aaa authentication ppp




aaa authentication ppp {default  | list-name} method1 [method2...]

no aaa authentication ppp {default  | list-name} method1 [method2...]

Syntax Description:


Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.


Character string used to name the following list of authentication methods tried when a user logs in.

method1  [method2...]

At least one of the keywords described in the table below.

Command Description:


To specify one or more AAA authentication methods for use on interfaces running Point-to-Point Protocol (PPP), use the aaa authentication ppp global configuration command. Use the no form of this command to disable authentication.

Usage Guidelines

The lists created with the aaa authentication ppp command are used with the ppp authentication command. These lists contain up to four authentication methods that are used when a user tries to log in to the serial interface.

Create a list by entering the aaa authentication ppp list-name method command, where list-name is any character string used to name this list (such as MIS-access). The method argument identifies the list of methods that the authentication algorithm tries in the given sequence. Up to four methods can be entered. Method keywords are described in table below.

The additional methods of authentication are only used if the previous method returns an error, not if it fails. Specify none as the final method in the command line to have authentication succeed even if all methods return an error.

If authentication is not specifically set for a function, the default is none and no authentication is performed. Use the show running-config command to display currently configured lists of authentication methods.

Table: aaa authentication ppp Methods




Does not authenticate if user has already been authenticated on a TTY line


Uses Kerberos 5 for authentication (can only be used for PAP authentication)


Uses case-sensitive local username authentication


Uses the local username database for authentication

group | group-name

Uses a subset of RADIUS or TACACS+ servers for authentication as defined by the server group group-name


Uses no authentication

group radius

Uses the list of all RADIUS to provide authentication service

group tacacs+

Uses the list of all TACACS+ to provide authentication service

This command cannot be used with TACACS or extended TACACS.




The following example creates an AAA authentication list called MIS-access for lines that use PPP.  This authentication first tries to contact a TACACS+ server. If this action returns an error, the user is allowed access with no authentication. 

Router(config)#aaa authentication ppp MIS-access group tacacs+ none




Related Commands:


aaa new-model


ppp authentication


� Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)