No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E-M2 V800R010C10SPC500 Configuration Guide - WAN Access 01

This is NE40E-M2 V800R010C10SPC500 Configuration Guide - WAN Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Unidirectional CHAP Authentication

Configuring Unidirectional CHAP Authentication

CHAP performs three-way handshake authentication. Unidirectional CHAP authentication involves two situations: the authenticator with a user name and the authenticator without a user name.

Usage Scenario

CHAP authentication is performed before a link is set up. After a link is set up, CHAP authentication can be repeatedly performed anytime using CHAP negotiation packets.

In unidirectional CHAP authentication, one of two communicating parties functions as the authenticator, whereas the other functions as the supplicant. The authenticator sends a Challenge packet to the supplicant. After performing one hash calculation, the supplicant returns a calculated value to the authenticator. The authenticator compares the value calculated by itself using the hash algorithm with the value sent by the supplicant. If the two values match, authentication is successful. If the two values are different, the authentication fails, and the link is torn down.

Pre-configuration Tasks

Before configuring unidirectional CHAP authentication, complete the following tasks:

  • Connect interfaces and configure physical parameters of the interfaces to ensure that the physical status of the interfaces is Up.

  • Configure PPP as the link layer protocol of the interfaces.

  • Add the user name and password of the supplicant to the user list of the authenticator in the AAA view.

Configuration Procedures

In CHAP authentication, the authenticator can be configured with or without a user name. In practice, you can configure any type of unidirectional CHAP authentication as required.

Configuring the Authenticator with a User Name to Authenticate Its Peer in CHAP Mode

Context

NOTE:

This configuration process is supported only on the Admin-VS.

You can configure the authenticator with a user name to authenticate its peer in CHAP mode.

Procedure

  • Configure the authenticator.
    1. Run system-view

      The system view is displayed.

    2. Run aaa

      The AAA view is displayed.

    3. Run local-user user-name password [ cipher password | irreversible-cipher irreversible-cipher-password ]

      The user name and password of the supplicant are added to the local user list.

    4. Run quit

      Return to the system view.

    5. Run interface interface-type interface-number

      The interface view is displayed.

    6. Run ppp authentication-mode chap [ pap ]

      The local end is configured to authenticate the peer in CHAP mode.

      You can run the ppp authentication-mode chap [ pap ] command to perform CHAP authentication preferentially in LCP negotiation. If the peer does not support CHAP authentication, PAP authentication is performed. If the peer supports neither CHAP nor PAP, LCP negotiation fails. Either CHAP or PAP is involved in a PPP negotiation.

    7. Run ppp chap user user-name

      A user name is specified.

    8. Perform the following steps to restart the interface:

      1. Run the shutdown command to shut down the interface.
      2. Run the commit command to make the configuration take effect.
      3. Run the undo shutdown command to restart the interface.
      NOTE:

      The shutdown, commit, and undo shutdown commands must be run in sequence so that the preceding configuration can take effect after the interface is restarted.

    9. Run commit

      The configuration is committed.

  • Configure the supplicant.
    1. Run system-view

      The system view is displayed.

    2. Run aaa

      The AAA view is displayed.

    3. Run local-user user-name password [ cipher password | irreversible-cipher irreversible-cipher-password ]

      The user name and password of the supplicant are added to the local user list.

    4. Run quit

      Return to the system view.

    5. Run interface interface-type interface-number

      The interface view is displayed.

    6. Run ppp chap user user-name

      A user name is configured.

    7. Perform the following steps to restart the interface:

      1. Run the shutdown command to shut down the interface.
      2. Run the commit command to make the configuration take effect.
      3. Run the undo shutdown command to restart the interface.
      NOTE:

      The shutdown, commit, and undo shutdown commands must be run in sequence so that the preceding configuration can take effect after the interface is restarted.

    8. Run commit

      The configuration is committed.

Configuring the Authenticator Without a User Name to Authenticate Its Peer in CHAP Mode

You can configure the authenticator without a user name to authenticate its peer in CHAP mode.

Procedure

  • Configure the authenticator.
    1. Run system-view

      The system view is displayed.

    2. Run aaa

      The AAA view is displayed.

    3. Run local-user user-name password [ cipher password | irreversible-cipher irreversible-cipher-password ]

      The user name and password of the supplicant are added to the local user list.

    4. Run quit

      Return to the system view.

