Specifications
Table Of Contents
- Contents
- Preface
- Getting Started
- Basic Router Configuration
- Interface Port Labels
- Viewing the Default Configuration
- Information Needed for Configuration
- Configuring Basic Parameters
- Configuring Static Routes
- Configuring Dynamic Routes
- Configuring Enhanced IGRP
- Basic Router Configuration
- Configuring Your Router for Ethernet and DSL Access
- Sample Network Deployments
- Configuring PPP over Ethernet with NAT
- Configuring PPP over ATM with NAT
- Configuring a LAN with DHCP and VLANs
- Configuring a VPN Using Easy VPN and an IPSec Tunnel
- Configure the IKE Policy
- Configure Group Policy Information
- Apply Mode Configuration to the Crypto Map
- Enable Policy Lookup
- Configure IPSec Transforms and Protocols
- Configure the IPSec Crypto Method and Parameters
- Apply the Crypto Map to the Physical Interface
- Create an Easy VPN Remote Configuration
- Verifying Your Easy VPN Configuration
- Configuration Example
- Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
- Configuring a Simple Firewall
- Configuring a Wireless LAN Connection
- Sample Configuration
- Configuring Additional Features and Troubleshooting
- Additional Configuration Options
- Configuring Security Features
- Configuring Dial Backup and Remote Management
- Troubleshooting
- Reference Information
- Cisco IOS Software Basic Skills
- Concepts
- ROM Monitor
- Common Port Assignments
B-4
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Appendix B Concepts
PPP Authentication Protocols
(start/stop) and bit-oriented synchronous encapsulation, network protocol multiplexing, link
configuration, link quality testing, error detection, and option negotiation for such capabilities as
network-layer address negotiation and data-compression negotiation. PPP supports these functions by
providing an extensible Link Control Protocol (LCP) and a family of Network Control Protocols (NCPs)
to negotiate optional configuration parameters and facilities.
The current implementation of PPP supports two security authentication protocols to authenticate a PPP
session:
• Password Authentication Protocol (PAP)
• Challenge Handshake Authentication Protocol (CHAP)
PPP with PAP or CHAP authentication is often used to inform the central site which remote routers are
connected to it.
PAP
PAP uses a two-way handshake to verify the passwords between routers. To illustrate how PAP works,
imagine a network topology in which a remote office Cisco router is connected to a corporate office
Cisco router. After the PPP link is established, the remote office router repeatedly sends a configured
username and password until the corporate office router accepts the authentication.
PAP has the following characteristics:
• The password portion of the authentication is sent across the link in clear text (not scrambled or
encrypted).
• PAP provides no protection from playback or repeated trial-and-error attacks.
• The remote office router controls the frequency and timing of the authentication attempts.
CHAP
CHAP uses a three-way handshake to verify passwords. To illustrate how CHAP works, imagine a
network topology in which a remote office Cisco router is connected to a corporate office Cisco router.
After the PPP link is established, the corporate office router sends a challenge message to the remote
office router. The remote office router responds with a variable value. The corporate office router checks
the response against its own calculation of the value. If the values match, the corporate office router
accepts the authentication. The authentication process can be repeated any time after the link is
established.
CHAP has the following characteristics:
• The authentication process uses a variable challenge value rather than a password.
• CHAP protects against playback attack through the use of the variable challenge value, which is
unique and unpredictable. Repeated challenges limit the time of exposure to any single attack.
• The corporate office router controls the frequency and timing of the authentication attempts.
Note We recommend using CHAP because it is the more secure of the two protocols.