background image

 

 

For remote AAA authentication, the username and password of the peer must be configured on 
the remote AAA server. 

 

The username and password configured for the peer must meet the following requirements: 

{

 

The username configured for the peer must be the same as that configured on the peer by 
using the 

ppp chap user

 command. 

{

 

The passwords configured for the authenticator and peer must be the same. 

When you configure the peer, follow these guidelines: 

 

For local AAA authentication, the username and password of the authenticator must be 
configured on the peer. 

 

For remote AAA authentication, the username and password of the authenticator must be 
configured on the remote AAA server. 

 

The username and password configured for the authenticator must meet the following 
requirements: 

{

 

The username configured for the authenticator must be the same as that configured on the 
authenticator by using the 

ppp chap user

 command. 

{

 

The passwords configured for the authenticator and peer must be the same. 

 

The peer does not support the CHAP authentication password configured by using the 

ppp 

chap password

 command. CHAP authentication (authenticator name is configured) will 

apply even if the authentication name is configured. 

Configuring the authenticator 

1. 

Enter system view. 

system-view 

2. 

Enter interface view. 

interface interface-type interface-number 

3. 

Configure the authenticator to authenticate the peer by using CHAP. 

ppp

 

authentication-mode

 

chap

 

[

 

[

 

call-in

 

]

 

domain 

{

 

isp-name

 

|

 

default

 

enable

 

isp-name 

}

 

By default, PPP authentication is disabled.  

4. 

Configure a username for the CHAP authenticator. 

ppp

 

chap

 

user username 

The default setting is null. 

5. 

Configure local or remote AAA authentication. 

For more information about AAA authentication, see 

Security Configuration Guide

.  

Configuring the peer 

1. 

Enter system view. 

system-view 

2. 

Enter interface view. 

interface interface-type interface-number 

3. 

Configure a username for the CHAP peer. 

ppp chap user

 

username 

The default setting is null. 

4. 

Configure local or remote AAA authentication. 

For more information about AAA authentication, see 

Security Configuration Guide

.  

Содержание SecPath F5030

Страница 1: ...F5060 F5080 F5000 M F5000 A E9628 F5010 F5020 GM F5020 F5040 F5000 C F5000 S E9342 F1020 F1030 F1050 F1060 F1070 F1080 F1020 GM F1070 GM E9345 F1000 AK130 AK135 AK140 AK145 AK150 AK155 AK160 AK165 AK...

Страница 2: ...H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice A...

Страница 3: ...e This documentation is intended for Network planners Field technical support and servicing engineers Network administrators Conventions The following information describes the conventions used in the...

Страница 4: ...attention to important information that if not understood or followed can result in personal injury CAUTION An alert that calls attention to important information that if not understood or followed c...

Страница 5: ...as a firewall load balancing NetStream SSL VPN IPS or ACG module Examples provided in this document Examples in this document might use devices that differ from your device in hardware model configur...

Страница 6: ...ameter profiles 6 About parameter profiles 6 Creating a parameter profile for a 3G modem 6 Creating a parameter profile for a 4G modem 6 Specifying the primary and backup profiles 7 Specifying the pri...

Страница 7: ...lized into a serial interface The cellular interface of a 4G modem can only be channelized into an Eth channel interface Restrictions Hardware compatibility with 3G 4G modem management Hardware Compat...

Страница 8: ...guring PIN verification 8 Optional Configuring DM 9 Optional Setting the RSSI thresholds 10 Optional Issuing a configuration directive to a 3G 4G modem 11 Optional Configuring 3G 4G modem reboot Confi...

Страница 9: ...By default a cellular interface is up Configuring an Eth channel interface for a 4G modem Configuring basic parameters for an Eth channel interface 1 Enter system view system view 2 Enter Eth channel...

Страница 10: ...e An Eth channel interface can communicate with other devices only after it obtains an IP address You can configure an IP address for an Eth channel interface in the following ways DHCP The Eth channe...

Страница 11: ...earch for available mobile networks Procedure 1 Enter system view system view 2 Enter cellular interface view controller cellular interface number 3 Optional Search for PLMNs plmn search 4 Configure a...

Страница 12: ...mode none chap pap user username password password The default setting depends on the modem model Creating a parameter profile for a 4G modem 1 Enter system view system view 2 Create a parameter prof...

Страница 13: ...sed for 3G modem dialup Specifying the primary and backup profiles for a 4G modem 1 Enter system view system view 2 Enter Eth channel interface view interface eth channel interface number 3 Specify th...

Страница 14: ...twork and a SIM card is used in other mobile networks Each SIM UIM card has a Personal Identification Number PIN PIN verification prevents unauthorized access to the SIM UIM card To perform PIN verifi...

