PPP Security
PPP provides the capability to use PAP and CHAP for authentication, which is particularly useful
for dial applications. The default authentication method for CHAP/PAP is the reliance on a locally
configured set of username name password password commands.
Cisco IOS supports the use of AAA authentication for PPP using the same general set of
commands as used for login authentication. The configuration steps are as follows:
Step 1 Just as with login authentication, enable AAA authentication with the aaa
new-model global command.
Step 2 Just as with login authentication, if used, configure RADIUS and/or
TACACS+ servers, using the same commands and syntax as used for login
and enable authentication.
Step 3 Similar to login authentication, define PPP to use a default set of authentication
methods with the aaa authentication ppp default command. (The only
difference is that the ppp keyword is used instead of login.)
Step 4 Similar to login authentication, use the aaa authentication ppp list-name
method1 [method2...] command to create a named group of methods that
can be used instead of the default set.
Step 5 To use a named group of authentication methods instead of the default set,
use the ppp authentication {protocol1 [protocol2...]} list-name command.
For example, the command ppp authentication chap fred references
the authentication methods defined by the aaa authentication ppp fred
command.