no CHAP challenges and denies all incoming CHAP challenges. To enable CHAP, you
must create an access profile, and you must configure the interfaces to use CHAP.
Configuring the PPP Challenge Handshake Authentication Protocol
When you configure an interface to use CHAP, you must assign an access profile to the
interface. When an interface receives CHAP challenges and responses, the access profile
in the packet is used to look up the shared secret, as defined in RFC 1994. If no matching
access profile is found for the CHAP challenge that was received by the interface, the
optionally configured default CHAP secret is used. The default CHAP secret is useful if
the CHAP name of the peer is unknown, or if the CHAP name changes during PPP link
negotiation.
To enable CHAP, you must create an access profile, and you must configure the interfaces
to use PAP. For more information on how to configure access profile, see Configuring
Access Profiles for L2TP or PPP Parameters.
To configure the PPP challenge handshake authentication protocol, on each physical
interface with PPP encapsulation, perform the following steps.
1. To assign an access profile to an interface, include the access-profile statement at
the [edit interfaces interface-name ppp-options chap] hierarchy level.
[edit interfaces interface-name ppp-options chap]
user@host# set access-profile name
NOTE: You must include the access-profile statement when you configure
the CHAP authentication method. If an interface receives a CHAP challenge
or response from a peer that is not in the applied access profile, the link
is immediately dropped unless a default CHAP secret has been configured.
2. The default CHAP secret is used when no matching CHAP access profile exists, or if
the CHAP name changes during PPP link negotiation. To configure a default CHAP
secret for an interface, include the default-chap-secret statement at the [edit interfaces
interface-name ppp-options chap] hierarchy level.
[edit interfaces interface-name ppp-options chap]
user@host# set default-chap-secret name
3. To configure the name the interface uses in CHAP challenge and response packets,
include the local-name statement at the [edit interfaces interface-name ppp-options
chap] hierarchy level:
[edit interfaces interface-name ppp-options chap]
user@host# set local-name name
Copyright © 2017, Juniper Networks, Inc.494
ACX Series Universal Access Router Configuration Guide
To Next Page
Loading...
Need help?
General
