[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring the PPP Challenge Handshake Authentication Protocol

For interfaces with PPP encapsulation, you can configure interfaces to support the PPP Challenge Handshake Authentication Protocol (CHAP), as defined in RFC 1994, PPP Challenge Handshake Authentication Protocol (CHAP). When you enable CHAP on an interface, the interface can authenticate its peer and can be authenticated by its peer.

By default, PPP CHAP is disabled. If CHAP is not explicitly enabled, the interface makes no CHAP challenges and denies all incoming CHAP challenges. To enable CHAP, you must create an access profile, and you must configure the interfaces to use CHAP.

To configure a CHAP access profile, include the profile statement and specify a profile name at the [edit access] hierarchy level:

[edit access]
profile profile-name {
client name chap-secret data;
}

For more information about configuring access profiles, see the JUNOS System Basics Configuration Guide.

When you configure an interface to use CHAP, you must assign an access profile to the interface. When an interface receives CHAP challenges and responses, the access profile in the packet is used to look up the shared secret, as defined in RFC 1994.

If no matching access profile is found for the CHAP challenge that was received by the interface, the optionally configured default CHAP secret is used. The default CHAP secret is useful if the CHAP name of the peer is unknown, or if the CHAP name changes during PPP link negotiation.

To configure PPP CHAP on an interface with PPP encapsulation, include the chap statement at the [edit interfaces interface-name ppp-options] hierarchy level:

[edit interfaces interface-name ppp-options]
chap {
access-profile name;
default-chap-secret name;
local-name name;
passive;
}

On each interface with PPP encapsulation, you can configure the following PPP CHAP properties:

When you configure PPP over ATM or Multilink PPP over ATM encapsulation, you can enable CHAP on the logical interface. For more information, see Configuring PPP over ATM2 Encapsulation.

[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.