ppp
XSR(config-if<S1/0>)#no shutdown

ppp authentication

ThiscommandspecifiesthetypeandorderinwhichCHAP,MSCHAPorPAPprotocolsare
requestedontheinterface.OnceCHAP,PAPauthenticationorbothhavebeenenabled,theXSR
requirestheremotedevicetoproveitsidentitybeforeallowingdatatraffictoflow.
PAPauthenticationrequirestheremotedevicetosendanameandpasswordtobechecked
againstamatchingentryinthelocalusernamedatabase.
CHAPauthenticationsendsachallengetotheremotedevice.Theremotedevicemustencryptthe
challengevaluewithasharedsecretandreturntheencryptedvalueanditsnametotheXSRina
responsemessage.TheXSRusestheremotedeviceʹsnametolookuptheappropriatesecretinthe
localusernamedatabase.Itusesthelookedupsecrettoencrypttheoriginalchallengeandverify
thatencryptedvaluesmatch.
MSCHAPiscloselyderivedfromthePPPCHAPwiththeexceptionthatitusesMD4asthe
hashingalgorithm.
YoumayenablePAPorCHAP,MSCHAPorallofthem,ineitherorder.Ifbothmethodsare
enabled,thenthefirstmethodspecifiedwillberequestedduringlinknegotiation.Ifthepeer
suggestsusingthesecondmethodorsimplyrefusesthefirst,thenthesecondmethodistried.
SomeremotedevicessupportCHAPonlyandsomePAPonly.Theorderinwhichyouspecifythe
methodswillbebasedonyourconcernsabouttheremotedeviceʹsabilitytocorrectlynegotiatethe
appropriatemethodaswellasyourconcernaboutdatalinesecurity.PAPusernamesand
passwordsaresentascleartextstringsandcanbeinterceptedandreused.CHAPhaseliminated
mostoftheknownsecurityholes.
EnablingordisablingPPPauthenticationdoesnotaffecttheXSRʹswillingnesstoauthenticate
itselftotheremotedevice.
Syntax
ppp authentication {any mix of pap chap ms-chap}
Possibleparametercombinationsinclude:
Note: If you specify CHAP authentication on one side of a connection, you should set CHAP on the
other side as well.
chap EnablesCHAPonaserialinterface.
pap EnablesPAPonaserialinterface.
ms-chap EnablesMSCHAPonaserialinterface.
chap pap PreferenceofCHAPauthenticationbeforePAP.
pap chap PreferenceofPAPauthenticationbeforeCHAP.