Operating mechanism of ppp – H3C Technologies H3C SR8800 User Manual

21

{

If the authentication fails, the Not Acknowledge packet carries error code, retry flag, and new

randomly-generated packet (Challenge).

4.

When the supplicant receives an Acknowledge packet, it encrypts a packet by using the 0x81
algorithm, with its own username and password, the Challenge packet, Peer-Challenge packet,

and the encrypted packet sent to the authenticator as the parameters. The supplicant compares the

encrypted packet with the one sent to the authenticator. If they match each other, the

authentication succeeds. If not, the link is disconnected.

5.

When the supplicant receives a Not Acknowledge packet from the authenticator:

{

If the error in the packet is due to password expiration, the supplicant encrypts a packet by
using the 0x81 algorithm, with a new password, the Challenge packet, Peer-Challenge packet,
and its own username as the parameters, and sends the encrypted packet and new password

after encryption (change password) to the authenticator. The authenticator re-authenticates the

supplicant by using the new password.

{

If the R flag in the Not Acknowledge packet is 1, the supplicant encrypts a packet by using the
0x81 algorithm, with the Challenge packet, Peer-Challenge packet, its own username and

password as the parameters, and sends the encrypted packet and its own username to the
authenticator. The authenticator re-authenticates the supplicant by using the encrypted packet.

If the R flag in the Not Acknowledge packet is 0, the link is disconnected. The authenticator

allows the supplicant to retry for three times.

Operating mechanism of PPP

Figure 9

illustrates the PPP operating mechanism.

1.

A PPP link is in the Establish phase when it is about to be established. In this phase, LCP negotiation
is performed, where LCP-related settings are determined, including operating mode (SP or MP), the

authentication mode, and the Maximum Transmission Unit (MTU). If the negotiation is successful,

the link enters the Opened state, indicating that the underlying layer link has been established.

2.

If the authentication (the remote verifies the local or the local verifies the remote) is configured, the
PPP link goes to the Authenticate phase, where PAP, CHAP, MS-CHAP, or MS-CHAP-V2

authentication is performed.

3.

If the authenticate fails to pass the authentication, the link goes to the Terminate phase, where the
link is torn down and LCP goes down. If the supplicant passes the authentication, the link goes to

the Network phase. In this phase, NCP negotiation is performed, the LCP state remains Opened,

and the state of the IP Control Protocol (IPCP) is changed from Initial to Request.

4.

NCP negotiation supports the negotiation of IPCP, through which the IP addresses of both sides
can be determined. NCP negotiation also determines and configures the network layer protocol to

be used. Note that a PPP link can carry a network layer protocol only after the NCP negotiation is
successful.

5.

After the NCP negotiation is performed, the PPP link remains active until explicit LCP or NCP
frames close the link, or until some external events take place (for example, the intervention of a

user).

For more information about PPP, see RFC 1661.