manualshive.com logo in svg

H3C SecPath F5030, Configuration Manual


Share
Download
background image

 

Configuring CHAP authentication (authenticator name is not 
configured)  

Restrictions and guidelines for CHAP authentication (authenticator name is not configured) 

For local AAA authentication, the username and password of the peer must be configured on the 
authenticator. 

For remote AAA authentication, the username and password of the peer must be configured on the 
remote AAA server. 

The username and password configured for the peer must meet the following requirements: 

 

The username configured for the peer must be the same as that configured on the peer by 
using the 

ppp chap user

 command. 

 

The password configured for the peer must be the same as that configured on the peer by using 
the 

ppp chap password

 command. 

Configuring the authenticator 

1. 

Enter system view. 

system-view 

2. 

Enter interface view. 

interface interface-type interface-number 

3. 

Configure the authenticator to authenticate the peer by using CHAP. 

ppp

 

authentication-mode

 

chap

 

[

 

[

 

call-in

 

]

 

domain 

{

 

isp-name

 

|

 

default

 

enable

 

isp-name 

}

 

By default, PPP authentication is disabled.  

4. 

Configure local or remote AAA authentication. 

For more information about AAA authentication, see 

Security Configuration Guide

.  

Configuring the peer 

1. 

Enter system view. 

system-view 

2. 

Enter interface view. 

interface interface-type interface-number 

3. 

Configure a username for the CHAP peer. 

ppp chap user

 

username 

The default setting is null. 

4. 

Set the CHAP authentication password. 

ppp chap password

 

{

 cipher

 

|

 

simple 

}

 

string 

The default setting is null. 

For security purposes, the password specified in plaintext form and ciphertext form will be 
stored in encrypted form. 

Configuring MS-CHAP or MS-CHAP-V2 authentication 

Restrictions and guidelines for MS-CHAP or MS-CHAP-V2 authentication 

The device can only act as an authenticator for MS-CHAP or MS-CHAP-V2 authentication. 

L2TP supports only MS-CHAP authentication. 

Summary of Contents for SecPath F5030

Page 1: ...F5060 F5080 F5000 M F5000 A E9628 F5010 F5020 GM F5020 F5040 F5000 C F5000 S E9342 F1020 F1030 F1050 F1060 F1070 F1080 F1020 GM F1070 GM E9345 F1000 AK130 AK135 AK140 AK145 AK150 AK155 AK160 AK165 AK...

Page 2: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Page 3: ...e This documentation is intended for Network planners Field technical support and servicing engineers Network administrators Conventions The following information describes the conventions used in the...

Page 4: ...attention to important information that if not understood or followed can result in personal injury CAUTION An alert that calls attention to important information that if not understood or followed c...

Page 5: ...as a firewall load balancing NetStream SSL VPN IPS or ACG module Examples provided in this document Examples in this document might use devices that differ from your device in hardware model configur...

Page 6: ...ameter profiles 6 About parameter profiles 6 Creating a parameter profile for a 3G modem 6 Creating a parameter profile for a 4G modem 6 Specifying the primary and backup profiles 7 Specifying the pri...

Page 7: ...lized into a serial interface The cellular interface of a 4G modem can only be channelized into an Eth channel interface Restrictions Hardware compatibility with 3G 4G modem management Hardware Compat...

Page 8: ...guring PIN verification 8 Optional Configuring DM 9 Optional Setting the RSSI thresholds 10 Optional Issuing a configuration directive to a 3G 4G modem 11 Optional Configuring 3G 4G modem reboot Confi...

Page 9: ...By default a cellular interface is up Configuring an Eth channel interface for a 4G modem Configuring basic parameters for an Eth channel interface 1 Enter system view system view 2 Enter Eth channel...

Page 10: ...e An Eth channel interface can communicate with other devices only after it obtains an IP address You can configure an IP address for an Eth channel interface in the following ways DHCP The Eth channe...

Page 11: ...earch for available mobile networks Procedure 1 Enter system view system view 2 Enter cellular interface view controller cellular interface number 3 Optional Search for PLMNs plmn search 4 Configure a...

Page 12: ...mode none chap pap user username password password The default setting depends on the modem model Creating a parameter profile for a 4G modem 1 Enter system view system view 2 Create a parameter prof...

Page 13: ...sed for 3G modem dialup Specifying the primary and backup profiles for a 4G modem 1 Enter system view system view 2 Enter Eth channel interface view interface eth channel interface number 3 Specify th...

Page 14: ...twork and a SIM card is used in other mobile networks Each SIM UIM card has a Personal Identification Number PIN PIN verification prevents unauthorized access to the SIM UIM card To perform PIN verifi...

Page 15: ...M UIM card pin modify current pin new pin The new PIN is saved in the SIM UIM card After the PIN is modified execute the pin verify command to save the new PIN on the device Configuring DM NOTE Suppor...

Page 16: ...directive to the 3G 4G modem sendat at string Configuring 3G 4G modem reboot Configuring automatic reboot About automatic reboot The 3G modem might malfunction in an unstable 3G network or when the ap...

Page 17: ...PPP LCP negotiation of the IMSI SI when it acts as a LAC to access the LNS in LAC auto initiated mode After you bind the IMSI on the SIM card to a virtual PPP interface the packets sent by the device...

