Username and password for local login and ppp

Unanswered Question
Jan 6th, 2009
User Badges:

I have the following username and password on the same router:

username admin password admin

username Router2 password pppchap


I want to use "admin" for local authentication to console and VTY (login local), and use Router2 for PPP authentication (ppp authentication chap). My question is how the router tells which username should be used for which authentication?


Thanks a lot

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Tue, 01/06/2009 - 14:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Gary


When you are just using locally configured user names and passwords on the router, I am not aware of a way to separate functions so that admin is only used for console and VTY and Router2 is used only for ppp. If someone connected to the console and entered Router2 as the ID I believe that the router would authenticate it.


I have done something similar to this, where access to console and VTY was authenticated to one server (using AAA authentication) and PPP was authenticated to another server (or could be authenticated locally). But this works because the user IDs are separated and you go one place for console/VTY and go somewhere else for PPP. I do not see a way to do it when all IDs are configured locally on the router.


HTH


Rick

Giuseppe Larosa Tue, 01/06/2009 - 14:27
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Gary,

actually both can be used to access the router on a VTY


for the ppp authentication you can use


dialer map ip

or dialer remote-name


to specify the username to be used for PPP authentication


You can protect your VTY by using an access-list appplied with

access-class in

in vty 0 4 configuration


Hope to help

Giuseppe


gwhuang5398 Tue, 01/06/2009 - 14:45
User Badges:

Thanks all for the information. Both usernames are good for console and VTY "login local". I was more concerned about PPP authentication. Supposedly local router uses remote router's hostname as username to authenticate. If more than one username exist, I was wondering if authentication would fail even though the remote router has thr right host name.


If someone has tested it, that'll be great.


Thanks again.

Richard Burts Tue, 01/06/2009 - 15:08
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Gary


I am pretty sure that I have tested this (though the was a VERY long time ago and my memory is slightly vague about it) and belive that it is not a problem when you have multiple user names configured. In doing PPP/CHAP the router gets the ID of the peer (typically the host name) and looks in its configured user names to see if there is a match. As long as there is a match on the host name the router does not care how many other names are configured.


HTH


Rick

Actions

This Discussion