    5. Run interface interface-type interface-number

      The interface view is displayed.

    6. Run ppp authentication-mode chap [ pap ]

      The local end is configured to authenticate the peer in CHAP mode.

      You can run the ppp authentication-mode chap [ pap ] command to perform CHAP authentication preferentially in LCP negotiation. If the peer does not support CHAP authentication, PAP authentication is performed. If the peer supports neither CHAP nor PAP, LCP negotiation fails. Either CHAP or PAP is involved in a PPP negotiation.

    7. Run shutdown

      The interface is shut down.

    8. Run commit

      The configuration is committed.

    9. Run undo shutdown

      The interface is restarted.

      NOTE:

      If the user name or password is changed in the interface view, run the shutdown and undo shutdown commands in the interface view to make the configuration take effect.

      During an interface restart, you need to run the commit command to submit the configuration after running the shutdown command.

    10. Run commit

      The configuration is committed.

  • Configure the supplicant.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run ppp chap user user-name

      A user name is specified.

    4. Run ppp chap password { cipher password | simple password }

      The password for CHAP authentication is set.

    5. Run shutdown

      The interface is shut down.

    6. Run commit

      The configuration is committed.

    7. Run undo shutdown

      The interface is restarted.

      NOTE:

      If the user name or password is changed in the interface view, run the shutdown and undo shutdown commands in the interface view to make the configuration take effect.

      During an interface restart, you need to run the commit command to submit the configuration after running the shutdown command.

    8. Run commit

      The configuration is committed.

Verifying the Unidirectional CHAP Authentication Configuration

After configuring unidirectional CHAP authentication, verify the configuration.

Prerequisites

Unidirectional CHAP authentication has been configured.

Procedure

  • Run the display interface [ interface-type [ interface-number ] ] command to check the PPP configuration and running status on the current interface.

Example

Run the display interface command. You can view the PPP, LCP, and IPCP status and check whether the authentication on the link is successful. The command output shows that both LCP and IPCP are in the opened state, indicating that CHAP authentication is successful.
<HUAWEI> display interface Pos 0/1/1
Pos0/1/1 current state : UP (ifindex: 15)
Line protocol current state : UP
Description: HUAWEI, Quidway Series, Pos0/1/0 Interface 
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 10.110.0.1/24
Link layer protocol is PPP
LCP opened, IPCP opened
Current BW: 100 Mbits
Statistics last cleared:never
    Last 300 seconds input rate 0 bits/sec, 0 packets/sec
    Last 300 seconds output rate 0 bits/sec, 0 packets/sec
	   Input:  0 packets, 0 bytes
    Input error: 0 shortpacket, 0 longpacket, 0 CRC, 0 lostpacket
    Output: 0 packets, 0 bytes
    Output error: 0 lostpackets
    Output error: 0 overrunpackets, 0 underrunpackets
<HUAWEI> display interface Serial0/0/1/1:0
Serial0/0/1/1:0 current state : UP (ifindex: 305)                         
Line protocol current state : UP                                                
Description:                                                                    
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 20(sec)             
Derived from Cpos0/1/0 e1 1, Timeslot(s) Used: 1-31, baudrate is 1984000 bps    
Internet protocol processing : disabled                                         
Link layer protocol is PPP                                                      
LCP opened, IPCP opened                                                         
Physical layer is Packet Over NO-CRC4                                           
clock master, loopback none                                                     
CRC: CRC-32                                                                     
Scramble disabled                                                               
Current system time: 2013-08-19 20:08:03                                        
Alarm: none                                                                     
Statistics last cleared:2013-08-19 19:53:45                                     
  Traffic statistics:                                                           
    Last 300 seconds input rate 0 bits/sec, 0 packets/sec                       
    Last 300 seconds output rate 0 bits/sec, 0 packets/sec                      
    Input: 0 packets, 0 bytes                                                   
    Input error: 0 shortpackets, 0 longpackets, 0 CRC, 0 lostpackets            
    Output: 0 packets, 0 bytes                                                  
    Output error: 0 lostpackets                                                 
    Output error: 0 overrunpackets, 0 underrunpackets                           
    Last 300 seconds input utility rate:  0.00%                                 
    Last 300 seconds output utility rate: 0.00%                                 
Download
Updated: 2019-01-02

Document ID: EDOC1100058399

Views: 13243

Downloads: 37

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next