Product specifications
Chapter 5: System Security Efficient Networks
®
Router family
Technical Reference Guide
Page 5-22 Efficient Networks
®
PAP Authentication
For PAP, when a PAP login request is received from the remote end, the router
checks the remote router PAP security using the remote router database. If the
remote router is not in the remote router database or the remote router password is
invalid, the call is disconnected. If the remote router and password are valid, the local
router acknowledges the PAP login request.
If PAP was negotiated by the remote end for the remote-side authentication, the
router issues PAP login requests only if it knows the identity of the remote end. The
identity is known if the call was initiated from the router, or if the remote end returned
a successful CHAP challenge response. For security reasons, the router never
identifies itself using PAP without first knowing the identity of the remote router.
If PAP was negotiated by the remote end for the local side of the authentication
process and the minimum security level is CHAP, as configured in the remote router
database, the link is dropped as a security violation.
Authentication Passwords
Access to the router is controlled by an User Authentication. As part of the router
configuration, you may set the following authentication passwords:
System authentication password - the default system password used to access
any remote router. Remote sites use this password to authenticate the local site. This
default authentication password is set by the system passwd command.
System override password - optional password used only to connect to a specific
remote router for authentication by that remote site. To specify a unique system
override password for a remote router, use the remote setourpasswd command. This
password is used instead of the general system password only for connecting to a
specific remote router. This allows you to set a unique CHAP or PAP authentication
password for authentication of the local site by the remote site only when the router
connects to that remote site.
A common use for the system override password is to set the password assigned to
you by your Internet Service Provider (ISP). Similarly, the system name of the local
router (set by the command system name) can be overridden for connecting to a
specific remote with the remote setoursysname command.
Remote authentication password - password used by the router to authenticate the
remote site. Each remote router entered in the remote router database has a
password used when the remote site attempts to gain access to the local router. To
set the remote authentication password, use the remote setpasswd command.