ADTRAN 1200350L1 User Manual

Chapter 4: Configuration Overview

61200350L1-1

Router Option Module User Manual

4-21

Security/PPP

Write security: 1; Read security: 2
The PPP peer can be authenticated using three standard methods:

1. PAP (Password Authentication Protocol),

2. CHAP (Challenge Handshake Protocol)
3. EAP (Extensible Authentication Protocol).

The strength of the authentication is determined in the following or-
der:

1. EAP

2. CHAP
3. PAP (where EAP is the strongest and PAP is the weakest)

PAP is a clear-text protocol, which means it is sent over the PPP link
in a readable format.

Do not allow highly sensitive passwords to become compromised using this
method.

CHAP and EAP use a one-way hashing algorithm which makes it
virtually impossible to determine the password. EAP has other ca-
pabilities which allow more flexibility than CHAP.

The following selections are possible:

PAP, CHAP or EAP

(def) - The Router Option Module will ask for

EAP during the first PPP LCP negotiation and allow the PPP peer to
negotiate down to CHAP or PAP.

CHAP or EAP

- The Router Option Module will ask for EAP during

the first PPP LCP negotiation and allow the PPP peer to negotiate
down to CHAP but not PAP.

EAP

- The Router Option Module will only allow EAP to be negoti-

ated. If the PPP peer is not capable of doing EAP, then the connec-
tion will not succeed.