Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Username and password for local login and ppp

I have the following username and password on the same router:

username admin password admin

username Router2 password pppchap

I want to use "admin" for local authentication to console and VTY (login local), and use Router2 for PPP authentication (ppp authentication chap). My question is how the router tells which username should be used for which authentication?

Thanks a lot

4 REPLIES
Hall of Fame Super Silver

Re: Username and password for local login and ppp

Gary

When you are just using locally configured user names and passwords on the router, I am not aware of a way to separate functions so that admin is only used for console and VTY and Router2 is used only for ppp. If someone connected to the console and entered Router2 as the ID I believe that the router would authenticate it.

I have done something similar to this, where access to console and VTY was authenticated to one server (using AAA authentication) and PPP was authenticated to another server (or could be authenticated locally). But this works because the user IDs are separated and you go one place for console/VTY and go somewhere else for PPP. I do not see a way to do it when all IDs are configured locally on the router.

HTH

Rick

Hall of Fame Super Silver

Re: Username and password for local login and ppp

Hello Gary,

actually both can be used to access the router on a VTY

for the ppp authentication you can use

dialer map ip

or dialer remote-name

to specify the username to be used for PPP authentication

You can protect your VTY by using an access-list appplied with

access-class in

in vty 0 4 configuration

Hope to help

Giuseppe

New Member

Re: Username and password for local login and ppp

Thanks all for the information. Both usernames are good for console and VTY "login local". I was more concerned about PPP authentication. Supposedly local router uses remote router's hostname as username to authenticate. If more than one username exist, I was wondering if authentication would fail even though the remote router has thr right host name.

If someone has tested it, that'll be great.

Thanks again.

Hall of Fame Super Silver

Re: Username and password for local login and ppp

Gary

I am pretty sure that I have tested this (though the was a VERY long time ago and my memory is slightly vague about it) and belive that it is not a problem when you have multiple user names configured. In doing PPP/CHAP the router gets the ID of the peer (typically the host name) and looks in its configured user names to see if there is a match. As long as there is a match on the host name the router does not care how many other names are configured.

HTH

Rick

273
Views
0
Helpful
4
Replies