beautypg.com

1 introduction, 1 ppp, Ppp introduction – Nortel Networks 8000 User Manual

Page 129: Pap authentication, Chap authentication, 1 introduction -2, 1 ppp -3

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

background image

Nortel Secure Router 8000 Series

Configuration -WAN Access

6 PPP and MP configuration

6.1 Introduction

The section covers the following topics that you need to know before you configure PPP and
MP:

PPP

MP

references

6.1.1 PPP

PPP Introduction

The Point-to-Point Protocol (PPP) is one of the link layer protocols that supports transmission

of multiple network protocol packets over a point-to-point link. PPP provides user
authentication and supports synchronous and asynchronous communications.

PPP defines a set of protocols, including:

The Link Control Protocols (LCP) set ups, terminates and monitor data links.

The Network Control Protocol (NCP) negotiates the format and type of packets

transmitted over a data link.

The authentication protocols containing Password Authentication Protocol (PAP) and

Challenge-Handshake Authentication Protocol (CHAP) provides network protection.

PAP authentication

PAP is a two-way handshake authentication protocol. Passwords send over the link in plain

text. The process of PAP authentication is as follows:

The authenticated sends its username and password to the authenticator.

The authenticator verifies them according to the local user list and returns a response

(accept or reject).

PAP provides an unsafe authentication because the password is sent in plain text. In addition,

since the peer sends user name and password repeatedly on the established PPP link until the
identity authentication finishes, it cannot avoid being attacked.

CHAP authentication

CHAP is a three-way handshake authentication protocol. Passwords are sent over the link in

encrypted text.

There are two kinds of CHAP authentication, the unidirectional CHAP and the bidirectional
CHAP.

Unidirectional CHAP authentication indicates that one end works as the authenticator and its
peer is to be authenticated. In practice, it is commonly applied.

Unidirectional CHAP authentication has two cases: You configure Authenticator with a user

name or configure authenticator without a user name. Nortel recommends you to use the first

configuration. In application, you use only the unidirectional authentication.

Issue 5.3 (30 March 2009)

Nortel Networks Inc.

6-3

See also other documents in the category Nortel Networks Hardware: