Chapter 7: Second Level Commands June 30, 2006
7-12 SG1-UM-8500-03
Setting the default-service authentication mode
When using authentication by username and password two protocols are available:
• PAP (Password Authentication Protocol)–the most basic form of authentication. In PAP, a user's name and
password are transmitted over the network and compared to a table of name-password pairs. The main disad-
vantage of PAP is that both the username and password are transmitted without encryption.
• CHAP (Challenge Handshake Authentication Protocol)–a type of authentication in which the network server
sends the client program a key to encrypt the username and password. This enables the username and pass-
word to be transmitted in encrypted form to protect them against eavesdroppers.
The def-service-auth command is used to set the type of authentication for PPP connections in the default step.
Five options may be typed on the command line after this command, as shown in Table 7-4.
Usage
def-service-auth no-service | ppp-auto | ppp-none | ppp-pap | ppp-chap | auto-select
Table 7-4. def-service-auth command parameters
Example(s):
Host(config)# def-service-auth
Parameter Description
no-service Disables authentication in the default step, even if authentication by caller ID is
enabled.
ppp-none Allows PPP access without authentication in the final step if authentication by
caller ID was enabled.
ppp-pap Authentication in the default step by the PAP authentication method, even if
authentication by caller ID was enabled.
ppp-chap Authentication in the default step by the CHAP authentication method, even if
authentication by caller ID was enabled.
auto-select auth-retry on / off Enables PPP authentication by PAP, CHAP or terminal + enables 3 more
retries through an after dialing window if the user inserted wrong username or
password (auth-retry on).
Host(config)# def-service-auth ppp-auto
