Ppp link phases – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

95

{

If the authentication succeeds, the Acknowledge packet carries the encrypted packet from the

authenticatee for piggybacking authentication. The encrypted packet is generated by using the
0x81 algorithm, with the authenticatee's username and password, the encrypted packet

received from the authenticatee, the Peer-Challenge packet, and the Challenge packet as the

parameters.

{

If the authentication fails, the Not Acknowledge packet carries error code, retry flag, and new
randomly-generated packet (Challenge).

4.

When the authenticatee receives an Acknowledge packet, it encrypts a packet by using the 0x81

algorithm, with its own username and password, the Challenge packet, Peer-Challenge packet,
and the encrypted packet sent to the authenticator as the parameters. The authenticatee compares

the encrypted packet with the one received from the authenticator. If they match each other, the

authentication succeeds. If not, the link is disconnected.

5.

When the authenticatee receives a Not Acknowledge packet from the authenticator:

{

If the error in the packet is due to password expiration, the authenticatee encrypts a packet by
using the 0x81 algorithm, with a new password, the Challenge packet, Peer-Challenge packet,

and its own username as the parameters, and sends the encrypted packet and new password
after encryption (change password) to the authenticator. The authenticator re-authenticates the

authenticatee by using the new password.

{

If the R flag in the Not Acknowledge packet is 1, the authenticatee encrypts a packet by using
the 0x81 algorithm, with the Challenge packet, Peer-Challenge packet, its own username and

password as the parameters, and sends the encrypted packet and its own username to the
authenticator. The authenticator re-authenticates the authenticatee by using the encrypted

packet. If the R flag in the Not Acknowledge packet is 0, the link is disconnected. The

authenticator allows the authenticatee to retry for three times.

PPP link phases

Figure 27

illustrates the PPP link phases.

1.

A PPP link is in the Establish phase when it is about to be established. In this phase, LCP negotiation

is performed, where LCP-related settings are determined, including operating mode (SP or MP), the
authentication mode, and the Maximum Transmission Unit (MTU). If the negotiation is successful,

the link enters the Opened state, indicating that the underlying layer link has been established.

2.

If the authentication (the remote verifies the local or the local verifies the remote) is configured, the
PPP link goes to the Authenticate phase, where PAP, CHAP, MS-CHAP, or MS-CHAP-V2

authentication is performed.

3.

If the authenticatee fails to pass the authentication, the link goes to the Terminate phase, where the

link is torn down and LCP goes down. If the authenticatee passes the authentication, the link goes
to the Network phase. In this phase, NCP negotiation is performed, the LCP state remains Opened,

and the state of IP Control Protocol (IPCP) is changed from Initial to Request.

4.

NCP negotiation supports the negotiation of IPCP, through which the IP addresses of both sides
can be determined. NCP negotiation also determines and configures the network layer protocol to

be used. Note that a PPP link can carry a network layer protocol only after the NCP negotiation
succeeds.

5.

After the NCP negotiation is performed, the PPP link remains active until explicit LCP or NCP
frames close the link, or until some external events take place (for example, the intervention of a

user).