Supported Platforms
Controlling the Negotiation Order of PPP Authentication Protocols
You can control the order in which the router tries to negotiate PPP authentication protocols when it verifies that a PPP client can access the network. By default, the router first tries to negotiate Challenge Handshake Authentication Protocol (CHAP) authentication. If the the attempt to negotiate CHAP authentication is unsuccessful, the router then tries to negotiate Password Authentication Protocol (PAP) authentication.
You can modify this default negotiation order in any of the following ways:
- Specify that the router negotiate PAP authentication first,
followed by CHAP authentication if PAP negotiation is unsuccessful.
When you specify both authentication protocols in either order, you must enclose the set of protocol names in square brackets ([ ]).
- Specify that the router negotiate only CHAP authentication.
- Specify that the router negotiate only PAP authentication.
Before you begin:
- Configure the CHAP or PAP protocol on the interface.
- For dynamic PPP subscriber interfaces, see Configuring Dynamic Authentication for PPP Subscribers.
- For CHAP on static interfaces with PPP encapsulation, see Configuring the PPP Challenge Handshake Authentication Protocol.
- For PAP on static interfaces with PPP encapsulation, see Configuring the PPP Password Authentication Protocol.
To control the order in which the router negotiates PPP authentication protocols:
- Specify that you want to configure PPP options.
- For dynamic PPP subscriber interfaces:[edit dynamic-profiles profile-name interfaces pp0 unit “$junos-interface-unit”]user@host# edit ppp-options
- For static interfaces with PPP encapsulation:[edit interfaces pp0 unit logical-unit-number]user@host# edit ppp-options
- For dynamic PPP subscriber interfaces:
- Specify the negotiation order for PPP authentication protocols
on the router.
- For dynamic PPP subscriber interfaces:[edit dynamic-profiles profile-name interfaces pp0 unit “$junos-interface-unit” ppp-options]user@host# set authentication [authentication-protocols]
- For static interfaces with PPP encapsulation:[edit interfaces pp0 unit logical-unit-number ppp-options]user@host# set authentication [authentication-protocols]
- For dynamic PPP subscriber interfaces:
The following sample authentication statements in a dynamic profile named pppoe-client-profile show the different ways you can configure the negotiation order for PPP authentication protocols. (The authentication statements for configuring static interfaces are identical.)
- To specify that the router negotiate PAP authentication
first, followed by CHAP authentication:[edit dynamic-profiles pppoe-client-profile interfaces pp0 unit “$junos-interface-unit” ppp-options]user@host# set authentication [pap chap]
- To specify that the router negotiate only CHAP authentication:[edit dynamic-profiles pppoe-client-profile interfaces pp0 unit “$junos-interface-unit” ppp-options]user@host# set authentication chap
- To specify that the router negotiate only PAP authentication:[edit dynamic-profiles pppoe-client-profile interfaces pp0 unit “$junos-interface-unit” ppp-options]user@host# set authentication pap
- To restore the default negotiation order for PPP authentication
protocols after you have modified it:[edit dynamic-profiles pppoe-client-profile interfaces pp0 unit “$junos-interface-unit” ppp-options]user@host# set authentication [chap pap]
