User Guide
Chapter 1. Advanced Topics 15
General Security Authentication
Security authentication may be required by the remote end. The following information describes how
authentication occurs.
PAP provides verification of passwords between routers using a two-way handshake. One router (peer) sends the
system name and password to the other router. Then the other router (known as the authenticator) checks the
peer’s password against the configured remote router’s password and returns acknowledgment.
CHAP is more secure than PAP because unencrypted passwords are not sent across the network. CHAP uses a
three-way handshake. One router (known as the authenticator) challenges the other router (known as the peer) by
generating a random number and sending it along with the system name. The peer then applies a one-way hash
algorithm to the random number and returns this encrypted information along with the system name.
The authenticator then runs the same algorithm and compares the result with the expected value. This authentica-
tion method depends upon a password or secret known only to both ends.
PAP Authentication
New York
System Name=New York
System Password=xyz
Remote Router Database
Remote=Chicago
Password=abc
System Name=Chicago
System Password=abc
Remote Router Database
Remote=New York
Password=xyz
Chicago
2
.....Accepted/Rejected.......
1
...New York & xyz.......
CHAP Authentication
New York
System Name=New York
System Password=xyz
Remote Router Database
Remote=Chicago
Password=abc
System Name=Chicago
System Password=abc
Remote Router Database
Remote=New York
Password=xyz
Chicago
2
.....Chicago & encrypted secret.......
1
...New York & random number.......
Performs same
hash with number
and secret ‘abc’
and compares
results
3
.....Accepted/Rejected.......
Hashes random
number and
secret ‘abc’
CHALLENGE