Страница 15: ...M UIM card pin modify current pin new pin The new PIN is saved in the SIM UIM card After the PIN is modified execute the pin verify command to save the new PIN on the device Configuring DM NOTE Suppor...

Страница 16: ...directive to the 3G 4G modem sendat at string Configuring 3G 4G modem reboot Configuring automatic reboot About automatic reboot The 3G modem might malfunction in an unstable 3G network or when the ap...

Страница 17: ...PPP LCP negotiation of the IMSI SI when it acts as a LAC to access the LNS in LAC auto initiated mode After you bind the IMSI on the SIM card to a virtual PPP interface the packets sent by the device...

Страница 18: ...n about DDR dialup see Configuring DDR Figure 1 Network diagram Procedure Configure dialer group 1 and configure DDR to place calls for IP packets Router system view Router dialer group 1 rule ip perm...

Страница 19: ...tly For example the 3G 4G modem receives no signals or fails to connect to service providers networks Solution To resolve the issue 1 Execute the shutdown command and the undo shutdown command on the...

Страница 20: ...egotiation on the client 9 Enabling IP segment match 10 Configuring DNS server IP address negotiation on the client 10 Configuring ACFC negotiation 11 Configuring PFC negotiation 11 Enabling IP header...

Страница 21: ...stablishment phase the LCP negotiation is performed The LCP configuration options include Authentication Protocol Async Control Character Map ACCM Maximum Receive Unit MRU Magic Number Protocol Field...

Страница 22: ...the result calculated from the password and random packet ID by using the MD5 algorithm It is more secure than PAP The authenticator may or may not be configured with a username As a best practice co...

Страница 23: ...IPCP negotiation can determine the DNS server IP address When the device is connected to a host configure the device as the server to assign the DNS server IP address to the host When the device is co...

Страница 24: ...ollowing tasks 1 Configuring PPP authentication Choose one of the following tasks Configuring PAP authentication Configuring CHAP authentication authenticator name is configured Configuring CHAP authe...

Страница 25: ...default enable isp name By default PPP authentication is disabled 4 Configure local or remote AAA authentication For more information about AAA authentication see Security Configuration Guide Configur...

Страница 26: ...e authenticator and peer must be the same The peer does not support the CHAP authentication password configured by using the ppp chap password command CHAP authentication authenticator name is configu...

Страница 27: ...type interface number 3 Configure the authenticator to authenticate the peer by using CHAP ppp authentication mode chap call in domain isp name default enable isp name By default PPP authentication i...

Страница 28: ...username for the MS CHAP or MS CHAP V2 authenticator ppp chap user username 5 Configure local or remote AAA authentication For more information about AAA authentication see Security Configuration Guid...

Страница 29: ...ket If no response is received before the timer expires the device sends the packet again If two ends of a PPP link vary greatly in the LCP negotiation packet processing rate configure this command on...

Страница 30: ...gotiation on the client About DNS server IP address negotiation on the client During PPP negotiation the server will assign a DNS server IP address only for a client configured with the ppp ipcp dns r...

Страница 31: ...the ACFC option in outbound LCP negotiation requests Configuring local end to reject ACFC requests received from the peer 1 Enter system view system view 2 Enter interface view interface interface ty...

Страница 32: ...smission IPHC is often used for voice communications over low speed links IPHC provides the following compression features RTP header compression Compresses the IP header UDP header and RTP header of...

Страница 33: ...kets to measure the link quality If two consecutive measured results are below the close percentage the system shuts down the link Then the system measures the link quality at an interval that is ten...

Страница 34: ...11 adsl cap adsl dmt async cable ethernet g 3 fax idsl isdn async v110 isdn async v120 isdn sync piafs sdsl sync virtual wireless other x 25 x 75 xdsl By default the NAS Port Type attribute is determi...

Страница 35: ...interface type interface number count ip address ipv4 address ipv6 address ipv6 address username user name user type lac lns pppoa pppoe count Display IPHC statistics display ppp compression iphc rtp...

Страница 36: ...etworks For more information about PPPoE see RFC 2516 PPPoE network structure PPPoE uses the client server model The PPPoE client initiates a connection request to the PPPoE server After session negot...

Страница 37: ...f time Diagnostic mode A PPPoE session is established immediately after the device configurations finish The device automatically terminates the PPPoE session and then tries to re establish a PPPoE se...

Страница 38: ...bundle enable By default bundle DDR is disabled 6 Associate the interface with the dial rule by associating the interface with the corresponding dialer group dialer group group number By default a di...

Страница 39: ...g a PPPoE session About resetting a PPPoE session After you reset a PPPoE session in permanent mode the device establishes a new PPPoE session when the autodial timer expires After you reset a PPPoE s...

Отзывы: