Thursday 6 September 2012
0
Before Network Layer protocols are allowed to transmit over a link, PPP will spell out an extensible link control protocol that will make room for negotiation of an authentication protocol. This is defined in the RFC 1134.
The authentication phase of a PPP session is optional. If used, you can authenticate the peer after the LCP establishes the link and choose the authentication protocol. If it is used, authentication takes place before the Network layer protocol configuration phase begins.
SUMMARY
After enabling CHAP or PAP authentication, or both, the local or HQ router requires the remote device to prove its identity before allowing data traffic to flow.
i. PAP authentication requires the remote device to send a username and password to be checked against a matching entry in the local username database or in the remote TACACS/TACACS+ database.
Configuring PPP with Authentication
Configuring PPP with Authentication
PAP and CHAP
One of the many features of PPP is that it performs Layer 2 authentication in addition to other layers of authentication, encryption, access control, and general security procedures.Before Network Layer protocols are allowed to transmit over a link, PPP will spell out an extensible link control protocol that will make room for negotiation of an authentication protocol. This is defined in the RFC 1134.
The authentication phase of a PPP session is optional. If used, you can authenticate the peer after the LCP establishes the link and choose the authentication protocol. If it is used, authentication takes place before the Network layer protocol configuration phase begins.
The authentication options require that the calling
side of the link enter authentication information. This helps to ensure
that the user has the permission of the network administrator to make
the call. Peer routers exchange authentication messages
SUMMARY
After enabling CHAP or PAP authentication, or both, the local or HQ router requires the remote device to prove its identity before allowing data traffic to flow.
i. PAP authentication requires the remote device to send a username and password to be checked against a matching entry in the local username database or in the remote TACACS/TACACS+ database.
ii. CHAP authentication
sends a challenge to the remote device. The remote device must encrypt
the challenge value with a shared secret and return the encrypted value
and its name to the local router in a response message. The local router
uses the name of the remote device to look up the appropriate secret in
the local username or remote TACACS/TACACS+ database. It uses the
looked-up secret to encrypt the original challenge and verify that the
encrypted values match.
Subscribe to:
Post Comments
(
Atom
)
0 Responses to “ Configuring PPP with Authentication ”
Post a Comment