Manualshelf

Technical information

ManualsBrandsADC ManualsComputer equipmentCuda 12000
251252253254255256257258259260
Cuda 12000 IP Access Switch CudaView Administration Guide
Configuring Point-to-Point Protocol (PPP) 253
Configuring PPP Security
Challenge Handshake Authentication Protocol (CHAP) and Password
Authentication Protocol (PAP) provide authentication mechanisms that serve
to identify the peers that want to establish point-to-point connections. Using
both CHAP and PAP, the device must provide a known username and
password to the POS interface with which it wants to establish a PPP
connection.
CHAP is more secure than PAP. CHAP clients respond to challenges with an
encrypted version of the password; PAP sends unencrypted straight text over
the network. In addition, CHAP calls for both endpoints to perform a
computation to arrive at a secret string; PAP does not. You can configure the
POS interface to attempt authentication using one protocol, and if refused,
attempt authorization with the other.
Each CHAP and PAP must be enabled at both endpoints of a point-to-point
connection and configured to operate in both client and server mode, as
described in the following sections.
SONET connections are provisioned as point-to-point circuits. The connection
is initiated by one peerthe callerinto an adjacent peerthe callee. The
caller is referred to as the client; and the callee is referred to as the server.
Both CHAP and PAP are specified in RFC 1334.
Configuring Client-Side Security Parameters
When initiating a point-to-point connection, the POS interface acts as a
client and calls into a remote end-point, which functions as a PPP server. If
PAP, CHAP, or both forms of authentication are enabled and required by the
server, then the same authentication protocols must be enabled on the POS
interface.
The POS interface, acting as a client, must provide the remote server with the
correct username and password. If the interface fails to provide the correct
information, the remote device will not allow it to call in and establish a
connection.
To enable client-side authentication and configure the security
informationusername and passwordthat the POS interface sends to a