Page 18: ...n about DDR dialup see Configuring DDR Figure 1 Network diagram Procedure Configure dialer group 1 and configure DDR to place calls for IP packets Router system view Router dialer group 1 rule ip perm...

Page 19: ...tly For example the 3G 4G modem receives no signals or fails to connect to service providers networks Solution To resolve the issue 1 Execute the shutdown command and the undo shutdown command on the...

Page 20: ...egotiation on the client 9 Enabling IP segment match 10 Configuring DNS server IP address negotiation on the client 10 Configuring ACFC negotiation 11 Configuring PFC negotiation 11 Enabling IP header...

Page 21: ...stablishment phase the LCP negotiation is performed The LCP configuration options include Authentication Protocol Async Control Character Map ACCM Maximum Receive Unit MRU Magic Number Protocol Field...

Page 22: ...the result calculated from the password and random packet ID by using the MD5 algorithm It is more secure than PAP The authenticator may or may not be configured with a username As a best practice co...

Page 23: ...IPCP negotiation can determine the DNS server IP address When the device is connected to a host configure the device as the server to assign the DNS server IP address to the host When the device is co...

Page 24: ...ollowing tasks 1 Configuring PPP authentication Choose one of the following tasks Configuring PAP authentication Configuring CHAP authentication authenticator name is configured Configuring CHAP authe...

Page 25: ...default enable isp name By default PPP authentication is disabled 4 Configure local or remote AAA authentication For more information about AAA authentication see Security Configuration Guide Configur...

Page 26: ...e authenticator and peer must be the same The peer does not support the CHAP authentication password configured by using the ppp chap password command CHAP authentication authenticator name is configu...

Page 27: ...type interface number 3 Configure the authenticator to authenticate the peer by using CHAP ppp authentication mode chap call in domain isp name default enable isp name By default PPP authentication i...

Page 28: ...username for the MS CHAP or MS CHAP V2 authenticator ppp chap user username 5 Configure local or remote AAA authentication For more information about AAA authentication see Security Configuration Guid...

Page 29: ...ket If no response is received before the timer expires the device sends the packet again If two ends of a PPP link vary greatly in the LCP negotiation packet processing rate configure this command on...

Page 30: ...gotiation on the client About DNS server IP address negotiation on the client During PPP negotiation the server will assign a DNS server IP address only for a client configured with the ppp ipcp dns r...

Page 31: ...the ACFC option in outbound LCP negotiation requests Configuring local end to reject ACFC requests received from the peer 1 Enter system view system view 2 Enter interface view interface interface ty...

Page 32: ...smission IPHC is often used for voice communications over low speed links IPHC provides the following compression features RTP header compression Compresses the IP header UDP header and RTP header of...

Page 33: ...kets to measure the link quality If two consecutive measured results are below the close percentage the system shuts down the link Then the system measures the link quality at an interval that is ten...

Page 34: ...11 adsl cap adsl dmt async cable ethernet g 3 fax idsl isdn async v110 isdn async v120 isdn sync piafs sdsl sync virtual wireless other x 25 x 75 xdsl By default the NAS Port Type attribute is determi...

Page 35: ...interface type interface number count ip address ipv4 address ipv6 address ipv6 address username user name user type lac lns pppoa pppoe count Display IPHC statistics display ppp compression iphc rtp...

Page 36: ...etworks For more information about PPPoE see RFC 2516 PPPoE network structure PPPoE uses the client server model The PPPoE client initiates a connection request to the PPPoE server After session negot...

Page 37: ...f time Diagnostic mode A PPPoE session is established immediately after the device configurations finish The device automatically terminates the PPPoE session and then tries to re establish a PPPoE se...

Page 38: ...bundle enable By default bundle DDR is disabled 6 Associate the interface with the dial rule by associating the interface with the corresponding dialer group dialer group group number By default a di...

Page 39: ...g a PPPoE session About resetting a PPPoE session After you reset a PPPoE session in permanent mode the device establishes a new PPPoE session when the autodial timer expires After you reset a PPPoE s...

Reviews:

No comments

Related manuals for SecPath F5030

PaloAlto Networks PA-500 Reference Manual preview
PA-500
Brand: PaloAlto Networks Pages: 20
PaloAlto Networks PA-3200 Series Quick Start Manual preview
PA-3200 Series
Brand: PaloAlto Networks Pages: 2
PaloAlto Networks PA-200 Hardware Reference Manual preview
PA-200
Brand: PaloAlto Networks Pages: 20
PaloAlto Networks PA-400 Series Hardware Reference Manual preview
PA-400 Series
Brand: PaloAlto Networks Pages: 60
PaloAlto Networks PA-7050 PAN-AIRDUCT Installation Manual preview
PA-7050 PAN-AIRDUCT
Brand: PaloAlto Networks Pages: 2
Watchguard Firebox SOHO 6.1 User Manual preview
Firebox SOHO 6.1
Brand: Watchguard Pages: 140
Sophos XGS 4300 Operating Instructions Manual preview
XGS 4300
Brand: Sophos Pages: 14
Watchguard Firebox SOHO 6 Wireless Client Manual preview
Firebox SOHO 6 Wireless
Brand: Watchguard Pages: 50
H3C H3C SECPATH F1000-S Installation Manual preview
H3C SECPATH F1000-S
Brand: H3C Pages: 78
Bitdefender BOXv2 User Manual preview
BOXv2
Brand: Bitdefender Pages: 13

Brands by name

Popular brands

Load more brands