beautypg.com

Ppp configuration, Ppp overview, Pap authentication – H3C Technologies H3C SecPath F1000-E User Manual

Page 45: Chap authentication

background image

1

PPP configuration

PPP overview

Point-to-Point Protocol (PPP) is a link layer protocol that carries network layer packets over point-to-point

links. It gains popularity because it provides user authentication, supports synchronous/asynchronous

communication, and allows for easy extension.
PPP contains a set of protocols, including the Link Control Protocol (LCP), various network control
protocols (NCPs), and authentication protocols such as Password Authentication Protocol (PAP),

Challenge Handshake Authentication Protocol (CHAP), Microsoft CHAP (MS-CHAP),

LCP establishes, tears down, and monitors data links.

NCPs negotiate the formats and types of data packets transmitted on data links.

PAP and CHAP secure the network.

PAP authentication

PAP is a two-way handshake authentication protocol using plain text passwords. It operates in the

following workflow.

1.

The authenticatee sends its username and password to the authenticator.

2.

The authenticator then verifies the username and password with the local user list and returns an
Acknowledge or Not Acknowledge packet.

Figure 1 PAP authentication

During PAP authentication, the password is transmitted on the link in plain text. In addition, the

authenticatee sends the username and the password repeatedly through the established PPP link until the
authentication is over. PAP is not a secure authentication protocol and cannot prevent attacks.

CHAP authentication

CHAP is a three-way handshake authentication protocol using cipher text password.
Two types of CHAP authentication exist: one-way CHAP authentication and two-way CHAP

authentication. In one-way CHAP authentication, one side of the link acts as the authenticator and the