FAQ-In What Cases Can the Non-authentication Mode Be Configured When the PC Dials up to the LNS

Publication Date:  2015-07-02 Views:  176 Downloads:  0
Issue Description
In What Cases Can the Non-authentication Mode Be Configured When the PC Dials up to the LNS?
Solution
Networking 1: PC------LAC------LNS

1. When the ppp authentication-mode pap or ppp authentication-mode chap command is not configured on the VT interface of the LAC, packets cannot reach the LNS, and thereby the dial-up fails.

2. When you run the ppp authentication-mode pap or ppp authentication-mode chap only on the VT interface of the LAC and AAA configurations (with the same user name and password) on the LAC are consistent with those on the LNS (users do not require passwords for AAA authentication only when the domain user is configured in the L2TP group of the LAC), the PC can successfully dial up to the LNS with the correct user name and password; otherwise, the dial-up fails.

3. The following table describes how to configure authentication modes for VT interfaces on the LAC and LNS.




If both PAP authentication and CHAP authentication are configured on the LAC (CHAP authentication is preferred), dial-up succeeds regardless of the LAN configuration.

In this networking:
  • The ppp authentication-mode pap or ppp authentication-mode chap command must be configured for the VT of the LAC.
  • Authentication must be configured on the PC for dial-up.
  • The authentication priority of the LNS must be equal to or lower than that of the LAC. (CHAP authentication has a higher priority than PAP authentication.)
Networking 2: PC-------LNS (with Windows software for dial-up)

When the ppp authentication-mode pap or ppp authentication-mode chap command is not configured for the VT of the LNS and No encryption or Optional encryption is selected for the PC, the dial-up succeeds regardless of the user name or password. If Mandatory encryption is selected for the PC, the dial-up fails.






When the ppp authentication-mode pap or ppp authentication-mode chap command is configured for the VT of the LNS and one of three modes including No encryption, Optional encryption, and Mandatory encryption is selected, authentication is required. Because PPP authentication is configured on the LNS, a specific protocol is required for the PC. If both PAP authentication and CHAP authentication are configured on the LNS, CHAP authentication is preferred. Additionally, the user name and password for logging into the PC must be correctly specified.

In conclusion, if the ppp authentication-mode pap or ppp authentication-mode chap command is not configured on the LNS, you need to select No encryption or Optional encryption for the PC, and there is no requirement on the user name and password; if the command is configured on the LNS, you can select one of three encryption modes for the PC but must configure PPP authentication corresponding to that on the LNS.

END