8
MS-CHAP-V2 authentication supports password change only when using RADIUS.
As a best practice, do not set the authentication method for PPP users to
none
when MS-CHAP-V2
authentication is used.
For local AAA authentication, the username and password of the peer must be configured on the
authenticator. For remote AAA authentication, the username and password of the peer must be
configured on the remote AAA server. The username and password of the peer configured on the
authenticator or remote AAA server must be the same as those configured on the peer.
If authentication name is configured, the username configured for the authenticator on the peer must
be the same as that configured on the authenticator by using the
ppp
chap
user
command.
Configuring MS-CHAP or MS-CHAP-V2 authentication (authenticator name is configured)
1.
Enter system view.
system-view
2.
Enter interface view.
interface
interface-type interface-number
3.
Configure the authenticator to authenticate the peer by using MS-CHAP or MS-CHAP-V2.
ppp authentication-mode
{
ms-chap
|
ms-chap-v2
}
[
[
call-in
]
domain
{
isp-name
|
default
enable
isp-name
}
]
By default, PPP authentication is disabled.
4.
Configure a username for the MS-CHAP or MS-CHAP-V2 authenticator.
ppp chap user
username
5.
Configure local or remote AAA authentication.
For more information about AAA authentication, see
Security Configuration Guide
.
Configuring MS-CHAP or MS-CHAP-V2 authentication (authenticator name is not configured)
1.
Enter system view.
system-view
2.
Enter interface view.
interface interface-type interface-number
3.
Configure the authenticator to authenticate the peer by using MS-CHAP or MS-CHAP-V2.
ppp authentication-mode
{
ms-chap
|
ms-chap-v2
}
[
[
call-in
]
domain
{
isp-name
|
default
enable
isp-name
}
]
By default, PPP authentication is disabled.
4.
Configure local or remote AAA authentication.
For more information about AAA authentication, see
Security Configuration Guide
.
Configuring the polling feature
About the polling feature
The polling feature checks PPP link state.
On an interface that uses PPP encapsulation, the link layer sends keepalive packets at keepalive
intervals to detect the availability of the peer. If the interface receives no response to keepalive
packets when the keepalive retry limit is reached, it determines that the link fails and reports a link
layer down event.
To set the keepalive retry limit, use the
timer-hold retry
command.
The value 0 disables an interface from sending keepalive packets. In this case, the interface can
respond to keepalive packets from the peer.