Re: PPP Authentication

From: ccie2be (ccie2be@nyc.rr.com)
Date: Wed Dec 15 2004 - 14:54:46 GMT-3

• Next message: Brian Dennis: "RE: PPP Authentication"
• Previous message: Edwards, Andrew M: "RE: IPV6 Recursive Routing - ATM FRAME ISDN?"
• Maybe in reply to: ccie2be: "PPP Authentication"
• Next in thread: Brian Dennis: "RE: PPP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Brian for your response.

I'm familiar with that command and know that command is needed but didn't
know if that is sufficient by itself.

Besides that aren't there other commands I need to configure on the
interface?

What I don't undersatnd is how the IOS "knows" to use the AAA commands
instead of the local database which might also be configured and which is
what ppp normally uses.

Tim

----- Original Message -----
From: "Brian Dennis" <bdennis@internetworkexpert.com>
To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study" <ccielab@groupstudy.com>
Sent: Wednesday, December 15, 2004 12:13 PM
Subject: RE: PPP Authentication

Tim,
Enable aaa (aaa new-model) then type "aaa authentication ?" in
the global configuration. The answer will be there ;-)

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Wednesday, December 15, 2004 8:50 AM
To: Group Study
Subject: PPP Authentication

Hi guys,

Suppose you have a user (or router) that calls into another router using
ISDN
and PPP.

You want the user (or router) calling in to be authenticated but instead
of
using the local username database, you want the caller to be

authenticated using TACACS+ or RADIUS.

I know how to configure everything except how to configured the called
router
to use an authentication server to authenticate the caller.

So, let's say I want chap used between the caller and the router and
TACACS+
between the router and authentication server.

I would still use the commmand, ppp authentication chap, under the bri
interface, right?

Now, after the caller submits his username and password using Chap, how
do I
make the router send that to the TACACS+ server?

Assume all the other commands for tacacs and ppp have been configured.

Thanks, Tim

• Next message: Brian Dennis: "RE: PPP Authentication"
• Previous message: Edwards, Andrew M: "RE: IPV6 Recursive Routing - ATM FRAME ISDN?"
• Maybe in reply to: ccie2be: "PPP Authentication"
• Next in thread: Brian Dennis: "RE: PPP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:27 GMT-3