Forcing successful chap authentication for old tacacs users

Unanswered Question
Feb 6th, 2007

We have a NT4.0 tacacs+ ACS server that we want to turn off, permitting connections with blank usernames and passwords (or fictious). Our clients actually connect to us via PPP/ISDN with a username/password pair, in chap. Is it possible to disable ppp chap processing from our IOS 12.2 3600, forcing an always-true auth? The command "aaa authentication ppp default none" permits Windows RAS users to authenticate with every username/password, but Cisco users cannot complete the PPP LCP phase.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Wed, 02/07/2007 - 04:40


I am not understanding well your problem. If you do not want to authenticate then it seems that aaa authentication ppp default none should achieve that, unless you have configured some different authentication method for your PPP. Perhaps if you post the configuration of the router we might be better able to identify the issue.

It might also be helpful to have the output of debug ppp negotiation and debug ppp authenticat.




This Discussion