ppp authentication

Syntax

ppp authentication [ virtual-router vrName ] { authProtocol }

no ppp authentication

Release Information

Command introduced before JunosE Release 7.1.0.
eap keyword added in JunosE Release 7.3.0.

Description

Requests authentication from a PPP peer router. The no version removes the authentication requirement.

Options

• vrName—Name of a virtual router to be used as the authentication virtual router. Keep the following points in mind when you use this keyword:
  • When you specify a VR in the ppp authentication command, AAA does not query the domain map for the assigned VR context. Instead, AAA uses the VR specified in the ppp authentication command as the authentication VR context and issues the authentication request to the authentication server in the assigned VR context.
  • If you specify the default VR as the authentication VR context, AAA loosely binds the user to the default VR. This means that RADIUS can override the default VR context with a new VR context during the authentication process. When the ppp authentication virtual-router command specifies the default VR, AAA returns either the default VR or the VR specified by RADIUS.
  • If you specify a VR other than the default VR as the authentication VR, AAA tightly binds the user to the specified VR. This means that RADIUS cannot override the specified VR context with a new VR context during the authentication process. When the ppp authentication virtual-router command specifies a nondefault VR, AAA returns the specified VR.
  • If the VR specified in a profile with the ip virtual-router command differs from the VR provided by AAA, IP uses the VR provided by AAA when the dynamic IP upper-layer interface is created.
  • If the VR specified in a profile with the ipv6 virtual-router command differs from the VR provided by AAA, IPv6 uses the VR provided by AAA when the dynamic IPv6 upper-layer interface is created.
• authProtocol—One or more of the following protocols, in order of preference; if the peer router refuses to negotiate the first choice, then the local router requests the next specified protocol, and so on; if the peer router refuses to negotiate authentication, the local router terminates the session

  Note: The JunosE Software’s PPP application accepts null usernames during PAP and CHAP authentication. When the PPP application receives an authentication request that includes a null username, PPP passes the request to AAA. To take advantage of this feature, configure your authentication server to support the use of null usernames.

  • eap—Specifies EAP authentication protocol
  • chap—Specifies CHAP authentication protocol; MD5 authentication algorithm is supported
  • pap—Specifies PAP authentication protocol

Mode

Interface Configuration, Profile Configuration, Subinterface Configuration