Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

PPP CHAP AUTHENTICATION not working.

I am trying to get an ISDN connection established BUT it is failing on CHAP authentication. I removed Tacacs from the router and CHAP worked fine..session established ok. There are NO AAA statements for PPP.. But how can I force the ISDN connection to use the local router database for the usernames and passwords..since apparently TACACS seems to be overriding the CHAP authentication.

I found this command, can anyone tell me the purpose of this command..could not find any detailed info in the CCO:

ppp authentication chap DEFAULT ...not sure what the default means.

these are the AAA statements:

aaa new-model

aaa authentication login default group tacacs+ line

aaa authentication enable default group tacacs+ enable

aaa authorization config-commands

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ none

aaa authorization reverse-access default none

aaa accounting exec default start-stop group tacacs+

Txs in advance!!!!!

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: PPP CHAP AUTHENTICATION not working.

One point about that command is, for example:

!

int Group-Async1

ip unnumbered e0

ip tcp header-compression passive

encap ppp

async mode interactive

peer default ip address dhcp

no cdp enable

ppp authentication chap

group-range 1 16

!

The command "ppp authentication chap" has a "default" option

after the "chap" parameter but it is not shown in the running-config

since it is the default. The link below explains the command.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122tcr/122tsr/faaacr/sftathen.htm#1055248

If you want to enable AAA for PPP but use local router database:

[global]

aaa authentication ppp no-tacacs local

[interface BRI0]

ppp authentication chap no-tacacs

The link below explains the "aaa authentication ppp" command.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122tcr/122tsr/faaacr/sftathen.htm#1018097

HTH.

1 REPLY
Bronze

Re: PPP CHAP AUTHENTICATION not working.

One point about that command is, for example:

!

int Group-Async1

ip unnumbered e0

ip tcp header-compression passive

encap ppp

async mode interactive

peer default ip address dhcp

no cdp enable

ppp authentication chap

group-range 1 16

!

The command "ppp authentication chap" has a "default" option

after the "chap" parameter but it is not shown in the running-config

since it is the default. The link below explains the command.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122tcr/122tsr/faaacr/sftathen.htm#1055248

If you want to enable AAA for PPP but use local router database:

[global]

aaa authentication ppp no-tacacs local

[interface BRI0]

ppp authentication chap no-tacacs

The link below explains the "aaa authentication ppp" command.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122tcr/122tsr/faaacr/sftathen.htm#1018097

HTH.

1046
Views
5
Helpful
1
Replies
CreatePlease to create content